What do last week's "unannounced inspections" tell us about Open Banking regulation after PSD2?

The European Commission last week carried out unannounced inspections in a few Member States concerning online access to bank account information by competing service providers. The Commission has concerns that the companies involved and/or the associations representing them may have engaged in anti-competitive practices in breach of EU antitrust rules that prohibit cartels and restrictive business practices and/or abuse of dominant market positions. These alleged anti-competitive practices are aimed at excluding non-bank owned providers of financial services by preventing them from gaining access to bank customers' account data, despite the fact that the respective customers have given their consent to such access. The Commission officials were accompanied by their counterparts from the relevant national competition authorities.

I posted the observations below in April 2016. I don't normally repost blog entries, but perhaps these observations are even more relevant now and it's useful to repost them.

If most EU banks don’t extract PSD2 data from each other, will anti-trust lawsuits follow?

It is a stated goal in the recitals of PSD2 to integrate payment services and improve trade in the EU. EU payment services are being redefined to include the new Payment Initiation Service Providers (PISPs) and Account Information Service Providers (AISPs).  Regulated Technical Standards will be set for PSD2 that secure and maintain fair competition among all payment service providers, while ensuring technology and business-model neutrality. This means that EU law makers anticipate a number of innovative and new business models to emerge that use the legal status and rights of PISPs and AISPs.

Anti-trust bodies are always very active when a structural change to a market causes a short-term threat to the revenue models of established incumbents. In 2001, some German banks were collectively fined 100m for colluding on FX commissions after the introduction of the single currency in 11 EU states in 1999.

A PISP or AISP is a Payment Service Provider that chooses to offer these services and has satisfied the regulatory hurdles to enter and stay in that market. All traditional banks are Credit Institutions but are also already designated PSPs. They are likely to be Account Servicing PSPs under PSD2. As existing PSPs, Account Servicing PSPs already have the capital, technology, risk controls and regulatory status to register to act as PISPs and/or AISPs.

Why would banks as existing Account Servicing PSPs have a competitive incentive to act as AISPs? Bank A and Bank B might want to compete to offer a loan to a customer of Bank A. As Bank A is the Account Servicing PSP, it currently has more general knowledge about the customer than Bank B. Both banks are PSPs. They can act as PISPs and AISPs. Acting as an AISP, Bank B can use Bank A’s PSD2 APIs to access the payment account data. The customer of Bank A must give permission. The general knowledge about the customer will be available for both banks. After PSD2, it will be less of an advantage to be the Account Servicing PSP. Customers will benefit from the increased competition. 

Banks have been competing with other banks for customers for a long time without having access (with customer consent) to payment account data at a competitor bank. They currently don’t have their market propositions, product contracts or technical infrastructure geared up for this new opportunity and threat. There must be some possibility that a very large number of EU banks do not start to compete on this basis when PSD2 becomes law in 2018. This could conceivably lead to a situation where these EU banks are accused of collectively trying to avoid competing in this more dynamic environment.

Articles 101 and 102 of the Treaty on the Functioning of the European Union prohibit anti-competitive conduct, if this conduct might affect trade between Member States of the EU

Article 101 prohibits five types of agreement between market participants. These prohibitions apply to banks acting as Account Servicing PSPs. They cannot

(a) directly or indirectly fix purchase or selling prices or any other trading conditions;

(b) limit or control production, markets, technical development, or investment;

(c) share markets or sources of supply;

(d) apply dissimilar conditions to equivalent transactions with other trading parties, thereby placing them at a competitive disadvantage;

(e) make the conclusion of contracts subject to acceptance by the other parties of supplementary obligations which, by their nature or according to commercial usage, have no connection with the subject of such contracts.

Obviously, these prohibitions apply to bilateral or multi-party agreements by banks. Multi-party agreements of these types cannot be formed by banks within their trade associations. Most significantly, these agreements cannot be reached in the form of “concerted practices which may affect trade between Member States and which have as their object or effect the prevention, restriction or distortion of competition within the internal market”.

If a very large number of EU banks don’t extract payments data from other banks to fuel increased competition, could they be accused of indirectly fixing selling prices? If shared access to consumers’ payment account data across all banks could sharply increase rivalry and reduce the average price of a Consumer Loan from 8% to 7%, could banks be accused of tacit collusion if many of them don’t move into this market environment?

The vast bulk of the payment account data held by EU consumers is currently housed inside existing Account Servicing PSPs. If the vast majority of Account Servicing PSPs don’t develop market propositions and products that seek to extract this data from competitor payment accounts, are they “limiting or controlling production, markets, technical development, or investment”?

If the vast majority of EU banks acting as Account Servicing PSPs continue to use only the payment account data that they capture from account opening and servicing (ignoring the opportunity to extract data from each other), are they sharing markets and sources of supply?

Article 102 of the Treaty on the Functioning of the European Union focuses on any abuse by one or more market participants of a dominant position. Such abuse may, in particular, consist in:

(a) directly or indirectly imposing unfair purchase or selling prices or other unfair trading conditions;

(b) limiting production, markets or technical development to the prejudice of consumers;

(c) applying dissimilar conditions to equivalent transactions with other trading parties, thereby placing them at a competitive disadvantage;

(d) making the conclusion of contracts subject to acceptance by the other parties of supplementary obligations which, by their nature or according to commercial usage, have no connection with the subject of such contracts.

Will Account Servicing PSPs with large regional market shares and healthy margins who decline to fuel more competitive rivalry by extracting PSD2 data be deemed to be in abusive market positions, thus “limiting production, markets or technical development to the prejudice of consumers “? 

EU Competition law does not prohibit a firm from having a dominant position; it only prohibits the abuse of that position. Generally, an Account Servicing PSP would be considered to be dominant if it can act without considering the actions of customers or rivals. If an Account Servicing PSP with a large market share sees rivals extracting its PSD2 payment account data but does not respond in the same fashion, it could be considered to be able to ignore the actions of rivals.

In crude conclusion, there may be very valid reasons for EU banks to proceed cautiously and carefully in implementing PSD2. Within banking trade associations, there will be sensible efforts to ensure that public confidence in existing payment and settlement processes (vital for healthy trade and economic growth) are not destabilised by PSD2 API implementations. It is a material operational challenge for Account Servicing PSPs to provide durable and scalable PSD2 APIs to service new market entrants acting as PISPs and AISPs. It would be a massive operational challenge for large-scale Account Servicing PSPs to instantly provide large amounts of payment account data to each other. It may seem operationally sensible for Account Servicing PSPs to focus initially on serving new market entrants with APIs rather than each other. However, collective practices can emerge for seemingly valid business reasons that could conceivably be in breach of anti-trust law because of their anti-competitive effect.