At NextGen Nordics 2024 in Stockholm, moderator Debi Bell Hoskings hosted an interactive panel session on new regulation on data and privacy, asking for input from the audience.
Speakers Agnija Gailane, product manager for open banking platforms at Nordea, and Piers Marais, global head of product of embedded cross-border solutions at Visa, spoke in the session titled: ‘Data privacy and Consumer Duty - how to improve open banking with API integration’.
Both panellists agreed that PSD3 would be a gamechanger, contrary to the audience, though they also noted reasons why PSD3 would not be considered such, due to its role essentially as augmenting the impact of PSD2. Marais emphasised how PSD3 will extend open banking and non-bank access across payment schemes which are important for the future. Gailane stated that PSD3 will bridge the gaps between PSD2 and Open Finance, but is a gamechanger because it will enable data to be shared between entities.
Marais noted: “With PSD3, the initial execution dates are looking to be the end of 2025, potentially 2026. We're talking about the next decade of evolution. I think certainly when we put ourselves in that historical context, and start to think about what this landscape could look like, from an open banking to an open finance, potentially even to an open data journey; perhaps it is a game changer.”
Marais said there is likely more conversation around data nowadays as younger people are more aware their ownership over their data. He detailed that the narrative has changed in the last 5-10 years and will continue to change, with a heightened focus on innovative ways to segment data.
The audience was questioned on if they see Open Finance as an opportunity or a threat (or nothing at all), and Marais says he sees it as an opportunity, especially from a customer perspective as it will provide consumers with more transparency in regards to who is viewing their data, and how they can stay alerted about how their data is being handled and managed.
Gailane agreed that Open Finance is an opportunity: “Open Finance is not just the APIs and information exchange, it's actually the whole operating model, not only for banks, but also for fintechs. It contains all the maintenance, the monitoring support, and communications, and more. We see how fintechs have built all their business models like aggregators based on PSD2, so we have spent a lot of money to build this whole ecosystem management infrastructure. Now we know how to do things, what it is; we don't need to guess how to communicate and recognise each other. Now, with full speed, we can look into what we can offer customers.”
She highlighted that Open Finance is most definitely an opportunity as it encompasses the entire ecosystem and leads to further understanding, innovation, and collaboration.
The panellists concluded on the impactful changes of PSD3 and PSR. Marais stated PSR will lead to a reduction in variants in interoperability and standardisation, and PSD3 will be a gamechanger for non-bank access in payment schemes and open up the competitive landscape.
How will regulation of future technology be implemented?
Payments experts joined together to discuss regulatory efforts to rein in risk and cyberthreats in the panel session ‘Risk and resilience - can we truly regulate the technology of the future?‘. Reporter Debi Bell Hoskings moderated the session including speakers Krister Billing, market infrastructures and regulatory affairs at SEB, and Marcus Molleskov, chief risk and compliance officer at Januar.
Billing noted the regulation overflow, and Molleskov agreed that there will be a massive amount of regulation incoming in the next few years that will be difficult to sift through. When asked about the possibility of using AI models to support with compliance, Billing expressed excitement in the potential of AI, but emphasised that there are limits to its implementation in traditional banking structures due to data privacy and security concerns, that there are many complexities to migrate in the AI space. Molleskov pointed out that utilising AI models and third party providers with AI built-in could make managing data regulations more efficient.
When questioned on if regulation bolsters or hinders innovation, Molleskov stated that he believes regulation hinders innovation more so than fostering it. Billing is more on the fence, saying that is a bit of both, that regulation enables innovation more than fosters it:
“I think fostering innovation as a notion is quite provocative. It's not the regulator's role to foster innovation. Internally, if you want to be very innovative, you cannot say, that on Fridays, you're going to innovate! It's not how we do things in in banks these days. It's more about creating a good framework to facilitate the groundwork for free innovation in the industry.”
Molleskov said that everything can be regulated, but regulation should be reactive rather than proactive – and that should be the mindset with biometrics.
Billing explained how regulators also have intentions which are reflected in the regulation that is pushed out, pointing out the differences between Europe and the US:
“The US and Europe have taken different approaches, in the AI race for example, I think we've lost the race on the infrastructure side. We are left with an opportunity to innovate with what we have, but we should recognise that the regulators have different motives. Sometimes the motives are driving different objectives, which could be at odds with each other. Some of the EU-driven initiatives are trying to fend off Big Tech from the US. We've seen through the flurry of digital legislation; the DATA Act, the Digital Services Act, Market Acts, but horizontal new legislation aims partially to fend off the threat from Big Tech. That is more geopolitical and so has different financial dimensions.”
Speaking on how regulation is rolled out in different industries, Molleskov stated that crypto is not regulated at the same level as banking, “I'm very much lobbying for harder regulation and more accountability on Big Tech for fraud because one of the main complaints I hear from banks as to why they don't want to have anything to do with crypto is the fraud risk and AML risk.
Recently, Revolut published a report that says that two-thirds of their fraud detections originate from ads on Meta platforms, and yet it’s the banks and financial institutions that are subject to regulation.”
Looking to positive aspects of the industry for concluding statements, Billing pointed to the collaborative aspect of regulation with authorities and other industries that strengthen resilience, and Molleskov expressed optimism on the new AML regulations in the upcoming MiCA regulation that will impact the crypto space.