Open Banking: can APIs transform the banking landscape?
The UK Competition and Markets Authority has published its Retail Banking Market Investigation Order 2017. This will require nine of the largest UK banks to make available significant amounts of customer data to disruptors via standardised public APIs.
APIs are technical standards that enable software components to communicate and exchange information. An organisation can use an open (or public) API to permit others to access their data in a controlled environment. By mandating the banks to develop APIs that are open to third parties, the authorities’ aim is to increase competition and quality in the market by stimulating innovation in the way financial services are delivered to customers. This innovation, together with the UK’s future implementation of the second EU Payment Services Directive, has the potential to transform the UK’s retail and SME banking industry, creating opportunities and benefits for established industry players, digital innovators and customers alike.
Digital transformations are not easy, particularly those that require cross-industry collaboration. There are some major technical, commercial and legal challenges that need to be navigated, both in implementing the Order and subsequently exploiting Open Banking. With less than a year before the full implementation, now is the time to understand how Open Banking will affect your business.
Competition & Innovation
- The Order has been adopted following a detailed two-and-a-half year investigation by the CMA and a number of earlier interventions dating back to the Cruickshank Report in 2000 which have sought to increase competition in the UK retail banking sector.
- The CMA found that there have been positive developments in recent years, including product innovation, new entry including by firms with new business models, and innovation in digital banking. However, the CMA concluded that customer responses to competition on price and quality were weak. The creation of read and write access APIs are part of the CMA's 'foundation remedies' aimed at promoting customer engagement, facilitating easy comparisons between banks' products, and encouraging the creation of a dynamic intermediary sector.
Regulation & Compliance
- The Order effectively accelerates adoption of PISP and AISP access mandated under PSDII. Compatibility between the two regulations will be critical; the Implementation Trustee and banks will need to have one eye on both as the respective standards are developed.
- When designing apps, businesses will need to be mindful of existing regulatory obligations, such as those under the Payment Services Regulations, Consumer Protection from Unfair Trading Regulations and consumer credit legislation.
Security & Privacy
- Huge quantities of personal data will be involved, including personal data which is embedded within a customer's transaction data. Compatibility with the General Data Protection Regulation will be crucial but difficult.
- IT and other systems used will need to be designed with data privacy at their core.
- Critical to market acceptance will be data security, obtaining informed consents and moving data while complying with General Data Protection Regulation.
Governance & Risk Allocation
- Successful API ecosystems are based on strong governance. The Implementation Trustee and the banks may need to look at other sectors when considering the best framework for managing each participants' expectations for the APIs.
- The banks will want to ensure that their concerns around introducing new risk into the banking value chain (including settlement, regulatory, infosec and reputational risk) are addressed during implementation. No small challenge for the Implementing Trustee, who will be accountable to the CMA for delivering roll-out of the measures, given the number of interested stakeholders to manage.
Nigel Parr, Ashurst partner and global chair of competition, said of the Order: "In its final report, the CMA concluded that market concentration does not have a material adverse effect on competition, and that structural measures, such as the divestments, would have been disproportionately time consuming and costly, and would have been unlikely to be effective. Instead, the CMA’s remedies package, based around its foundational API measures and informed by behavioural economics, has a real prospect of harnessing the speed and direction of technology to change the retail banking landscape, creating real benefits for consumers
and SME customers."
Jake Green, Ashurst partner, believes that "Open Banking has the potential to revolutionise retail banking. Everyone talks about FinTech companies disrupting the banks, but banks have swathes of customers and data already. Approaching Open Banking with a FinTech mindset, taking the lead on innovation and customer outcomes, and appealing to your existing customer base could give you a material head start over the disruptors."
"The implementation of the Order at roughly the same time as that of the GDPR will create major challenges for data providers and users. Steering a sensible path through the competing demands of market participants and regulators to make this a success will require cool and pragmatic heads. And that’s before we start to think about all the new IPRs that will be created,” says Mark Lubbock, partner at Ashurst and specialist in Data and Privacy.
David Futter has said of the Order: "Corporate banks and other financial firms would be well advised to watch carefully this trend for open APIs development. Although the regulators’ focus for Open Banking is on the retail and SME markets, mandated APIs could easily be replicated to stimulate competition and innovation across the wider banking industry."
Ashurst partner in Banking Products, Mark Edwards, has said of the Order that "Many businesses are eyeing Open Banking as a vehicle to drive new customer acquisition by using the APIs to design new digital services that are personalised, efficient and intuitive. Key to this will be ensuring the regulatory technical standards are sufficient to safeguard against increasingly sophisticated cyber threats – but do not kill user experience."
In the words of David Carter, Ashurst partner and specialist in Corporate M&A: “As with many technological initiatives, there will be initial seed capital from opportunistic investors for talented innovators to develop ideas. As these ideas become more developed and gain traction, there will likely be further investment, joint ventures, collaboration and, ultimately, M&A, with increasingly sophisticated investors and other interested third parties – possibly by the very institutions that this initiative is designed to challenge.”
Open Banking has the potential to revolutionise retail banking. JAKE GREEN
Key Contacts
We bring together lawyers of the highest calibre with the technical knowledge, industry experience and regional know-how to provide the incisive advice our clients need.
Load MoreKeep up to date
Sign up to receive the latest legal developments, insights and news from Ashurst. By signing up, you agree to receive commercial messages from us. You may unsubscribe at any time.
Sign upThe information provided is not intended to be a comprehensive review of all developments in the law and practice, or to cover all aspects of those referred to.
Readers should take legal advice before applying it to specific issues or transactions.