Open banking’s latest scheme: exploring SPAA

How money moves in the world’s most advanced open banking ecosystem

Written by
Michael Jenkins

Editor’s note

The open banking ecosystem in Europe and the UK remains one of the most advanced – if not the most advanced – in the world. While success has been mixed thus far in terms of adoption, regulators and major players continue to take steps toward enabling its success. The latest comes in the form of premium APIs related to payment initiation and data sharing, via the latest open banking scheme: SPAA. While still early in its rollout, this approach can provide a model for other markets looking to make open banking scalable, faster. While in Europe, this is coming as a later add-on, if successful it might make sense to consider embedding premium API's into open banking schemes from the beginning.

Share this article

Last week, it was announced that TrueLayer will be the first participant in the SEPA Payment Account Access (SPAA) scheme.

For any that might be hearing about the SPAA for the first time, here is a deeper dive into what it is, what it’s trying to achieve and what it includes.

A flaw in the model of open banking

Before diving further into the SPAA, its context in relation to open banking and PSD2 must be addressed.  

Open banking has had mixed success to date across the UK and Europe. In the UK, 7 million consumers and businesses have used open banking services, as of February 2023. In 2020, there were 12.2 million users across Europe. This compares to at least 65 million in the US, as of May 2023. Although some data points are outdated and may not be exactly like for like, updated data would tell the same story.

One of the key reasons this may not have been more broadly adopted is that it lacks a scalable commercial model that incentivises banks and financial institutions to invest in it. These providers incur annual costs of £100 million in the UK alone, according to the recent Future of Payments Review, and have incurred £1.5 billion total in costs to date, with no scope to recoup anything and a resulting increase in competition. Across Europe, the cost is likely to be similar but larger in absolute terms, given the significantly higher number of banks in operation.

Given these costs, it is no surprise there is still trepidation and scepticism around open banking from banks and other financial services businesses.

SPAA is designed to build on the great work done with PSD2 and open banking by addressing this commercial gap through “premium” APIs with additional functionality vs that which is specified by the free APIs they have to provide as part of open banking.

The need to create a commercial model was one of the key points raised in the UK Government's Future of Payments Report in November 2023, which it appears is already underway.

What is SPAA?

The SPAA is a scheme that outlines rules, practices and standards for “premium” APIs related to payment initiation and data sharing.

For a quick clarification, SPAA covers “premium” APIs and is designed to be built on top of the "basic" services provided under PSD2.

The SPAA defines four roles within the context of its rules which help set the scene for what SPAA enables: 

  1. Asset Owner – the legal entity of consumer that owns the asset and is a client of the asset holder and possible client of the asset broker 
  2. Asset User – the client of the asset broker only, e.g. a payee or merchant
  3. Asset Broker essentially Third Party Providers or TPPs in PSD2 language, e.g. TrueLayer, Plaid, Yapily
  4. Asset Holders – Account Servicing Payment Service Provider or ASPSP in PSD2 context e.g. banks and financial institutions
Source: Netcera

SPAA goals

The focus of the SPAA is to promote and encourage the use of open banking for payments. It is not a payment method in itself nor is it a payment instrument. Rather, it’s more of a framework and messaging system designed  to communicate (in the same way that Visa and Mastercard are messaging networks NOT payment networks).

What is in scope for SPAA?

Much like PSD2 and open banking has the concept of Account Information Services (AIS) and Payment Initiation Services (PIS), SPAA unsurprisingly has the same services in scope. AIS relates to data, and PIS relates to payments.

Broadly, SPAA defines and describes the two types of services as below:

  1. Transaction assets – refers to different elements and steps in the payment flow
    Submission Request –
    Asset Broker submits transaction asset request to Asset Holder, who either accepts or rejects the request
    Status Request – Asset Broker retrieves status of request to the Asset Holder
    Execution Request
    – Asset Broker notifies Asset Holder they have completed checks and confirms execution of the request
    Cancellation Request
    – Asset Broker submits request to Asset Holder to cancel all or part of its request
  2. Data assets – refers to different elements and steps in the exchange of payment account related data
    Consent management
    – Asset User has authorised the Asset Broker to retrieve list of accounts/transactions
    Data Request
    – Asset Broker instructs Asset Holder to retrieve list of accounts/transactions
    Consent Validation
    – Asset Holder checks valid consent to access requested data
    Rejection – Asset Holder rejects the Asset Broker's request
    Data Response
    – Asset Holder provides the list of accounts/transactions
    Data processing
    – Asset Broker receives  the list of accounts/transactions

Transaction assets and payments use cases

The SPAA outlines a number of payment use cases that could be built with the new “premium” API features that are not currently enabled by open banking and PSD2, but that they believe will provide functionality that consumers and businesses demand to drive adoption, including:

  1. One off payment initiation
  2. Future dated payment with defined execution date
  3. Dynamic future dated payments
  4. Recurring payments with same amount e.g. subscriptions, rent
  5. Dynamic recurring payments (similar to the UK's VRP) e.g. utility bills, usage based contracts such as phone bills
  6. Payment initiation to multiple counterparties e.g. checkout at a marketplace sends payments to multiple receivers
  7. Refund payment initiation

The specific “premium” API features that apply to the above payment use cases are:

  1. Payment certainty request
  2. Request for supporting account information
    Used to mitigate failed payments: more information can be requested such as name of payer, name of account owners, 31 day transaction history, list of payment accounts
  3. SCA approach preferences
  4. Embedded, redirect or decoupled SCA request
  5. Request to not apply SCA exemption
  6. Account replacement during Authentication

New data assets available

For Data Assets, SPAA outlines new “premium” data that can be accessed from Asset Holders by Asset Brokers, which includes:

  1. List of payment accounts – includes name, address, age, DOB, phone number, VAT number, Country, account details, balances, currency, product name, account type, account name, status, usage etc
  2. List of current accounts
  3. List of current accounts with credit line – credit conditions, linked account information
  4. List of savings accounts – interest conditions
  5. List of payment account transactions – date, amount, currency, balances, status, ID, charges, MCC, card number, card brand etc
  6. List of cards – card holder name, card number, balance, currency, card type, linked account information, product name, account name, VAT, address, DOB, age, phone number, card status, card brand, credit conditions
  7. List of card transactions

Some of the details that could be available, such as product name, usage, credit conditions and interest conditions, would be very useful for PFMs to know so they can recommend higher yielding or lower cost products.

Some of the personal information such as date of birth, age and phone number could be used for enhanced authentication and verification to help combat fraud.

Future of SPAA

First thing is first: SPAA is very new. The scheme was only open for companies to join as of December 2023, and TrueLayer was the first to join last week. Given the other companies in the “Multi-Stakeholder Group” (MSG), others like Paysafe, Trustly, Plaid and Tink may join soon.

The scheme is voluntary, which may also hinder adoption, as without broad coverage of the major European banks, it is less useful. This was one area where open banking and PSD2 did well: they mandated the scheme across Europe, and the same was done in the UK. There do not seem to be any UK banks or financial institutions on the MSG list, so it remains to be seen if the UK will create something similar. However, they would miss out if they don’t.

I am sceptical that banks will sign up on their own given that these APIs will only increase the ability of fintechs and other competitors to attract a bank’s clients, but it does paint a picture that is positive for the consumer, in theory.

Tl;dr

It’s early days, but this is an optimistic development for open banking.

Check out more news like this in the weekly free fintech newsletter, This Week in Fintech UK & Europe.

About the author

Michael Jenkins

Michael Jenkins has an extensive background in financial services and fintech across strategy and marketing, where he has developed a deep knowledge and network in the space across Europe and the US.

He uses this experience to help startups understand the fintech landscape and effectively communicate their product and vision to customers.  He has been writing about fintech for the past three years with his weekly newsletter This Week in Fintech UK & Europe and also Fintech Across The Pond for his longer content and deep dives. You can find him on Twitter and LinkedIn.