A significant change in UK banking is coming. From 13 January 2018, for the first time banks will be required to open up customer data to third party providers. This is down to the convergence of two regulatory developments – the EU Payment Services Directive 2 (PSD2) and new rules from the Competition and Markets Authority (CMA) introduced to try to encourage more competition in UK banking. This transformational change presents key challenges for incumbent firms and a huge opportunity for the new FinTechs that are disrupting financial services.
PSD2 requires financial institutions to give third party providers secure access to customer account data and allow third parties to initiate payments on a customer’s behalf, with the customer’s consent. The CMA’s new rules under its Open Banking Order require the UK’s largest nine banks to develop an open banking standard so that customer data can be shared with third party applications in a consistent format via open APIs (protocols that enable applications to talk to each other). The CMA believes that open banking will give consumers greater control over their money and their financial planning. The promise of open banking is that, rather than consumers doing all of their banking via a small number of dominant firms, consumers will have access to unbundled, but connected financial services.
Banks will become open platforms which link to third party services and information.
Consumers will have the freedom to use new providers and be able to aggregate their financial information in ways not possible before. (For example, I might want to control my causal expenditure. A third party app could aggregate data from my various payment cards or bank accounts and provide me with a regular breakdown of how much I spend on, amongst other things, going out for dinner, or clothes shopping and warn me when I reached my budget for the month.)
From January, open banking will apply to payment accounts only. But this intended to be a first phase. As detailed in a recent techUK report on open banking, the ambition over time is to “extend the open banking model across a whole range of financial services to build an interconnected, API-based ecosystem”.
Of course, the success of open banking is dependent on consumers embracing it. At this stage, it seems unlikely that there will be a huge take-up immediately – because of technical issues and a lack of general awareness or trust by consumers. In a recent Which survey, 92% of consumers surveyed hadn’t heard of ‘open banking’ and 51% said that they were fairly or very unlikely to use open banking services. The financial sector have got a lot more to do in terms of educating consumers of the benefits of the new open banking regime and FinTechs will need to gain the trust of consumers, before significant numbers of consumers move away from their reliance on the UK’s biggest banks. Key to gaining that trust will be demonstrating that open banking is secure and that innovation doesn’t mean that compliance is de-prioritised.
This series of blogposts on Open Banking will consider various legal and regulatory challenges raised by this shake-up of the banking sector. For both firms and FinTechs, it’s not just a question of navigating the notoriously complex PSD2 and the new open banking rules, organisations will also need to tackle a variety of data protection, cyber-security, technology and intellectual property issues.
The next post will delve into some of the key regulatory issues for firms and FinTechs embarking on open banking initiatives.