Regulation creates opportunities
AML4, PSD2, eIDAS and GDPR. The deadlines for implementing these new EU directives and regulations are fast approaching. Banks, financial institutions and other businesses dealing with personal data are rushing to do what is required to be compliant with the new regulations.
On the other hand, some banks are starting to see that new regulations also creates new opportunities. Take for instance PSD2: It is true that it requires banks to give access to account data to third parties that may be potential competitors. But it also creates an opportunity for banks to leverage their relations to their end customers by offering Strong Customer Authentication (SCA) to third parties.
Banks are uniquely positioned to do this. In some regions, like the Nordics, the infrastructure is already in place. In other regions where this is yet not the case, the banks are in the best position to provide SCA based on identity data they already hold about their customers.
Access to strong eID would be of great value to the fintechs and challengers trying to establish themselves in the market. By offering access to third parties, banks would accomplish two things: Creating a market for value-added services on top of the basic services required by PSD2 and strengthening the relations to the end-customer using the strong eID from the bank to access other services. It could also be used as part of an attractive value proposal to corporate customers of the bank.
Banks cooperating to provide strong eIDs to third parties
The concept of banks cooperating to provide strong eID to third parties is older than the new wave of regulation. It started in the Nordics with BankID and similar initiatives more than 10 years ago. The banks saw that they could profit from selling access to their strong eID to third parties. By making their eID interoperable between banks (as in a federation), they could also increase the frequency of use of the eID, thus creating stronger bonds to the end customer.
What happened in the Nordics in the bank industry is now expanding to other regions and other verticals. Cross-industry schemes and federations for eID are being established by banks, telecommunications companies and others who want to exploit the network effect of providing electronic identity across industries and businesses.
One such example is the partnership between Dutch banks to establish a federation of electronic identity, called iDIN. Another is the MyBank initiative by the EBA. A third is GSMA Mobile Connect, which is driven by the Telco industry.
The common denominator of these initiatives is that they connect existing electronic identity together in federations. Thus, a customer of a Dutch bank can use his online banking login to establish a customer relationship with an ecommerce retailer or a fintech providing account aggregation services.
Initiatives like the Dutch iDIN and MyBank has the potential for rapid deployment of Strong Customer Authentication. They build on existing electronic identity that already is in frequent use for Internet banking, sidestepping the need for costly and time-consuming deployment of new electronic identity.
Now is the time to act
In 2014 Consult Hyperion’s David Birch published the book “Identity is the new money”. That was before PSD2, eIDAS and GDPR. Now, with the effect of the new EU regulations, the title of the book is probably more true than ever.
Signicat has been aware of the opportunities related to new regulations for some time, and we started to expand our cloud based range of services for strong electronic trust outside of the Nordic region two years ago.
PSD2 and other regulations are not only about compliance. They provide opportunities for banks and fintechs to position themselves as being more innovative and forward thinking than the competitors. The ability to provide strong identification and authentication of customers will be a key factor for success.
Signicat is a pioneer in this field with 10 years of experience and over 250 banks, fintechs, insurance companies and government agencies using our online services for strong eID and eSignature. This gives us a unique position to help European banks to explore the opportunities related to PSD2 and other European regulations.
by Gunnar Nordseth