Customer Story

It has been two and a half years since the EU’s payments directive, PSD2, came into force. Increased usage and public presence of fintechs and early-mover Third Party Providers (TPPs) have raised the bar for banks to maintain compliant and user-friendly PSD2 interfaces. Once banks are able to stabilize and maintain regulatory PSD2 APIs for account information, payment initiation and balance check, they can move into monetizing APIs themselves. This way also established banks can claim their share of the growing open banking market. 

But before banks can start leveraging the opportunities of open banking, they need to address the challenges of compliance. In a nutshell, the main issues banks are facing when integrating PSD2 requirements into their system are:

  1. Inconsistencies between test and production environments
  2. Streamlined TPP registration flow
  3. Unified SCA flows for bank and TPP channels
  4. Single SCA flow requirement
  5. Streamlined consent flow for TPP services
  6. Allowing account number selection
  7. Point of sale equal treatment
  8. Standardizing the reauthentication period
  9. Preventing non-compliant behavior
  10. Maintaining service level for TPPs

Open banking enables, for instance, disbursements close to real time, instead of batch payments. This will increase banks’ flexibility and speed in serving business customers: they can match their business-to-business payment and account information services with online banking currently offered to consumers.

On the consumer banking side banks can capture value and increase customer loyalty through premium APIs. A sizeable part of this market can be captured by proactive and compliant banks. We also see increasing potential in corporate banking use cases. Increased volumes of B2B interfaces can provide banks significant new transaction volume and revenue when built on top of PSD2 compliant APIs rather than legacy technology and custom interfaces. 

Below is an example of how OP Financial Group’s Baltic corporate banking arm has become fully PSD2-compliant and how the bank is leveraging open banking business opportunities unlocked by the new regulations with the help of Enfuce open banking services.

Background

OP Financial Group is one of the largest Finnish financial companies offering a wide range of services. Its subsidiaries, OP Corporate Bank Baltic branches in Estonia, Latvia, and Lithuania (thereinafter “OP Baltics”), provide corporate banking and insurance services in the Baltic markets. OP Baltics has long been prioritising a digital strategy in order to meet shifting customer expectations and provide leading digital banking services.

OP Baltics sees open banking as a key opportunity to offer its network of clients better and more flexible services, and to become a leading player in the future of banking.

OP Financial Group – Baltic branches at a glance
Type: OP Corporate Bank
Headquartered: Helsinki, Finland
Markets: Estonia, Latvia, Lithuania

Challenge

With the PSD2 regulation coming into effect in September 2019, Europe’s banks and financial institutions were obliged to open PSD2 APIs that would enable third-party providers to reliably access financial data and initiate payments from accounts.  

Determined to embrace the open banking opportunity by being fully compliant with PSD2, OP Baltics sought a specialist partner that would meet and exceed the regulatory and security requirements.

Solution

OP Baltics was aware that full PSD2 compliance would require major development and maintenance efforts, and decided to partner up with Enfuce’s experts. 

Working closely together from mid-2018, Enfuce has assisted the bank through the full open banking compliance lifecycle helping to build, maintain and operate sandbox and production APIs. In addition, Enfuce was supporting the core bank provider and OP’s three local Strong Customer Authentication (SCA) solutions for each country in integration activities. This ensured that OP Baltics was able to achieve full compliance on time for the final September 2019 deadline. 

Through one core bank integration, Enfuce’s platform converts OP Baltics’ legacy financial data into PSD2 compliant data – ensuring that account information data (AIS) and payment initiation (PIS) APIs can be securely exposed to third parties.   

With Enfuce’s Open Banking Compliance turnkey service, OP Baltics gained a convenient and future-proof solution without investing in costly regulatory or technical infrastructure in-house. Enfuce’s service provided:

  • PSD2 compliance guarantee in 3 markets: Estonia, Latvia and Lithuania
    • Account information API (AIS)
    • Payment initiation API (PIS), covering multiple payments methods; single-SEPA, cross-border, recurring, due-dated and batch payments
    • Confirmation of funds (PIISP)
  • Developer portal and API Documentation
  • Secure Customer Authentication (SCA) integration
  • Back office services including TPP validation and audit trail 
  • API maintenance 
  • Compliance monitoring and KPIs for authority reporting 

Service architecture of OP Baltic PSD2 compliance by Enfuce

“Enfuce’s service enabled us to meet and exceed all PSD2 requirements, and more importantly, tap fully into the opportunities of open banking. Our starting aim was to become fully PSD2 compliant in OP’s Baltic business, which entailed the complex task of meeting the country-specific requirements outlined in each country’s PSD2 legislation. With Enfuce’s platform and industry-leading expertise, everything was taken care of — from the fine print to fully deployed APIs.

– Jari Jokisilta, Head of Baltic Development and Maintenance  at OP Corporate Bank, Baltic Banking

Results

OP Baltics now has a secure, high-availability, future-proof open banking compliance solution, and they are also prepared to open premium APIs and to build innovative new applications on top of financial data. Throughout the first year in operation, Enfuce has provided a 100% service level, without incidents or downtime. 

As proof of the implementation quality and Enfuce’s compliance guarantee, OP Financial Group was granted an exemption from setting up a safety net – known as a fallback mechanism – by the financial authorities in Finland (FIN-FSA).

“We delivered open banking compliance-as-a-service to OP Financial Group, and we’re proud that our solution helped OP receive the full approval from the financial authorities. Without a doubt, our turnkey service is designed to meet all security and regulatory requirements, enabling OP Baltics’ customers to trust the service 100%. 

This solution takes away all the headache and regulatory complexity facing banks in the post-PSD2 world. By relying on a long-term expert partner like Enfuce, the bank is not forced to invest in costly in-house solutions and can instead fully focus on serving the customer.”

– Denise Johansson, Co-Founder at Enfuce 

What’s next?

In the future, OP Baltics and Enfuce will continue to collaborate on leading open banking capabilities. Through on-demand access to Enfuce’s security and regulatory expertise, OP Baltics is equipped to navigate all PSD2 compliance-related requirements going forward. 

Through premium APIs, the bank can provide new possibilities for innovation across the Baltics by exposing financial data securely and consistently.

The collaboration with Enfuce means that OP Baltics can focus on providing the best service experience to its corporate clients by having PSD2 compliance fully covered.

We’re here to help you