On 13 January, the UK's ground-breaking Open Banking initiative took its next, and most significant, step towards its UK roll out. The timing coincides with the coming into force of the Second Payment Services Directive ("PSD2") in the UK and, together, they are expected to revolutionise the way personal and SME customers use and benefit from their bank accounts.
What is Open Banking?
The Open Banking regime forms one of the foundation remedies imposed on the personal and SME current account sectors following the UK Competition and Markets Authority's ("CMA") market investigation into retail banking. The CMA's Final Report concluded that customer responses to competition on price and quality were weak and that customers were not sufficiently engaged with their current accounts to make comparisons or switch between accounts. To help resolve this, the CMA issued a number of remedies, most of which are set out in its Retail Banking Market Investigation Order 2017 of February 2017. These remedies included Open Banking, which includes requiring nine of the largest UK banks (under the oversight of the newly created Open Banking Implementation Entity) to make available to FinTech companies via standardised public open application programming interfaces ("APIs") significant amounts of:
- product, pricing, branch and service quality data, from March 2017; and
- subject to customer consent and strict security measures, customer transaction data from, 13 January 2018.
The overlaps with PSD2
There is a considerable overlap between Open Banking under the CMA's regime and the new PSD2 regime. PSD2 introduces two new regulated payment service providers, jointly known as third party providers ("TPPs"):
- account information service providers ("AISPs") - firms who aggregate or consolidate and use customers' account information; and
- payment initiation service providers ("PISPs") - firms who initiate payments from one account to another.
These TPPs will be able to access any payment account that is available online, with the customer's consent. This is broader than the CMA regime in many respects, and the CMA regime was put in place with PSD2 in mind.
TPPs will, howver, not be able to access any other data from the payment account beyond those explicitly authorised by the customer. TPPs will also have to have security measures in place to protect customer's data and payments accounts, and all payment service providers will have to comply with new rules on strong customers authentication and secure methods of communication. These are expected to come into force in mid to late 2019. Until then firms have put in place temporary measures, but there are teething problems to resolve as we move into this newly regulated space.
The implications
The underlying aim of Open Banking is to allow third party service providers access to this data in order to facilitate customer comparisons and switching. The most likely users of this data are non-bank FinTechs which might use Open Banking as a platform to launch a number of possible services for customers that consent to their data being used in this way, including:
- personalised price comparison services, which would make personal recommendations to customers in terms of alternative current accounts or overdrafts based on a customer's actual spending behaviour; and
- money manager services, where a customer can view their transaction history from multiple current accounts (held with different banks) in a single app. This might even ultimately include a service where the app:
- offers customer suggestions, such as when to move money from one account to another in order to avoid going overdrawn or to benefit from certain offers; and
- initiates those payments for the customer from the app.
The possibilities are endless, with new ideas constantly being discussed and new boundaries being pushed. Whilst some firms have been providing similar services for a number of years, the key changes now are that these firms should now be regulated and subject to detailed security standards, and the account providers now have to provide access to them.
Major digital transformations such as this are not easy, particularly those that require cross-industry collaboration. There are some major technical, commercial and legal challenges that still need to be navigated. In particular, certain banks have fallen behind implementing their obligations under Open Banking. Banking sector firms, policy-makers and regulators around the globe have been following the CMA's investigation and the development of Open Banking closely. The initiative is therefore likely to have significant implications for the sector globally as the world watches.
Ashurst has been advising on the CMA market investigation and the development of the Open Banking. We are also advising global banking institutions and other payment providers on PSD2 and digital banking propositions. Our specialist team, covering multiple practice areas, can help you on these subjects.
