Open Banking Regimes Across The Globe
Open Banking is set to bring significant disruption to the retail banking landscape. It will enable the emergence of several new business opportunities for banks, FinTech’s and TechFin’s around consent based, data sharing and open API based integrations.
Through Open Banking, financial institutions enable third party organisations to gain access to and communicate with customer data though open API’s.
Several countries around the world are experimenting with Open Banking. The UK and Singapore are the most advanced regimes.
As consent relating to data sharing and choice is placed squarely in the hands of consumers. There are several efforts underway to increase privacy, security and fraud prevention. With a major emphasis on consent management, and strong customer authentication.
The United Kingdom
The Competition and Markets Authority decided to use Open Banking as the vehicle to drive competition in retail banking.
The CMA was mandated to establish the Open Banking Working Group (OBWG) to deliver an open standard for Application Programming Interfaces (API’s) in UK banking.
With the following objectives; to aid customers in controlling their data and create an environment where financial technology companies (FinTech’s) or businesses make use of bank data on behalf of customers in innovative ways.
Role & Responsibilities
The role of the (OBWG) was the creation of a framework that would result in a set of recommendations to guide the process of building the Open Banking Standard.
The creation of an open API for data that is shared, included, but was not limited to, customer data; and
The creation of an open data API for market information and relevant open data.
The creation of a single API standard this means that any fintech company that wants to exploit the opportunities related to Open Banking creates one API interface. Currently, they can connect to 90% of the UK market.
The provision of guidance relating to governance, security, liability, standards, communications, regulations and legal.
The framework includes the following;
1. Data, API and Security Standards, through which usability of data and APIs will be achieved and customers’ data. Will be protected from malicious actors, hence access rights must be securely delegated.
2. A governance model, to develop trust, provide issue resolution mechanisms and oversee the standards
3. Developer resources, to enable third parties to discover, educate and experiment.
The Consumer Perspective
Open Banking will enable consumers and SME’s to safely share their data with an authorised 3rd party. It will also allow the consumer or SME to instruct that 3rd party to send a payment from their account.
Open Banking covers 90% of the UK market, and the following financial instruments; current accounts, credit cards, eWallets and prepaid cards.
The 9 largest banks in the UK are participating in Open Banking. There is a directory of members of the Open Banking ecosystem that can be accessed here.
Europe
Payments Services directive 2 (PSD2) is a set of laws and legislation set by the European parliament. The directive was approved on the 8th of October and passed on the 16th of November by the European parliament in 2015.
The purpose of PSD2 is to secure e-payments and expand the financial services ecosystem. Essentially regulators intend to open the financial services to new forms of competition, from non-banks such as fintech.
PSD2 requires, any financial firm issuing current accounts, credit cards and other payment accounts to create “communication interfaces” to enable registered third parties to access customer payment account data and initiate payments on their behalf.
In other words, banks will no longer be the only, or main, stakeholders in both the control of consumer financial data and initiation of payments. It covers;
* Most of the payment service providers
* Demands strong authentication
* Opens bank data to 3rd parties
PSD2 opens the retail banking value chain to new actors which can be for instance;
* Account Servicing Payment Service Provider (ASPSP) – consumer’s bank, current issuer
* Payment Initiation Service Provider (PISP) - Initiates the payment process, seller or PSP.
* Account Information Service Provider (AISP) – Consolidates customer's data, "cross-bank"
Payment service providers must follow certain requirements;
Strong customer authentication – this must include 2 of the 3 factors required for strong customer authentication. Hence the users’ password, a mobile device and biometric authentication such as fingerprints, voice and iris authentication methods.
Also, the authentication process must be linked to a specific amount and a specific payee. This could be a direct debit payment to Mastercard or a utility bill.
Also, banks are mandatorily obliged to provide transaction data from customers that have opted into 3rd party suppliers.
Payment providers are also responsible for investigating fraudulent activities and securing user credentials.
Australia
Open Banking Australia is the first phase in a broader framework which is interoperable across sectors other than banking.
In this context interoperability across sectors essentially means, that technology deployed to support the sharing of data in the banking sector.
Will encompass other sectors in the Australian economy where there are data monopolies; such as energy and telecommunications. Contrary to PSD2 and UK Open Banking, Open Banking in Australia is part of the Consumer Data Right.
The Objective
Is to put customers in control of their data, empowering them to share with third parties of their choice to understand their financial situation and make financial decisions that are best for them. This is essentially about convenience and choice for consumers.
Consumers and SME’s are empowered to securely provide permissioned access to their financial data to third parties. Without undue charges or restrictions.
They are also empowered to act upon the decision that may result from their data sharing; that is consumers can direct institutions to initiate or complete a transaction or switch their product holding to another institution easily and efficiently if they so choose.
The sharing of data will be achieved via read-only API’s and when institutions act to initiate a transaction or other desired outcome on their behalf this may be carried out by a “read/write” API.
The use cases for Open Banking in Australia has limited functionality, as it allows only read access. Restricting payments initiations, contrary to UK Open Banking and PSD2, where it is allowed.
Scope of Data Included in the Regime
In terms of the data scope for Open Banking in Australia, it covers the following types of accounts
* Deposit
* Superannuation
* Credit Cards
* Loans
* Investments, including ASX listed securities and retail managed funds
* Rewards/Miles
* Billing
* Insurance (Life, General, Health)
* Mortgages
* Lines of Credit
Financial Institutions
The four major banks in Australia have been mandated to make banking data available to TPPs (third-party providers) by June 2019. With the remaining Australian Deposit-taking institutions (ADI’s) complying in the following year.
Standards
All Open Banking Standards that transfer, data. security, customers and participants are set by a Data Standards Body.
Canada
In Canada due to security and privacy concerns a decision regarding Open Banking is yet to be finalised.
The Amended Banking Act of 2017, which came into force on 1st June 2018. Enables the Financial Services Agency (FSA) to impose obligations on banks to make efforts to open their API’s to electronic settlement agents by 2020.
Japan
The Amended Banking Act of 2017, which came into force on 1st June 2018. Enables the Financial Services Agency (FSA) to impose obligations on banks to make efforts to open their API’s to electronic settlement agents by 2020.
130 Japanese banks have expressed their intention to introduce an open API. This is aimed at fostering collaboration and cooperation between banks and fintech firms.
Mexico
The primary goal of Open Banking in Mexico is for the potential of financial inclusion.
Currently over 52% of Mexicans do not have access to a bank account and over 10% do not have access to formal saving mechanisms.
In the UK Open Banking focuses on one product, that is current accounts and the nine biggest banks. In Mexico, it will be open to all the products and the entire financial ecosystem. All financial entities will have to comply with the directive.
In other words, the Fintech Law requires the provision for mandatory API data sharing for all financial institutions.
Mexican fintech law will be passed in 2020 which will define the standards. Banks will be expected to adopt the laws in 2021.
New Zealand
Open Banking New Zealand, is concerned with the creation of a shared API framework, that is an all industry approach to deliver the next wave of digital banking and payments with banking standards.
In March 2018, Payments Australia NZ (PNZ) launched an API pilot involving banks, payment providers and large retailers. The pilot provided valuable insight into the design of the shared API framework to be initiated by New Zealand.
Local banks in New Zealand, proactively decided to collaborate to launch Open Banking practices without regulators stepping into the process.
The Open Banking framework will include account information and payments. There are 17 participating member organisations. With 6 member companies piloting the framework; ASB, BNZ, Datacom, Paymark, Trade Me and Westpac.
The main drivers for the Open Banking initiative and a shared API framework in New Zealand, are:-
* Simplification and consistency of delivery
* Increase the speed to market for new tools and offerings
* Enhance services and
* Provide easier partnerships
According to Bud’s Open Global Banking snapshot. There are six new initiatives, New Zealand, country regulators are investigating. That include 365 -day service availability, proxy identifiers, speeding up payments, requests to pay and ISO 20022 payments messaging format.
Laying the foundation for an interoperable system to increase innovation and competitiveness in the financial services industry.
Singapore
Singapore is a leading country in the delivery of an Open Banking framework in the Asia Pacific region.
Whilst in Europe and the UK Open Banking is mandatory. In Singapore regulators are actively encouraging the organic development of an open API infrastructure.
The Monetary Authority of Singapore has overall responsibility driving innovation and resilience in the banking system.
The primary goal in Singapore is the provision of enhanced user experience due to the shift in banking from physical brick and mortar to digital banking. Specifically retail consumers and SME’s. This will be managed by the Monetary Authority of Singapore.
Digital banking penetration in Singapore is 97%. With 8 out of 10 customers willing to open a bank account with a branchless bank.
Also 35% of banking customers in Singapore are willing to shift at least 35% of their assets to a digital wallet.
The high level of willingness of consumers to engage with Open Banking. Is fostering both mainstream banks, start-up fintechs and TTP to recognise Open API as a strategic opportunity for them to deliver greater value to their customers. Through:-
- Collaborative initiatives and or the
- Development of their own open API platform in-house.
The USA
In the USA there is currently no regulatory or legislative framework mandating open banking. It is not mandated and is driven by market demand.
However regulatory bodies the Consumer Financial Protection Bureau (CFPB) and the National Automated Clearing House Association (NACHA) have taken the initiative to create unified guidelines regarding Open Banking.
This is primarily due to the complexity, size, and diversity of the financial services sector. For example, there are only two regulatory agencies required to implement Open Banking in the UK.
There are at least eight federal regulatory agencies (from bank regulators to the National Credit Union Administration) that have jurisdiction over a portion of financial data access in the United States.
The only statutory provision regarding access to a consumers own financial account and transaction data is Section 1033 of Dodd-Frank Wall Street Reform and the Consumer Protection Act. [9] Section 1033.
This requires covered financial services companies to make certain financial account and transaction data concerning a product or service obtained from that company is available to consumers on request.
However, there is no obligation for that financial institution to make that data available to third parties.