Open Banking, the practice of sharing financial data with competitors and third parties via open APIs, offers many benefits for consumers who not only have more control over their data, but who can now manage their finances much more efficiently. What started with the European Union Payment Services Directive (PSD2) in 2018 has quickly picked up pace and is now in various stages of adoption in countries around the world, disrupting the traditional banking industry and changing how it competes and does business.
Open Banking launched in the UK in January 2018 to improve competition in financial services after research showed that 60% of personal customers had stayed with the same bank for more than a decade. Adoption was only mandatory for the nine biggest banks and building societies, known as the CMA9, but smaller newcomers such as Monzo, Revolut, and Starling Bank, also took up the gauntlet and prepared for Open Banking. As of January 2020 there are 204 regulated Open Banking providers in the UK and while the nation is regarded as a trailblazer, having set its own framework and API standard, many other countries are taking its lead and preparing for the wider adoption of Open Banking around the world.
In comparison to the UK, initial progress in the rest of Europe has been slow but many countries and banks across Europe are now adopting the initiative including Germany, Luxembourg and Italy as well as pan-European payments initiative The Berlin Group, consisting of more than 40 individual banks. Similar to the OBIE in the UK, Open Banking Europe (OBE) provides a collaborative environment for market players to identify problems and solve them via standards and tools. Open Banking has been a key driver behind the development of highly successful European Payment Initiation Services (PIS) such as Trustly, Tink and others in recent years.
Open Banking in the Asia Pacific region differs greatly from country to country but in a recent report by The Emerging Payments Association Asia (EPAA), Singapore was cited as an early adopter and regional leader of Open Banking and APIs. In Singapore the Monetary Authority of Singapore (MAS) provide an open banking framework and guidelines and the Association of Banks in Singapore (ABS) and MAS have jointly produced the Finance-As-A-Service API Playbook to provide guidance to financial institutions, FinTech players and other interested entities in developing and adopting open API architecture.
Australia followed closely in the footsteps of the UK taking it a step further by writing Open Banking into their Consumer Data Rights (CDR) law with Open Banking legislation passed in September 2019 by the Australian Parliament. The country’s ‘Big 4’ banks collectively control around 95% of the financial services market but Open Banking will change that, bringing more competition and new brands and innovative offerings to the table. From July 1, 2020, consumers can direct major banks in Australia to make credit and debit card, deposit and transaction account data available.
Open Banking has been slower to start in the US where it is more of an industry-led initiative in contrast to the UK where it has been driven by the Competitive Markets Authority (CMA). Some believe that Open Banking needs support from regulatory bodies in the US in order to unlock its full potential and to encourage widespread adoption. The Financial Data Exchange (FDX) is attempting to create a global common standard for secure and convenient consumer and business access to their financial data.
Japan’s Banking Act was amended in June 2018 to promote Open Banking and although implementation was voluntary, around 130 chartered banks in Japan are expected to open their APIs in 2020. The deadline for implementation was originally set for May 31, 2020, but progress has been slow and the regulator has taken advantage of the current pandemic situation to extend the deadline to September 2020.
Mexico and Latin America
Since 2018 Mexico has had an ambitious agenda to lead Open Banking in Latin America. And it is making good progress. Having passed a fintech law in 2018 to set out Open Banking standards over the next two years and requiring banks to adopt them the year after that Mexico has aggressively leveraged the new law to drive financial inclusion in the largely unbanked population with the introduction of this new legislation for the financial technology space. Indicative of the country’s progress in May 2020 Mexico City-based start-up Belvo raised $10 million to grow its developer-first financial API platform across Latin America.
In China while Open Banking is recognized as an integral part of fintech it is still considered to be in its infant stages with the problem of lacking universal industry standards and data security measures remaining unsolved. In late 2019 The National Internet Finance Association of China (NIFA) held a symposium on the subject of commercial banks’ Open Banking business, later proposing in a report that as Open Banking develops in China, a regulatory framework should be established to guard against systemic risks and efforts should be made to formulate industry standards.
But while Open Banking is a huge driver of innovation and competition it also raises the question of security and compliance. Financial firms are challenged with maintaining the security and privacy of customer data while at the same time forced to share it with third parties via open APIs. Protecting the data being shared requires robust data and application security combined with authentication, encryption and compliance.
In Europe the Regulatory Technical Standards on Strong Customer Authentication (RTS SCA) have been in place since September 2019 and are a set of implementation guidelines to help financial organizations ensure strong customer authentication (including multi factor authentication) and common and secure open standards of communication (APIs) to comply with PSD2.
In addition, firms must comply with the General Data Protection Regulation (GDPR) which requires a customer’s consent to share data as well as allowing them to revoke consent and remove their data. Data encryption technology helps ensure that customer data is protected when in transmission or in storage.
Learn more about GDPR and Imperva compliance solutions here.