by Oana Ifrim, Senior Editor, The Paypers
There is no one-size-fits-all in Open Banking; for each different regime, there’s a different Open Banking strategy.
Open Banking – not just for Europe
Open Banking is gaining momentum and traction, thanks to new products and services that will ultimately help customers move, manage, and make more of their money.
As Open Banking continues to rise, driven by both regulatory mandates and competitive pressures, different countries are encouraging its adoption, while taking a variety of approaches to balancing innovation with consumer protection. Banks across the world are pioneering Open Banking and markets are starting to organise themselves and deploy Open Banking activities, some of them doing so in an industry-led manner.
What makes a certain regime in an Open Banking ecosystem successful?
Different jurisdictions are adopting their own approaches to Open Banking. There are many Open Banking initiatives and they cross several dimensions, including implementation timelines, the scope of services, level of standardisation, and the type of institutions involved. Now, there is little data available about what makes a certain regime successful in shaping an Open Banking ecosystem, however, this initiative is very much alive and kicking all over the world.
INNOPAY and The Paypers have interviewed experts, reviewed legislations, regulatory standards, whitepapers and reports produced by regulators, industry bodies and specialists involved in Open Banking to form an understanding of where markets (including UK, Europe, US, Hong Kong, Singapore, Japan, Australia, New Zealand, India, and Mexico) are heading, what are the key elements of a thriving Open Banking regime and the extent to which the wave of regulatory, technological, and financial innovation has evolved so far. There are eight building blocks that are essential to any Open Banking regime and paramount in fully understanding the complexity of this regulation.
These building blocks – Initiator, Applicability, Standardisation, Scope of services, Timelines, Commercial model, Security and Accessibility, and Third-party licencing – provide a good indication of all dimensions that regimes should consider.
1. Initiator. There are three categories: Competition authority, Central Money Authority, and Industry Bodies. The Open Banking regimes in Europe and Australia, for example, are legally mandated, forcing banks to open up by regulation. There are also industry bodies, which are starting to organise themselves, such as Payments NZ – a payments industry group made up of processors, banks and infrastructure providers, which has published standards for application programming interfaces (APIs).
2. Applicability. Who needs to comply? In Europe, all retail and corporate banks are in scope. In contrast, Mexico’sopen banking legislation will apply to all financial institutions. Scope varies in terms of bank size as well. In Australia, open banking applies to all Authorised Deposit-taking Institutions (ADIs), which includes banks, credit unions and building societies. The first phase (February 2020) commences with the four largest banks (CommBank, NAB, ANZ, and Westpac) and the next stage (July 2020) includes the remaining ADIs. Energy providers and telecommunications providers are to follow, after consultations are completed.
3. Standardisation. Singapore, for instance, is leaning towards a more organic Open Banking approach as opposed to forced compliance. The regime (initiated by MAS and the Association of Banks in Singapore) have developed a financial industry API playbook, in November 2016, which identifies common and useful APIs for the industry and cross-sectoral stakeholders. The playbook also details guidance on information security standards and governance models for financial institutions and fintech players. Banks are encouraged to either voluntarily adopt the standards or develop proprietary interfaces. In Europe, the Berlin Group – consisting of almost 40 banks, associations, and PSPs from across Europe – has defined a common API standard called “NextGenPSD2” for the use cases specified in PSD2. Other initiatives include PolishAP and STET.
4. Scope of services. All Open Banking frameworks analysed contain rules about account information (‘read-access’ APIs). Other frameworks, including Europe, the UK, Japan, and New Zealand, are also experimenting with payment initiation (‘write access’ APIs).
5. Timelines. In mandated countries, banks are offered 18-24 months to open up. The UK and Australia, for instance, prefer a phased implementation of Open Banking, enforcing the large banks first to opening up their APIs, while smaller banks are getting a bit more time to comply.
6. Commercial model. PSD2, CMA Open Banking UK, and Consumer Data Right (CDR) in Australia allow third parties to use APIs free-of-charge. In Japan, banks and TPPs can negotiate terms and conditions in bilateral agreements.
7. Security and accessibility. How is security handled? How are third parties authorised to have access? How does authentication work? Of all regimes, the RTS under PSD2 provides the most elaborated information on technical standards. Some regimes do not necessarily provide strict technical details, while others allow the market to use established industry standards (such as OAuth2.0 and OpenID Connect).
8. Third party licensing. In Australia, the accredition regime is to be managed by the Australian Competition and Consumer Commission (ACCC). It is intended that the accredition regime is tiered, so that recipients who do not need to receive, hold or have direct access to sensitive data (for example, because they just require insights from it) may not need to meet the same standards as those who do. This tiering is intended to be risk-based. In constrats to Australia, Hong Kong will rely on bilateral agreements and banks can choose which TPPs to collaborate with, using bilateral agreements.
Obviously, no two countries are the same, so figuring out the right approach to regulating Open Banking is not an easy task and it really depends on the local context and national conditions. It will be interesting to see the results of these different paths and how much Open Banking will disrupt the banking industry.
For more insights, findings, and learnings about the key differences in the current Open Banking state of play per region (based on the model of the eight building blocks detailed above), best practices identified across the different building blocks & the strategic considerations for regulators, banks, and third parties, check out the recently launched The Paypers Open Banking Report 2019 and the in-depth analysis of the key-decisions for the future ecosystem.
