Open Banking Plus

Exploring SPAA, open banking's latest scheme for a sustainable commercial model

Last week, it was announced that TrueLayer will be the first participant in the SEPA Payment Account Access (SPAA) scheme.

For anyone that might be hearing about the SPAA for the first time, here is a deeper dive into what it is, what it's trying to achieve and what it includes.

---

A flaw in the model of open banking

Before diving further into the SPAA, its context in relation to open banking and PSD2 must be addressed.  

Open banking has had mixed success to date across the UK and Europe. In the UK, 7 million consumers and businesses have used open banking services, as of February 2023. In 2020, there were 12.2 million users across Europe. This compares to at least 65 million in the US, as of May 2023. Although some data points are outdated and may not be exactly like for like, updated data would tell the same story.

One of the key reasons this may not have been more broadly adopted is that it lacks a scalable commercial model that incentivises banks and financial institutions to invest in it. These providers incur annual costs of £100 million in the UK alone according to the recent Future of Payments Review, and have incurred £1.5 billion total in costs to date, with no scope to recoup anything and a resulting increase in competition. Across Europe, the cost is likely to be similar but larger in absolute terms, given the significantly higher number of banks in operation.

Given these costs, it is no surprise there is still trepidation and scepticism around open banking from banks and other financial services businesses.

SPAA is designed to build on the great work done with PSD2 and open banking by addressing this commercial gap through "premium" APIs with additional functionality vs that which is specified by the free APIs they have to provide as part of open banking.

The need to create a commercial model was one of the key points raised in the UK Government's Future of Payments Report in November 2023, which it appears is already underway.

What is SPAA?

The SPAA is a scheme that outlines rules, practices and standards for "premium" APIs related to payment initiation and data sharing.

For a quick clarification, SPAA covers “premium” APIs and is designed to be built on top of the "basic" services provided under PSD2.

The SPAA defines four roles within the context of its rules which help set the scene for what SPAA enables: 

1. Asset Owner - the legal entity of consumer that owns the asset and is a client of the asset holder and possible client of the asset broker 

2. Asset User - The client of the asset broker only, e.g. a payee or merchant

3. Asset Broker - essentially Third Party Providers or TPPs in PSD2 language, e.g. TrueLayer, Plaid, Yapily

4. Asset Holders - Account Servicing Payment Service Provider or ASPSP in PSD2 context e.g. banks and financial institutions

SPAA goals

The focus of the SPAA is to promote and encourage the use of open banking for payments. It is not a payment method in itself nor is it a payment instrument. Rather, it’s more of a framework and messaging system designed  to communicate (in the same way that Visa and Mastercard are messaging networks NOT payment networks).

What is in scope for SPAA?

Much like PSD2 and open banking has the concept of Account Information Services (AIS) and Payment Initiation Services (PIS), SPAA unsurprisingly has the same services in scope. AIS relates to data, and PIS relates to payments.

Broadly, SPAA defines and describes the two types of services as below:

1. Transaction assets - refers to different elements and steps in the payment flow

   1. Submission Request - Asset Broker submits transaction asset request to Asset Holder, who either accepts or rejects the request

   2. Status Request - Asset Broker retrieves status of request to the Asset Holder

   3. Execution Request - Asset Broker notifies Asset Holder they have completed checks and confirms execution of the request

   4. Cancellation Request - Asset Broker submits request to Asset Holder to cancel all or part of its request

2. Data assets - refers to different elements and steps in the exchange of payment account related data

   1. Consent management - Asset User has authorised the Asset Broker to retrieve list of accounts/transactions

   2. Data Request - Asset Broker instructs Asset Holder to retrieve list of accounts/transactions

   3. Consent Validation - Asset Holder checks valid consent to access requested data

   4. Rejection - Asset Holder rejects the Asset Broker's request

   5. Data Response - Asset Holder provides the list of accounts/transactions

   6. Data processing - Asset Broker receives  the list of accounts/transactions

Transaction assets and payments use cases

The SPAA outlines a number of payment use cases that could be built with the new “premium” API features that are not currently enabled by open banking and PSD2, but that they believe will provide functionality that consumers and businesses demand to drive adoption, including:

1. One off payment initiation

2. Future dated payment with defined execution date

3. Dynamic future dated payments

4. Recurring payments with same amount e.g. subscriptions, rent

5. Dynamic recurring payments (similar to the UK's VRP) e.g. utility bills, usage based contracts such as phone bills

6. Payment initiation to multiple counterparties e.g. checkout at a marketplace sends payments to multiple receivers

7. Refund payment initiation

The specific "premium" API features that apply to the above payment use cases are:

1. Payment certainty request

2. Request for supporting account information

   1. Used to mitigate failed payments: more information can be requested such as name of payer, name of account owners, 31 day transaction history, list of payment accounts

3. SCA approach preferences

4. Embedded, redirect or decoupled SCA request

5. Request to not apply SCA exemption

6. Account replacement during Authentication

New data assets available

For Data Assets, SPAA outlines new “premium” data that can be accessed from Asset Holders by Asset Brokers, which includes:

1. List of payment accounts - includes name, address, age, DOB, phone number, VAT number, Country, account details, balances, currency, product name, account type, account name, status, usage etc

2. List of current accounts

3. List of current accounts with credit line - credit conditions, linked account information

4. List of savings accounts - interest conditions

5. List of payment account transactions - date, amount, currency, balances, status, ID, charges, MCC, card number, card brand etc

6. List of cards - card holder name, card number, balance, currency, card type, linked account information, product name, account name, VAT, address, DOB, age, phone number, card status, card brand, credit conditions

7. List of card transactions

Some of the details that could be available, such as product name, usage, credit conditions and interest conditions, would be very useful for PFMs to know so they can recommend higher yielding or lower cost products.

Some of the personal information such as date of birth, age and phone number could be used for enhanced authentication and verification to help combat fraud.

Future of SPAA

First thing is first: SPAA is very new. The scheme was only open for companies to join as of December 2023, and TrueLayer was the first to join last week. Given the other companies in the “Multi-Stakeholder Group” (MSG), others like Paysafe, Trustly, Plaid and Tink may join soon.

The scheme is voluntary, which may also hinder adoption, as without broad coverage of the major European banks, it is less useful. This was one area where open banking and PSD2 did well: they mandated the scheme across Europe, and the same was done in the UK. There do not seem to be any UK banks or financial institutions on the MSG list, so it remains to be seen if the UK will create something similar. However, they would miss out if they don’t.

I am sceptical that banks will sign up on their own given that these APIs will only increase the ability of fintechs and other competitors to attract a bank’s clients, but it does paint a picture that is positive for the consumer, in theory.

TLDR

It’s early days, but this is an optimistic development for open banking.

Check out more news like this in the weekly free fintech newsletter, This Week in Fintech UK & Europe.

Reach out with your own thoughts and comments on Twitter and LinkedIn.

 

Comments

[Vishal Shah]

substack is looking more and more like medium. crazy, fate