In July the Open Banking Implementation Entity released specifications for the ‘Read/Write’ payment initiation and account information Application Programming Interfaces () that will go live in January 2018. This follows the release in March 2017 of the ‘Open Data’ , offering standardised information on UK banking products and the location of branches and Automated Teller Machines (ATMs) throughout the country. These form the core deliverables of the Open Banking programme in the UK, a world-leading collaborative effort to develop standardised that will open up the banking industry for the benefit of consumers and businesses alike.
The UK got a head start on Open Banking in 2015 through the creation of the Open Banking Working Group (OBWG) set up at the request of HM Treasury. Bringing together industry experts from the banking, fintech, consumer and business communities, it developed the first Open Banking Standard framework which guides how open banking data should be created and used. The mandate to develop and implement the Standard emerged from the Competition and Markets Authority () retail banking market investigation which concluded in 2016. The review found that the UK’s older and larger banks do not have to work hard enough to win and retain customers. One of the key reforms (‘remedies’) was the delivery of Open Banking, which would enable customers to share – with their express consent – their own bank data securely with third parties through standardised . The remedy mandated the nine largest banks in the UK (the ‘CMA9’) to build and fund an Open Banking Implementation Entity that would deliver the , but to do so in a broad and inclusive way through consultation with challenger banks, fintechs, third parties and consumer groups.
vs Open Banking
The Open Banking deliverables are split between March 2017 (Open Data ) and January 2018 (Read/Write ). The Open Data are unique to the UK and separate from any requirements in the revised Payment Services Directive (). Reflecting the competition focus of the , they standardise publically available product reference information such as current account features as well as ATM and branch locations to help customers compare products and services more easily. The second part of the remedy – the Read/Write – aligns with the transposition deadline of 13 January 2018 to enable authorised third parties to extract transactional information and initiate payments on behalf of customers using standardised .
Open Banking has a narrower scope compared to . It mandates far fewer parties, fewer accounts and mandates a technical solution - .
For example, only the nine mandated institutions are in scope of Open Banking as opposed to all payment service providers under . The remedy only covers personal and business current accounts; whereas applies to all payment accounts accessible online. The fact that CMA9 are required to deploy access to account and payment initiation by January 2018 has helped to drive forward the design and build in the UK but opened the risk that the solution fragments from and the rest of Europe.
The Role of the Stakeholder Group
Despite clear differences in mandated parties, timelines and deliverables, the Order requires Open Banking to align with requirements where there is any overlap in scope; for example, on requirements for Secure Customer Authentication (), professional indemnity insurance, on the liability and trust models, and in the use of standardised interfaces. The Stakeholder Group was created to guide the Open Banking Implementation Entity towards convergence in these areas and to help prevent fragmentation and to work more widely with the industry under Payments UK on the practical implementation of . Its more than 300 members include a wide variety of experts (Third Party Payment Service Providers (), Account Servicing Payment Service Providers () and others) from the UK, Europe and beyond who contribute to Open Banking via specialist working groups and who input expertise into the programme on compliance more generally.
Beyond Open Banking: Challenges and Opportunities
Driven by the mandate to deliver Open Banking by January 2018, the UK is at the forefront of development. This is not without its challenges. The CMA9 must launch the Read/Write well ahead of the expected adoption (mid-2019) of the European Banking Authority () Regulatory and Technical Standards (), which provide the underlying security and communication framework for both and Open Banking. The General Data Protection Regulation () introduces a further twist. It comes into force in May 2018 and lays down much stricter rules around customer consent that must be balanced against requirements in aimed at widening access to customer account information. Navigating the interim period between transposition and enforcement of the , and addressing the parallel challenge of , are now the focus of the Stakeholder Group.
As the nine mandated institutions deliver the final set of Open Banking in January 2018 and move toward completion of the Order, the community as a whole is starting to focus on how the UK will achieve compliance.
The Stakeholder Group is now a leading forum for addressing practical issues arising from implementation. It is also tackling head-on some of the more complex challenges posed by the interplay of different regulatory requirements.
For example, the Group discussed recently the value of defining optional market practice as a way to help the transition from towards . It has even begun to define the basis for a framework approach that could address the implementation of standards, rules and practices to support the market during the transition staring in January 2018. One obvious opportunity is to create fully -compliant standards that build on the pioneering work of the Open Banking programme and which is interoperable with European standardisation initiatives. If you are interested in participating in this exciting new work please do not hesitate to get in touch. The Stakeholder Group is open to all those with an interest in implementation, Open Banking and working together collaboratively to solve industry-wide challenges.
If you would like to comment on this article, please identify yourself with your first and last name. Your name will appear next to your comment. Email addresses will not be published. Please note that by accessing or contributing to the discussion you agree to abide by the EPC website conditions of use.