Banner triangles

From Open Banking to Open Finance

Open Banking allows customers to give access to online payment accounts (such as current accounts) to third party providers, so that they can gather account information and initiate payments on the customers’ behalf.

With Open Banking now bedding in, the FCA has issued a Call for Input (CfI)1 on Open Finance, i.e. how to extend Open Banking-like data sharing and third party access to savings, mortgages, lending and investments.

Open Finance will have a much broader impact on the financial services industry than Open Banking, bringing greater opportunities – and challenges.

The evolution of Open Banking

The catalyst for Open Banking was an order made by the Competition and Markets Authority (CMA)2, which aimed to address problems the CMA had found in the personal current account and SME banking markets, and to open up the current account market to wider competition.

At an EU level, the Second Payment Services Directive (PSD2, implemented in the UK through the Payment Services Regulations 2017) enabled payment account customers to open access to their online payment accounts so that third party providers (TPPs) can:

  • gather account information and use this for agreed purposes, such as presenting analytics on spending, identifying opportunities to put spare money into savings, or suggesting where the customer might benefit from switching to a different product (account information services)
  • authorise TPPs to initiate payments from their account (payment initiation services)
  • make payments on cards ‘linked’ to the customer’s account, but issued by the TPP rather than the customer’s account provider (card-based payment instrument issuers, called CBPIIs for short)

The FCA claims that the UK has led with the way in developing Open Banking, and there’s a lot of truth in that. However, this hasn’t happened in isolation, as PSD2 shows. Elsewhere, the likes of Singapore, Japan, India, Australia and Canada have also been exploring this space, either through government-led initiatives or on a more industry-led basis. In a world where more and more customers are consuming digitised services and want access to more information at their fingertips, Open Banking will continue to evolve and expand.

Problems on the way to Open Banking

14 September 2019 was marked to be a watershed day in the payments industry. This was the day when the Regulatory Technical Standards (RTS) on Strong Customer Authentication3 were to come into effect. In reality, 14 September 2019 was really just the end of the beginning.

For the payments industry, that day was to be the culmination of a long, arduous journey towards Open Banking. Implementing Open Banking involved making sense of a complex jigsaw, comprising numerous pieces of legislation, regulatory guidance, opinions, Q&A answers and industry thinking. Sifting through all these sources and fitting the jigsaw to a particular organisation’s business took painstaking effort.

In the end, the jigsaw remained unfinished by 14 September. Some firms were still working on their screen journeys and the final look of their interfaces, and the FCA was still considering a large number

of applications for exemption from having to have a contingency mechanism in place. No one had worked out a compliant way to apply strong customer authentication in e-commerce card payments. Many other questions remained unanswered.

The implementation of Open Banking was always going to be difficult, because of the challenges of applying a legal framework to an area defined by rapid digital innovation.

The legal constructs that were created include:

  • the requirement for firms to publish application programming interfaces (APIs) so that TPPs can connect securely to those firms in order to access account information, confirm availability of funds and/or initiate payment payments
  • the need for strong customer authentication (subject to some exceptions), in order to instil user confidence in the security of the process; and
  • the need for TPPs to be authorised by or registered with the FCA (or another EEA regulator)

The legal constructs are sound in principle, but difficult to apply at a practical level in some use-cases. This is not the fault of the legislators: relatively broadly-drafted, medium-agnostic laws were always going to lead to some ambiguity when applied in very specific cases. As a result, many organisations struggled to meet the deadline of 14 September 2019.

In the end, the European Banking Authority and/or the FCA set out short-term extensions for compliance with certain aspects of Open Banking. One such example concerns TPPs, who have to be able to identify themselves securely using a trusted (eIDAS) certificate4. In the UK, they faced the problem that no UK eIDAS service providers existed. As a result, the FCA decided to allow TPPs to continue using screen scraping (where the TPP uses the customer’s security credentials to access their account) until 14 March 2020. After that date, TPPs should only access accounts using APIs and should use eIDAS certificates in order to identify themselves when requesting access.

The current state of the market

These teething problems have not stopped a decent growth in TPPs offering account information services in various forms, not just for retail customers but also for SME and larger corporate banking customers5. However, the market has been more hesitant when it comes to payment initiation services. Occasionally a rumour emerges of a possible CBPII, but it’s fair to say that this model is not a familiar one in the UK market.

As the FCA acknowledges, it may take several years to see the full extent of market development and innovation. However, the FCA‘s Business Plan for 2019/20 includes a commitment to explore the opportunities and challenges of Open Finance.

The FCA’s vision for Open Finance

Delivering on its commitment in its Business Plan, the FCA has issued the CfI to invite views on the benefits and challenges of Open Finance.

Whereas Open Banking applies to payment accounts (such as current accounts), Open Finance could ultimately mean that savings banks and building societies, insurers, investment managers, consumer credit companies, business lenders and mortgage lenders would have to implement similar interfaces and procedures.

The FCA suggests that Open Finance would build on the Open Banking principles of allowing TPP access. TPPs would be able to access customer accounts in order to:

  • collect the customer’s financial data, to present to the customer (‘read’ access); and
  • carry out or initiate transactions on the customer’s behalf, such as initiating payments, switching accounts, making an investment or applying for credit, including obtaining the necessary permissions to do so, and presenting data back to the customers (‘write’ access)

The FCA proposes that access would be through standardised APIs, to reduce barriers to market for TPPs (as they wouldn’t have to tailor their interfaces on a firm-by-firm basis) and to enhance security across the industry.

Quote mark icon

Open finance has the potential to transform the way consumers and businesses use financial services. It could make it easier to compare price and product features and switch product or provider. It could help widen access to advice and support in decision making. It has the potential to improve competition among financial services providers, spurring innovation, development of new services and increased demand. It could boost access to commercial lending and increase business productivity

FCA Call for Input, para.1.6

Disclaimer

This information is for educational purposes only and does not constitute legal advice. It is recommended that specific professional advice is sought before acting on any of the information given.

Insights

Read the latest articles and commentary from Shoosmiths or you can explore our full insights library.