The Netherlands’ implementation of the Payment Services Directive 2 (PSD2), which enables what is known as open banking, was delayed by regulatory issues and a lack of consumer confidence.
The delay is, to a large extent, due to the difficulty for banks, the Data Protection Authority and other stakeholders to agree on important aspects of the roll-out. There were particular concerns around data protection and the conflicting priorities of the PSD2 on the one hand and the General Data Protection Regulation (GDPR) on the other.
Open banking, which was introduced by the Dutch government a year ago, enables third-party financial services suppliers access to customer data – if the customer agrees – through application programming interfaces (APIs).
Jeroen van der Kroft, associate partner of EY Financial Services Advisory, said: “Our survey, the Open Banking Index, shows that only 18% of Dutch people are willing to share their own transaction data with other parties.”
Van der Kroft compared the Netherlands’ position to that of the UK, where open banking is more advanced with legislation separate from PSD2, the Competition and Markets Authority’s open banking rules.
He said that in the UK, the scope of open banking is much broader than in continental Europe and therefore the Netherlands, where only payment data is involved. “In the UK, the scope of open banking includes the total financial picture of the consumer, including, for example, savings accounts and credit cards,” he added.
Gijs Boudewijn, deputy general manager of the Dutch Payments Association, said that in countries where the payment system is not yet as innovative and well-organised as in the Netherlands, much greater benefits from PSD2 are possible. “We have iDeal, an online payment service that other countries are not familiar with,” he said.
IDeal is an e-commerce payment system based on online banking. Introduced in 2005, it allows customers to buy over the internet using direct online transfers from their own bank account. It is by far the most popular method for online payments in the Netherlands.
“Making innovations in a country where millions of people have become accustomed to iDeal and Tikkie is not as easy as in countries where payment systems are not as modern,” said Boudewijn. Tikkie is an app that allows friends to quickly repay small advances to each other. It has won more than three million users – about 20% of the Dutch population – in just two years.
Read more about PSD2 and open banking
- It seems that the Dutch government made such a good job of promoting GDPR that people have become incredibly wary of allowing their banks to share some of their data.
- BNP Paribas Fortis is integrating consumer financial management software fintech firm Tink into its mobile banking apps as part of its plan to meet and benefit from the EU’s Payment Services Directive 2 (PSD2).
- Artificial intelligence technology could help banks retain the important link with customers when open banking arrives in Europe early next year.
It was only last February that PSD2 was included in Dutch legislation. This explains why, as yet, there are few providers of new services that make use of Dutch citizens’ transaction data. Tobias Oudejans, spokesman for De Nederlandsche Bank (DNB), the Netherlands’ central bank, said: “We have already granted one licence, to investment company Peaks, and more applications for licences are being processed.”
EY’s Van der Kroft said the expectation is that this time next year, there will be about 350 fintechs with a European passport that can offer services in the Dutch market with an EU licence.
At the moment, Dutch banks are busy testing and making the required APIs available to third parties, and these user interfaces should go live by mid-September. Several new service providers are then expected to bring their services to the market.
Concerns about privacy and security
Despite, or perhaps because of, their intensive use of digital products, Dutch consumers are reluctant to accept certain aspects of open banking, according to EY’s research into consumer sentiment. It seems the Dutch are particularly concerned about what PSD2 means to them in terms of data protection. They are also concerned about cyber security and are sceptical about the need for, and benefits of, having control and choice.
These concerns about privacy and security have been reinforced by recent reports in the Dutch media, and the indecision of the country’s legislators in dealing with data protection issues has not helped either. Van der Kroft said: “In the Netherlands, we have been saying for 15 years that people should be careful with their personal data and that they shouldn't just share it with everyone.”
The government’s campaign for the introduction of the GDPR has also made the Dutch population aware of the dangers of sharing personal data, he said.
“And now we have to re-educate customers to say that third parties must be given access to our payment data,” said Van der Kroft. “That is a challenge.”
Referring to Sweden, which is at the forefront of PSD2-type services in Europe, he added: “People there were already used to sharing a lot of data, for example through screen scraping. But the Dutch appear to be more suspicious when it comes to sharing banking data.”
Heavy requirements for PSD2 licences
Boudewijn said he suspects that many Dutch consumers do not yet fully understand the scope and possibilities of PSD2. “We shouldn’t think that everyone can just plug into your payment environment at a bank,” he said. “There are quite heavy demands on the licensing process. And, as of September this year, there will be additional requirements for strong client authentication and secure communication to the consumer.”
Oudejans confirmed this, saying: “The government has decided that the Data Protection Authority will supervise the privacy part of the PSD2, because that is its expertise. We at the DNB grant licences to organisations that wish to make use of the PSD2 and use the requirements that we also apply to regular payment institutions.”
Dutch consumers have shown a willingness to share information if it brings a worthwhile benefit. The use of social media in the Netherlands is high, and many innovative financial services apps have been developed, such as Tikkie. Oudejans said it will probably be such a “killer app”, which can make optimal use of the PSD2, that will convince the Dutch of the advantages of open banking – and such a killer app does not necessarily have to come from a third party.
“This new directive also gives banks the opportunity to innovate further,” he said. “Our market is very competitive, but many other European countries have not got that far yet.”
Waiting for September
For the time being, it seems like the Netherlands is waiting for mid-September, when the APIs go live. “We can speak of customer scepticism in the Netherlands, but in fact there is no offer of PSD2 services here at all yet, so we can’t really say anything about the adoption rate of the Dutch,” said Boudewijn.
Van der Kroft said that when people see that a certain service actually helps them to make more informed financial decisions or saves them money, they will be more willing to share their transactional data. “Suppose an organisation has insight into your bank account and can offer you a loan at 4% interest at the moment you go overdrawn, you can easily save a lot of money, because being overdrawn at the bank might cost you 14% interest,” he said.
Van der Kroft expects it will take some time before a broad range of PSD2 services is widely adopted in the Netherlands. “Of course, it also takes a while to develop propositions,” he said. “Look at the UK, where 85 parties have a PSD2 licence, but only one-third of them actually offer services.”
He is confident that, in a few years’ time, the Dutch will no longer be worrying about sharing their transactional data. “People need to build up trust,” he said. “They were also terrified of the internet and the debit card in the beginning, but nowadays you can’t live without it. I expect our children to stop thinking about it and to reap the rewards of the possibilities that insight into personal data can offer.”