Modulr CEO: “Anyone who stands to benefit from faster, simpler and more secure payments will benefit from PSD2”

PaymentEye sat down with Modulr CEO Myles Stephenson to discover how PSD2 will shape the payments landscape for fintechs, and how consumers stand to benefit.

Strong research suggests that banks do not feel sufficiently ready for PSD2 coming into force at the beginning of next year. Is that your impression, and do you believe that fintechs are more prepared for this?

PSD2 opens up a new world where the bank and payment services used by business and consumers can be easily integrated into, even embedded in, the offerings of other providers. It’s a change which provides an enormous opportunity whatever your size, and I think the larger banks have embraced that this is coming and are very engaged in what this means for them.

However, it is fair to say that it has really galvanised the fintech sector, because it opens up new possibilities and generally levels the playing field for competition. We’re lucky in the UK to have a particularly vibrant fintech sector, and our investors alone (Blenheim Chalcot) have several businesses that are looking to take advantage of the new opportunities.

It’s actually going to be critical that the banks are ready too, as forming good partnerships will be as important to the success of PSD2 as the new products we are creating.

“I think it’s fair to say that PSD2 is going to be the start of quite a watershed for competition in financial services in the UK.”

To your mind how does PSD2 change the playing field for fintechs?

Taken together with other regulatory changes underway, the huge investment in fintechs and the general movement to Open Banking, I think it’s fair to say that PSD2 is going to be the start of quite a watershed for competition in financial services in the UK. In 10-15 years, we may well look back on it as being retail financial services’ equivalent of wholesale banking’s Big Bang.

The big change underway is how it gives more players access to account data and payment options that previously were only accessible via a bank. This opens up a whole range of possibilities for fintechs.

For example, the new AISP (Account Information Service Provider) model enables a much greater level of data aggregation, opening up opportunities for both companies that consolidate your data, but also new types of comparison businesses. And the PISP (Payment Initiation Service Provider) status allows companies to push payments, which could lead to new type of instant payment scheme.

There are probably more immediate and more obvious routes to value for an AISP, but the PISP route offers great potential too, not least to remove some of the friction of moving money between different banks and financial institutions.

An additional area of PSD2 that hasn’t had a great deal of attention is the aspects that support the PSR (Payment Services Regulator) in ensuring access and competition. This is potentially quite significant in levelling the playing field for new and emerging companies versus the incumbent banks. It’s not as straightforward as simply granting lots of rights, of course, as in many cases these have to be matched with new processes and safeguards. However, I do welcome what PSD2 will do to ensure that where there isn’t access for innovative, new players, this has to be highlighted and either explained or resolved.

Customers and businesses are purported to be the main beneficiaries of PSD2. Is this actually going to be the case, and if so how?

For all the technical side of PSD2, what is most exciting about PSD2 is that it opens up opportunities to make things easier for customers.

The reality is business or personal customers invariably use more than one financial institution, but today those are totally siloed. For example, if you are online looking at your account for one company, you can’t see information from another, and you certainly can’t initiate a payment from it. You have to go and login somewhere else. PSD2 opens up a world of more integrated services, where information and activities can be embedded and used more broadly. There’s potential there for enormous benefits.

The legislation doesn’t just provide new services though, it also ensures that consumers for a broader range of companies are properly safeguarded. Take Marketplaces, for example. There was a Commercial Agent exception in PSD1 that allowed for companies who take payment from one person and pass it onto another to be outside the regulation. With the huge growth in Marketplace type companies – everyone from Amazon to Uber – it’s right that this is now being brought inside.

Personally, I remain concerned that there are still some businesses out there that handle money who won’t be covered. It seems to me that with the opportunities for seamless connection that PSD2 provides, there really is no need for this grey area that is covered only by professional bodies. Payments are really complex these days, with changing technology, regulation, cybersecurity, and so on, and I really do therefore think companies handling money these days should either be properly regulated as financial firms, or should be outsourcing the activities to companies like ours that are.

For consumers, do you think there will be trust issues with third parties pulling funds directly from their bank accounts? If so, how should that third party combat the issue?

The European Union has the most stringent data protection laws in the world and the security element of PSD2 reflects this. Even so, experience shows that it takes time for consumers to build confidence in any new option, especially at the start. We’ve seen this with Chip and PIN, for example, and more recently Contactless. At the end of the day, they are entrusting a business with their money, and so they need to be sure it’s credible.

At Modulr, we’ve taken the step of becoming authorised and regulated by the FCA as an Electronic Money Institution (EMI). This not only extends what we can do as a business, it also gives customers the confidence that we comply with their stringent requirements around capital, safeguarding and reporting.

However, even then, customer trust still has to be earned. We have a highly experienced team, and have Bank grade security environment and practices, such as multi-factor authentication, session management, activity observation and penetration testing. We recognize that whilst customers may be attracted by a clever solution to their problem, they still absolutely won’t use it unless they can be 100% confident it is secure.

Do you see any issues with PSD2 that concern you? Is there a danger of too much regulation?

Whilst I very much welcome PSD2, there’s no doubt it also throws up some potential challenges for fintechs like Modulr.

One aspect is around the safeguarding regulation. The risks here go both ways. On the one hand, if the bar is set too high – and there are some who might argue for this – then the level of bureaucracy, capital, and so on becomes a real problem for smaller businesses.

For example, if we’re not careful, then businesses who don’t want to be payment institutions can end up getting pulled into the net and labelled as PISPs. We think this can actually be counterproductive. Payments these days is a complicated business, and it’s far safer to ensure that innovative companies who do use payments can instead just outsource the activity to experts like us, and in doing so, stay firmly outside the regime.

An interesting one is the use of the word ‘Banking’ and ‘Bank’ where there is talk of further legislation. Again, this makes lots of sense insofar as it avoids consumer confusion. But in the same way that it’s fine for a company to talk about partnerships with other firms without legally being an LLP, we have to be careful that we don’t end up ruling out the use of the word ‘banking’ in its entirety. I’d rather the rules were tight on saying what kind of institution you are, but leave room for plain English when it comes to describing your service.

Another challenging area is where various regulatory initiatives meet, where I think it’s fair to say there is room for both overlaps and gaps. Take for example the CMA (Competition and Markets Authority) which overlaps in some – but not all – aspects with PSD2. The danger here is that the Banks focus on the higher pressure they have from the CMA, and that aspects of PSD2 that sit outside of this get neglected. Plus, of course, not all Banks are covered by CMA, which means that the momentum created on those aspects by the nine large Banks might in fact act to prevent influence from the small ones, which is not the effect we were looking for at all.

The full interview with Myles will be published in Payments Revolution magazine later this month. Sign up to our newsletter to be updated with the release.

Related reading