From Open Banking to Open Finance
A SUMMARY AND FULL REVIEW OF THE DISCUSSION AT THE WEBINAR ON 27 JULY 2020 Part I
Click here to see event information
A Competition and Markets Authority (CMA) ruling that retail banking in the United Kingdom was oligopolistic sparked a worldwide regulatory drive to open financial services up to competition.
The method chosen to increase competition in United Kingdom banking – namely, enabling consumers to tell their bank to share their data with other firms they want to do business with, via standardised APIs – has proved seminal in terms of competition, market entry and innovation.
A concept initially limited to basic banking service such as accounts and payments is now expanding into mortgages, savings accounts, pensions, consumer credit, insurance, investments and foreign exchange.
In Australia, the introduction of a Consumer Data Right (CDR) formally extends the disruptive potential of data-sharing beyond financial services, starting with energy and telecommunications.
Progress by service providers and take-up by consumers are nevertheless proceeding relatively slowly, with the Australian CDR initiative just getting under way and only 77 data recipients having a proposition live even in the (relatively mature) United Kingdom market.
One reason for the slow progress is that some incumbent banks are proving adept at retarding data-sharing, though customer complaints and actions under the General Data Protection Regulation (GDPR) can be effective.
The quality of the data shared is often poor, creating data categorisation problems that undermine the effectiveness of customer-facing apps, leading to regulatory intervention to overcome the problem in the United States, and calls for other regulators to follow suit.
Leadership by banks fearful of losing their customer franchises has led to relatively rapid progress in Open Finance in the Nordics while uptake by consumers in the United Kingdom is inhibited by the fear of fraud, ignorance, inertia, unstable APIs and concerns about the security of personal data.
In less transactional industries than financial services, such as energy, digital identities (digital IDs) could accelerate the development of products and services and consumer take-up.
The Nordic example of a bank-driven adoption of digital IDs for commercial purposes looks more promising than the government-led alternative.
Data-driven apps for corporates, and especially small and medium-sized enterprises (SMEs), are an under-developed opportunity.
For Open Data to have the transformative effects predicted on all sectors of national economies, regulatory clarity is an essential pre-requisite. This may require consolidation of regulatory agencies in some countries and closer collaboration between regulatory agencies in different countries to agree on standards for data exchange.
Open Data promises automated switching between hyper-personalised products and services based on consumer control of their own data, but such a highly digitised economy also poses questions about market dominance and social inclusion.
Open Banking came about by accident. While it mattered greatly that FinTechs were breaking into retail payments, a regulatory intervention mattered more. A study by the Competition and Markets Authority (CMA) of the market share of the nine largest retail banks in the United Kingdom concluded, in a report published in August 2016, that retail banking in the United Kingdom was an oligopoly. Its solution was to make it easier for customers of the Big Nine banks to change their bank.
The chosen method was to force banks, at the behest of customers, to share with another bank the data it held about them. In September 2016, the Open Banking Implementation Entity (OBIE) was set up, funded by the Big Nine banks, to design an API standard (now on its third version) for the customer data exchanges; encourage banks and challenger banks to use the standard; authorise new apps that use the customer data; and oversee the security of the data exchanges.
A UK competition inquiry sparked a global craze for Open Finance
From these modest if decisive beginnings, in one type of bank account in one currency in one country, Open Banking has since gone global. In January 2018, the month the API standard came into effect in the United Kingdom, the second iteration of the Payments Services Directive (PSD II) of the European Union (EU) came into force. This measure – driven mainly by lobbying from the United Kingdom– extended Open Banking to all European banks, currencies, payment systems and providers.
PSD II introduced the concepts of the Account Information Service Provider (or AISP, which aggregates data from multiple accounts) and the Payment Initiation Service Provider (or PISP, which provides account-to-account payment services). It has encouraged banks to invest in API technology and partnerships with FinTechs throughout Europe, though the Nordic banks have embraced the concept most enthusiastically.
Further afield, in Nigeria, a privately financed Open Banking initiative is designing APIs and standards to allow customer data to be shared. The Brazilian government also published an Open Banking regulation in May 2020.
In Asia, the Hong Kong Monetary Authority (HKMA) published an Open API Framework in July 2018. The Monetary Authority of Singapore (MAS) and The Association of Banks published an API Playbook to support data exchange and communication between banks and FinTechs. In Japan, the Financial Services Agency (FSA) obliges banks to publish their Open API policies and encourages them to contract with Third Party Providers (TPPs).
Data-sharing lowers barriers to entry, facilitates competition and spurs innovation
However, it has also become clear that the original concept of Open Banking – changing account providers – is only the beginning. Once consumers can tell their bank to send their transaction history, identification documents and other information to any bank or lender they want to work with, it becomes as easy for them to change account and sign up for loans or credit cards with a new provider as it is with their current bank. Innovators are entering the market too. Any service that saves consumers time can win a following. Saving, budgeting, accounting, foreign exchange (FX) and “shop the market” apps are getting traction.
In the United Kingdom, the Financial Conduct Authority (FCA) now wants to extend the concept of Open Banking to other areas of finance, such as mortgages, savings accounts, pensions, consumer credit, insurance and investments. It is running a consultation, based on a paper issued in December 2019, in which banks, insurers, asset managers and FinTechs are invited to submit by October 2020 any ideas they have on how to accelerate the expansion of Open Banking into Open Finance.
The Australian Consumer Data Right envisages economy-wide disruption of incumbents
But no country is extending Open Banking further than Australia, where the authorities see financial services as only the first industrial sector to be transformed by the introduction in November 2017 of a Consumer Data Right (CDR).
The CDR, whose introduction followed a report from the Productivity Commission – an official advisory body charged with raising economic performance – intends to shake up the entire economy by giving consumers access to and control over their data. By enabling consumers to use their data compare and switch between products and services, the CDR aims to intensify competition between service providers, leading not only to lower prices but also more innovative products and services.
That said, it is important not to exaggerate the progress being made. The Big Four banks in Australia – which between them have a 75 per cent share of the market – are taking part in a testing programme with data recipients, and data sharing only started on 1 July 2020. Just two data recipients are taking part, one a small regional bank using CDR to review data for income and expense verification in lending applications, and the other a personal financial management app.
The Australian regulator, the Australian Securities and Investments Commission (ASIC) likes this idea because it should lead to better-informed lending decisions and eventually to greater differentiation in the rates of interest charged. So far, the Australian Competition and Consumer Commission (ACCC) has received around 70 applications in total from organisations eager to be data recipients when the testing period ends and the market opens to all-comers in September 2020.
Service provider authorisations and consumer take-up are proceeding slowly on a narrow front
The early applications are coming mainly from neo-banks, specialist lenders and payments providers and, although the ACCC expects more innovative products to follow, the conservatism is marked. It is not until November 2020 that the Big Four will even extend the open data initiative to loan accounts and joint accounts – at present they offer data on single-name accounts only – and consumers must wait until 1 February 2021 for it to encompass foreign currency and trust accounts. Smaller banks in Australia face the same obligations, but with a 12-month lag behind the Big Four.
Even in the United Kingdom, where the first phase of the Open Banking regime came into force for as long ago as March 2017 – when the Big Nine had to disclose certain information, such as branch and ATM locations, and the terms of some financial products – progress is much slower than the early enthusiasts hoped. Since the launch of the full Open Banking Standard in January 2018, the OBIE has authorised 249 providers that make use of customer data, consisting of 175 third party providers and 74 account providers. Just 77 regulated entities have at least one proposition live with customers.
Some incumbent banks are retarding progress in data-sharing
One reason for the slow progress is that incumbent banks can slow progress down. It does not even require a majority of incumbents to resist. A minority of banks can obstruct progress because data flows become patchy, with some banks opening up and others resisting. The data aggregators which provide APIs to banks, challenger banks and FinTechs – firms such as Nordic API Gateway, Moneyhub and TrueLayer – are finding access to customer data blocked by revised customer authentication checks introduced by banks.
Recipients of data from banks also find it lacks detail, and the lack of precision in the templates set by regulations such as PSD II gives them considerable scope to interpret what they are obliged to disclose to third parties. Although data aggregators have learned to interpret the payments data they access, and categorise money flows as grocery purchases, insurance premiums, restaurant bills and so on, the contextual information about payments (what is this payment for?) is still hard to find or missing entirely.
The quality of the data being shared is not high
The data is not consistent, or even complete, in many cases. It is not always obvious what money is being spent on. This leads to mistakes. If a data aggregator categorises all sums of less than £10 spent at supermarket between 12.00 and 14.00 as buying lunch, and the same amount between 17.00 and 19.00 as buying fuel, the categories will not always correspond to reality. And the mistakes proliferate because data aggregators rent their categorisation systems to clients.
These apparently small differences matter. FinTechs developing apps designed to offer consumers investment advice, or banks or non-bank lenders information to improve commercial or retail mortgage decisions, need to understand in detail the difference between committed and discretionary spending by a consumer. Data aggregators and FinTechs cannot innovate away the problem of categorising money flows more accurately.
Incumbent banks, though reluctant to help resolve the knowledge gap, are sensitive to the reputational damage they incur if they resist sharing customer data. Moneyhub, for example, has found that complaints by even a handful of customers of a bank can elicit policy changes. Within the EU, the right of consumers to access digital records under the General Data Protection Regulation (GDPR) can also be used to break bank resistance.
There are calls for regulatory intervention to solve data blockages and improve data quality
But ultimately, progress in data quality depends on regulatory intervention. This is nothing new – Open Banking would not have happened at all without the CMA report in the United Kingdom, PSD II in the EU or the CDR in Australia – but vigilance is necessary. In the United States, for example, Open Banking dates back to the late 1990s, and more than 90 million people now use Open Banking apps. Yet FinTechs have increasingly found that their access to the data of potential customers is blocked by the banks.
To correct this, and bring the rights of American consumers into line with those enjoyed by their Australian and European counterparts, the Consumer Financial Protection Bureau (CFPB) announced in July 2020 that it would amend the financial data access rights described in Section 1033 of the Dodd Frank Act to give American consumers the right to share their data, as opposed to enjoying the technical ability to do it. As the CFPB put it in a press release of 24 July 2020: “The Bureau expects these trends to continue, but also sees indications that some emerging market practices may not reflect the access rights described in Section 1033.”
It is significant that the CFPB is intervening, because the development of Open Banking in the United States was until now entirely market-led. Once Internet banking emerged, leading retail banks such as Bank of America, Citi and Wells Fargo embraced Open Banking because they realised that allowing consumers to see all their accounts in one place was the best way to become their primary service provider.
In fact, market penetration of account aggregation is wider and deeper in the United States than in any other country, chiefly because the banks understood this so early. All the leading data aggregators in the United States – ByAll Accounts, CashEdge, Finicity and Yodlee – can trace their lineage back to 1999. The CFPB intervention of July 2020 is a reminder that even in well-established markets, openness cannot be taken for granted.
A complex dynamic is at work between provider-driven regulation and consumer-led innovation
Similar issues of incumbent banks retaining control of customer data (or charging for it) have arisen in New Zealand and Japan. This is why getting the balance right between the consumer-led and the regulator-driven approach to Open Banking and Open Finance is not a one-off exercise but a continuous process. It will matter even more once Open Data initiatives mature.
Where regulatory pressure slows down, progress decelerates. In the United Kingdom, for example, the Departments for Business, Energy and Industrial Strategy (BEIS) and the Department for Digital, Culture, Media and Sport (DCMS) consulted in the summer of 2019 on how “smart data” can be used to accelerate consumer-facing technologies, but since the consultation closed on 6 August 2019 the BEIS and the DCMS have done nothing but analyse the feedback. A policy statement has yet to be made, casting a blight on the development of innovative new services for consumers.
New technologies are bound to mature faster than laws and regulations, and it would be odd if entrepreneurs simply waited for lawyers and regulators to catch up with them. But it would be foolish to ignore the role that law and regulation can play in sparking change and imparting momentum. Once they have, however, data aggregators, banks and FinTechs must ensure that progress is consumer-led, because consumers are the end-objective and the chief beneficiaries of the entire process.
The earliest data aggregators in Europe – Moneyhub in the United Kingdom (founded in 2009), Bankin’ in France (founded in 2011), Spiir in Denmark (founded in 2011) and Tink in Sweden (founded in 2012) – have survived because they and their clients were able to convince enough consumers of the benefits of being to move money between accounts and make payments irrespective of which bank held their account. There are also enough data aggregators to maintain competition between them, guaranteeing a continuing focus on tools that can actually help consumers save time and money.
In fact, once consumer-friendly payment services were added to account aggregation apps, adoption and usage increased exponentially. In a sense, these apps were the progenitors of PSD II, pointing to a positive feedback loop between market innovators and regulators. This phenomenon is most obvious today in the Nordic markets, where incumbent banks and FinTechs have run ahead of the regulators, using APIs not simply to be compliant with PSD II but to create apps that are useful to consumers.
A bank-led process in the Nordics progresses quickly while United Kingdom consumers remain wary
The incumbent Nordic banks have become active as TPPs themselves, defying expectations that they would simply allow their existing franchises to be competed away by nimbler and more innovative competitors. Danske Bank, for example, went live in all four major Nordic markets with a payments app in the first half of 2018, long before interfaces between consumer and merchant bank accounts came into force in September 2019. Similarly, DnB has declared its ambition to be the mobile bank of Norway and published an app to fulfil it. It is, in effect, using Open Banking regulation to compete with other banks as well as challengers.
This degree of dynamism owes something to specifically Nordic factors, such as rapid declines in the use of cash and the ready availability of digital identities (digital IDs). In the United Kingdom, by contrast, the effort that has gone into creating innovative Open Banking apps has not yet translated into massive consumer uptake. The reasons include the fear of fraud, lack of knowledge of the benefits, the absence of digital IDs to speed the customer authentication process, the fact that many of the APIs are not yet stable and working well and straightforward customer inertia. But much the biggest obstacle to adoption is concern about the security of personal data.
Inhibitors of consumer take-up include concerns about data security
In Europe, consumers can share their payments data with FinTechs knowing they are protected by PSD II regulations that expect the FinTechs to keep their data secure, and make them whole in the event of loss, but any other data they share does not enjoy the same protections. Banks forced to provide access to customer data for free have no incentive to provide such protection, except the risk of being disintermediated by FinTechs if they do not compete effectively for the customers of others.
This anomaly is being investigated by regulators and needs to be rectified if Open Banking is to graduate successfully through Open Finance to Open Data, which is the ultimate driver of value for consumers. In the long run, banking and finance will be just two sectors among many in which consumers use control of their data to ginger up competition and innovation by switching providers effortlessly and demanding personalised product and service offerings.
Early candidates for data-led transformation include energy, broadband and health insurance, all of which are being re-shaped by price comparison websites. Health is in fact developing already on the back of financial transaction data, which can help profile the lifestyles of consumers and benchmark them against healthier alternatives. It can also point to the origin of, say, a food poisoning episode, by revealing whether hospitalised patients all ate at the same restaurant.
In Australia, energy is next in line. The ACCC is developing the rules for data sharing in the sector already, and telecommunications will follow shortly afterwards. The principal challenge in energy, the ACCC has found, is the irregularity of the communications between consumers and their energy suppliers. This makes it harder to be confident of the identity of consumers.
Digital IDs could accelerate the spread of Open Data apps beyond financial services
As it happens, financial data is being used in customer authentication processes already, chiefly to inform the Know Your Client (KYC), anti-money laundering (AML), countering the financing of terrorism (CFT) and sanctions screening checks that accompany customer on-boarding. A more complete solution to the problem is universal digital IDs.
The Digital Transformation Agency in Australia recently ran a successful pilot programme for digital IDs, and the Australian Payments Council has developed a framework for them. Neither has yet been adopted widely, partly because there is not yet a service for which a digital identity is necessary. Though energy could provide the occasion, the ACCC is not expecting to solve it within the CDR programme alone. It expects government or business to come up with a digital ID solution.
Relying on the government may be a poor choice. The United Kingdom government attempt to establish digital IDs (Gov.uk Verify) for public services was a flop, covering just 3 per cent of the population. In the Nordic markets, where more than 70 per cent of people in Denmark, Finland, Norway and Sweden have digital IDs, it was the banks that played the leading role in encouraging adoption – and for commercial, rather than public, purposes.
Again, the Nordic banks reasoned it made more sense to make it easier to compete for the customers of other banks than to try and fail to make it harder for other banks to poach their customers. As a result, digital IDs are being used in the Nordic markets to speed up customer authentication processes, helping FinTechs to compete not just with banks but with debit and credit card suppliers (whose principal weakness, pace cyber-security risk, is the storage of customer information on-line).
Data-driven apps for corporates are an under-served market
Digital IDs should become available for corporates as well. If so, they might help accelerate progress in a sector that both Open Banking and Open Finance initiatives have left somewhat under-served. Account aggregation, deposit-taking and credit services are as useful to businesses as they are to consumers, and account-to-account links between merchants and shoppers are already eliminating the cut taken by the card networks.
But more complicated and business-specific apps based on access to data are only starting to emerge now. Cash flow analytics and working capital, invoice factoring and trade finance apps built on bank account data are the obvious targets for FinTechs to pursue. In the United Kingdom one data aggregator (Ask Fractal) is already servicing SMEs. The sector is likely to expand, not least because it is easier to charge a corporate than a consumer.
Regulatory clarity, consolidation and collaboration is needed if Open Data is to transform economies
What would help it expand is regulatory clarity on Open Data. This would enable the industry to build apps that are useful to businesses and consumers on a solid and predictable basis. True, Open Banking rules provide an initial framework that can be adapted to other areas in financial services such as savings, mortgages, insurance and pensions, without needing to be comprehensively reviewed and re-written. That is the basis on which the FCA Open Finance initiative in the United Kingdom is proceeding in the consultation that closes in October 2020.
But the FCA knows – having observed what has happened in Australia and now Brazil – that, while Open Banking rules may be an adequate starting point for Open Finance, they are not an adequate blueprint for Open Data. The rules need comprehensive modification to accommodate Open Data. Generalised consumer data rights in the wider economy are much harder to get right from a regulatory perspective than rules focusing on a narrow set of financial products.
One important question is reciprocity. If a firm takes data from the data economy, should it have to put data into the data economy as well? A second important question is who should have access to data from mobile telephones and water and energy utilities, and who should have the right to aggregate it for use by TPPs.
These questions are not being considered as part of a comprehensive data regulation strategy, at least in the United Kingdom, where responsibility is divided between several government departments and agencies. There is a growing clamour for an overarching data regulator to cover all industrial and commercial sectors and all aspects of the Open Data opportunity.
It would also help if there was regular communication between data regulators around the world, so that they could learn from each other in a less haphazard way than they do at present. In particular, this would facilitate convergence on API and other data standards, increasing the scope for cross-border products and services to be developed.
Open Data threatens incumbents but also poses Don’t Be Evil and social inclusion challenges
A degree of urgency is added by the fact that Open Data is developing characteristics that are eerily familiar. One start-up, for example, is pondering the idea of giving electricity away for free in order to build an audience (which sounds like a FAANG-style “you are the product” strategy). But the possibility illustrates why it is important for the financial services industry to stop thinking about Open Banking and Open Finance and start thinking about Open Data.
Once the retail sector (which is naturally consumer-focused) wakes up to the power of Open Data, financial services firms could easily find their dominance of payments, saving, lending and investing is broken. Financial services firms have yet to be severely disrupted because it is currently the source of the game-changing data. As they are forced to share customer information with more innovative challengers, their strong position will erode.
In the future, the rate of interest paid by or charged to a consumer will be based on Open Data. So will the types of mortgage available to different borrowers, and the availability of electricity for free. Companies will be expected to offer consumers hyper-personalised products and services. They will be expected to spare consumers the trouble of searching for the best deals, and to deliver them to directly, unprompted. At present, consumers have to work to make their money work hard for them. In future, they will not.
Open Data will create major socio-political as well as economic and industrial challenges. Many people do not presently engage with the digital economy at all, because they lack the technology or the financial means.
In fact, the people benefiting most from Open Finance today are those who need it least: the sophisticated, relatively well-off consumers that are already managing their financial affairs effectively. Whether growing social exclusion from the benefits of a data-driven digital economy turns into a threat or an opportunity will depend on the ability of the financial services industry to develop products and services that work for every part of society.
Questions to be addressed for the next Open Finance discussion
1. Why is data such a powerful tool for consumers?
2. How exactly does consumer control of data put companies under pressure to cut prices, innovate and personalise?
3. Is the data of sufficient quality and extent to achieve the vision of a digital economy driven by consumers granting access to their data?
4. Are banks (and energy and telecommunications companies) resisting Open Data?
5. What other sectors are vulnerable to an Open Data economy?
6. How should price comparison websites evolve their business model?
7. Can consumers be confident their data is transferred and held securely?
8. Why is consumer uptake of Open Banking in the United Kingdom so slow?
9. What other forms of data will become available (e.g. mobile telephone data, Internet searches etc.)?
10. Which countries are getting data regulation right (if any)?
11. Do we need a new international body to co-ordinate national data regulation?
The Future of Finance is always open to hold further meetings to answer these and other questions and to continue the conversation. If you would like to sponsor such a meeting please contact Wendy Gallagher at the number or email address below. Also view our upcoming meetings elsewhere on www.futureoffinance.biz
Tel: + 44 (0)7725 160903