Kemp Little
  • Looking for someone?
  • Email us
  • Search
MENU MENU
Insights overview

Commercial technology · 21 August 2019 · Julia Barry

A year of banking openly

On 16th July 2019 the Open Banking Implementation Entity (OBIE) released its latest report.[1] The report, prepared by Fingleton Associates and the Open Data Institute… Read more

more content below

Notice: Undefined variable: people_info_class in /home/kemplittle/test.kemplittle.com/wp-content/themes/kemplittle/single.php on line 210

On 16th July 2019 the Open Banking Implementation Entity (OBIE) released its latest report.[1] The report, prepared by Fingleton Associates and the Open Data Institute follows a review commissioned by OBIE of Open Banking and examines the ‘purpose, progress and potential’ of the initiative.

What’s good

Some elements of the initiative were highlighted as working well. Many of the respondents to the review praised the Open Banking standards themselves. The standards are now accompanied by User Experience Standards that make signing up to Open Banking services much more convenient for customers. Mobile users can now move from a third party app to their banking app for authentication (and back again) smoothly. This has meant that the customer experience is greatly improved as it is much slicker and meaning the likelihood of customers being inconvenienced or put off by multiple clicks is reduced.

OBIE’s approach to implementation has been praised for how it seemingly manages to balance the demands of third party providers, banks and other groups in the design and implementation without favouring one group, despite the fact that OBIE is funded by the CMA9 (six of the largest banks in Great Britain and 3 of the largest Northern Irish banks).

The report notes that the Open Banking ecosystem is one of the factors that is really working and that Open Banking has potential to support a ‘large, innovative ecosystem of Fintech companies’. OBIE has made efforts to balance the needs of smaller businesses against those of banks, regulators, consumers and other stakeholders. OBIE provided information on its progress against key performance indicators to its stakeholders so those stakeholders were able to hold OBIE to account and this resulted in a heightened level of engagement and rapid adjustment to the Open Banking ecosystem.

What’s not so good

The areas that have been identified in the report as requiring ‘building out’ are:

Additional payments functionality: i.e. the ability to support merchant refunds and the ability to consent to recurring payments. OBIE has described the refunds functionality as being absolutely critical to the adoption of payment APIs by merchants, because the costs for online retailers in particular are very high when it comes to processing refunds. Refunds have not automatically been included as part of the functionality as they are not specifically mandated by the Second Payments Services Directive (PSD2).

Variable recurring payments: the biggest structural complaint from third party providers has been that customers have to authorise individual payments every time a payment is made. Variable recurring payments functionality would enable users to authorise a third party provider to make a number of payments without the need to get new authorisation. This could be useful for paying e.g. utility bills and subscription services. Recurring payments were also not mandated under PSD2, but the FCA has formally accepted the OBIE’s proposal for variable recurring payments into its regulatory sandbox for testing.[2]

Three different methods of improving customer consent were discussed in the review:

Customer consent: The first method is codifying consents, meaning that the intent of the given consent is codified and attached to transaction data to create metadata. The benefits of this are thought to be that the way that the user consent is captured can be structured to ensure that it is simple to understand and is limited in scope. An audit trail would also be created that reflected the customer’s wishes which is useful where the data is passing between data processors and to any entities that are not governed by PSD2 themselves.

Revocation of consent: when a customer revokes their consent, the data that the customer has provided is deleted by the third party provider – this is the General Data Protection Regulation (GDPR) ‘Right to be Forgotten’. This deletion does not currently happen automatically under Open Banking APIs, but by making this automatic, it is thought that any issues with customer trust in Open Banking being eroded would be avoided and compliance with GDPR would be a smoother process.

Third party provider reauthorisation: at present, PSD2 requires that a full reauthorisation of use of the third party apps via the banking app is carried out every 90 days. This can lead to increased costs for third party providers and to customers being inconvenienced. Allowing customers to reauthorise via the third party app itself (rather than via a banking app) would minimise this. The report does not suggest an alternative timeframe, but instead states that an evaluation for the appropriate timeframe for reauthorisation should be possible and should be determined using a cost-benefit analysis.

Open Finance

The report notes that there are significant opportunities for extending Open Banking APIs to other financial products such as insurance, pensions, mortgages and savings accounts. This would allow customers to see all their financial information in one place. There has been some progress in this area, but until now this has been largely reliant on use of screen scraping (this requires the customer to give the third party provider their bank login details and the third party apps use these to access the customer’s bank account details), which creates additional security risk for customers by comparison to the use of APIs. Due to the impending PSD2 requirements for strong customer authentication being implemented (note that in the UK enforcement is to be delayed until March 2021)[3], screen scraping will become impossible.

“Sweeping” is another very strong user case for Open Finance; this would allow customers’ money to be automatically moved from a current account to a savings account with a more favourable rate.

Premium APIs

Currently, the CMA9 are legally required to provide Regulatory APIs free of charge and without a contract. The CMA Order has been described as being “all stick and no carrot” and this has resulted in a drag on implementation. Premium APIs would be available under a contract and would be voluntary for banks to introduce. The banks would be free to determine price and the contracting terms with each participating third party provider. By allowing banks to charge for the Premium APIs, it is thought that there would be an increase in cooperation, and changes would be brought about more quickly than if only mandated by law or regulation.

What’s next

HM Treasury has highlighted Open Banking’s approach to data sharing as being a pro-competitive model for other markets to follow.[4] The government is now exploring how similar data sharing models could be used in markets such as pensions, telecoms and energy,[5] and at the same time, the FCA is exploring Open Finance.[6] The energy and telecoms markets in particular have an interesting use case as it is common for customers to experience a ‘loyalty penalty’ where customers who stick with the same energy or telecoms providers end up paying more for their services. It is possible that this problem could be solved by combining data comparison services with Open Banking functionality. In future, we will likely see a move towards individuals having open access to all of their banking, telecoms, energy and internet transaction data. This initiative is currently being implemented across a number of sectors in Australia, the first sector in line is banking.[7]

The report highlights the potential for Open Banking to be used to support a digital identity service: this would use the Open Banking authentication functionality to enable customers to access their digital identity wherever it is stored and/or would enable banks to provide the verified identity data they hold on their customers through the Open Banking APIs. The Open Banking authentication standards could be used by non-bank authentication providers to allow competition at the authentication layer. The report notes that the mechanism could provide additional security to already existing government services such as DWP’s pension tracer. As banks are already authorised to carry out detailed identity checks on their customers, the banks already hold this data, but are not currently required to allow their customers to access it or to share it with third parties. Many respondents to the review argued that customers should be able to share this data with third parties if they wished.

Conclusions

Despite the UK’s Open Banking project being so advanced, there is still a need for its existing functionality to be expanded. Many of the proposals for expansion include providing information that customers are already entitled to under the GDPR. The report recommends that the government undertakes a review of the services enabled under the CMA Order and PSD2 and considers whether further guidance is required to govern the rapidly expanding scope of Open Banking.

The report states that focus should now be on prioritising new use cases for Open Banking based on how valuable they are to customers; and providing support to third party providers to develop their services in the market, including supporting the potential for new use cases for sectors outside of banking. Open Banking has the “potential to become a cornerstone of the digital economy”[8] with the right level of engagement from the government and regulators, and a willingness to improve Open Banking’s current regulatory underpinning. There is much more to do, but the first year hasn’t been a bad start.

 

 

[1] https://www.openbanking.org.uk/about-us/news/obie-launches-new-fingleton-and-odi-report-examining-the-purpose-progress-and-potential-of-open-banking/

[2] https://www.openbanking.org.uk/about-us/news-release-archive/variable-recurring-payments-obie-to-join-the-fifth-cohort-of-the-fca-regulatory-sandbox/

[3]https://www.fca.org.uk/news/press-releases/fca-agrees-plan-phased-implementation-strong-customer-authentication

[4] https://www.gov.uk/government/publications/unlocking-digital-competition-report-of-the-digital-competition-expert-panel

[5] https://www.gov.uk/government/publications/smart-data-review

[6] https://www.fca.org.uk/insight/why-firms-should-not-wait-be-pushed-open-finance

[7] https://www.zdnet.com/article/australias-open-banking-regime-generic-product-data-available-from-1-july/

[8] Trustee of the Open Banking Implementation Entity (OBIE), Imran Gulamhuseinwala OBE  http://www.mondovisione.com/media-and-resources/news/uk-open-banking-implementation-entity-launches-new-fingleton-and-odi-report-exam/

  • Share this blog

  • Twitter
  • Facebook
  • Linkedin

Julia BarryJulia Barry is a commercial technology associate

Get in touch

View the team

Sign up for our newsletters

  • Share this Blog

  • Twitter
  • Facebook
  • Linkedin

Other stuff you might like


    Notice: Undefined variable: show_default in /home/kemplittle/test.kemplittle.com/wp-content/themes/kemplittle/single.php on line 349
  1. The best way to learn from Thomas Cook and safeguard your agency | TTG media
  2. Coding and law: how coding made me a better paralegal
  3. Excite Holidays cease trading – agent’s legal obligations | TTG
The hottest topics in technology
  • Adtech & martech
  • Agile
  • Artificial intelligence
  • Brexit
  • Cloud computing
  • Complex & sensitive investigations
  • Connectivity
  • Cryptocurrencies & blockchain
  • Cybersecurity
  • Data analytics & big data
  • Data breaches
  • Data rights
  • Digital commerce
  • Digital content risk
  • Digital health
  • Digital media
  • Digital infrastructure & telecoms
  • Emerging businesses
  • Financial services
  • Fintech
  • Gambling
  • GDPR
  • KLick DPO
  • Open banking
  • Retail
  • SMCR
  • Software & services
  • Sourcing
  • Travel
close
The hottest topics in technology
  • Adtech & martech
  • Agile
  • Artificial intelligence
  • Brexit
  • Cloud computing
  • Complex & sensitive investigations
  • Connectivity
  • Cryptocurrencies & blockchain
  • Cybersecurity
  • Data analytics & big data
  • Data breaches
  • Data rights
  • Digital commerce
  • Digital content risk
  • Digital health
  • Digital media
  • Digital infrastructure & telecoms
  • Emerging businesses
  • Financial services
  • Fintech
  • Gambling
  • GDPR
  • KLick DPO
  • Open banking
  • Retail
  • SMCR
  • Software & services
  • Sourcing
  • Travel
Kemp Little

Lawyers
and thought leaders who are passionate about technology

Expand footer

Kemp Little

138 Cheapside
City of London
EC2V 6BJ

020 7600 8080

hello@kemplittle.com

Services

  • Commercial technology
  • Consulting
  • Disputes
  • Intellectual property
  • Employment
  • Immigration

 

  • Sourcing
  • Corporate
  • Data protection & privacy
  • Financial regulation
  • Private equity & venture capital
  • Tax

Sitemap

  • Our people
  • Insights
  • Events
  • About us
  • Contact us
  • Cookies
  • Privacy
  • Terms of use
  • Compliants
  • Debt recovery charges

Follow us

  • Twitter
  • LinkedIn
  • FlightDeck
  • Sign up for our newsletters

Kemp Little LLP is a limited liability partnership registered in England and Wales (registered number OC300242) and is authorised and regulated by the Solicitors Regulation Authority. Its registered office is 138 Cheapside, London EC2V 6BJ. The SRA Standards and Regulations can be accessed by clicking here.

  • Cyber Essentials logo
  • Tech Nation logo
  • LORCA logo
  • ABTA Partner+ logo
  • Make Your Ask logo
  • FT Innovative Lawyers 2019 winners logo
  • Law Society Excellence Awards shortlisted
  • Legal Business Awards = highly commended
  • Home
  • Our people
  • Services
    • Commercial technology
    • Consulting
    • Corporate
    • Data protection & privacy
    • Disputes
    • Employment
    • Financial regulation
    • Immigration
    • Innovation
    • Intellectual property
    • Private equity & venture capital
    • Sourcing
    • Tax
  • Insights
  • Quick reads
  • Events
  • About us
    • Who we are
    • Our social responsibilities
    • Our partnerships
    • Join us
  • Contact us
  • FlightDeck
  • LORCA
  • Sign up for our newsletters
  • Follow us
    • Twitter
    • LinkedIn
close
close
close

Send us a message

Fill in your details and we'll be in touch soon


Notice: Trying to get property of non-object in /home/kemplittle/test.kemplittle.com/wp-content/plugins/contact-form-7-dynamic-text-extension/contact-form-7-dynamic-text-extension.php on line 330

close

Sign up for our newsletter

I would like to receive updates and related news from Kemp Little *

Please select from the areas of interest below.

Themes

Services

Please select below any publications that you would like to receive:

Newsletters

close

Register for future event information

close
close
Looking for someone?
Generic filters
Exact matches only

Can't remember their name? View everyone

  • Home
  • Our people
  • Services
    • Commercial technology
    • Consulting
    • Corporate
    • Data protection & privacy
    • Disputes
    • Employment
    • Financial regulation
    • Immigration
    • Innovation
    • Intellectual property
    • Private equity & venture capital
    • Sourcing
    • Tax
  • Insights
  • Quick reads
  • Events
  • About us
    • Who we are
    • Our social responsibilities
    • Our partnerships
    • Join us
  • Contact us
  • FlightDeck
  • LORCA
  • Sign up for our newsletters
  • Follow us
    • Twitter
    • LinkedIn