eIDAS, AML5 and PSD
Over the last few years, many new regulations and guidelines have come into force in Europe such as; GDPR, eIDAS, AML5, PSD2 and MiFID II. What they entail for the financial institutions, challengers to (FAANGS & Fintechs) and all their customers will significantly shape the European markets and how business is conducted across the region for many years to come.
The EU and subsequently the Euro, had created a single market that allowed business entities to coordinate their interests. But all of those businesses and transactions were not technologically and legally streamlined enough as they were hindered by the various bureaucratic systems and rules that govern each jurisdiction and sector in different countries. The physical infrastructure was there (EU) but the digital and legal aspects were not. eIDAS, AML5 and PSD2 is the legal and technological framework for that future seamless digital infrastructure.
eIDAS (electronic IDentification, Authentication and trust Services) is the name of the system in place to create faster and more secure payments across the industry that will have a major affect on the average consumers behaviour in relation to not just financial products but also everyday items such as gadgets, groceries and cosmetics.
But the two most recent guidelines, eIDAS and AML5 (5th Anti-Money Laundering Directive) have great bearing on the information that is to be freely available to be distributed to any third party in relation to the PSD2 (Revised Payment Service Directive) directive that forces banks to provide third party payment providers (FAANGS; Facebook, Apple, Amazon, Netflix, Google, Spotify) access to their customers’ account information through the banks’ APIs (Application Program Interface). This will allow technology firms to make P2P payments and transfers (Revolut), analyze spending habits (Mint and acorns), all whilst a customers money sits safely in their bank account.
The PSD2 directive means that the banking industry will no longer be competing internally with each other but against every technology company that has the ability to create a payments channel, of which the FAANGS have recently been doing, notable examples being Facebook’s recent announcement to offer Whatsapp-based cryptocurrency stable-coin P2P transfers, Google Pay to offer ‘digital gold’ and Apple Pay’s jump into at least seven European countries, with one of Apple’s partnerships being the challenger bank N26.
These changes come at a time when the banking industry has also been making its own shifts in technology, most distinctively to cloud solutions off of decades-old slow legacy systems. But now also, with these most recent regulatory and e-trust requirements and subsequent potential repercussions for not being agile enough, has cumulated in Financial Institutions experimenting with their APIs by collaborating, partnering with or simply aquiring fintechs (such as Blackrock’s most recent move for eFront), putting emphasis on customer centricity as well as opening numerous innovation, accelerator and incubator labs and programs (take Standard Chartered’s VC Fintech Bridge).
But the ramifications of PSD2 alone are not able to quickly-enough facilitate the kind of structural shifts to a unified digital European market that challenger banks such as Monzo, Revolut and N26 would want to be able to take advantage of. That is currently provided by the newly established DTM (Digital Single Market) which the eIDAS signatures and AML5’s validity for e-trust makes real. That regulation “enables video identification for formal remote customer identification in any member state.” The AML5 directive offers the underpinning acceptance of this new identification process legally valid.
The eIDAS is a critical tool for banks and financial service companies to get express consent in line with the PSD2 regulation. The electronic signatures not only make it possible to be created through any device or channel (opening up an omni-channel payment ecosystem), but due to the typical structure of the technology, offer strengthened legal and physical security that cannot be repudiated. An example would be a customer simply showing their face to their phone to pay for a concert, taxi or e-commerce website. This cements physical security in our digital world as it combines the inherent possession of the phone and the financial application on it, with something the customer themselves are, such as their facial biometrics.
This technology, practically monopolized and patented by eID, a software manufacturer and qualified European etrust services provider (QeTSP), that also has patents and leads in the fields of; video identification, KYC Gateway, electronic signatures and facial biometrics authentication, will change consumer behaviours for the 508 million people in the single market. Because the PSD2 regulation does not only make consumer information more widely circulated amongst trusted parties, it introduces the concept and requirement of Strong Customer Authentication (SCA); combining something you know (such as a password), with something you have (like cellphones), with something you are (biometrics).
There are also different e-signatures that eIDAS requires for different purchases and receiving parties; the simple e-Signature, Advanced e-Signature and the Qualified e-Signature. Simple e-Signatures are highly recommendable for low-risk transactions; like car insurance policies, and require only basic information by the signer such as an email or phone number, but the eIDAS also introduces for the first time the double signature for any device or channel and is thus very user friendly. The Advanced e-Signature is also valid for any low risk transaction; but can be executed through OTPs (One Time Passwords), a graph on a device or with facial biometrics in a multi-factor authorization, and is taken from public infrastructure and the natural persons’ electronic signatures. Qualified e-Signatures is more advanced as it is certified by the regulatory body in each country. This signature offers an extra reassurance, a guarantee of being recognized automatically in any EU member state and is the only equivalent to a recognized written signature by governments and their public administrators.
Although this ease of transactions and data across third-parties might make some bankers nervous, these processes will clearly lead to more efficiency, as instead of requiring a persons physical presence and their respective paper trail for big ticket purchases such as mortgages or pension plans, Advanced and Qualified signatures allow digitalization of those processes, cutting paper and manual labour costs out of the equation. This holistic risk-management and time effiencey and newly speeded trust processes allow firms to dedicate resources to other business lines. Additionally, it should also lead to more customer loyalty due to improved processes and a more convenient relationship of the customer with their financial institution (FI), so long as that FI moves fast enough to keep in step with the pace of technology and consumer behaviour changes. Examples of agile banks might be Danish Saxo Bank, that opened their API’s in September of 2015 and Capital One, that now enables affiliates to benefit through their APIs.
The opportunities for Fintechs at this juncture cannot be understated. By specializing in offering one or a handful of services and carefully choosing their partners with Financial Institutions and/or Big Tech companies, the open digital free European market is there for the niche-carving. And the demand for them is growing at a staggering pace, the last five years the amount of investments made into the Fintech sector has gone up by more than ten-fold, and is estimated to exceed £115 billion in the next three to five years.
The trajectory of the FAANGS and their influence on the entire planet and in consumers everyday lives due to the growth in high-technology use-cases that have seemingly become ever-more intrinsically linked to so many industries, could make one pause for thought for what that means to their empirical tangible and intangible daily impact across billions of people, and almost all economical sectors. An example of the agility and volume of resources that a member of Big Tech can throw at a sector could be in Amazon’s surprise acquisition of Whole Foods, that threw the retail grocery chain business in America into a panic, a panic that led to a drop in stock prices in some of Whole Food’s competitors during the period. With the FAANGS’ possibly seeking to sink their teeth into the European financial markets, judging by their recent moves, they might not want to be overtly aggressive with Financial Institutions hundreds of years old, many of which would have handled their IPO’s just decades ago.
Ultimately, the PSD2 directive that at once strengthens e-trust requirements and facilitates information dialogue between transaction providers, enabled via the eIDAS regulatory technology and requisitely binding under the AML5 law, will foster a truly singular financially-digital marketplace in Europe. A Europe where an omni-channel ecosystem can ‘create’ banks out of thin air, when a telecommunications company can offer a digital wallet, be newly called a ‘telcobank’ and automatically become a challenger to long-established FI’s and even market makers. The choice that all the competition, old, new and waiting in line arguably face now is how to utilize their tools together or against one another. But the choices and ease of them for the consumers, appear to be endless.