e-mandates: the e-identity opportunity for banks?
With the SDD in place and a SEPA end date luring around the corner it's time for EU banks to make up their minds on the mandate issue. If we don't want to end up relying on paper mandates only a choice must be made soon. Is a pan EU electronic approach like EPC e-mandates the holy grail? Should we maybe explore other local options? Or should banks try not being in the mandate business at all and give the problem back to government or other third party e-identity solutions? Although views may differ widely per EU region, I believe there is an angle to the mandate topic that at least has been underexposed. That is the angle of the opportunity.
In my view the opportunity is simple. What is a mandate? Nothing more than an authorisation of some kind. If we invest in something to make the mandate an electronic one, can we reuse that e-mandate for other authorisations than the ones banks need for the SDD? You bet! So the only excuse to not explore this opportunity is that one feels banks have no place in the e-mandate business at all. Fair enough, but I believe there are compelling reasons why the banks should be involved in creating e-mandates.
Why? Well, banks have several assets that are key to establishing a trustworthy e-mandate such as the image of a trusted party, internet banking capabilities, KYC, strong authentication, and reliable, secure transaction infrastructures. Also there most likely is a 1:1 match between the internet banking customer base and the e-mandate target group. Users using the online channel to establish e-mandates are very likely to be active internet bankers as well.
While not using these assets already in place would mean large investments needing to be made elsewhere in order to launch an e-mandate solution, there's even value that banks can offer that cannot be achieved easily in any another way. Banks ‘own’ the bank user’s account information. Only a bank generated e-mandate would include a validated IBAN/BIC. This adds significantly to the value of the e-mandate because it then enables more STP (less exceptions) for mandates and collection for creditors. Of course current paper mandates do not include the validated bank accounts as well, but since a pan EU solution adds to the perceived risk, the validated bank account may very well be what's needed to reduce this risk.
Now let's talk about the opportunity again. What if a consumer wanting to buy a mobile phone subscription online would be able to do so without any paperwork based solely on an electronic statement by his bank? Wouldn't that be great? The statement would hold everything the mobile phone operator needs, an approval of the mobile phone contract, the name and address of the consumer and the validated bank account details, all supplied by the bank only with explicit consent of the consumer.
So how is this different from an e-mandate? Well, it is not. There's just a proposed transaction of some kind (e-mandate or mobile phone contract) that gets authorised by the consumer. Upon authorisation the bank adds consumer information to the proposed transaction and digitally signs it, making it electronic proof of the authorisation by the consumer.
The opportunity for banks lies simply in the fact that the e-mandate infrastructure and legal framework is exactly what is needed for a generic e-authorisation service. Imagine what value such a service would create for the mobile phone operator in the example. No more paperwork, no more in store customer interaction, a 100% online process. Not to mention more customer satisfaction. And think of the public and the business sector. All will benefit for their interaction with persons and companies.
So what needs to be done to make this happen? Not much... Whether the e-mandate will be based on EPC e-mandates, local solutions, or maybe something completely new, the only thing that needs to be added is the concept of the generic authorisation. This probably requires some additions to the rule books in order to allow other information to be included than is needed for an SDD. This should not be underestimated, but will prove to be worth the effort. After this, local banks, international banks or the entire EU banking community can offer products based on this e-authorisation standard.
And then all banks have to do is implement and sell it to companies, consumers and the public sector...