Over the next year, open banking is going to fundamentally change how customers and SMEs control their money. At our recent open banking conference, we heard how fintechs are seeing a "remarkable" uptake of digital services and how the banks are embracing innovation.
This is a live market and regardless of how quickly things move forward, the industry needs to prepare itself for the end of customer inertia and new ways of managing your finances, from comparison sites to account aggregators and digital spending assistants.
The history of open banking is key to understanding how regulatory compliance and innovation will shape the future of banking services.
A series of reports and studies, dating back to the 2000 Cruickshank report on competition in UK banking, identified concerns about a lack of effective competition in the Personal Current Account (PCA) market, as well as difficulties with switching between providers, a lack of transparency about the different services on offer and customer apathy.
In September 2014, a report on data sharing and open data for banks by the Open Data Institute (ODI) and Fingleton Associates advocated more data openness using technology, noting both the competition advantages of open data and the qualitative improvements in customer outcomes (e.g. facilitating comparison websites that finds the bank account provider whose charges are best suited to a specific individual’s transaction behaviour).
In 2015, HM Treasury announced a commitment to the aims of the ODI and Fingleton report and set up the Open Banking Working Group.
In August 2016, the CMA’s concluding report on the matter gave birth to the term “Open Banking” with open APIs (Application Programming Interfaces) as a foundation measure. These, combined with better service quality information for customers and certain customer prompts to review their PCAs, are designed to put personal and small business customers in control of their banking arrangements. These changes are contained within the Retail Banking Investigation Order 2017 and are now in full effect.
Open banking will need to be carefully integrated with other in-train regulatory projects, including MIFID2, ring-fencing and the second Payment Services Directive (PSD2). PSD2 requires all payment account providers across the EU to provide third party access to accounts and this came into effect in the UK on 13 January 2018.
Open banking comprises two elements: open data and APIs. Since 13 January, the UK's nine biggest banks have had to open up their data to authorised third parties. The first wave of data is about the location of branches and ATMs and the different products on offer, meaning that comparison sites will be able to show different products from different banks for the first time.
By 2019, the banks are to adopt and maintain a common open standard for Application Programming Interfaces (APIs are the hidden technology that allow two pieces of software to interact and exchange information directly in a secure way, without the need for human input each time). APIs replace more cumbersome, expensive and imperfect ways of exchanging data such as manual downloads, screen scraping, manual entry and bilateral data feeds. In banking, they allow the sharing of financial data and permit third parties to initiate bank payments (rather than just card payments).
1. Increased competition for PCA customers
The UK is already home to a host of cutting edge fintech businesses and these companies will become more and more prevalent as they target customers, advertise on billboards and their apps find a home on people's handheld devices. This is likely to change how customers view their bank and who they see their main relationship being with, making it harder to influence decisions and engender loyalty. A good example is Monzo, which CEO Tom Blomfield is positioning as a “control hub” for all financial arrangements. This is a very real threat, particularly as the CMA is also championing the development and delivery of comparison services for SME banking.
Banks might also start to see a change in their customer demographics. An Accenture report in 2016 found that 85% of 18-24 year olds trusted third parties to aggregate their data, whereas 48% of 55-64 years old were ambivalent or negative. That seems to be born out in the customer base of newer aggregators.
2. Unbundled banking?
It remains to be seen whether the traditional banking model becomes “unbundled” in the way that other industries have, or if banks carve out a new role for themselves using their huge volumes of customer data. Banks could also have a large impact on other consumer markets through the data they hold, for example in the energy pricing market.
With a burgeoning fintech industry, many banks will be looking to collaborate with companies whose focus is more directly on these technologies and who have the drive and resource to innovate, rather than trying to become technology companies themselves. However, traditional players are also in a position of strength by virtue of their size and brand and have been exploring their own open banking platforms.
3. The end of free in-credit banking
Open banking will disrupt traditional business models and Alasdair Smith, chair of the retail banking market investigation told the BBA Conference that it is "entirely possible" that the free in-credit current account will disappear.
4. More robo-advice
Robo-advice is automated advice that relies on available data, analysis and algorithms. Open banking will increase the potential value of these recommendations, because they will take into account more data and could therefore provide a better and more tailored recommendation. This is not without its risks and raises important questions about liability.
These systems need to be designed and operated in a manner which recognises the risk of systems being “gamed” to produce specific outcomes, whether by the provider (for commissions) or the customer (to obtain an otherwise unobtainable product). There is also a risk of simple commercial exploitation – where a product is priced according to what data shows the customer can afford or which takes advantage of their behavioural bias.
5. A more holistic approach to fraud and financial crime?
With access to improved, secure transaction data, third party fraud detection could help banks and their customers to avoid and spot fraud early on, for example by recognising patterns that would otherwise be invisible.
6. Data protection and privacy issues
At the core of open banking is accessible data. This creates a tension between customer convenience and customer protection, and there is the question of what happens if the technology itself leads to a large-scale loss of data.
Security is crucial and any business that gathers, processes and stores data will need to comply with applicable regulatory standards, including the General Data Protection Regulation (GDPR). While the GDPR (and PSD2) seem to place responsibility for protecting data firmly with the bank, the Treasury (ODI/Fingleton) report suggested that a bank would have no liability if it shared data with a third party at the customer's explicit request. This remains an area of uncertainty.
Banks will need to undertake a "privacy impact assessment" whenever a new product or process is being considered, including an analysis of controls to address any identified privacy risks and compliance issues. Unquestionably, sharing data via APIs will need such an assessment, and may lead into the systems of third parties.
Data controllers also need to ensure that the customer's consent to use their data is "freely given, specific, informed and unambiguous”. The challenge will be to ensure a proper understanding of the consequences, given how widely data may be shared.
This publication is intended for general guidance and represents our understanding of the relevant law and practice as at February 2018. Specific advice should be sought for specific cases. For more information see our terms & conditions.