Out-Law Analysis | 27 Nov 2017 | 3:08 pm | 5 min. read
While payment services, and banking more generally, have undergone transformational 'digital' change in recent years, Open Banking promises a further step-change from early 2018 when new EU payment services laws take effect.
In the UK, parallel requirements set by the Competition and Markets Authority (CMA) is also mandating change.
Pinsent Masons, the law firm behind Out-Law.com, has teamed up with Innovate Finance to take a look at the myriad of issues that the new world of open banking raises. A joint report, featuring the results of study into attitudes towards open banking carried out with industry experts, as well as answers from interviews conducted with banks and fintechs and analysis of the trends in the market, will be published on 29 November.
Not so long ago consumers and businesses were limited in the ways in which they could make payments and access information about the transactions they make.
Cash, cheque and credit cards were, for a long time, the only options for a payment account customer, whether consumer or business. The 1980s, however, brought revolution with the arrival of telephone banking. This was followed by chip-and-pin payment cards made available in the early 2000s along with online payment services as the internet gave birth to e-commerce and it began to grow.
Online banking has since continued to develop, with mobile apps seeing a growth in popularity as more and more people become increasingly reliant on their smartphones. Many online and mobile payment solutions now focus on making transacting a slicker, more convenient activity, particularly as customer expectations have heightened since widespread adoption of 'contactless' payments.
These developments have led to an increasing opportunity for effective 'personal financial management' (“PFM”) solutions. Where customers previously had to access each of their bank or payment accounts individually making it difficult to get an overall picture of their finances, PFM tools enable them to view this information in real-time, aggregated form. Building on the work of early pioneers of transaction account aggregation services, the opportunities open to innovators appear to be endless.
Today, the market is a hive of new activity and innovation. For consumers, there are cards that allow you to spend from multiple accounts, credit providers that use transaction history to create a fairer credit score and mobile payment products offering incredible loyalty packages and rewards. For businesses, B2B payments can be made faster with less associated cost, intelligent algorithms can help manage cash flow and track business expenses and business loans can be accessed quicker with less arduous paper work.
Reforms to regulation appear set to move the markets forward towards wider adoption.
The foremost reform having this impact is the Payment Services Directive (PSD2). The revised Directive came into force in 2016 but will not take effect until national laws across the EU implement it. These national laws must be in force by 13 January 2018.
The move is designed to improve competition in the market. It is seen as a chance for innovators to disrupt existing markets dominated by banks, but also for banks to revolutionise the services they offer and strengthen the way they engage with customers.
Regulatory intervention has been necessary as, despite the opportunities arising for banks, they have been busy dealing with the problems of yesterday and have had to assess their priorities accordingly. Without regulatory intervention, the opportunities on their own may never have been enough to compel change.
The recent global financial crisis spurred a tightening of financial regulation and has forced banks to prepare for a world of 'ringfencing', where their investment arm is kept separate from their retail business, in an effort to avoid the collapse of banks in the future. Banks have been forced to react to new rules on the amount of capital they are required to keep in reserve, as well as other measures designed to protect against future systemic risks.
PSD2 is a further area of regulation to which banks are being asked to adapt. In the UK, those reforms are complemented by a broader shift towards an 'Open Banking' future. The CMA's retail banking review led it to recommending that Open Banking standards be developed to improve competition in personal and business current account markets. These standards only apply to the UK's nine largest banks: RBS, Lloyds, Barclays, HSBC, Santander, Nationwide, Danske, Bank of Ireland and Allied Irish Bank (the CMA9). The scope of the Open Banking reforms in the UK has been expanded to mirror that of PSD2.
The CMA9 must have the standards, which include a new 'read-only data standard' and a 'read/write data standard', in place by 13 January 2018 – the same date that the EU's revised Payment Services Directive (PSD2) is due to be implemented.
The CMA-initiated order requires the common standards to be developed using open application programming interfaces (APIs) and conform to standards on data formatting and security, including for authorisation and authentication. These in turn enable the CMA9 to share data with other providers, and with third party service providers including: price comparison websites, account information service providers (AISPs) and payment initiation service providers (PISPs)
From the CMA's perspective, Open Banking is of course not simply about enabling innovation for innovation's sake. The CMA's Retail banking market investigation, published in August 2016, found that the four largest banks in the UK accounted for over 70% of main personal current accounts and over 80% of business current accounts. Open Banking was deemed a remedy needed to boost competition amongst retail banks.
PSD2 is aimed at opening up the payments market in the EU to innovative new services. Banks and other payment service providers (PSPs) will be required to provide access to payment account information of their customers to approved PISPs and AISPs at the request of those customers on a non-discriminatory basis. Only in select cases, such as where banks suspect a fraud risk, for example, can that access be denied.
Access will happen through secure channels and, in time, in accordance with new regulatory technical standards that are still being developed.
In order for PISPs and AISPs to benefit from the new rights of access to payment accounts information, they will be subject to regulation for the first time. Particular obligations arise in the area of data security which are additional to the new requirements and broader focus on data protection introduced by the General Data Protection Regulation (GDPR).
Once regulated, PISPs and AISPs can apply to be (white)listed on the 'Open Banking Directory'. This Directory is the key architectural component that enables regulated participants to enrol with Open Banking and initiate interactions with each other through APIs. At its core, the Directory is an identity and access management service providing identity information and security certificates to authorised users of Open Banking. These security measures are designed to ensure the integrity of the service providers and protect customers.
The new world under PSD2 and Open Banking offers a myriad of opportunities.
For banks, there are opportunities for those that embrace Open Banking to expand on the range of services they offer in the payments space. Banks start from a position of strength, with the largest share of the market and existing customer relationships. In addition, banks benefit from greater trust among consumers on issues such as data security and business viability, having had the opportunity to gain their confidence in safeguarding their money over significant periods of time.
For innovators, whether fintech business, large technology company or other disruptive force, there is a chance to get a better foothold in various existing, new and previously inaccessible banking markets.
Using new rights of access to bank account and transaction data and combining this with the opportunity to collaborate with the existing financial services players and other new entrants to the market, including retailers, utility providers and technology companies, could provide important insights on consumers' and business customers' financial lives, giving them the power to make informed financial decisions.
The possibilities are almost endless, and it will be fascinating to see how the market develops.
Luke Scanlon is an expert in financial services and technology at Pinsent Masons, the law firm behind Out-Law.com.