With the Open Banking PSD2 directive adopted by the European Parliament just 7 years ago, most of Europe and few outside of the continent took a regulatory-driven approach to open banking adoption. We may follow up on what happened in the rest of the world in that regard. Which Open Banking APIs possibilities did they explore? Did they follow suit?
A slow start by all accounts across Europe, with only a small handful of banks going ‘all-in’ from the onset in first instance. With increased data security measures coming into force imminently, and fewer risks on face value for banks, the forecast was to expect things pick up speed before too long. Have a look at what’s happening in regards to Open Banking around the world:
With the first regulations appearing in 2018, the UK Government believes that 60% of customers will make use of Open Banking by 2023. UK’s latest Open Banking update on November 5th 2021, sets out advances in the Open Banking Implementation Entity (OBIE) followed by an independent investigations and an update on the government’s considerations on the future of Open Banking. The UK was one of the first countries to respond to the call of open banking trends to unlock competition in retail banking and evolve the fast-growing fintech sector.
Initially and ahead of the rest of the world, The United Kingdom’s Competition and Markets Authority adopted a staged approach to Open Banking to allow for a smoother and lower-risk implementation of a single API standard. Stage 1 involved data exchange only, with payments/ transactions added in 2019. The initial challenge lied in establishing secure Open Banking APIs to sustain the expected output, but that is the past now. With wider potential benefits in applying Open Banking beyond retail banking, the UK Government is now searching for a clear regulatory vision working with other regulators to publish a statement of our joint regulatory expectations alongside their consultation response.
OBIE: giving a direction
The Open Banking Implementation Entity (OBIE) came around as a result of a report the UK’s retail banking market by The Competition and Markets Authority (CMA) back in 2016. Newer banks were finding it difficult to access the market and grow and open banking was starting to demonstrate its full potential. The OBIE first appeared as a mere programe delivery entity for new banks as a result, but it has now evolved and transformed into a broader ecosystem enabler and services provider. The OBIE:
- Supervises obligatory activities
- Generates the Open Banking standard and promotes the ecosystem
- Provides critical services and infrastructure
The EU‘s PSD2 Open Banking regulation was the first to emerge as an attempt to introduce increased competition and innovation to the financial services industry. At first instance, it forced banks to offer dedicated APIs for security matters when it came to account aggregation and payments. It set out a legal framework within both the UK’s and EU’s Open Banking standards had to operate. Germany stands out in terms of readiness, investing in Open Banking initiatives long before PSD2. Looking back at 1980, the German Federal Post Office was running experiments on transaction processing experimenting via screen text.
PSD2 legislation became effective in January 2018. The European Council passed the Revised Payment Services Directive (PSD2) in November 2015, enacting a framework for open banking APIs to develop over a multi-year period. Their initial implementation was more of a blanket approach, which has meant significant delays in the early stages. The use of Strong Customer Authentication security measures became mandatory 18 months after the entry into force of the RTS (Regulatory Technical Standards), allowing payment service providers, including banks, sufficient time to adapt their security systems to the increased security requirements defined in PSD2.
Other Open Banking Schemes like the SPAA, premium APIs and other initiatives appeared to shape the open finance ecosystem later on. The Open Banking Exchange (OBE) Europe was formed to create a community to shape the open banking movement and ensure all members can collaborate, mitigate risks and create opportunities. Furthermore, they can seek support from industry experts and access the latest regulatory information to benefit from new solutions and reduce costs.
The Middle East is certainly gaining momentum with regards to Open Banking legislation. With Bahrain and Israel being the first countries to structure a legislation framework in the Middle East, the rest of countries have been inspired to take on these type of initiatives. Here are a few advances on Open Banking regulations from other Middle East countries:
- Saudi Arabia: the Saudi Central Bank (SAMA) took the lead planning out and executing a strategy that regulated payment service providers and issued licences for non-bank FIs back in 2020. In the beginning of 2021, the bank also announced its intentions to create their own Open Banking policy with directives coming into effect in mid-2022.
- UAE: The UAE has also announced a number of open banking initiatives to grow the fintech sector and the economy, licensing specific account information service providers (AISPs) and payment initiation service providers (PISPs). Furthermore, Mashreq Bank was the first regional bank to launch an API developer portal back in 2021.
- Egypt: Open Banking in the country has also been evolving updating their regulations, starting with its data protection law back in 2019. The country still continues to create more regulations while collaborating with banks and other governmental bodies such as the Ministry of Finance to leverage Open Banking in the country.
- Oman: Also drafting its own version of an Open Banking API strategy, the country is also forming its own journey towards an Open Finance ecosystem. With big banks making investments in fintech innovation in the territory, the country also partnered with Saudi Arabia in an initiative to exchange the best practices knowledge on areas such as Data & AI, called the Saudi-Omani Digital Skills Initiative.
Australia first started to implement Open Banking phases back in May 2018, but it was only in July 2020 that major banks could start providing product reference data plus account and transaction data. The deadline for major banks’ secondary brands and other banks to implement these products was November 1st 2022, so the operation and procedure of these is yet to be confirmed.
With Open Banking being the first section of the Consumer Data Right (CDR), Australia just completed its phased timeline of Open Banking development this February. The agenda is expected to result in the creation of an ecosystem that enables the safe and secure transfer of consumer data, regulated by the Australian Competition and Consumer Commission (ACCC).
South Korea was the first country to launch a common API infrastructure across financial institutions back in 2016. While banks were “too uncompetitive” in the UK and Europe, but the history of Open Banking regulations in Asia is a whole different story. With China taking an almost opposite approach to this financial trends, big banks in the continent still have struggles to decide on which direction to take.
Open Banking in China
China initiated its journey towards Open Banking with no regulations, giving fintechs total freedom to innovate layering all kinds of digital services and building superapps. As a result, most banks had to adapt to this free market. In a sense, what happened in China is that banks started to be forced to remain competitive and had to be fully responsible of customer data rights rather than having a direction to follow. It wasn’t until 2021 that the Chinese regulation appeared restructuring the market to stop fintechs from renting their open financial solutions to banks and having to be finally regulated as financial institutions.
Hong Kong: lack of processes and standards
Hong Kong’s initial approach towards Open Banking was similar to the UK’s and EU’s in the sense that it was seen as a mean to boost fintech activity in the city and leverage their financial services industry by the Hong Kong Monetary Authority. However, they deferred from the European approach as they lack two main pillars that are key in supporting the development of secure and regulated Open Banking APIs.
- No accreditation process: banks are liable should there be a data breach.
- No standards for data sharing: as a result for this, big banks have been the ones taking the first steps to figure it out themselves; which has led to many giving up on the open banking trend.
With its own Open API Framework being delivered in July 2018, the authorities on the island have been pushing for its adoption ever since.
Singapore: leading a revolution
Singapore has been, without a doubt, the leading Asian country in the open banking revolution. The Monetary Authority of Singapore (MAS) was the first to encourage financial institutions to develop and share their APIs openly, so that they could work with other service providers to give customers a richer and more seamless experience. They set standards for APIs, data authentication and security that has given a direction for financial institutions to follow. Such is the case that the government developed its own version of an open banking platform in November 2021, with the only shortcoming being not including third-party fintechs or merchants.
While European banks have been obliged by law to move into the world of open banking, U.S. banks appear to have recognized the commercial imperative and are making the shift with approval, rather than guidance, from the government. The US has been taking more of an industry-led approach with no standarization or rules for guidelines. Their Open Banking approach was focused on what they call “screen scraping“, which consists on a third-party sign-on where they can retrieve the account’s information. The immense risk of data breach has led to major banks to block screen scraping and favour the use of APIs, allowing third-party services without giving up customer credentials.
The latest update on the 2010 Dodd-Frank Wall Street Reform and Consumer Protection Act, assigns the full responsibility of developing rules on customer data sharing to the Consumer Financial Protection Bureau (CFPB). However, they cannot act alone and must seek approval from other federal regulatory agencies. As a consequence, there have been some developments to reform their current regulatory framework this year.
CFPB moving forward
As the CFPB moves forward, they must address several issues to shape and share open banking regulations:
- Data security: which are the standards for consumer data regulations and what role do data aggregators play in scene? What about nonbank data aggregation fintechs?
- Privacy: limitations on data collection must be shared, giving clear guidelines as to how data needs to be held and used.
- Technology: should creen scraping be prohibited? Which approach should small financial institutions take?
As for Latin America, Mexico stands out after being the first to place regulations around data sharing with the FinTech law in 2018, which gives fintech companies greater regulatory certainty around issues such as open and/or public financial, aggregated and transactional data. However, this law does not talk about Open Banking alone. Most recently in July 2020, the National Banking and Securities Commission (CNBV) published regulations around open financial data alone, and is expected to preview more as for aggregate and transactional data before the end of 2022.
Following Mexico as countries implementing Open Banking regulations we see Brazil and Colombia. Brazil being the second to follow, was the country that took a staged approach divided in 4 phases, which ultimately ends in all types of data sharing. The project is still ongoing as all phases have been underway since 2021. Launched by Brazil’s Central Bank and the National Monetary Council, it is inspired by European regulations as it encourages innovation, promotes competition, increases efficiency in credit and payment markets, and promotes financial citizenship.
The Colombian National Government however, has just issued Decree 1297 this past July. The norm regulates payment initiation and personal financial data treatment, as well as the different offerings via digital channels. This regulation sets the Superintendencia Financiera de Colombia (SFC) as the big supervisor for the use, storage, and circulation of personal financial data. The FSC must as a consequence provide the required standards for the development of Open Banking.
As one of the most mobile-first continents given the significant unbanked population, open banking efforts have been heavily focused on providing alternative mobile solutions (e.g M-Shwari, M-Pesa, Tala). Open banking is still a big challenge in most parts of Africa, but some countries are taking on the wave of opportunities and have made some strategic approaches in their countries as applies.
Nigeria has been the first to pioneer the movement in Africa, with public requests from the Central Bank of Nigeria (CBN) to define a strategic agenda for payments in the upcoming years. The purpose of this framework is to regulate Open Banking APIs development with standards not only for security but also for data privacy, consumer protection, or data processing amongst others. As data privacy laws are relatively new in Africa, further guidelines and regulations are expected soon to start to appear except for specific countries where regulations are already in place such as Nigeria or South Africa.
A very common factor between the countries where regulations are already in place with regards to Open Banking is the fact that the movement has been led by a major bank. Similarly to what happened with the CBN in Nigeria, The Central Bank of Kenya (CBK) included a clear agenda for adopting technology for the development of open banking services for the foreseeable future. The document sets an approach to make progress on payment infrastructure and the integration of banking and digital technology for users. South Africa however, differs from Nigeria or Kenya as market regulations have already been adopted with clear guidelines and laws to control customer data through APIs.
The financial world unanimously shares the opinion that the customer should be in control of their own data, and that this move will be positive, create opportunity and new sources of revenue. The UK and Europe bravely took the lead, moving forward to fully embrace open banking opportunities, with other continents closely bringing up the rear, benefiting from the learnings of those that went before them. We will all have to stand by and see how many of these open banking trends continue to play out in the coming years from the least advanced countries in the matter.
If you are interested in finding out how Strands can help your bank leverage Open Banking, or if you would like to get a Free Demo of our Financial Management solutions, please fill out this form and one of our Sales Reps will get back to you as soon as possible.