There are now over 65 open banking or open finance programmes either live or in-development globally. The industry has come a long way since 2014, when the early-stage discussions of implementing open banking in Europe really began. As the market has started to mature, there has been a level of consolidation around key questions that must be asked as part of any open banking national programme. Here at Konsentus, we have helped many national markets dive into these questions and navigate answers that work for their local market.  

Regulation  

To regulate or not to regulate? This is a common first question that authorities often ask themselves when embarking on an open banking or open finance journey. The assumption that regulation can be constructed slowly and purposefully and remain unchanged for many years does not work in today’s fast-paced world. Therefore, it is easy to see why regulators are perhaps slow to react to emerging trends and would rather the industry self-regulate. This, combined with the fact that national regulations are often fragmented with various responsible agencies exercising overlapping authority, makes for a difficult job for regulators.  

The regulatory environment for open ecosystems has many different flavours: 

1. No formal regulation but strong guidance from the regulator on technology and governance e.g., Singapore  
2. No formal regulation but regulatory deployed technology and governance arrangements e.g., South Korea 
3. No formal regulation and market-led governance and technology e.g., Switzerland 
4. Regulation but market-led governance and technology e.g., the EU 
5. Regulation followed by strong guidance and/or mandatory requirements from the regulator on technology and governance e.g., the UK 
6. Regulation and regulatory deployed technology and governance arrangements e.g. Brazil has a lightweight version of this. Although there are indications that some markets will have much broader regulatory deployed technology. 

When it comes to open ecosystems, and data sharing in general, it is vital to invest time in understanding the appropriate type of regulation for the local market. There is no ‘cookie-cutter’ approach. Whether this be in the form of lightweight regulation such as Nigeria, or a more extensive, outcome-based style of regulation such as in Europe.  

Countries in Asia, particularly Singapore and Hong Kong, have not legislated for open banking or open finance but have implemented very successful regimes. This has been helped by strong support by financial providers. In Singapore, 99% of respondents to a recent Finastra survey consider open banking either ‘a must have’ or ‘important’.  

In other markets, it has been challenging for the industry to move cohesively towards open banking or open finance without some form of regulation. Take Canada for example – with drifting deadlines and no collective voice, the market has been slow to make progress. Whilst the log jam might be starting to break, it is unclear when. Industry self-regulation often lacks transparency and coherence and, in the future, may not go far enough to protect customers and competition. 

Governance

Who to govern and by whom? Governance is often considered the least exciting issue in national open ecosystem development, but it is arguably the most important. Defining the operating model and governance structure is crucial for long term success.  

Based on our experience, leaving the industry to coordinate itself is rarely sufficient. The conflating needs of the incumbent market players, newer technology providers and the regulator, often means that an industry-led consortium, without explicit backing from the regulator, will be plagued with inertia. A central entity, whether that be under the auspices of the regulator, an existing association, or a new purpose-built vehicle, should coordinate the industry in delivering open banking or open finance. This central entity can deliver a range of services from strategy and standards, to procuring central technology based on the needs of the market.  

In the UK, there is heavy, centralised governance to support open banking delivery. The Open Banking Implementation Entity (OBIE) was mandated by the Competition & Markets Authority (CMA) in September 2016 to fulfil one remedy required by the CMA following an investigation into UK retail banking. This was namely to agree, consult upon, implement, maintain and make widely available and without charge, open and common banking standards. Whilst the scope of OBIE was narrow, its obligations were deep. OBIE built the Open Banking Standard (including processes and rules) and a centralised directory. However, its funding is only disbursed across the nine banks caught within the scope of open banking in the UK, making the cost to the incumbent nine banks extremely high.  

Other countries have a much lighter touch. The Monetary Authority of Singapore (MAS) provided the industry with the ‘gold-standard’ of advice on open API ecosystems when it published the ‘Financial World: Finance-As-A Service API Playbook’, in collaboration with the Association of Banks in Singapore (ABS). The guide includes a framework for governance, implementation, design principles for APIs, a list of over 400 recommended APIs and more than 5,600 processes for their development. It is highly likely that this approach would not be as effective in other markets. 

Hesitating on governance will come back to bite you.  

Operations and Technology 

Open banking and open finance allow for transparent and controlled financial operations while ensuring maximum data security and privacy. There are a number of processes and mechanisms behind it. Once the governance framework has been decided, key questions around the operational and technical requirements of the ecosystem will need to be asked. The operations and technical aspects often overlap. How will consent be managed? Which standards will be adopted and how? How will disputes be resolved? Is centralised technology needed to support market adoption? 

Based on the agreed-upon governance regime, these questions may need to be decided upon collectively via a central entity or individually by each data provider.   

 As open banking has progressed, Konsentus has seen two primary implementation options for operational and technology delivery, (i) the decentralised model and (ii) the centralised model. Although, it must be said, these two options are on a spectrum with slight variations of each already being seen across the world. 

In the former, much of the operational and technical development is the responsibility of both the data providers and fintechs. Fintechs must invest in the development of the individual API connections into the data providers and test against the specifications in the data provider sandboxes and developer portals. Dispute management, consent and even standards can be decided on bilaterally. There may be some elements of the ecosystem that are centralised e.g. the directory of participants, but the majority of development is decentralised. 

As many in the payments world already appreciate, standards, specifications and rules should not be seen as competitive. Standards are a foundational building block for value added services. In our work, we have seen that fragmented standards can lead to significantly slower development, adoption rates and significantly higher development, deployment and operational costs. Often ‘standards’, in relation to open banking, seemingly equate to API standards. However, there are many more standards considerations such as data, identification, messaging protocols, security and consent, amongst others. Decisions around which standards to use, how to use them and how to ensure compliance are crucial for the safety and efficiency of the ecosystem. It is Konsentus’ view that successful open ecosystems develop these centrally and it is not left to the market to decide these on an individual institution basis.  

A fully decentralised model, whilst perhaps an open banking purist’s dream, will often drive up cost and complexity as well as lead to fragmentation of implementation. 

In the centralised model, much of the operational and technical capabilities are developed centrally e.g., performance metrics, directory services, certificate checking and even API routing. This minimises the build for both data providers and fintechs. Management and conformance to the standards can also be controlled centrally. This enables data providers to build and test their APIs as well as fintechs being able to test their performance. Centralised components can allow for increased scalability and faster time-to-market for innovative services. Konsentus does not necessarily advocate centralised API switches (although these may work in some markets), but the centralisation of some components, for example directory services, makes for a far more effective and efficient ecosystem. 

So many questions, but how to answer them?

Open finance has the capacity to be revolutionary, if delivered effectively. It should be considered like all major infrastructure programmes – purposefully, inclusively and flexibly. If an open ecosystem is delivered without a complete understanding of these different considerations and challenges, it is unlikely to stand the test of time. National programmes need to work for all facets of the industry otherwise they will always be viewed as a compliance exercise. 

Konsentus has developed a strong methodology to help regulators, central banks and national implementers ask the right questions and find answers that fit the local market. We have found this methodology to be a rigorous and effective way of navigating the development process, leading to the successful launch of open ecosystem frameworks globally.  

To find out more from our specialist advisors get in touch today.