Bucharest, 9 November 2017. With the revised Payment Services Directive (PSD 2) coming into force next year, Deloitte Romania together with Reff & Associates, the law firm representing Deloitte Legal in Romania, conducted a survey between August and September among credit institutions, Fintechs and merchants to find out their views and see how they are responding, from both a strategic and compliance perspective.
Over 20 banks, including all top tier banks, have participated to the survey, thus the results offer a representative perspective over the impact of PSD 2 in the Romanian market. The survey was done with the support of the Romanian Electronic Payments Association (APERO).
“Our survey has identified that the Romanian banks are one step behind Western Europe and other CEE countries in implementing PSD 2. One of the causes for the delay could be the lack of clarity on the national regulatory framework that will transpose the directive into local law and also the lack of appetite, considering Romania is mostly a cash driven country. Despite the slight delay, we believe PSD 2 will bring significant change in the banking environment within two-three years,” said Dimitrios Goranitis, Financial Services Risk Advisory Leader Deloitte Romania.
“The survey has shown that the key concerns of Romanian banks in the implementation of PSD 2 are security, third party access and liability under the new payment environment, with over 30% of respondents showing concerns on these topics. We share these views, as the existing European legal framework has not shed sufficient clarity on these matters and the draft law transposing the directive has not yet been published. In our view qualified legal advice which caters for business requirement, but also ensures compliance with PSD 2 and GDPR will be essential in ensuring a successful roll-out of PSD 2 projects,” said Andrei Burz-Pinzaru, managing partner Reff & Associates.
Key findings in Romania
- In line with the European trends, Romanian credit institutions are approaching PSD2 as an opportunity, however under a less optimistic note reflecting the specifics of the local cash payment environment
- Banking industry in Romania has a slight delay in implementing of PSD 2 compared with Western European countries and with more developed countries in CEE (Poland, Czech Republic), whereas over 50% of the Romanian respondents said that they had not yet started implementation or are still in the initial analysis/implementation. In our view this could be explained by the delays Romania faces in transposing PSD 2 in local law
- Despite the general delay, top tier banks appear to be significantly more advanced in the implementation process, which shows that the Romanian banking industry is working under two speeds
- From a strategic perspective, whereas most respondents have performed some level of strategic assessment of the impacts of PSD 2, the vast majority of the Romanian banking industry has not yet crystalized its business model
- Romanian credit institutions are fairly positive about the impact of PSD 2 on their revenues: close to 50% consider the impact will be neutral or slightly positive, while the other half has not yet made an assessment of the impact of revenues. This also shows that PSD 2 has not been a priority for a part of the industry.
- Romanian banks perceive established Fintech companies top tier banks and the newer challenger digital banks approaching the Romanian market as the key competitive threat under PSD 2. This may be explained by the fact the successful entry into the financial services market requires certain financial resources and a compliance culture.
In terms of timeline, in line with EU trends, the majority believe PSD2 will result in significant competitive change over the next two-three years
- With regard to the challenges raised by PSD 2, the Romanian market is more concerned on security, rather than user experience. Most Romanian respondents have mentioned as key concerns:
- Customer & Third Party Authentication, and security;
- Ensuring connectivity to legacy back-end system raises higher concerns (30% of respondents declared concerned on this topic);
- Building API infrastructure is also perceived as a challenge (30% of respondents declared concerned on this topic);
- Liabilities under the Third Party Access model.
The survey was part of a wider EMEA survey, which ran across 18 European countries in 115 member firms. Most credit institutions were universal or predominantly retail focused, with a more limited number focused on corporate and institutional banking. Respondents came from a wide variety of senior roles, most commonly heads of business lines, but also PSD 2 programme leads and Project Managers.
PSD 2 will allow any external financial services provider to connect the banks systems, thus the online payments and account information services market will open for new entrants, ending the banking sector decades-long exclusive monopoly over its customers’ payment account data and payments transactions. The aim of PSD 2 is to increase EU-wide competition by fostering innovation through opening of the banking market for the so far largely unregulated third-party providers (TPPs) like FinTechs. Key element of the new regulation is that banks will be forced to open their platforms via so called APIs (Application Programming Interfaces) to enable TPPs access to previously privileged account data and to enable TPPs initiate payments on behalf of the customer.