Open banking is premised on the untethered flow of data between financial institutions, the custodians of their clients’ information, and third parties. The latter are newcomers to the conventional relationship, gifted with access to data to allow them to compete and deliver on the innovation promise.
While European Union residents will be the first to benefit from the movement through the revised Payment Service Directive (PSD2), other jurisdictions clamouring for the fintech throne have explored similar projects. In 2016, Singapore published its API playbook, a tome-like work outlining numerous use cases. The Hong Kong Monetary Authority recently unveiled plans for an open banking framework to be delivered by year-end.
Not to be outdone, Australia has embarked on its own open banking experiment. A consultation process was the first step, canvassing the opinion of stakeholders ranging from established financial institutions to fintech companies. Two proposals stemming from the industry’s responses are noteworthy.
The first deals with data recipients. Banks are cautious with the information they hold; as heavily regulated cogs in the financial system, any compromise in data security could have far reaching financial and reputational consequences. As Equifax may yet show, recovering from a loss of trust could prove to be a Sisyphean task.
PSD2 likely foresaw these concerns. Among the requirements for “third party providers”, essentially those with access to client data, include registration, licensing and supervision. This provides comfort to both financial institutions and their clients that sensitive data will be shared with vetted companies only.
Although the registration and licensing solution may assuage some of incumbents’ fears, it is not certain that it will be replicated elsewhere. After all, PSD2 is the result of a few years of industry consultations. It was also conceived at a time when fintech was not a buzzword and jurisdictions were not focused on outduelling each other for the innovation hub crown. As such, some countries may not adopt as extensive a model in their haste to roll out an open banking framework. This may discourage financial institutions from sharing their customer data for fear of data security.
The Australian Bankers’ Association (ABA) has suggested an innovative governance model as a potential solution. The proposal would establish an independent entity tasked with determining whether data recipients meet security and privacy standards and can assume the financial consequences of a breach.
Cynics may argue that this is incompatible with the spirit of open banking. Given the power to act as gatekeepers, financial institutions will likely set a high threshold, creating moats to protect their business.
The approach nevertheless carries benefits. First, it addresses concerns related to data recipients by establishing a systematic approval process. This filters fly by night operations lacking the resources to safeguard information or compensate victims in case of a breach. Second, it allows for transparency and simplicity in the admissibility process; a single approval will suffice to request access from any financial institution. Third, it provides the industry with an opportunity to participate in the development of a solution instead of one that may be largely imposed on them. And as the ABA suggests, the experience gained from this experiment could be leveraged by other industries. Think healthtech and the sharing of health information.
Another proposal in response to the consultation pertains to charging for access to customer data. National Australia Bank states in its submission that it is “not commercially sustainable or equitable in the long term for the entire cost of implementing an open banking regime to be borne by the incumbent banking sector.”
This suggestion is not without merit. Ensuring the smooth flow of data in real time will require significant capital to upgrade existing infrastructures. Incidental costs will also be incurred. As Commonwealth Bank of Australia adds, “[i]mplementing change to support open banking reforms is not only a technology project but also requires large investments to change business processes, and contribution to an industry-wide process for setting and monitoring standards.”
A pay for access approach also ensures a level playing field. Data is not created in abstract. The provision of financial services entails the by-product of a customer’s transaction history and spending habits. As this information is derived from a service or product offered by a financial institution, it should maintain partial ownership. If nothing else, there should be recognition of the time and resources spent developing the infrastructure to deliver meaningful products. Allowing incumbents to charge ensures that those that access data pay a reasonable amount for a valuable asset and maintains a level playing field. It is however admittedly difficult to ignore the argument that this could become a paywall to stifle competition.
Given the novelty of open banking and the surrounding uncertainties, governments throughout the world will surely pay close attention to further developments in Australia when modeling their own regime.
Disclaimer: The thoughts and opinions expressed here are my own and do not reflect the views of my employer.