The Path to Open Banking: A Fintech Startup’s Journey Under PSD2

How one visionary founder turned PSD2 regulation headaches into game-changing solution...

Introduction

Meet Michael, the founder of 'Wealth Management App'—a Fintech startup on a mission to unify all your financial data in one seamless experience. Michael initially assumed PSD2 (Payment Services Directive 2) would only complicate life for traditional banks, forcing them to open secure APIs. But he soon realized that while Open Banking is a massive opportunity for third-party providers (TPPs), it also brings technical challenges to any fintech that wants to do it right.

Below, we explore the key pain points 'Wealth Management App' encountered—and how Michael turned these into competitive advantages. Whether you’re a bank or a fintech, there’s plenty to learn about thriving under PSD2.

1. PSD2 Basics and Who’s Involved

PSD2 is an EU directive pushing banks—known as ASPSPs—to provide secure access to payment account data. Regulated third-party providers (TPPs) can leverage these APIs to build new financial services. End users (PSUs) remain in control, granting or revoking consent for data access.

Key Roles

1. ASPSP (Banks) - Account Servicing Payment Service Provider.
   Holds customers’ accounts and must offer secure APIs to share that data (with permission).
2. PSU (End Users) - Payment Service User.
   The account owner who decides whether to grant access to a TPP.
3. TPP (Third-Party Provider).
   A regulated fintech or payment service that brings new financial solutions—like account aggregation or payment initiation.
   • AISP: Account Information Service Provider aggregates account info into a single dashboard (the data wizard).
   • PISP: Payment Initiation Service Provider initiates payments directly from the bank on your behalf (the payment guru).
4. Regulators, e.g. EBA in Europe.
   They set and enforce the rules. Compliance is non-negotiable if you want to stay in business.

At first glance, it might seem like banks bear the heaviest burden. While that’s partially true—they must host robust APIs—TPPs also face complex requirements around licensing, secure integrations, token management, and data unification. 'Wealth Management App', acting as a TPP aggregator, felt all these challenges firsthand.

2. Pain Points from a TPP’s Perspective

Pain Point 1: Obtaining Licensing & Compliance

• The Challenge: You can’t just plug into a bank’s PSD2 API. TPPs must be licensed by regulatory authorities, obtain QWAC/eIDAS certificates, and follow strict guidelines around data handling and user consent.
• The Opportunity: Once licensed, 'Wealth Management App' gains credibility. It’s now recognized as a trusted third-party provider, which opens doors to partner with major financial institutions.
• Key Takeaway: Treat licensing as an investment in trust—both for regulators and for customers.

Pain Point 2: Integrating with Fragmented Bank APIs

• The Challenge: PSD2 sets the overarching rules, but different ASPSPs may implement slightly varying endpoints, data formats, or OAuth2 flows. A TPP aggregator must build and maintain Bank Adapters for each bank.
• The Opportunity: By abstracting each integration behind a consistent Data Orchestration layer, 'Wealth Management App' can quickly add new banks and scale. This modular design turns a hodgepodge of APIs into a strategic asset.
• Key Takeaway: Accept that “one size doesn’t fit all.” Invest in a robust orchestration framework so the aggregator can keep growing.

Pain Point 3: Handling User Consent & Token Management

• The Challenge: TPPs need to securely store OAuth2 tokens, track consent durations, handle refreshes, and revoke access if a user changes their mind—all while meeting strict PSD2 security and GDPR privacy requirements.
• The Opportunity: A Consent Management Service can automate this, ensuring user permissions are always up to date. By giving users transparent control, 'Wealth Management App' builds trust and meets compliance.
• Key Takeaway: Consent management isn’t just a formality; it’s a user-centric feature that boosts satisfaction and security.

Pain Point 4: Security & Liability

• The Challenge: Opening banking systems can expand the threat surface. TPPs face potential liability if data is mishandled, tokens are compromised, or SCA (Strong Customer Authentication) isn’t implemented correctly.
• The Opportunity: By adopting PSD2’s mutual TLS requirements and rigorous authentication flows, 'Wealth Management App' offers high-assurance data sharing. This level of security is a market differentiator in an industry where trust is paramount.
• Key Takeaway: Invest in top-tier security from day one. It’s costlier to patch holes—and repair reputational damage—later.

Pain Point 5: Data Normalization & Value-Added Services

• The Challenge: Even with the data in hand, TPPs must unify multiple formats (balances, transactions, investments) and produce real-time insights. Otherwise, they’re just a “pipe” of raw data.
• The Opportunity: 'Wealth Management App' built an internal Data Orchestration & Normalization layer and advanced analytics on top. Users get a single, powerful view of their finances—driving engagement and loyalty.
• Key Takeaway: PSD2 doesn’t just unlock data; the real value emerges from how you analyze and present that data to the end user.

3. The 'Wealth Management App' System Architecture

1. User Frontend (Web/Mobile)
   • Users sign in, manage consents, and view a consolidated financial dashboard.
2. API Gateway
   • Central entry point, handling load balancing, rate limiting, and request validation.
3. Identity & Access Management
   • Enforces user authentication, roles, and possibly MFA.
4. Consent Management
   • Tracks each bank’s tokens and the user’s scopes/permissions. Handles token refresh and revocation flows.
5. Data Orchestration
   • Coordinates fetching from multiple banks, normalizing data into a cohesive format.
6. Bank Adapters
   • Connect to various PSD2 APIs, ensuring mutual TLS and compliance with each bank’s unique specs.
7. Aggregated Data DB
   • Stores unified account data, fueling analytics, dashboards, and advanced insights.

4. Turning Pain into Competitive Advantage

For Michael, PSD2 wasn’t just about satisfying regulators. By systematically addressing these TPP pain points, he created 'Wealth Management App':

• Licensed & Credible: Official certification turned legal burdens into brand credibility.
• Modular & Scalable: A flexible Data Orchestration framework means adding new banks is straightforward.
• User-Centric & Secure: Robust consent management ensures trust—users feel in control of their data.
• Analytics & Insights: Normalized multi-bank data is the foundation for premium services—like personalized financial advice, budgeting tools, or portfolio optimization.

Conclusion: Embrace the Challenge, Reap the Rewards

It’s true that banks shoulder the lion’s share of building out PSD2 APIs—but fintechs (TPPs) also face non-trivial hurdles in licensing, integration, consent and token management, and security. Yet these very hurdles can become powerful differentiators if approached as opportunities:

• Licensing builds trust;
• Integration fosters scalability;
• Consent management drives user satisfaction;
• Security cements market reputation;
• Data orchestration enables advanced analytics.

Michael’s journey with 'Wealth Management App' proves that fintech startups can turn regulatory complexity into a strategic foundation for innovation and user delight. If you’re venturing into the Open Banking space, consider each “pain point” a chance to refine your product, build trust, and stand out in a crowded field.