Thanks to PSD2 (and the Competition and Markets Authority) we now have open banking. Third parties can have access to bank customer data — with customer consent, obviously — and there’s nothing that banks do about it. Who will benefit from this? We have long advised our clients that the competition to incumbent financial services providers will not be fintechs. I wrote back in 2016 that the major beneficiaries of the regulators pressure to open up the banks will be the internet giants who already have the customer relationships. Of course, when I said it, no-one listened. But when the woman at the top of Europe’s second biggest bank weighed in, people began to sit up and pay attention: Ana Botín, executive chairman of Santander, told the Financial Times that the EU’s Second Payments Services Directive “needs to be reviewed for the digital age. The theory is good but it needs to be fair — at the moment it’s not symmetrical.”
Now, Ms. Botin is not the only one who thinks this asymmetry may not deliver the best outcomes. Deutsche Bank Research recently published a report that went into detail about the dynamics of the new marketplace. They say unequivocally that
Competition will hence be distorted. With the entry into force of all accompanying guidelines and the regulatory technical standards, banks will be subject to the operationalised PSD 2, obliging them to provide customer data to all licensed competitors, in digital form and free-of-charge. BigTechs, on the other hand, have to observe the GDPR only and will de facto retain economic sovereignty over the personal data of their customers.
This reinforces Ana’s (and my) point that by creating asymmetry, regulators may well have created the conditions to replace an uncompetitive oligarchy (as they see it) of banks with an uncontrollable oligarchy of internet giants. An Accenture report on the topic from last year noted (accurately, in my opinion) that “trusted social media companies (Facebook, Twitter, LinkedIn) and tech companies (Google, Apple) will capture a significant slice of the [AISP/PISP] market”.
This is not, as I noted in that 2016 piece, hypothetical. I gave the example of UK insurer Admiral, which created a scheme to allow people with limited credit histories access to insurance products using social media data. The idea was that if people were willing to grant Admiral access to this data they could perform a form of social identification and verification with an element of personality checking to identify people with traits conducive to good driving. It didn’t last. Facebook blocked Admiral from getting access to the data.
In her FT piece, Ms. Botin suggested that organisations holding the accounts of more than (for example) 50,000 people ought to be subject to some regulation to give API access to the consumer data and it seems to me that this might kill two birds with one stone: it would make it easier for competitors to the internet giants to emerge and might lead to a creative rebalancing of the relationship between the financial sector and the internet sector.
This points us towards a regulatory response to the need to create a level playing field: let us put in place a set of reciprocal rights and responsibilities. My old friend Simon Lelieveldt, who I always listen to on these matters, also suggests this as the way forward. He says that if the European Commission wants a “balanced” market with effective competition then it should “redress the design errors in the PSD-2 and allow banks to ask fees and allow them reciprocal access to the customer data”. I think this gives us a sensible outline manifesto for the next generation of PSD2/GDPR and such like: open, transparent and non-discriminatory pricing for API access to customer data (with the customer’s consent) irrespective of the nature of the organisation: bank, media, telecoms whatever.
Opening Up
Having discussed this idea with a few people, I’ve begun to think that is a more important, and far more wide-ranging, approach to competition in the new economy than I had originally thought. This thinking goes back to when I had the honour of chairing Scott Galloway, author of “The Four” (a book about the power of Google, Apple, Facebook and Amazon), at the KnowID conference in Washington. Scott is Scott makes a convincing case for government regulation of these global businesses.
With Scott Galloway at KnowID
Just as the government had to step in with anti-trust acts of the early 20th century in recognition of the fascist nature of monopoly capitalism, so Scott argues that they will have to step in a century on and, again, not to subvert capitalism but to save it. His argument centres on the breaking up of the internet giants, but I wonder if the issue of APIs might provide an alternative and eminently practical way forward? I am not the only person who thinks so.
“That could happen to Google or Facebook. At some point regulations could come out to make the data a shared resource that all companies could use… They might not go completely out of business, but might not be in the same pole position as they are today.”
From “Apple, Google, Facebook, Amazon, Microsoft: Which Tech Giant Will Fall First?”.
In the new economy, where data is the new oil and personal data is the new toxic waste, access to data is the resource that falls prey to monopoly. It is hard for a competitor social network to compete with Facebook because Facebook already has all my pictures. Sure, I can export my Facebook data and then set about re-uploading it somewhere else, but that’s a pretty significant barrier to competition, even though it’s my data.
Snippings 