Standardised APIs could aid data accessibility in UK banking within two years

Out-Law News | 29 Jan 2015 | 2:59 pm | 3 min. read

UK banks could be forced to make more of the data they store accessible to consumers, rivals and new entrants to the market via standardised technology within the next year or two, under plans being taken forward by the UK government.

The Treasury has launched a call for evidence on data sharing and open data in banking following chancellor George Osborne's promise last month to look into "how to deliver standardised APIs in the banking industry". An application programming interface (API) is technology that allows different pieces of software to interact.

A government-commissioned report published alongside Osborne's Autumn Statement said that giving consumers better access to data through standardised APIs could improve competition in banking but also provide benefits to banks.

The Treasury said it is now looking for guidance from industry and other stakeholders on how to an open API standard should be developed and implemented. It has asked for views on whether it is reasonable to expect standardised APIs to be in use in the UK banking industry in the next one to two years.

"An open API standard would entail UK banks developing a single and common API, which is publicly available and can be used by any fintech firm or app developer to design products or apps which work for all UK banks," the Treasury said. "This would help to create a better market for app development and a greater ecosystem for fintech firms and developers to work within, as a single app could then connect with, and be used by customers from, any bank. This would help to ensure that the UK remains at the forefront of financial technology and innovation."

Technology law expert Angus McFadyen of Pinsent Masons, the law firm behind Out-Law.com, said: "Standardised APIs would help improve efficiency and enable corporates, banks and payment schemes to plug in to each other with much greater efficiency, for example. Like with the SEPA regime, which involves the move to standardised protocols for the communication of credit and debit card payments, there would inevitably be an initial cost in integrating standardised APIs into existing services. However, in the longer term, standardised APIs should help to lower costs."

The move to develop standardised APIs and liberate data held by banks is driven by the UK government's desire to promote more competition in the industry.

"Customers need to have the right information on the types of products and services available to them, and be able to compare them effectively to make informed decisions on who to bank with; banks and alternative finance providers need the right data to understand better what products and services their customers need," the Treasury said. "This enables challenger banks and alternative finance providers to enter into the market and compete effectively, and design products for underserved areas of the market."

"Giving customers more choice about how they use their bank data can also support greater competition in banking. Banks, alternative finance providers and fintech firms would have more incentive to develop innovative applications which utilise bank data on behalf of customers, and compete to offer new products that customers can benefit from," the Treasury said.

The government-backed 'midata' scheme already promotes better access for consumers to the personal data held by UK banks and other businesses. Some financial technology companies also use 'screen-scraping' techniques to allow consumers to manage multiple bank accounts via a centralised portal online.

However, the UK government has said that the development and implementation of standardised APIs would simplify and broaden the access to bank account data by consumers and present fewer risks to privacy and security than screen-scraping does.

"Like screen-scrapers, APIs provide a mechanism for customers to share their bank data with a third party without the need for input each time. However, unlike screen-scrapers APIs do not require customers to provide their internet banking log-in credentials to the third party," the Treasury said. "Furthermore, unlike midata, APIs work without requiring customers to download and then upload their bank data, so there is no limitation to APIs working on popular brands of smartphone and or tablet."

McFadyen said: "There are plans within the proposed new EU Payment Services Directive (PSD2) to enable account information service providers and payment initiation services providers to get better access to online accounts to deliver innovative 'overlay' services to consumers. Much of the legislative response comes from the adverse reaction by account providers to services that have, historically, accessed online accounts using an individual’s ‘secret’ login details – Sofort in Germany being a well known example."

"The legislators want to open this market up and enable those new service providers to operate in a regulated environment. However, for those plans to be realised those new service providers need to be able to plug into the banks, and other providers, that hold the payment accounts, for example a current account. The European Banking Authority (EBA) is tasked with developing standards that enable this to happen. The UK government, with the work on APIs, needs to make sure that its initiative does not diverge from the approach the EBA will be developing to enable this access and software interoperability," he said.