We are all about financial IT solutions that are both reliable and accelerate your growth. We do the hard work so you could focus on things that matter most – making best decisions on customer service without thinking about technologies.
Since 1990, we are advancing technologies to meet the future of finance services together with our clients. Our IT solutions and services offer you a hands-free approach: from complex banking systems to simple payments – we have you covered.
Announced with fanfare, awaited with great expectations, and “live” for about a year now, Europe’s open banking initiative is a flop. And it will continue to fizzle unless some basic changes are made, says Andrej Zujev, the founder of Forbis Group, a Lithuania-based pioneer in IT solutions for the finance industry. He calls for an open debate in the EU on a viable way forward.
The European Union’s second Payment Services Directive (PSD2) was meant to eliminate banks’ monopoly on their customers’ data. That move to “open banking” had to spark a revolution in financial services. It would put smaller, innovative third-party providers (TPPs) of payment initiation and other services on equal footing with the banks, electronic money institutions (EMIs) and so on, with those that actually hold people’s and companies’ money in accounts.
More competition would bring customers better services and terms. The related technical solutions would make payments more transparent and more secure – by doing away with “screen scraping”, for example, where users have to give their banking username and password to a third party.
“The idea, which was trumpeted loudly, sounded very ambitious and very good,” says Anton Zujev. The Forbis Group, which Mr. Zujev leads, has been making IT platforms for international banking for three decades. It also operates an EMI – Contomobile. The promise of open banking was that TPPs like Contomobile could integrate with any bank in Europe to handle payments for, say, a sporting goods e-shop in Lithuania, which could thus sell to, and get payments from, buyers anywhere in the EU.
The problem is - it doesn’t work.
“In developing all of our systems to work with the open banking rules, we’ve run into the fact that it’s a lot of noise about nothing. It’s poorly prepared and incomplete. It’s absurd. I’m convinced the EU’s open banking project has zero future if key changes are not made,” Mr. Zujev says.
The start date for open banking in the EU – when account-holding institutions had to open up account data to any TPP authorised by the customer with an application programming interface, or API – was 14 September 2019. The big day was rather quiet, Contomobile’s director, Jelena Michailova, recalls. Despite a year of intense preparations and testing, almost nobody was ready to conduct real transactions at that point. It took several more months to see significant activity.
Prior to PSD2, third parties could agree with individual banks on access to make payment services possible. Open banking was supposed to make that case-by-case effort unneeded by standardising and unifying access to account information across the EU. It has not done that though.
“Instead of strict universal rules for the interface, testing and security, we got specifications that are more at the level of recommendations, with optional aspects, where each actor ultimately interprets and implements things its own way,” Michailova says. Open banking APIs today show regional and country-specific differences, and also different specifics for each and every single institution.
Since each API is different, integration with every account-holding institution is still a separate project for TPPs. “You have to knock on every door, get let in and do testing,” Contomobile’s director says. Each integration typically takes about 10 business days and has its costs. And each one them has to be maintained and updated when banks make changes, often twice a year or more.
No business sense
It’s not easy for a small market player. To handle payments all over Europe for an online store – a clear-cut open banking task for a company like Contomobile would have to integrate with several thousand banks. Mr. Zujev estimates the effort would cost a total of between 50 and 100 million euros.
“No chance. Full integration makes no business sense. Nobody is going to put in the money to implement this directive globally throughout Europe,” Forbis’s founder stresses.
Third-party providers are proving picky about who they integrate with, viewing each institution as an investment that needs to ensure enough potential customers. Electronic money institutions and other non-bank account-holder institutions generally are not on their radar. Especially since most of the customers they do have also have an account at one of the major banks. Michailova cites cases of EMIs being asked by third parties to pay for an integration if they want it.
“We want to shout to Europe that what you’re calling ‘open banking’ is fake news, it’s a soap bubble. And it has no future. It turns out - the open banking in the EU is a project for two, three, four, maybe 10 banks, and doesn’t have anything to do with a common European payment system,” Zujev says.
Call for changes
Serious talk on how to revive the EU’s open banking project is needed, Mr. Zujev stresses. Forbis itself has two specific proposals for improving how standards and access are managed.
One is to introduce an ISO standard for open banking in the EU – a strict, universal specification: “Just like with SEPA notifications – they have ISO standard 20022 and everything is clear. You do the work once and know it will always work. It should be the same for open banking.”
The other, admittedly ambitious, proposal is to give every open banking participant a single point of entry. “A TPP would connect to its central bank or SEPA payment system provider and be able to access all Europe’s banks. Easy and clear. That would be a real open banking revolution,” Zujev says.
“This is a key moment,” he adds. “We can either let the EU’s open banking project fail, or turn it into a success for the European economy and the global financial services industry.”
The last decade has seen a gradual shift from private, in-house data centers to SaaS (software as a service)–a cloud-based IT infrastructure that offers software system access using a subscription model. This approach allows businesses to reach a variety of software programs through a browser without setting everything up on company hardware.
The interest in SaaS is also related to the risks associated with poorly designed and maintained data centers. A recent rainfall incident in Lithuania only confirmed such fears: a burst water pipe flooded the State Enterprise Centre of Registers (SECR) servers and eventually brought multiple businesses to an indefinite halt.
Anton Zujev, the Head of Business Development and Sales at Fininbox, argues that cloud-based solutions should play a greater role when providing essential services, “SaaS allows our customers, who are licensed financial institutions, to focus greatly on their business while trusting the infrastructure and software maintenance to experts. In a digital society where more and more people are relying on contactless and online services, there is little benefit or advantage to managing critical IT systems and hardware in-house. The consequences of a system failure in the finance or healthcare industries can be too dire and not understanding risks in IT can be even worse.”
Fininbox provides a comprehensive and “off-the-shelf” banking SaaS which has proven to be more popular with fintechs in Lithuania and other EU countries. Assisting with software, IT infrastructure, support and development, as well as ensuring smooth operations, according to Mr Zujev, “helps our clients save time and money when it comes to setting up.”
SaaS companies themselves require reliable data center partners who are capable of hosting the servers that power their applications. Credibility is achieved through carefully designing the data centers and guaranteeing regular maintenance.
“Everything is very important in order to ensure high availability services – from assessment of the environment when designing data center to crash tests during the certification, when systems are tested at maximum loads before the critical infrastructure is installed,” said Modestas Ancius, CEO at Baltneta, a cloud computing services and data transmission provider, and Fininbox’s partner since 2014. “For us, it is equally vital to run disaster recovery procedures’ tests to imitate possible emergencies and see how the system responds. The process of risk assessment is truly an ongoing one, as is our effort in training and preserving the most competent employees.”
Ensuring maximum security through adopting industry standards is also essential. This, together with the tests carried out during certification, warrants a continuing functioning even in the face of emergencies or regular check-ups.
“We have the ISO 27000 information security standard and are certified with an Uptime Institute Tier 3 Facility credential. To prevent any sort of disturbance for the next 20-25 years, we built the data center from scratch. Even the seemingly insignificant details can sometimes have a negative influence, so paying extra attention when identifying any possible risks and swiftly eliminating them is super important,” said Mr Ancius.