Brook Lovatt, chief executive officer of CloudEntity, explains why more education is required about the interaction between digital identity and Open Banking, and reveals what he thinks September will bring in Canada.
1. Why is the topic you’re discussing at Open Banking Expo Canada important?
At a basic level, I think there is broad misunderstanding about how Open Banking relates to identity. While the two topics do intersect, and you obviously need to identify users before allowing them to access data or perform transactions, there is a distinct separation between authentication and authorization; authentication is how we confirm that a person is who they say they are, while authorization is how we confirm that a person is allowed to do (and consents to do) whatever they’re attempting to do.
The fact that Canada is undergoing concurrent movements for both Open Banking and digital identity is part of what is confusing, so I think that if we can educate these communities about how and when they need to interact/interoperate, we’ll be able to move faster as an industry and, hopefully, reach both goals more quickly.
2. What unique perspective will you bring to the conversation?
As the leader of a company that provides technology at the forefront of both the digital identity and Open Data industries around the globe, I’m in a unique position with regard to the depth of understanding I bring to the concepts we’re discussing, as well as having real-world experience in regions where these issues have already been addressed. This provides a lot of clarity as to what will and will not work – and what can be done better in Canada.
CloudEntity’s Brook Lovatt
3. What is the key message you want to leave the audience with?
I want to make sure that the audience understands the fact that digital identity is not dependent on Open Banking and vice versa – these technologies will help each other and they will most certainly interact, but with the right designs and specifications there will not be any critical path dependencies between them.
4. Where do you expect ‘Made in Canada’ Open Banking to be in September?
Assuming that the regulations, or at least an intent to regulate, have been made clear and have dates associated with them in the next few months, I think that September 2023 will be a time when Canadian financial institutions and fintechs are making vendor selections and implementing their Open Banking interfaces.
It seems that September will be early to expect a proper conformance test suite to be available, but I would expect that such a test suite to at least be planned and in-progress by that point.
5. What, in your opinion, is the most critical piece of the Open Banking puzzle?
I believe that the trust model is the most important piece. At some point, the decision will need to be made regarding whether or not to manage all Open Banking participants in a central registrar that is responsible for establishing trust and conformity across the ecosystem.
This decision will also likely have some effect on the security profile required by the regulation – my hope is that Canada selects the latest security requirements from the Financial-grade API 2.0 specifications, which some vendors (including Cloudentity) support today, and are clearly the right path forward from a security and privacy perspective.
6. What are you most excited for at Open Banking Expo Canada?
I’m most excited to see what people have to say about open standards and which ones will be used for Canadian Open Banking – there has been much talk about FDX and FAPI 2.0, and, as a huge advocate for both of these standards, I’m excited to see how far the community’s knowledge on these specifications has grown!
Brook Lovatt is taking part in the panel session ‘The interplay between Open Banking and digital ID’ at Open Banking Expo Canada on June 15 in Toronto. Click here to find out more about the agenda and register for tickets.
