Report: UK Open Banking market at “crossroads”

A new report on Open Banking by the Coalition for a Digital Economy (Coadec) states that “UK Open Banking is at a crossroads”.

A multi-billion pound sector stands on the precipice of taking flight beyond payment account data, to open up a new frontier of innovation and competition…

Or alternatively, the darling of the UK’s fintech ecosystem could stagnate, condemned to tread water and not fulfil the promise of the last few years, with the best and brightest firms forced to temper their (and their investors’) expectations or upsticks across the channel.

The report aims to capture the urgency of the moment through quantifying the value of the UK’s open banking ecosystem, and therefore what is at stake.

Consumer data, according to the report, is disparate and underused, guarded by incumbents like dragons hoarding treasure in caves.

There is no incentive for large incumbents to proactively enable consumers to share their data in real-time, and the Right to Data Portability under Article 20 of General Data Protection Regulation (GDPR) has the stipulation that firms have up to 30 days to present the data in a machine readable format.

An excel spreadsheet 30 days after initiation is not useful to anyone, and there is now technology to enable this exchange securely in real-time.

Open Banking was introduced in the UK through two actions:

• The 2017 Retail Banking Competition Order, an intervention by the Competition and Markets Authority (CMA) to inject competition into the retail banking sector by compelling the nine biggest banking groups to take action to make it easier for their account holders to ‘port’ their data and make account to account payments. This is approaching completion, with the JROC responsible for designing the future governance of the Order. The JROC is due to publish its recommendations for the next stage of Open Banking in Q1 2023.
• The Payments Services Regulations 2017 (PSRs), the UK’s transposition of the Second Payment Services Directive (PSD2) from the EU. This is now under complete UK Government responsibility post-Brexit, with the PSRs currently being reviewed by the Treasury, starting with a consultation running to April 2023.

However, while frequently referred to as the world leader, it could be fair to suggest that the UK has sprinted ahead but is starting to flag, whilst other markets, who started later and at a gentler pace, have begun to catch up.

But all this could change as a result of Smart Data legislation

Through the Data Protection and Digital Information Bill (DPDI), the Government will introduce primary legislation to give Secretaries of State the ability to mandate sector specific smart data schemes through Secondary legislation.

The primary legislation will inherently be sector agnostic and principles based, with no firms compelled to do anything in the short term. Whilst there is a balance to be struck, with the Australian experience demonstrating the pitfalls of over prescriptive governance, it would still be useful to have a requirement for next steps to be outlined in primary legislation.

Why is a Regulated Approach Necessary?

Consumers will, and want to, share their data if they get value out of doing so safely, securely and where clear limitations of use are articulated: the seven million users of open banking to date demonstrate this.

There are three ways that data could be exchanged:

• Through credential sharing, known as “screen-scraping”: consumers share their username and password with a third party, who then log-in on their behalf and “scrape” the data they see to then be re-used in the third party app. This dominates in unregulated markets like the US.³
• Through a private Applied Programming Interface (API). Instead of sharing credentials, users can consent to connect a data source to a third party data consumer via a direct integration. This direct integration exists because of a pre-existing commercial agreement between the data source and the third party data consumer. Commercial API integrations exist across the economy, but integrations enabling the secure sharing of consumer data (with the consumer’s consent) are rarer. Singapore’s open banking system relies on this method.
• Through a regulated API. Instead of the direct integration existing bilaterally on commercial grounds, it is the result of a regulatory mandate compelling the data source to make the API available to regulated data consumers. This is the “Open Banking” approach seen in the UK, Europe, Brazil, Australia, Bahrain and elsewhere.

The first route leads to consumer credentials being exposed to third parties, jeopardising the security of their data, and leading to high costs of entry for firms as screen scraping can be very costly to maintain. The second relies on the data sources reaching commercial agreements with Fintechs often out to steal their lunch. The third relies on time-consuming and expensive regulation.

In Coadec’s view, a mix of options 2 and 3 is preferable.

It is aspirational to protect consumers by avoiding them having to share their credentials and lowering the barriers to entry would unleash startups, whilst there must be a recognition of the limits of mandating incumbents to expose data that veers into the commercial.

For instance, where a data holder has enriched, labelled or combined data sets, these sit in a precarious grey area where some will suggest it is the user’s, whilst others recognise it as commercial intellectual property.

Consequently, a minimum level of free access should be mandated (option 3), with enriched data sets offered on commercial terms (option 2), outside of the regulated mandate.

It will also be critical for the Smart Data regime to progress in tandem with broader data policy.

This includes the Digital Identity and Attributes Trust Framework specifically, as increasing portability of consumer data could lead to a concentration of data with entities like data aggregators, which themselves could become sources of digital identity by proxy or explicit design.

To read the full report CLICK HERE

The post Report: UK Open Banking market at “crossroads” appeared first on Payments Cards & Mobile.