What is Open Banking?
Quite simply, Open Banking allows access to Information and/or Payment Instruments of a customer, by a Third-Party providing that customer has provided authorisation to do so. This, in theory, allows the customer to benefit from services offered by parties which are enriched by the data or payment instruments obtained via Open Banking, these can include: Account aggregation and assistance, transaction analysis, frictionless payment direct from Bank Account. To disrupt the market, lowering “barriers to access” for innovative Fintechs, improving the quality and choice of the relationship customers have with their finances.
Basic Flow of Open Banking
The exact nature of Open Banking differs across the globe, with the UK currently having one of the most developed Open Banking ecospheres. The intention of Open Banking is to bring market disruption that allows consumers more choice in how they see, interact and compose with their financial data and payments. This localised approach has created many standards which require “custom integrations”, even within the same regulated territory. A Payment Service Provider may need to provide interfaces conforming to several standard for satisfying the regulatory and commercial demands within the territories they operate. A Fintech/Third-Party may have to create many connection patterns to operate with multiple Payment Institutions accommodating the differences in interface, available data and/or payment functions.
UK – Two regulations govern Open Banking, CMA9 order and PSD2. CMA9 order, implemented by the Competition and Markets Authority requires the nine identified financial institutions (AIB Group, Bank of Ireland, Barclays, HSBC, Lloyds, Nationwide, Natwest, Danske and Santander. Including group brands, UK regulated only) to develop standard API interfaces to allow Third Parties (TPP) access to Open Data (i.e. Branch and ATM locations, product information), Account Information and Payment Initiation. (This is realised as the Open Banking UK standard). Payment Services Directive Two (PSD2) requires all financial institutions providing payment accounts to provide interfaces to allow regulated Third-Party access to Account Information (AIS), Payment Initiation (PIS) and Confirmation of Funds (CBPII) in line with the Strong Customer Authentication Regulatory Technical Standard (SCA RTS). Coverage in the UK is only for accounts deemed “Payment Accounts” (both Retail and Commercial) and access only for regulated TPPs. (Although some organisations are voluntary providing interfaces with more functions and covering more account types than this). Open Banking UK standard in its latest version covers both CMA9 and PSD2 requirements and goes further into the “Value Add” space.
Europe – PSD2 regulation governs Open Banking. (Please see UK). Likewise, this is limited to payment accounts and access to regulated Third Parties. There are three industry initiatives in Europe (excluding UK) to bring Open Banking, STET (France and Slovenia), NextGenPSD2 (Also known as BerlinGroup) and PolishAPI (Poland).
Australia – Open Banking will come under the Consumer Data Rights (CDR) regulation which goes beyond finance and allows the customer to also share data from their Energy and Telco services. (Current being rolled out).
Canada – Open Banking will come under the Consumer Direct Finance (CDF) regulation. (Currently being finalised).
Hong Kong – The HKMA open API framework is a voluntary initiative for Banks to share data relating to products and services. (Similar to Open Banking UK Open Data APIs). Access to Account Information is planned for the future.
Japan – FSA’s open API, to be implemented by banks on a “best efforts basis”.
South Korea – FSC’s Open Banking, will be a mandatory regulation for banks, initially for data sharing.
US – The CFPB are currently considering rules to drive Open Banking.
Discuss with us if you would like to achieve regulatory assurance, opportunities, exposing or connecting with Open Banking interfaces, migrations and readiness, resilience and security.
Richard Smith – Design Partner at Café Associates.