Amit Bhute, Global Head of Banking Practice, Virtusa, on three different approaches to the API economy.
Protecting consumers has been a regulatory objective for many years. Most recently, with digital transformation disrupting industries across the globe, the focus has turned to the protection of consumer privacy
and data – a valuable asset for most businesses today. Indeed, the EU GDPR, which prevents firms from accessing and using data without consumer consent, is a prime example of the importance regulators now place upon the issue.
This consumer protection principle is at the core of Open Banking, too, in that it allows customers’ financial data to be shared safely through the use of application programming interfaces (APIs) – but only with those customers’ consent. As with GDPR, this regulatory innovation was pioneered in Europe. The Second Payment Services Directive (PSD2) makes it mandatory for European banks offering retail banking payments services to release their customers’ data to trusted third-parties (TTP) – regulated fintechs – but only if they obtain approval from their customers to do so. In one stroke, ownership of consumers’ financial data was transferred from the bank to the consumer. Universally adopted by banks in the UK and across the EU in September 2019, PSD2 has attracted the attention of regulators worldwide ever since.
We can expect three main approaches to the implementation of Open Banking across the world.
Under the first of these – a “regulatory-mandatory” approach – banks in countries including Australia and Canada will be legally required to comply with open banking regulations. The second approach, taken by New Zealand and Hong Kong among others, is more flexible, with regulators producing guidelines and, in some cases, API standards. While banks in these regions will be encouraged to sign up to these guidelines and implement APIs, this approach falls just short of making it a regulatory requirement. Finally, in those countries characterised as “market-led”, the regulatory mandate is not as strong. Open Banking initiatives in these jurisdictions tend to be driven by innovative banks and fintechs using the latest API technology as a means of getting ahead of the competition.
Of these groups, the “regulatory-mandatory” countries are likely to be the most active in 2020, with attention largely focused on Australia. Here, substantial regulatory reforms are set to take effect, encapsulated in Consumer Data Rights (CDR) legislation that gives consumers control of their transaction data and the option to share it with authorised third-parties. While the scope of financial products was originally limited to cash payment accounts, the Australian Competition and Consumer Commission (ACCC) has since dramatically widened it to include savings accounts, call accounts and term deposits, as well as mortgages and loans – even expanding the scope to include business finance, overdrafts, lines of credit, asset finance, and trust accounts in the corporate domain.
In time, it’s expected that Australia’s CDR will go beyond banking to include the energy and telecom sectors and, eventually, penetrate other industries. After all, with greater access to customer data, companies across all industries can develop new, more relevant products and offer better deals to their customers. Indeed, one of the most striking consequences of open banking is how it will change the competitive dynamics across sectors outside of just financial services. Under this new regime, consumers will be better able to move between brands, or have products with multiple brands, using a single pane view to track their activity via an app.
Interestingly, Australia has chosen not to include any payment initiation aspects as part of its open banking initiative. Instead, these will be dealt with by its New Payments Platform (NPP). It’s a significant decision, however. By choosing to exclude payments – which is concerned more with consumer approval than data sharing – as well as expanding its CDR beyond the banking sector, Australian regulators have signalled a strong commitment to protecting consumer data.
Further afield, Canada, Brazil, Mexico, and Israel each have undertakings in place to legislate open banking in the financial services sector. In January 2019, Canada’s Department of Finance published a consultation document – “A Review into the Merits of Open Banking” – which, further extending Australia’s CDR efforts in open banking, included investment accounts in its scope. This major addition would mean that consumers with a diverse portfolio of financial products, such as cash and securities held across multiple financial institutions, will enjoy a better view of their overall financial position, holdings, and valuations in a single place.
The consultation document also indicated that Canada, unlike Australia, is considering including payments initiation within its open banking remit. If this does come to pass, it’s likely that the country’s regulatory body, Payments Canada, will have a significant role to play.
Often promoted by local regulators, regulatory-facilitated and market-led open banking initiatives have also gained plenty of traction.
In 2016, India became one of the first countries to create regulatory-facilitated open banking guidelines, with participation from 21 banks. As part of its Unified Payments Initiative (UPI), the National Payments Corporation of India created a framework within which third-parties could initiate payments with customer consent. By October 2019, UPI had 141 member banks, and had overseen more than a billion transactions.
Elsewhere in Asia, the Monetary Authority of Singapore (MAS) is encouraging greater collaboration between banks and Fintechs through the use of APIs. It actually went one step further in 2018 when it launched a financial API marketplace with the aim of championing cross-border collaboration to foster innovation and financial inclusion. The Reserve Bank of New Zealand, on the other hand, has taken a more conservative approach, electing instead to promote the Open Banking Implementation Entity’s (OBIE) UK API standards conforming to PSD2.
In the US, meanwhile, data protection is less of a concern for regulators. Market-led initiatives are therefore more common. JPMorgan Chase, for example, provides APIs to its customers for treasury management, trading and securities services, as well as PSD2 APIs to cater to its UK client-base.
Of the three approaches outlined above, regulatory-mandatory initiatives have proven most effective in terms of the widespread adoption of open banking at a national level, while regulatory-facilitated initiatives have enjoyed varying degrees of success, due to the decision to adhere ultimately being the bank’s prerogative. Standardisation using a market-led approach is the hardest of all to achieve. Banks and tech giants, driven by the need to innovate and stay competitive, have taken the lead here, but this effort is being hampered by difficulties in reaching consensus on the details of the functional scope of such initiatives, along with security and API specifications.
The world is undoubtedly moving toward greater collaboration between banks and fintechs – even between different industries – but the consumer remains the prime focus of attention. Throughout 2020 and beyond, regulatory regimes around the world will continue working toward addressing consumer protection concerns, including the consumer’s right to fully control their data.
Enabling consumers to manage their funds more efficiently should, ultimately, improve the circulation of money within the global economy, and open banking standards will play a critical role in this. Although they’ll take different approaches to its implementation, different countries are aware of the growing importance of open banking. That’s why, in 2020, we’ll see it truly go global.