LUXHUB, Unlocking the Potential of Open Banking

Writer Laura Campan

On 1 December, the finance community met at the European Convention Center Luxembourg (ECCL), in Kirchberg, for an exclusive awards’ ceremony and networking cocktail.

How about jumping on the opportunity to further discuss the natural yet challenging steps finance is taking towards innovation with this new edition’s winners?

This week, we were pleased to welcome the FinTech Solution of the Year Award’s winner, LUXHUB, for the fourth episode of our #FinStory series.

The Second Payment Services Directive (PSD2) is often seen as the cornerstone of Open Banking. As one of the pioneers in Europe, which is the most significant change / innovation you have experienced since then? 

With Open Banking being only 5 years old, we are really noticing an ever-increasing consumer acceptance of the concept as a whole. Most people are now aware of the main Open Banking capabilities and especially of the idea that they can access their bank accounts through a TPP (Third-Party Provider). In Luxembourg, for example, 25,000 accounts are accessed monthly for the account aggregation use case. This represents only the beginning of the story but also showcases the potential of Open Banking, since account information-based services are just starting to come to market.

On the financial institutions side, more and more banks are starting to collaborate on exposing and monetizing features beyond the scope of PSD2, with PSD2 APIs reaching a certain maturity level in terms of stability. This shows a growing “openness”, and that is what actually defines Open Banking.

Finally, we, at LUXHUB, notice that a rising number of corporate software platforms are understanding the value of PSD2 and are now increasingly considering partnerships to provide Open Banking capabilities to their users. One can notably think of the automation of labor-intensive tasks such as the retrieval of bank accounts statements, and the reduction of potential manual inputs when initiating payments.

LUXHUB holds both AIS (Account Information Services) and PIS (Payment Initiation Services) licenses – obtained from local regulator CSSF. What does this mean for LUXHUB and the services you provide?

The concept of “Open Banking” is wider than the banking/financial institution scope and pretty much every single private or public organization can leverage such services and integrate them within their own websites or applications. Yet, to be able to provide Account Information and Payment Initiation services to this wider audience (from Fintechs and SMEs to private corporations and public administrations), LUXHUB needed to be a regulated player in the geographical area you operate in, under the supervision in this specific case by the NCA (National Competent Authority) for Luxembourg.

As our ambition was always to provide extended Open Banking services and lean towards Embedded Finance, it was the logical step for LUXHUB to embark in this journey and obtain both licenses. More concretely, they enable us to act as an intermediary between the aforementioned non-regulated audience and every banking institution providing payment account information (AIS) and payment initiation (PIS) services.

Several use cases and actual products have emerged since, and notably Trusted Corporate Pay and its innovative authentication exemption, which was recently recognized at the Luxembourg Finance Awards 2022.

Last year, LUXHUB launched “Trusted Corporate Pay”, an A2A payments solution with an SCA exemption… How innovative is this solution and how can companies leverage it?

Account-to-Account payments are initiated by payers, from their bank accounts to a payee’s accounts. To authorize these transactions, they need their usual banking login credentials as well as their Strong Customer Authentication (SCA) method (LuxTrust mobile, OTP, PIN or passphrase, etc.).

Trusted Corporate Pay was built for private companies and public administrations that process a large number of payments, and that might find it redundant and non-user friendly to constantly having to undergo the two or three-factor authentication steps. More concretely, using Trusted Corporate Pay, employees with the appropriate rights can initiate A2A payments directly from within the ERP or secure back-office application they are using, and with no SCA needed on the bank’s side.

The solution, built on top of LUXHUB ONE PAY solution, enables organizations to initiate instant pay-outs, through multiple partner Luxembourgish banks, by using a single unified API. These payments can be sent to any participant of the European SEPA (Instant) network, with no authorization process required for each transaction at the bank’s side, and no additional file-based services needed for communication.

Let’s look at this new payer experience, and at the secure payment flow:

  • An employee/civil servant starts a payment operation – payment details are already known, such as debit account, credit account, payment amount, payment reference, etc.
  • The company/public organization’s back-office system forwards the request to LUXHUB.
  • LUXHUB prepares the payment request with the required information, such as signature, authorization for the provider selected, etc. and forwards it following the bank’s payment initiation API specification.
  • The bank makes additional verifications on the company/public organization’s signature and the payment details integrity before sending back the response for the SCA-exempted payment initiation request.
  • LUXHUB forwards the successful response along with the payment unique reference and execution status.

Many financial institutions are still reluctant to embrace data and collaborate with FinTechs. How to convince them about the benefits of Open Banking?

While this reluctance might be true for some financial incumbents who still carry the assumption that smaller and more agile structures like Fintechs are threatening their established businesses by taking compliance & legal shortcuts, it is luckily not only inaccurate but an increasingly outdated position in today’s innovative and collaborative financial world.

The PSD2 directive set a restrictive legal and compliance framework that ensures, with national competent authorities’ supervision, that all involved players present and continuously maintain very specific guarantees in terms of data security, fraud prevention and AML/KYC obligations. In Luxembourg, the trust that large public and private organizations including major banks have put in LUXHUB by adopting some of its solutions, based on the AISP/PISP license, represent an irrefutable proof of the solidity and value of such collaborations.

Moreover, the regulatory agenda for the upcoming years proves that Europe is doubling down on the initial success of the Open Banking rollout and intends to both extend its scope and address its shortcomings; EU’s 3rd Payment Services directive as well as the instant credit transfers regulation are the two most expected examples of this commitment.

Beyond the solid and improving regulatory setup, the benefits of Open Banking-powered solutions are numerous: access to a plethora of banking transactions data based on their owners consent (after remaining for a long time the monopoly of banks), support of disintermediated account-to-account payment capability that can be used by any bank account holder (98.5% of the population over 15 in Europe according to World Bank Global Financial Inclusion) and finally, an API-first based delivery of all supported account information and payment services allowing a direct integration of these latter directly within existing applications or websites and avoiding users duplicated data input and information discrepancies in various locations, and saving them costs and effort of maintaining these unnecessary systems. 

Which trends do you believe will shape the Open Banking / Embedded Finance world in the coming years – and what can we expect from LUXHUB in that respect?

In the upcoming months, we are prepared, on one hand, for some further regulation-driven changes. For instance, the SCA maximum validity is going to increase by mid-2023 from 90 to 180 days. This long-awaited update in the PSD2 RTS will enable more innovation while also boosting usage on the end-user side. Concretely, an account holder will need to renew less frequently a consent for an account information access he has explicitly given to a TPP. Less friction and smoother journeys echoes with more valuable use cases for Open Banking service providers and users.

On the other hand, the Open Banking world will continue its path towards more maturity shaped by industry needs and innovations. Further new solutions developed by TPPs, such as LUXHUB, will continue to make it easier or more valuable to leverage existing Open Banking capabilities. In this respect, Request to Pay, which consists in a messaging functionality to facilitate the exchanges between payees and payers, is anticipated to boost Open Banking-powered payments. It notably gives more flexibility to payers in some of these cases: Buy Now Pay Later, pay-per-use, telesales, etc. 

This goes hand in hand with the willingness of the European Commission to turn instant payments into the new normal in Europe. IPs combined with A2A payments represent a huge improvement as more people will be able to pay in various daily life situations online or offline – without the need for additional accounts or cards – and funds will be sent/received directly therefore drastically improving personal finances visibility.

The team at LUXHUB is working on several value-added use cases, while also eyeing a future – and wider – Open Finance regulation that would concern insurance companies, wealth managers, etc. In relation to these two specific sectors and to be ahead of the wave, we are taking an active part in these discussions as members of forward-thinking associations such as the ACA (Insurance Companies Association, in Luxembourg), OPIN (Open Insurance Think Tank), Open Wealth Association (in Switzerland), and more.