Open Banking allows customers to give access to online payment accounts (such as current accounts) to third party providers, so that they can gather account information and initiate payments on the customers’ behalf.
With Open Banking now bedding in, the FCA has issued a Call for Input (CfI)1 on Open Finance, i.e. how to extend Open Banking-like data sharing and third party access to savings, mortgages, lending and investments.
Open Finance will have a much broader impact on the financial services industry than Open Banking, bringing greater opportunities – and challenges.
The evolution of Open Banking
The catalyst for Open Banking was an order made by the Competition and Markets Authority (CMA)2, which aimed to address problems the CMA had found in the personal current account and SME banking markets, and to open up the current account market to wider competition.
At an EU level, the Second Payment Services Directive (PSD2, implemented in the UK through the Payment Services Regulations 2017) enabled payment account customers to open access to their online payment accounts so that third party providers (TPPs) can:
- gather account information and use this for agreed purposes, such as presenting analytics on spending, identifying opportunities to put spare money into savings, or suggesting where the customer might benefit from switching to a different product (account information services)
- authorise TPPs to initiate payments from their account (payment initiation services)
- make payments on cards ‘linked’ to the customer’s account, but issued by the TPP rather than the customer’s account provider (card-based payment instrument issuers, called CBPIIs for short)
The FCA claims that the UK has led with the way in developing Open Banking, and there’s a lot of truth in that. However, this hasn’t happened in isolation, as PSD2 shows. Elsewhere, the likes of Singapore, Japan, India, Australia and Canada have also been exploring this space, either through government-led initiatives or on a more industry-led basis. In a world where more and more customers are consuming digitised services and want access to more information at their fingertips, Open Banking will continue to evolve and expand.
Problems on the way to Open Banking
14 September 2019 was marked to be a watershed day in the payments industry. This was the day when the Regulatory Technical Standards (RTS) on Strong Customer Authentication3 were to come into effect. In reality, 14 September 2019 was really just the end of the beginning.
For the payments industry, that day was to be the culmination of a long, arduous journey towards Open Banking. Implementing Open Banking involved making sense of a complex jigsaw, comprising numerous pieces of legislation, regulatory guidance, opinions, Q&A answers and industry thinking. Sifting through all these sources and fitting the jigsaw to a particular organisation’s business took painstaking effort.
In the end, the jigsaw remained unfinished by 14 September. Some firms were still working on their screen journeys and the final look of their interfaces, and the FCA was still considering a large number
of applications for exemption from having to have a contingency mechanism in place. No one had worked out a compliant way to apply strong customer authentication in e-commerce card payments. Many other questions remained unanswered.
The implementation of Open Banking was always going to be difficult, because of the challenges of applying a legal framework to an area defined by rapid digital innovation.
The legal constructs that were created include:
- the requirement for firms to publish application programming interfaces (APIs) so that TPPs can connect securely to those firms in order to access account information, confirm availability of funds and/or initiate payment payments
- the need for strong customer authentication (subject to some exceptions), in order to instil user confidence in the security of the process; and
- the need for TPPs to be authorised by or registered with the FCA (or another EEA regulator)
The legal constructs are sound in principle, but difficult to apply at a practical level in some use-cases. This is not the fault of the legislators: relatively broadly-drafted, medium-agnostic laws were always going to lead to some ambiguity when applied in very specific cases. As a result, many organisations struggled to meet the deadline of 14 September 2019.
In the end, the European Banking Authority and/or the FCA set out short-term extensions for compliance with certain aspects of Open Banking. One such example concerns TPPs, who have to be able to identify themselves securely using a trusted (eIDAS) certificate4. In the UK, they faced the problem that no UK eIDAS service providers existed. As a result, the FCA decided to allow TPPs to continue using screen scraping (where the TPP uses the customer’s security credentials to access their account) until 14 March 2020. After that date, TPPs should only access accounts using APIs and should use eIDAS certificates in order to identify themselves when requesting access.
The current state of the market
These teething problems have not stopped a decent growth in TPPs offering account information services in various forms, not just for retail customers but also for SME and larger corporate banking customers5. However, the market has been more hesitant when it comes to payment initiation services. Occasionally a rumour emerges of a possible CBPII, but it’s fair to say that this model is not a familiar one in the UK market.
As the FCA acknowledges, it may take several years to see the full extent of market development and innovation. However, the FCA‘s Business Plan for 2019/20 includes a commitment to explore the opportunities and challenges of Open Finance.
The FCA’s vision for Open Finance
Delivering on its commitment in its Business Plan, the FCA has issued the CfI to invite views on the benefits and challenges of Open Finance.
Whereas Open Banking applies to payment accounts (such as current accounts), Open Finance could ultimately mean that savings banks and building societies, insurers, investment managers, consumer credit companies, business lenders and mortgage lenders would have to implement similar interfaces and procedures.
The FCA suggests that Open Finance would build on the Open Banking principles of allowing TPP access. TPPs would be able to access customer accounts in order to:
- collect the customer’s financial data, to present to the customer (‘read’ access); and
- carry out or initiate transactions on the customer’s behalf, such as initiating payments, switching accounts, making an investment or applying for credit, including obtaining the necessary permissions to do so, and presenting data back to the customers (‘write’ access)
The FCA proposes that access would be through standardised APIs, to reduce barriers to market for TPPs (as they wouldn’t have to tailor their interfaces on a firm-by-firm basis) and to enhance security across the industry.
The FCA foresees several potential benefits for consumers and businesses, including:
- personal financial management dashboards – allowing customers to understand and improve their financial position by seeing
- their finances in one place, which might help them understand if they have spare money to put into savings, to make a mortgage overpayment, or to add to their pension and to allow the TPP to do this on the customer’s behalf
- automating switching and renewals – access to this level of information could encourage shopping around, potentially help customers get a better deal, and therefore increase competition new advice and support services – it would be easier to share comprehensive financial information with advisors
- more accurate creditworthiness assessments – third parties could review the customer’s financial situation holistically and identify suitable credit products, resulting in access to cheaper finance, options for customers struggling to access credit, restricting access to those who cannot afford credit, and tailored and more readily available debt advice
Risks that the FCA foresees
Of course, the FCA also understands the challenges of Open Finance (some of which are already present in Open Banking). The issues that the FCA identifies (there are many more!) include:
- while Open Finance should deliver benefits to customers who actively engage, the benefits will be more limited for customers who do not allow the same level of access. This could exclude customers who do not agree to data sharing, or result in them obtaining less favourable deals (what the FCA calls a ‘privacy premium’)
- if all the customer’s financial data is in one place, there may be an increased risk of fraud and resultant harm to the customer
- out of date, incorrect or incomplete data could lead to the customer obtaining the wrong advice or recommendations, or the customer switching to an inferior product or for the wrong price
- applying Open Banking principles and mechanics to the likes of savings, lending and mortgages is easier than applying these to the likes of insurance, pensions and investments, where consideration would have to be given to what data should be shared
- creating an execution-only environment could lead to poor outcomes for customers who would have been better taking advice
- auto-switching could lead to customers becoming less engaged and/or focusing on price over other suitability factors
- there is a risk of TPPs partnering with firms (possibly involving financial or other incentives) which may result in TPPs only offering, or preferentially listing, partner products and services
- the upfront costs of investing in Open Finance could take away from investment in other business areas
- a lack of incentives on firms to share data may prevent Open Finance from developing (the FCA considers this point in some detail, and invites comments on legal, operational and financial barriers to sharing data)
Open Finance will definitely happen, in one form or another. It’s only a question of time, so it’s best to start thinking about what this means for your business – and how you can position yourself to capitalise on the opportunities.
Being able to present a holistic financial view to customers is something organisations have dreamed of for a long time. The clients we advise in relation to account information services regularly bemoan the fact that they can only show a limited window into the customer’s financial world. This diminishes the utility and appeal of account information services. Open Finance would significantly boost what account information services providers can offer.
The teething problems arising from Open Banking and the RTS, which resulted in some requirements being pushed back temporarily, are well known to the FCA. Given this, we expect that implementation of Open Finance will be evolutionary and (one can always hope) set to a sensible timetable.
As the FCA recognises, it’s easier in principle to integrate savings, lending and mortgages with Open Banking data on payment accounts, whereas it may take longer to iron out the wrinkles relating to insurance and investments. This makes it likely that Open Finance will be an iterative journey, with earlier rollout of the likes of savings accounts6.
The principle of ‘write’ access is also likely to be evolutionary. As the FCA notes, and as we have experienced, there has been less take up in payment initiation services. Some of the FCA suggestions in the CfI around ‘write’ access – for example, allowing a TPP with appropriate permissions from the customer to switch accounts, move money into savings, or apply for credit – are much bolder than the limited Open Banking offering. Consumers might feel nervous about this – and we’d expect many lawyers and compliance officers will also be concerned (and rightly so). It might be the investment managers and private bankers (who are more familiar with discretionary dealing, or dealing within a specific mandate) who will be more comfortable with the principle here.
We’d expect that, in order for firms to be comfortable with such ‘write’ access powers, the Open Finance journey would allow firms to set their own parameters on authority, and their own terms relating to scope and liability (subject, of course, to principles of transparency and fairness and the Consumer Rights Act, where applicable). The FCA would also have to consider legal questions around authority, particularly when it comes to entry into agreements7: it seems likely (at least in some cases) that there would be a handover from the TPP to the customer at some point between application and agreement. If this all occurs online, then this will likely link into industry discussions around digital signatures and digital identity.
The FCA has asked for views on whether it needs to intervene through regulation. Given that the FCA recognises that TPPs outside of Open Banking would not be regulated and this would mean the FCA could not enforce compliance with standards, it seems inevitable that legislation and/or FCA regulation will be needed to ensure a safe and compliant Open Finance environment. That would also ensure adherence to particular standards for data disclosure and API design. That makes sense in principle and will benefit customers, financial services firms and TPPs over the long term. However, our experience from Open Banking implementation tells us that organisations that were out of scope the last time round – mortgage lenders, consumer credit firms and investment companies, for example – will have a lot of work to do.
What happens next?
The CfI contains various questions posed by the FCA. The FCA has also included a set of draft principles and invites comment on these.
Input must be provided by 17 March 2020. The FCA will use the responses when discussing Open Finance with the Government. The FCA plans to publish a feedback statement this summer.
The Department for Work and Pensions and the Money and Pensions Service are looking at creating a digital interface and dashboard which will allow consumers to access and view collated information about their state, workplace and private pensions. The aim is that this information could be pulled over and shown with the other financial information available through Open Finance.
What should you do?
There’s no immediate call to action for firms, save that the commercial benefits and opportunities – and also the costs of compliance – should form part of future planning now.
If you’re concerned about the Open Finance proposals then you should take the opportunity to give the FCA your input. The FCA’s contact details can be found here: https://www.fca.org.uk/publications/calls-input/call-input-open-finance
- FCA Call for Input: Open Finance, December 2019.
- The Retail Banking Market Investigation Order 2017.
- Commission Delegated Regulation (EU) 2018/389, the Regulatory Technical Standards on Strong Customer Authentication and Common and Secure Open Standards of Communication.
- Electronic Identification, Authentication and Trust Services.
- Although the CMA was focused on the retail and SME markets, the Open Banking principles extend to payment accounts for all customer types – including larger businesses
- Some savings providers – such as members of The Investing and Saving Alliance – already have APIs.
- For example, section 61(1)(a) of the Consumer Credit Act 1974 requires signature “by” the debtor or hirer and signature “by or on behalf of” the creditor or owner.