I’ve been talking a lot about open sourcing financial services this year and, more recently, tracking Open Banking. The Open Banking Working Group was launched just over a year by HM Treasury to create an Open Banking Standard. The standard is meant to guide how open banking data should be created, shared and used by its owners and those who access it. It is being implemented by 2018 and a consultation process was launched on 28th November 2016. The consultation will close on December 23rd so, just for the record, here’s what is being recommended:
There are significant technical considerations involved in defining and implementing the Open Banking Standard.
Developing open APIs
The Open Banking Standard proposes open APIs be built as open, federated and networked solutions, rather than as a centralised system. This echoes the design of the Web and will allow wide scope for innovation. Open APIs will be available under a licence that enables free use, reuse and distribution. Open APIs will encourage existing standards, datasets and structures to be reused. Barriers to participation will be kept deliberately low to cultivate an engaged developer community
Documentation, development code and reference implementations, and an implementation register that lists API providers that have implemented the Open Banking Standard will be published on the Web for anyone to use. The information will help people understand the data and services exposed, help developers engage in building upon it, and enable people to connect with each other in the development of services (eg sandbox environments for secure testing).We expect to attract developers ranging from individuals who are building their own apps, and FinTech developers, to agencies that build solutions for other challenger banks and large companies from financial services. We also expect groups from other sectors will engage, who want to partner with an API provider to develop their own solutions.
Broader actions for industry, government and consumers
The bulk of the work in implementing and promoting the Open Banking Standard is not technical. The critical issues that must be faced, if consumers are to take up the opportunities offered by open banking data, are around governance, security, liability, standards, communications, regulation and legal.
Governing the Open Banking Standard
An independent authority should be established to ensure standards and obligations between participants are upheld. This authority would govern how data is secured once shared and the security, usability, reliability and scalability of APIs. It would also vet third parties, accredit solutions, maintain a whitelist of approved firms and create frameworks for handling complaints and redress.
Improving data literacy and addressing security concerns
Individuals, businesses and governments must have an awareness of their rights and responsibilities when sharing or handling data. We need to be clear on what informed consent means in our ubiquitously connected world, and the responsibility for this falls on everyone. Customers should give explicit consent each and every time they share specific data (and be able to revoke access at least as easily as they grant it). Platforms must be transparent and proactive in how they use and store customer data (for example, to not hold data for longer than they need to). Two of the biggest challenges in encouraging consumers to share data are (1) helping them to fully understand what
is happening and (2) helping them to feel confident that their data is secure. Financial data, like health data, is extremely sensitive and to create informed consent we must invest in both data literacy and security. People must be helped to understand the value of their own data, and what responsibilities they take on when they share it with third parties. Responsibility for educating people must fall on many parties including banks, the FinTech community, government, consumer and business groups.
Addressing regulation, law and liability
Anyone supplying or accessing data already has obligations under existing legal and regulatory frameworks, such as the Data Protection regime. The Open Banking Standard would not alter that. Where customers grant consent for the use of their data, provided that consent is in a format easily understood and verifiable by the all parties, there should be no ambiguity under law as to what data was supplied and what it was to be used for. The role of any authority would be to set minimum clear standards for what that consent might look like.
It is crucial that we protect data that needs to be kept private, just as it is crucial that we openly publish data that should be open for everyone to use. Because both privacy and openness help create trust.Open APIs provide a means of accessing private data, so it is important to embed best practices in the security field to protect customers, in particular from so-called cyber criminals. Research indicates that 40% of consumers already react positively to the concept of sharing financial data, but 30% are wary of the idea – and 30% are uncertain.
Two of the main sources of consumer concern or uncertainty are security and redress. Generally, consumers expect what they regard as “bank-grade” security around their financial data and some means of compensation for security breaches that are not their fault. Along with security standards, the Open Banking Standard should include both API and data standards, thereby addressing both the underlying data and the mechanisms through which data is accessed. The Open Banking Standard should reuse and align with existing open standards, datasets, structures and semantics wherever possible.
Communicating the benefits of open banking
Key audiences – such as political stakeholders, the banking sector, FinTech community, consumers and businesses – will need to be educated and mobilised to make the best of the Open Banking Standard. The Open Banking Standard Implementation Entity, trade groups and government should promote this with events, forums and press outreach.
Why is this important?
UK banks will be required to implement the Open Banking Standard by 2018, allowing consumers to share their own banking data with other banks and third parties and manage multiple providers through a single app.
Many UK consumers are paying more than they should for banking services and not benefiting from technologies in banking because larger and more established banks have too much power in the marketplace, the Competition and Markets Authority (CMA) said in a report published in August.
Along with the ability to share data with third parties, other changes covered by the CMA consultation include requiring banks to cap monthly unarranged overdraft charges, helping customers to avoid these unarranged overdraft charges by making banks text them when they are at risk of going overdrawn, and also helping customers to compare the service they would get from if they were to change banks.
The CMA launched a consultation process on 28th November, asking for feedback on changes that include requiring banks to publish rates for small and medium-sized enterprise (SME) lending products and to develop tools to allow easier comparison of SME banking products. The aim is to deliver direct benefits to customers of between £700 million and £1 billion a year.
The CMA consultation on the draft order will close on 23rd December.