In previous posts in our BankBCLP.com series on this topic, we’ve attempted to define “open banking” and the ways in which it is attracting increasing industry attention through open APIs. As our series continues, we describe how open banking is or may be regulated, as well as its critical licensing and intellectual property implications in practice.
As we have previously described, at least in the United States, “open banking” is more of a sweeping term of art than a distinct practice or product. As a result, its legal and regulatory implications are potentially wide-ranging.
In the United Kingdom, “Open Banking” is a more precise legal term for a sharing framework that the Competition and Markets Authority (CMA) has introduced for the stated purposes of increasing competition and expanding customer control over financial data. In 2017, the CMA began to implement this framework by requiring the nine largest banks and building societies in the U.K. to begin sharing certain customer information with registered third-party providers (with customer consent). In its earliest stages, this data sharing requirement was limited to data specific to the institution, as opposed to its customers, such as branch and ATM locations. Subsequent stages have focused on transaction histories and even payments APIs. These stages provide an early look at some of the more tangible consumer-oriented use cases for open banking. For example, third-party applications can facilitate real-time bank location or price comparison shopping.
Importantly, under Financial Conduct Authority (FCA) implementing rules, the providers to whom this access is granted must be approved as a form of payments business or specialty service provider in the U.K. or in another jurisdiction under certain passporting provisions. In any case, this will subject the provider to direct supervision and examination by a U.K. or EU regulator. This framework dovetails with the European Union’s revised Payment Services Directive (PSD2) data security regulation in that these registered providers must specifically demonstrate PSD2 compliance. The CMA is touting Open Banking as a secure, transparent means of providing consumers with more control over their finances.
Other jurisdictions are taking a similar, top-down approach to open banking. Australia is mandating that its four largest banks make certain banking information available on a “read only” API basis beginning July 2019. India’s Unified Payments Interface (introduced August 2016) is an open API-based platform for real-time payments. It ties to the government’s policy goals of minimizing the use of cash, promoting digital identity, and leveraging mobile devices in a rapidly developing economy. Hong Kong published an open API framework in July 2018. On the other end of the spectrum, China and Singapore are taking a more industry-driven approach. China’s extensively cashless and mobile economy is incorporating open banking as a market response, rather than by regulatory mandate.