Open Banking and Open Finance are global phenomena but how do the rules, standards, market education, governance and speed of adoption compare in different jurisdictions across the world?
Brendan Jones, CCO Konsentus draws upon his wealth of experience in managing protected and trusted open ecosystems to set out what he sees as the key drivers for success and how countries looking to set up open data frameworks can learn from the experience of the early adopters.
Shining a Spotlight on the EU and the UK
Many look to Europe as the driving force behind the early open banking movement. The Directive to no longer use screen scraping paved the way for a secure and trusted ecosystem, with PSD2 regulation being the driving force.
But there were major challenges from the start. The scope of the regulation was very narrow – it was focused purely on transacting accounts so, in essence, it was limited to debit accounts via an online interface.
PSD2 told banks what to do but not how to do it. Differing API standards emerged (e.g. Berlin, Poland, Czechia, UK, etc.) resulting in third party providers (TPPs) having to connect to multiple APIs, all of differing quality and availability, in order to access end-user account data and funds.
This in turn led to fragmentation as banks could choose whether they wanted to implement those APIs or design their own. The TPP community struggled in the early days with many having to do single integrations with each of the banks.
The lack of uniformity meant that open banking in EU states has matured at very different levels. The Nordics, for example, being a vibrant digital economy, has matured more quickly than Southern Europe where the banking economy is not as advanced.
The absence of standardisation has stifled innovation. The regulation was written at an interbank level rather than the end-user experience being the driver of the legislative agenda. Many would say that in Europe we’re at the start of the journey and still have a long way to go.
In the UK however, implementation was easier as there was a UK specification that all people could work towards. Although the UK was part of the EU when PSD2 was enshrined in EU legislation, the driving force behind the more standardised approach was the Competition and Markets Authority (CMA).
The regulators wanted to break the dominance of the traditional banks and create a level playing field where newly regulated fintechs could compete with traditional banks. So, a central entity was funded to create and develop standards, processes and procedures. This removed a lot of the complexity that had been imposed in Europe.
So, although the UK, like Europe, had a very narrow definition of the regulation, by taking a Scheme approach with a baseline set of rules and standards, banks had to conform to an agreed way of doing things. This created cooperation and a framework for the ecosystem to successfully operate under standard rules and procedures.
Could the UK claim to have been a success? In part yes, but they struggled to get adoption. In the UK today, payments make up less than 1% of the volume of total transactions – with account information being the dominant use case – so there is still a way to go. A recent report conducted by NTT Data cites 84% of UK respondents as being mistrustful of open banking – not seeing the benefits as outweighing the risks.
This points to a problem with education. In the UK, there has been a failure in communicating the benefits of engaging in a secure open economy, where data sharing only takes place with the customers’ explicit consent.
Of course, this goes against what consumers have been told in the past – where messaging has focused on not sharing credentials.
It’s inevitable that there have been barriers and until people are comfortable sharing their data, they will be happier to use other payment methods.
So, what do the statistics tell us? Roughly 13% of the banked population use open banking and the UK has now surpassed 1bn transactions per month. But, it has taken 5 years to reach this point.
Future Evolution
In June 2022, the European Banking Authority put together a set of recommendations to the European Commission in response to issues identified in the market. It is now in the hands of the European Commission to decide how to move forward.
One of the EBA’s recommendations was for a single European API standard to reduce the complexity for TPPs. The current fix is for API aggregators to provide a single API connection for TPPs to connect with multiple Banks.
To add to the complexity of the future direction in Europe, GDPR also comes into play. How will data privacy laws change and what will be the impact as we move into open finance, open data and beyond?
Measuring Success through a Scheme-Based Approach
Unless you can monitor the environment, you can’t tell how successful it’s been. Unlike in the UK, there are no factual statistics on open banking adoption in the EU or known transaction volumes. By not having a central monitoring system, any overall facts and figures for the EU market are speculative.
Adopting a scheme-based approach means there is a central entity that can oversee the whole ecosystem. To drive success, governance of the scheme must go hand in hand with rules and standards.
This means putting a framework in place and setting out the steps to go through and working together to build the business requirements. A successful ecosystem is driven by stakeholder engagement and putting the building blocks in place to test, implement and monitor the system.
The allocation of liability and risk must also be determined. In Europe, liability is defined within PSD2 but how it works in practice is not clear.
Even if the regulation is written in a way that’s technically agnostic, there needs to be a set of standards and rules. Who should set these and should all those participating have to be accredited to be part of the scheme?
These are all critical questions that must be asked by the central entity supervising the ecosystem.
Regulation Should be the Foundation, but not the Driving Force
Although we’re starting to see many markets appoint a central entity to write the rules that participants in the ecosystem must sign up to, this entity should not be driven by the central banks or regulators but overseen by them. This is what has happened in Brazil.
Open Banking in Brazil was driven by regulation in the first instance. It’s been one of the fastest implementations due to six of the major banks coming together and having an end game in mind when they started. It was driven by Febraban in the early days who was able to measure the success of the ecosystem from the outset.
In Brazil they’re now processing roughly 2bn transactions per month and have in excess of 5m customers. They’ve already moved to open finance and open insurance is the next pillar that’s being launched in the market.
In contrast, the regulatory umbrella as we’ve seen in the UK is not wide enough. Liability is an example of one of the gaps. Although liability is not a regulatory issue, it is something that can be defined under scheme rules. So, when individual entities join a scheme, they must agree, own and operate the rules – including what happens if something goes wrong.
Let the scheme dictate – and let everyone involved be a part of those rules.
Consumer Education is Key
Fundamental to the success of any open data framework is education. Consumers need to be educated and need to feel confident in the benefits of the products and services on offer.
Under a scheme or brand-based approach, it’s easier to articulate the benefits of the service and educate the consumer that their information should only be given with their prior explicit consent.
Take for instance Australia where the regulation is like PSD2, but much broader including home and personal loans, overdrafts and access to credit facilities, there has been an absence of engagement with consumers in the market resulting in low transaction volumes.
For an ecosystem to succeed, it is essential for all industry practitioners to be brought together so that clear and tailored messages can be created to educate consumers on what an open data ecosystem can deliver.
It’s Just the Start of the Journey
As countries around the world look to implement their own safe and secure open ecosystems they have to agree on their success criteria and the ultimate objectives to be achieved. This requires blueprinting, defining the architecture and bringing everyone together – not just the banks and data recipients but also wider consumer groups – to define the rules and standards.
Regulation should be the baseline foundation, but it should be light touch. It should be about who should participate but should not detail how this is done. Instead, the rules and standards, including the business use cases and how incentivisation should work, should all be defined by the participants themselves overseen by a central governing entity.
This is what puts you on the path to success and ensures what is developed is what the market wants.
Brendan Jones
CCO, Konsentus
