XS2A: Three bankers walk into the PSD2 lift …

XS2A Strategie Board

The PSD2 regulation comes like a thunderbolt! And with the regulation, end customers get sovereignty over their own bank data. For banks this means they will be obliged to free bank data from the bunker – the so-called Access to Account (XS2A) for payment accounts is striking like lightning. This gives customers the right, for the first time, to share their data with anyone who wants to use it. Banks have to manage the release of data to the outside. They have to open the gate technically. A common technical standard for this? Not a chance!

Giving up data? It is understandable that resistance is the first reaction of many on the banks’ side. The situation could be described as follows:

When the Chief Financial Officer (CFO), the Chief Technology Officer (CTO) and Chief Risk Officer (CRO) of a bank walk into the elevator of a Frankfurt-based banking tower, the entertainment in the context of XS2A could go a bit like this:

The CFO opens the round

“We’re supposed to open up our infrastructure and provide other companies with data from our customers? So we’re gonna be paying for other providers to access our data soon? We gotta figure out how we can stop this. Maybe we could find a way to use regulation to drive our sales rather than costs.”

The CTO chimes in…

… and asks for an increase in the IT department in order to cope with the new openness in accordance with regulation. Meanwhile, his thoughts revolve around the question of the extent to which the inviolable legacy systems are actually affected by the whole, and he is inwardly confronted with many meetings with the data protection and security officer. Meanwhile, on the last meters of the elevator ride…


“We have to be careful that we don’t carry all the security risk coming with XS2A! We certainly need a whole team that does nothing but minimize fraud risk.”

Everyone leaves the lift with the oppressive feeling that they’re about to lose control. Gray hair doesn’t grow overnight. But rather well afterwards in long hours in the office and in the countless meetings on the topic which will inevitably follow the conversation.

The reactions of CFO, CTO and CRO are understandable – because challenges are real and solutions have to be found.

The two strategies for XS2A

Even if the situation seems uncomfortable for banks, smart banks can benefit from the forced opening up of their data. To simply conform or truly open up? The banks have two basic strategic directions which they can consider.

1) The conformity strategy

The conformity strategy means deciding to incorporate the regulation as lean, resource-conserving, secure and with as little effort as possible. In order to comply with regulation, the interface must be designed to ensure these central functions:

  1. Active control management, which enables the control and full monitoring of access by new regulated third parties.
  2. Secure login and a secure, legally-compliant and economical storage of data.
  3. Functional end-user management that also ensures data privacy of the user.
  4. Account information service and payment service.

In short, the interface must be largely manageable for end users as well as for external third parties in order to meet PSD2. For this purpose, a modern API platform is available, which as a sort of switching center provides full technical control and transparency of data flow including safe access.

2) The Opening-up Strategy

This option is a truly strategic reorientation and gaining popularity. Some banks are already blazing trails and exploring the prospect of opening up opportunities.

Here, the bank more deliberately opens itself to third parties and establishes a bank app store around itself consisting of services from third parties for its customers.

As a partner to its customers, the bank becomes the center for these new services. The bank can decide and control which services it actively supports and the added value it provides to its customers. Models of this can be seen in other industries such as e-commerce (eBay), IT solutions (Salesforce) or social media (Twitter). Ideal business models can also work in the online age. Salesforce, the popular CRM solution, for example, estimates 3.7 times more sales via the ecosystem than from the core product. Following such a model, banks can also establish new business models.

The technical heart of such a strategy is also an API which allows full control and, in addition, billing of third parties. At the same time, an API is attractive to third parties because it can be integrated cost-effectively into the customer’s own services within a very short time. For example, a number of developers can link the figo Banking API within one day. At the heart of the strategy is the monetisation of the data. With a billing engine, data flow beyond the PSD2 scope can be settled with the third party. To this end, the bank offers the third party more better-quality data for which there is a willingness to pay on the market. And it’s secure. Today, there is already a market demand for both refined and raw bank data with the consent of the end users. And the API platform takes care of the technical processing.

API platform – the core of both strategies

Speaking of the API platform – a technology that has many answers to pressing questions – it can translate as a technical heart between different systems and languages ​​and thus deliver a uniform output without having to change the legacy of a bank. In addition, an API platform can be managed at all levels with maximum transparency at both the third and end-user level. An API is the technique the PSD2 calls for.

On the bank side you can be breathe easy again and in the elevator you can talk about more pleasant topics.

For example, how the opening towards third parties can be further conceived. A business model for monetising the opening up with a technology that allows that. And this would appeal not just to the CFO.

This article was first published in German language in IT-Finanzmagazin.



figo makes financial data from thousands of European financial sources easy and secure to use for your digital services – learn more about our products.

Find out more about figo and the team behind it here.

Let’s talk!