Finance:Open banking

From HandWiki
Revision as of 17:24, 5 February 2024 by Corlink (talk | contribs) (url)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Short description: Financial services term to allow sharing of financial data


In financial services, open banking allows for financial data to be shared between banks and third-party service providers through the use of application programming interfaces (APIs). Traditionally, banks have kept customer financial data within their own closed systems. Open banking allows customers to share their financial information securely and electronically with other authorized organizations, such as fintech companies, payment providers, and other banks.

Proponents argue open banking provides greater transparency and data control for account holders, and could allow for new financial services to be provided. Proponents also say that it aims to promote competition, innovation, and customer empowerment in the banking and financial sectors.[1][2][3] Opponents argue that open banking can lead to greater security risk and exploitation of consumers.

The first open banking regulations were introduced by the European Union in 2015, and many other countries have introduced open banking regulations since.

History

The concept was first explored in 2003 as part of the open innovation movement that was promoted by Henry Chesbrough.[4][5] The advent of internet banking and development of online technology in the early 2000s led to interest in access to the data which was first seen in account aggregation attempts by technology companies.

During 2010s the Open Banking was also linked to shifts in attitudes towards the issue of data ownership, illustrated by regulations such as GDPR and the open data movement.[citation needed] With open banking, banks turn into financial service platforms, technically implemented through a banking as a service concept.[6]

The first real regulatory move to open banking came in 2015 when the European Parliament adopted a revised Payment Services Directive known as PSD2.[7] The new rules were aimed at promoting the development and use of innovative online and mobile payments through open banking.[8][9] This introduced a number of new services, definitions, and obligations for market participants.

This was welcomed by fintech companies but banks were generally slow to agree to sharing the data for technical and security reasons as well as concerns for new competition. Between 2015 and 2021 a number of different countries enacted laws and regulations forcing traditional banks to provide API access to customer data.

Risks and criticism

With open banking, banks open their APIs to third-party fintech companies, which comes with security risks. Hackers can target third-party apps and excessive access privileges could be given to employees. Malicious actors may be able to trick banking customers and third-party companies with phishing scams.[10]

There are also privacy concerns about open banking.[11] There is a risk of aggressive market practices or offering a customer more expensive products based on an analysis of openly-available financial data.[11]

For consumers, open banking poses a risk of "digital and financial exclusion".[11] Mick McAteer, from the UK research firm Financial Inclusion Centre, said that only the tech-savvy would benefit from open banking and it would lead to more financial exclusion of those with low income.[12] He said that consumers could be exploited, either by new types of payday loans or the misuse of data and personal information that people have revealed online.[12]

Use and regulation

Africa

Nigeria

Open banking in Nigeria was kickstarted by the Open Banking Nigeria as an initiative to be non-partisan and non-financial API standards for Nigerian financial services. It was formed in June 2017 by a group of bankers and fintech experts who got together to propose the adoption of common API standards for the country.[13]

Open banking in Nigeria later evolved into a regulatory backed initiative with the release of the open banking regulation by the Central Bank of Nigeria in 2021 [14] and the subsequent Operational Guidelines for Open Banking in Nigeria.[15]

Australasia

Australia

An open banking project was launched in Australia on 1 July 2019 as part of the Consumer Data Rights (CDR) project by the Treasury and Australian Competition & Consumer Commission.[16] The CDR legislation was passed by the Australian parliament in August 2019.[17]

New Zealand

In May 2023, Payments NZ, which supervises the payment system in New Zealand said that the main banks will be ready by 2024 to implement open banking.[18]

European Union

Revised Directive on Payment Services (PSD2)

In October 2015, the European Parliament adopted a revised Payment Services Directive known as PSD2.[19] The new rules were aimed at promoting the development and use of innovative online and mobile payments through open banking.[8][20] It introduced a number of new services, definitions, and obligations for market participants.

More than two years after the entry into force of the PSD2 provisions, which took place on 13 September 2019, the European Commission announced the commencement of the review procedure of the Directive.[21] On 18 October 2021, the European Commission submitted a call for advice to the European Banking Authority (EBA).[22] The EBA responded on 23 June 2022.[23][24] Amendments to the Directive were planned for the fourth quarter of 2022.[21]

SEPA API Access scheme

The SEPA (Single Euro Payments Area) API Access Scheme initiative was launched by the ERPB (Euro Retail Payment Board), a strategic advisory body at the European Central Bank.[25] The initiative was described in two reports, the first was published on 31 May 2019,[26] and the second was published on 4 June 2021.[27] The information on the transfer of the initiative for further works and the implementation of the SEPA API Access scheme by the European Payments Council is also publicly available.[28]

The proposed scheme defines the principles of cooperation between the entities participating in it and defines standard methods of implementing selected services based on the use of APIs, billing systems, and payment systems. The starting point for the work on the scheme was PSD2 services provided by European credit institutions, which would remain free of charge for third parties. Other services – referred to as value-added services, premium services or extended services – could be monetised by credit institutions based on the rules adopted in the scheme. These rules and the general assumptions of the scheme would be discussed with the relevant Directorates-General of the European Commission.[27][non-primary source needed]

The Berlin Group

On 26 October 2020, The Berlin Group established a new task force called The Berlin Group openFinance API Framework, which replaced the previous task force responsible for creating the NextGenPSD2 standard.[29] The new task force's work focuses on the standardisation of value-added services that credit institutions may make available to eligible third parties based on bilateral agreements or potential new payment schemes.[citation needed]

Standardisation

In the European Union, standardisation initiatives include:

  • NextGenPSD2 – Pan-European standardisation initiative run by The Berlin Group.[30]
  • STET standard – developed by the French clearing house (STET); in its shape, the standard has been as close as possible to the NextGenPSD2 standard of The Berlin Group as part of the convergence project.[31]
  • Slovak Banking API – a standardisation project entirely run by the Slovak Bank Association in cooperation with the National Bank of Slovakia, made available in the form of documentation.[32]
  • PolishAPI – the PolishAPI standard defines an interface for the needs of services provided by third parties based on access to payment accounts, i.e. services introduced by the amended directive on payment services within the internal market (PSD2). Participants include the Polish Banks Association, associated commercial and cooperative banks, and third-party providers.[33]

Latin America

Mandatory and centralised electronic invoicing was implemented relatively early in countries such as Mexico, Chile , Colombia, and to a lesser extent, Brazil , offering the possibility to retrieve open accounting data in a similar way as open banking.[34]

Brazil

The Central Bank of Brazil deployed its open banking model, which mandates banks and financial institutions (including fintech) to make available information on traditional financial services and products.[35][non-primary source needed] Brazil's implementation is mandatory for institutions with large sizes, significant international activity, and high-risk profiles, and optional for all other institutions.[citation needed]

The implementation of the first phase happened almost two years after the first open banking framework was published in April 2019, in which the fundamental requirements for the implementation of the law were disclosed.[citation needed]

The Central Bank of Brazil outlined the following phases of implementation:[needs update][citation needed]

  • Phase 2: Customer Information (July 2021) – Consumers have the option to share their data (registration, account transactions, card, information, and credit transactions) with the institutions of their choice, at the time of their choice.
  • Phase 3: Transactional Information and Payment Initiation (August 2021) – Consumers have access to services, such as new payment options and credit offers, through the shared channels by financial institutions.
  • Phase 4: Extra information (December 2021) – The following phases include additional products such as insurance, pension plans, and investments.

Chile

In late 2020, the Chilean government announced that it was working on a proposal for fintech regulation and the incorporation of an open banking standard. The government edited the Financial Portability Act, a set of regulations aimed to facilitate the switch between banks and financial providers.[36][37]

On 4 January 2023, Chile enacted a law with the aim to establish a regulatory framework for fintech activity and create an open finance system that enables secure data-sharing.[citation needed]

Colombia

Colombia has established a voluntary model for open banking,[38] with the Financial Regulation Unit (URF)'s goal being to foster public-private discussion.[39]

Mexico

Mexico was the first Latin American country to implement open banking legislation.[40] On 9 March 2018, the Fintech Law of 2018 (Ley para Regular las Instituciones de Tecnología Financiera) was published in the Federal Official Gazette (DOF; Diario Oficial de la Federación).[41] Article 76 states that standardised APIs must be established to enable connectivity and access to other interfaces. As a consequence, more than 2,300 institutions were technically required to share information.[42] Article 76 provides that certain information may be shared by financial institutions, money transmitters, Credit Information Companies (SIC; Sociedades de Información Crediticia), clearing houses, and financial technology institutions. Those types of data are open data (related to products and services offered to the general public), aggregated data (related to any type of statistical information related to operations), and transactional data (related to the use of a product or service).[citation needed]

On 10 March 2020, the Mexican Central Bank (Banxico) published Circular 2/2020 in the DOF. Circular 2/2020 outlined secondary provisions of the law, specifically dealing with open banking.[43] Different financial market entities were required to share information through APIs. The secondary provisions only apply to SICs and clearing houses; Circular 2/2020 states that both SICs and clearing houses must obtain authorisation from Banxico for the use of the APIs by other institutions. In turn, SICs and clearing houses must enter into agreements with other entities authorised by Banxico for the exchange of information. Additionally, the issuance of fees to be charged between institutions that exchange information is also defined. Circular 2/2020 states that in case of non-compliance with the provisions of Circular 2/2020, SICs and clearing houses may face fines levied by Banxico.[non-primary source needed]

In June 2020, the rules for exchanging open data were applicable to all financial institutions – banks, fintechs, and companies authorised by the Comisión Nacional Bancaria y de Valores.[citation needed]

United Kingdom

Competition intervention

In August 2016, the Competition and Markets Authority (CMA) issued a ruling that required the nine biggest UK banks – HSBC, Barclays, RBS, Santander, Bank of Ireland, Allied Irish Bank, Danske Bank, Lloyds, and Nationwide – to allow licensed startups direct access to their data, down to the transaction level.[44] The direction came into force on 13 January 2018, using standards and systems created by Open Banking Limited, a non-profit created especially for the task, while enforcement rests with the CMA. Protection for consumers is the responsibility of the Financial Conduct Authority (FCA) for account information and payment initiation services (under the PSD2 directive), or the Information Commissioner's Office for data.[45] The CMA direction only applies to the nine largest banks, and works alongside the broader PSD2 rules that apply to all payment account providers.

Adoption

(As of April 2023), there are 339 FCA-regulated providers enrolled in open banking.[46] Many of them provide financial apps that help manage finances and also consumer credit firms who use open banking to access account information for affordability checks and verification.[47]

In March 2021, the CMA consulted on arrangements for the future oversight of open banking.[48] This consultation referenced a proposal by UK Finance (a trade association for the banking and finance industry), which had engaged with stakeholders to develop a blueprint for a new organisation (a 'Future Entity') to replace the OBIE in its current form which would serve the needs of the significantly larger number of financial institutions by enabling an Open Data and payments market.

United States

In 2021, president Joe Biden issued an executive order indicating the administration's desire to begin rulemaking for Section 1033 of the Dodd–Frank Act.[49] The intention was to support open banking initiatives in the United States.[49] Also in 2021, open banking provider Plaid settled for US$58M in a consumer-driven, privacy-related class-action lawsuit.[50] Rohit Chopra, the director of the Consumer Financial Protection Bureau, initiated rulemaking pertaining to Section 1033 in 2023.[51]

See also

References

  1. Premchand, A.; Choudhry, A. (Feb 2018). "Open Banking & APIs for Transformation in Banking". 2018 International Conference on Communication, Computing and Internet of Things (IC3IoT). pp. 25–29. doi:10.1109/IC3IoT.2018.8668107. ISBN 978-1-5386-2459-3. https://ieeexplore.ieee.org/document/8668107. Retrieved 15 May 2023. 
  2. Open Banking Working Group. "The Open Banking Standard". HM Treasury. https://www.paymentsforum.uk/sites/default/files/documents/Background%20Document%20No.%202%20-%20The%20Open%20Banking%20Standard%20-%20Full%20Report.pdf. 
  3. Brodsky, Laura; Oakes, Liz (September 2017). "Data sharing and open banking". McKinsey & Company. https://www.mckinsey.com/industries/financial-services/our-insights/data-sharing-and-open-banking. 
  4. "When Open Innovation comes to banking - BNP Paribas" (in en-US). BNP Paribas. https://group.bnpparibas/en/news/open-innovation-banking. 
  5. "Open banking: The new face of digital transformation" (in en-US). 2018-04-03. https://www.ibm.com/blogs/regtech/open-banking-the-new-face-of-digital-transformation/. 
  6. Scholten, Ulrich. "Banking-as-a-Service - what you need to know". VentureSkies. https://www.ventureskies.com/blog/banking-as-a-service-categorizing-the-services. 
  7. "Press corner" (in en). https://ec.europa.eu/commission/presscorner/home/en. 
  8. 8.0 8.1 "European Parliament adopts European Commission proposal to create safer and more innovative European payments". EU Commission. http://europa.eu/rapid/press-release_IP-15-5792_en.htm?locale=en. 
  9. (in en) Commission Delegated Regulation (EU) 2018/389 of 27 November 2017 supplementing Directive (EU) 2015/2366 of the European Parliament and of the Council with regard to regulatory technical standards for strong customer authentication and common and secure open standards of communication (Text with EEA relevance. ), 2018-03-13, http://data.europa.eu/eli/reg_del/2018/389/oj/eng, retrieved 2022-02-14 
  10. "The Risks of Open Banking: Are Banks and their Customers Ready for PSD2? - Security News". https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/the-risks-of-open-banking-are-banks-and-their-customers-ready-for-psd2. 
  11. 11.0 11.1 11.2 Reynolds, Faith (2017). "Open Banking: A consumer perspective". https://home.barclays/content/dam/home-barclays/documents/citizenship/access-to-financial-and-digital-empowerment/Open-Banking-A-Consumer-Perspective-Faith-Reynolds.pdf. 
  12. 12.0 12.1 Kevin Peachey (21 November 2017). "The Disruptors - Money". https://www.bbc.co.uk/news/resources/idt-sh/The_disruptors_money_changing. 
  13. Moses-Ashike, Hope (9 March 2023). "Explainer: What to know about Open Banking". Business Day. https://businessday.ng/news/article/explainer-what-to-know-about-open-banking/. 
  14. Central Bank of Nigeria (17 February 2021). "Regulatory Framework for Open Banking in Nigeria". Central Bank of Nigeria. https://www.cbn.gov.ng/out/2021/psmd/circular%20on%20the%20regulatory%20framework%20on%20open%20banking%20in%20nigeria.pdf. 
  15. Central Bank of Nigeria (7 March 2023). "Operational Guidelines for Open Banking in Nigeria". Central Bank of Nigeria. https://www.cbn.gov.ng/Out/2023/CCD/Operational%20Guidelines%20for%20Open%20Banking%20in%20Nigeria.pdf. 
  16. "Open banking era dawns in Australia". SBS World News. June 29, 2019. https://www.sbs.com.au/news/open-banking-era-dawns-in-australia. 
  17. O'Brien, Kate. "ASX shares that could benefit from Open Banking". Yahoo. https://au.finance.yahoo.com/news/asx-shares-could-benefit-open-225455924.html. 
  18. "Open banking coming to NZ mid-2024". Radio New Zealand. May 30, 2023. https://www.rnz.co.nz/news/business/490990/open-banking-coming-to-nz-mid-2024. 
  19. "Press corner" (in en). https://ec.europa.eu/commission/presscorner/home/en. 
  20. (in en) Commission Delegated Regulation (EU) 2018/389 of 27 November 2017 supplementing Directive (EU) 2015/2366 of the European Parliament and of the Council with regard to regulatory technical standards for strong customer authentication and common and secure open standards of communication (Text with EEA relevance. ), 2018-03-13, http://data.europa.eu/eli/reg_del/2018/389/oj/eng, retrieved 2022-02-14 
  21. 21.0 21.1 "Payment services – review of EU rules" (in en). https://ec.europa.eu/info/law/better-regulation/. 
  22. "Call for advice to the European Banking Authority (EBA) on the review of the payment services Directive (PSD2)" (in en). https://finance.ec.europa.eu/publications/call-advice-european-banking-authority-eba-review-payment-services-directive-psd2_en. 
  23. Campa, José Manuel (2022-06-23). "2022 06 23 Letter to Mr Berrigan - Response PSD2 CfA". https://www.eba.europa.eu/sites/default/documents/files/document_library/Publications/Opinions/2022/Opinion%20od%20PSD2%20review%20%28EBA-Op-2022-06%29/1036015/2022%2006%2023%20Letter%20to%20Mr%20Berrigan%20-%20Response%20PSD2%20CfA.pdf. 
  24. "Opinion of the European Banking Authority on its technical advice on the review of Directive (EU) 2015/2366 on payment services in the internal market (PSD2)". 2022-06-23. https://www.eba.europa.eu/sites/default/documents/files/document_library/Publications/Opinions/2022/Opinion%20od%20PSD2%20review%20%28EBA-Op-2022-06%29/1036016/EBA%27s%20response%20to%20the%20Call%20for%20advice%20on%20the%20review%20of%20PSD2.pdf. 
  25. "Euro Retail Payments Board (ERPB)" (in en). 2021-12-02. https://www.ecb.europa.eu/paym/groups/erpb/html/index.en.html. 
  26. "Report of the ERPB Working Group on a Single Euro Payments Area (SEPA) Application Programming Interface (API) Access Scheme". 2019-05-31. https://www.ecb.europa.eu/paym/groups/erpb/shared/pdf/11th-ERPB-meeting/Report_from_the_ERPB_WG_on_a_SEPA_API_Access_Scheme.pdf?18ac5087de445faeb7ca11f951bb7ca11f951bb7ca11f951bb7ca. 
  27. 27.0 27.1 "Report of the Next Phase of the ERPB Working Group on a Single Euro Payments Area (SEPA) Application Programming Interface (API) Access Scheme". 2021-06-04. https://www.ecb.europa.eu/paym/groups/erpb/shared/pdf/15th-ERPB-meeting/Report_from_the_ERPB_working_group_on_a_SEPA_API_Access_Scheme.pdf?52770756ac64f8952873a76. 
  28. https://www.ecb.europa.eu/paym/groups/erpb/shared/pdf/16th-ERPB-meeting/SEPA_Payment_Account_Access_Scheme_status_update.pdf%20https://www.ecb.europa.eu/paym/groups/erpb/html/index.en.html [|permanent dead link|dead link}}]
  29. Group, The Berlin (2020-10-26). "PRESS RELEASE - Berlin Group starts new openFinance API Framework" (in en). https://www.berlin-group.org/single-post/press-release-berlin-group-starts-new-openfinance-api-framework. 
  30. "PSD2 Access to Bank Accounts | The Berlin Group" (in en). https://www.berlin-group.org/psd2-access-to-bank-accounts. 
  31. "Stet : PSD2" (in en). 2018-05-30. https://www.stet.eu/index.php?id=49. 
  32. "Slovak Banking API Standard" (in sk). https://www.sbaonline.sk/projekt/slovak-banking-api-standard/. 
  33. "PolishAPI" (in en-US). https://polishapi.org/en/. 
  34. "CFDI: Mexico's Electronic Invoicing Model That's Become a Reference Across all of Latin America" (in en-US). 2018-03-14. https://cfdi.edicomgroup.com/en/cfdi-al-dia-en/cfdi-mexicos-electronic-invoicing-model-thats-become-a-reference-across-all-of-latin-america/. 
  35. (in en) Open Banking: entenda o que é e como poderá ajudar na sua vida financeira, https://www.youtube.com/watch?v=rs0D8KgOpLo, retrieved 2021-05-23 
  36. "BNamericas - Chile financial portability bill becomes law". https://www.bnamericas.com/en/news/chile-financial-portability-bill-becomes-law. 
  37. "Gob.cl - Portabilidad Financiera" (in es). https://www.gob.cl/portabilidadfinanciera/. 
  38. "Open banking en Colombia se prepara para despegar" (in es-ES). 2021-02-08. https://iupana.com/2021/02/08/open-banking-en-colombia/. 
  39. "BNamericas - Snapshot: The 2021 agenda for Colombia finan...". https://www.bnamericas.com/en/news/snapshot-the-2021-agenda-for-colombia-financial-regulations-research-unit-urf. 
  40. "LatAm turns to Mexico's year-old fintech law as a model for regulation" (in en-us). https://www.spglobal.com/marketintelligence/en/news-insights/latest-news-headlines/latam-turns-to-mexico-s-year-old-fintech-law-as-a-model-for-regulation-50081755. 
  41. "Ley para Regular las Instituciones de Tecnología Financiera" (in es). 2018-03-09. http://www.diputados.gob.mx/LeyesBiblio/pdf/LRITF_090318.pdf. 
  42. Garzón Galván, Jonathan G.. "Open Banking MX Reporte 2019". https://www.cecoban.com/Reporte_Open_Banking_MX_2019_Cecoban.pdf. 
  43. "Interfaces de programación, disposiciones, Banco de México". https://www.banxico.org.mx/marco-normativo/normativa-emitida-por-el-banco-de-mexico/circular-2-2020/interfaces-programacion-dis.html. 
  44. Manthorpe, Rowland (October 16, 2017). "To change how you use money, Open Banking must break banks". Wired UK (Condé Nast). https://www.wired.co.uk/article/open-banking-psd2-regulation-banking. Retrieved 2017-12-29. 
  45. Manthorpe, Rowland (17 April 2018). "What is Open Banking and PSD2? Wired explains.". Wired UK (Condé Nast). https://www.wired.co.uk/article/open-banking-cma-psd2-explained. Retrieved 15 May 2023. 
  46. "Meet the regulated providers". Open Banking Implmentation Entity. https://www.openbanking.org.uk/customers/regulated-providers/. 
  47. Yang, Qiang; Fan, Lixin; Yu, Han (2020) (in en). Federated Learning: Privacy and Incentive. Springer Nature. ISBN 978-3-030-63076-8. https://books.google.com/books?id=aWgLEAAAQBAJ&q=Many+of+them+provide+financial+apps+that+help+manage+finances+and+also+consumer+credit+firms+who+use+Open+Banking+to+access+account+information+for+affordability+checks+and+verification.&pg=PA242. 
  48. "The future oversight of the CMA's open banking remedies". Competition and Markets Authority. https://www.gov.uk/government/consultations/future-oversight-of-the-cmas-open-banking-remedies/the-future-oversight-of-the-cmas-open-banking-remedies. 
  49. 49.0 49.1 "President Biden Issues Executive Order Encouraging CFPB To Act On 1033 Data Access and UDAAP". https://www.jdsupra.com/legalnews/president-biden-issues-executive-order-5700505/. 
  50. "Plaid settles class-action lawsuit for $58 million". 6 August 2021. https://www.americanbanker.com/news/plaid-settles-class-action-lawsuit-for-58-million. 
  51. "The power to walk away: CFPB moves to give consumers control over financial data" (in en). 2023-10-19. https://www.politico.com/news/2023/10/19/cfpb-issues-heavily-anticipated-proposal-restricting-data-sharing-00122443.