From open banking to open finance: Much ado about nothing, for now.....

The FCA has published its  Feedback Statement  on open finance (FS21/7) following its  Call for Input. The Feedback Statement contains few surprises - the FCA believes that open finance could offer benefits to consumers through improved advice and access to a wider range of financial products and services, but that open finance also poses a number of risks around areas such as data ethics. It effectively proposes a slow and steady expansion, rightly recognising that legislative changes from the Treasury are needed. Not quite the first mover advantage the Kalifa Review (see our briefing here) wanted to see and some way behind where other countries are moving with open data or similar open finance standards.

The Feedback Statement can also be seen as a report card of sorts for open banking, with the industry highlighting what has worked and what has not, as well as any challenges experienced by open banking that could also be relevant for open finance. In the Feedback Statement, the FCA also sets out its next steps in relation to open finance. In this briefing, we take a look at the main issues raised.

Background

Under open banking, customers consent to third parties accessing their payment account information or making payments on their behalf. Open finance refers to the extension of open banking-like data sharing to a wider range of financial products such as savings, investments, pensions and insurance. In its 2019/20 Business Plan, the FCA committed to exploring the issue in greater detail and in December 2019 published a Call for Input.

The FCA states that its definition of open finance encompasses both read access (third party access to information about product features, consumer circumstances and consumer use of products) and write access (the ability of a third party to make transfers, to switch and open or close products, and make purchases, sales or redemptions).

Developments in the industry

In the Feedback Statement, the FCA notes a number of developments relating to open finance since the Call for Input was published.

• Pensions Dashboard. The Department for Work and Pensions is proceeding with work to enable consumers to access data about all their pensions (occupational, workplace, personal and state) in one place.
• Digital Identity. The Government established a Digital Identity Unit in June 2019 and, in September 2020, published draft rules governing the future use of digital identities. The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 were amended to permit the use of electronic identification processes, such as digital identity.
• BEIS Smart Data. The Department for Business, Energy and Industrial Strategy (BEIS) announced legislation to require industry involvement in Smart Data initiatives.

Maximising the potential of open banking

In the Call for Input, respondents' views were sought on what more could be done for the full potential of open banking to realised and respondents provided feedback on a number of aspects related to open banking.

• Open banking. A number of respondents suggested that the FCA requirement to apply Strong Customer Authentication every 90 days is burdensome for customers and hinders the uptake of open banking services. The FCA states that it is reviewing feedback from its January 2021 consultation on amending the SCA-RTS to do away with the 90-day reauthentication requirement.

• API performance. Feedback from certain TPPs indicates that some firms can take a long time to address performance issues with their APIs, meaning that customers can be locked out of open banking for extended periods. The FCA reiterates that supervisory engagement it undertakes when it identifies an issue with API performance and availability at a firm is confidential. However, it is considering sharing data from NOT005 notifications (the notification the FCA is given when an firm has an issue with API).

• Wider concerns. The FCA has discussed with the Treasury the suggestion raised by some TPP respondents that the Money Laundering and Terrorist Financing (Amendment) Regulations 2019 should be amended to remove account information services providers (AISPs) and payment initiation services providers (PISP) from its scope.

Lessons for open finance from open banking

Respondents highlighted several lessons that could be learnt from the implementation of open banking

• Consumer sentiment and awareness. Feedback suggests that the biggest single barriers to customer uptake was consumer sentiment and awareness. Two Which? surveys in 2019 found that only 25 per cent of people had heard of open banking and those that were aware of open banking saw a lack of perceived benefits and had concerns about data security. Regulation alone cannot change consumer sentiment and needs to be complimented consumer education.

• Delivery. There is a need for a phased delivery and transparent approach to understanding industry. Realistic timelines are essential where cross-industry collaboration is needed.

• Overlapping legislation. Lessons need to be learnt from open banking in relation to confusion created by overlapping regulation (e.g. the CMA Order, the PSRs 2017 and the SCA-RTS, as well as related legislation such as GDPR).

Risks of open finance

The Call for Input grouped risks relating to open finance around: exclusion; misuse of data; poor consumer outcomes; competition; and operational issues. Risks highlighted by respondents included that:

• any data-driven increase in exclusion could go wider than financial services;

• the risk of data misuse, financial crime, fraud or scams could be increased by the greater value and quantity of shared financial and non-financial data;

• low levels of financial literacy could increase the risk of poor consumer outcomes;

• high regulatory compliance burden and cost could lead some firms to stop providing certain services; and

• asymmetrical information access requirements could tip the market in favour of "big tech".

Regulatory Framework

Feedback highlighted two areas where the current regulatory framework could limit the development of open finance: (i) definitions of guidance and advice and rules on personal recommendations (a greater use of personal information could blur the line between whether an activity constitutes the provision of regulated advice); and (ii) product detail and risks disclosure requirements.

Consumer protections

Respondents considered that while protections offered by open banking should serve as a starting point for open finance, they should not be assumed as sufficient. Respondents stated that the following was needed: a common liability model across all participants; a common route to complaints; a clear framework of data rights around the giving and withdrawing of consent; simple and transparent ways for the consumer to give, track and withdraw consent; rules around data accuracy; and clear and transparent rules on the legitimate use of data.

Feasibility and barriers

Respondents argued that the following challenges experienced with open banking in relation to sharing data also needed to be noted: the technical challenge of upgrading legacy platforms and maintaining API infrastructure; security and legal concerns, particularly in the absence of a liability framework; challenges with verification of identity in the absence of a portable digital identity; and the lack of standardised data formats. Feedback outlined the different types of costs involved for a firm sharing data through open finance as follows: technology costs; business costs; and regulatory costs.

Sequencing

In its Call for Input, the FCA asked whether there was a natural order by which open finance would or should develop among sectors. It noted that some markets (such as savings, consumer credit and mortgages) had obvious synergies with open banking, while other sectors such as insurance, pensions, investments might prove more challenging for open finance. Feedback did not advocate a "big bang" approach but rather a proportionate and phased approach. Respondents also argued that open banking should first be widened to cover non-PSD2 accounts and other banking products.

Next steps

The FCA concludes that commercial incentives do exist for open finance but that a legislative framework is needed for open finance to develop fully (to provide any statutory right to data access and to support a regulatory framework). In addition to a regulatory framework, several key building blocks would be needed for a sustainable open finance ecosystem to develop.

The FCA confirms that it will work closely with BEIS and the Treasury in the near future to decide on the feasibility, timing and design of any secondary legislation relating to open finance. The FCA states that industry-led roadmaps could be used and that it will discuss this further with the industry. The FCA also states firms, TPPs and their representatives should work together on common standards that could support open finance.

Co-Author:   Bisola Williams