Today, in TechREG, we start a series of articles about open banking and its regulatory challenges and opportunities. In this article, we explain the two main policy approaches to open banking, and we include a prediction of which one is likely to have more followers in the future. Our next articles will cover specific countries and their open banking solutions.
Today, more than 60 countries worldwide have open banking solutions in place, with a range of products and services, implementation timelines and scope of data access provisions. However, they all fall into one of two categories: market-driven or regulatory-driven. That distinction has implications for the development of open banking, and may also have consequences for the next wave of open banking innovations.
Market-Driven
The U.S. is the prime example of how innovation and technology outrun regulation, but we can also find countries like India, Japan or Singapore that do not have a formal open banking regime, or with policies that fall short of mandating full data sharing.
In a market-driven approach, third-party payment providers (TPPs) and banks usually need to engage in longer negotiations to access the data, and the scope of that data may differ in each negotiation. Even if the government encourages these negotiations, it doesn’t interfere or mandate such access.
Banks are usually well aware of the strategic importance of open banking and develop API-based offerings, in partnership with TPPs, to attract new consumers and gain or maintain a competitive advantage. The main problem banks face in this approach with different APIs is screen-scraping, the process of collecting screen display data from one application and translating it so that another application can display it. This is normally done to capture data from a legacy application in order to display it using a more modern user interface.
In open banking, this happens when TPPs provide services to customers without having to enter into a contractual agreement with each bank and just “copying” the bank’s API. This is costly and inefficient for TPPs, but also difficult for banks, which in some countries, such as the U.S., remain responsible and liable toward their customers, including when TPPs use screen-scraping without the bank’s knowledge.
On the positive side, in a market-driven approach, companies don’t have to deal with sometimes conflicting open banking and privacy rules, which could render compliance with both rules very difficult.
Regulatory-Driven
The U.K. and Europe are the leading examples of regulatory-driven open banking economies, but we can also find Australia and, more recently, Brazil.
In a regulatory-driven approach, regulators have identified a competition problem in the banking sector and they resort to regulation to open up the market. There is usually a legal mandate to share some financial data. TPPs usually can access accountholders’ data stored in their banks with the users’ consent.
The main benefit for banks and TPPs is that screen-scraping is less prevalent than in market-driven countries, because the mandate to share data encourages banks to develop APIs communication solutions. Additionally, in the case of the European Union, the strong privacy data regulations will not allow screen-scraping, as it would be seen as unlawful access to personal data, and the companies involved would risk hefty fines.
On the negative side, new open banking rules may be in conflict with existing data protection or privacy rules if they are not designed properly, and the result may be either a problem complying with both laws or limited access to the data.
Additionally, another challenge with open banking regulation is how to level the playing field. Open banking regulation addresses one competition concern, but too much access to data may create an unnecessary burden on financial institutions, and it is not uncommon for banks to claim reciprocity to have access to other parties’ data. Australia and the EU may be considering some reciprocity, but it also presents challenges like how to define what data is reciprocal when the companies and sectors may be different (i.e., tech firms).
What’s Next?
While both approaches have their followers, there is a tendency to go to a regulatory-driven approach. The already regulated countries like the U.K., the EU or Australia are planning to take this regulation even further, where more parties could share data and eventually shift toward an open finance economy. In the other countries, there is a growing debate over the need to provide regulation, like in the U.S., or there have been some recent regulatory developments, like in Japan.
We’re always on the lookout for opportunities to partner with innovators and disruptors.
Learn More