On January 31, 2020, Canada's Advisory Committee on Open Banking (the “Committee”) issued its first report in connection with the Department of Finance Canada’s consultation process on open banking. The report recommends that the Federal Government take steps to enable open banking in Canada, with appropriate safeguards, within two years. It asserts that open banking is an opportunity to position Canada's financial sector to compete effectively in the data and digitally powered world, and to do so in a way that puts customers first. The report also suggests that Canada should replace the term "open banking" with a term that more accurately reflects the concept: "consumer-directed finance". Last month, the Department of Finance has re-opened its consultation on consumer-directed finance with industry stakeholders.

Our series examines the concept of open banking or "consumer-directed finance", and reviews its development and implementation in Canada and in other jurisdictions around the world. This first article is a Q&A on open banking and its importance in a data-driven global economy.

WHAT IS OPEN BANKING?

Open banking (or "consumer-directed finance") is a framework that empowers customers to be in control of, and benefit from the use of, their financial information. The framework enables a customer, be it consumers or businesses, to authorize third party financial service providers to access their financial transaction data, using secure online channels. The customers decide which pieces of their financial information they would like to share, and with whom. The chosen third party then uses that information to offer tailored products and services to the customer. In this framework, the customers can restrict and/or revoke the sharing of their financial information at any time, as they see fit.

HOW DOES OPEN BANKING WORK?

Open banking works by using a secure online “mechanism” to give third party providers access to customers' financial information. That "mechanism" is typically an "open" application-programming interface ("API").

An API is a communication protocol that facilitates information exchanges. In the context of open banking, an API can be restricted to select providers or "open", allowing any third party provider that meets predetermined standards to gain access to customer data on a financial institution's server and build customer-facing applications that incorporate some of that financial institution's existing technology. Open banking works when open API-powered applications access a customer's financial information from a financial institution to provide financial products and services to that customer.

WANT TO KNOW MORE?

The History: While APIs have become increasingly topical in the context of open banking, they are not new technology. The concept of an API as a set of functions and procedures that allows an application to interact with another system has been around since the 1960s, pre-dating the advent of personal computing. The first modern API (web-based) was introduced by Salesforce.com in 2000. Other web-based companies soon followed. Today, APIs are commonplace in our day-to-day digital experiences.

But what is it? In the same way that a User Interface (i.e., the buttons and menus on a website) allows you (an end-user) to interact with a website or mobile app, an “Application Programming Interface” is an interface that allows two applications to communicate with each other. The term “programming” refers to the communication being subject to certain protocols and permissions. In this way, APIs allow access to certain data, software, or other applications while performing their function as information-gatekeepers.

Can you give me an example? Uber, the popular ride-sharing app, uses Google Maps’ API for its mapping functions. This is an example of how APIs can be leveraged to let one application build off another. Providing third parties with access to existing technology eliminates redundancies (allowing developers to avoid re-doing the work that has already been done) and provides the end-user with a more seamless digital experience.

What does this mean for Open Banking? By creating a regulatory framework that will allow financial institutions to share customer data, third parties will be able to use the API of a financial institution to “plug into” the bank’s server, gaining controlled access to certain consumer data and some of the financial institution’s software components. This access will allow developers to build applications based on the existing technological infrastructure of financial institutions. The end result: New products that provide for a more seamless and secure customer experience. With permissions and other measures, APIs ensure that only authorized third parties can access the exact pieces of data needed (for instance, access to the customer’s transaction history or account balances).

Open banking financial institution, API, third parties and customers

 

WHY OPEN BANKING?

Open banking aims to increase competition and choice in the financial services industry.

Traditionally, the only people who could access a customer's financial information were the customer and their financial institution. However, in recent years, customers have increasingly begun to share their financial information with “unaffiliated” third parties. Without open banking in place, to provide access a customer must either:

  1. Entrust a third party provider with their login credentials, i.e. the username and password that customer uses to log into his/her/their personal bank account. Through a process called “screen scraping,” the third party provider “impersonates” the customer and extracts the desired financial information.
  2. Use the services of third party providers that have existing partnerships with financial institution(s). With an agreement already in place with a customer’s financial institution, some third parties can receive data directly from the financial institution without the use of screen scraping. Often, a partnered or bilateral API facilitates this exchange.

The Problems with the Current Approach:

  1. Privacy and Security Concerns. The first option presents a number of concerns, chief among them being that multiple third party providers may be required to safeguard the customer’s personal information in an unencrypted manner.[i] This makes it more likely that the customer's information will be compromised, increasing the risk of identity and/or account fraud.
  2. Lack of choice and standardization. The second option restricts the customer’s ability to choose the services they find most useful and to give informed consent to the service to the third party provider. It also may fail to capture the customer's complete financial picture, particularly if the customer holds multiple accounts across a number of financial institutions.

The Solution: The open APIs used in open banking will eliminate the need for screen scraping and provide customers with increased choice of financial products and services to suit their needs. These customer-facing applications may include mobile and online applications that:[ii]

  • Initiate payments on behalf of customers directly from their bank account,
  • Compare financial products across financial institutions with the capability to subscribe directly to those products,
  • Simplify the process of switching from one financial institution’s services to another's, and
  • Provide customized products tailored to an individual customer's needs, based on a complete view of that customer’s finances across all of their financial institutions.

WHERE IS OPEN BANKING TAKING PLACE?

A growing number of jurisdictions have either mandated or authorized open banking.

In 2015, the European Union became the first jurisdiction to introduce the concept of open banking, with its revised payment directive (known as the second Payment Services Directive or PSD2). PSD2 enables customers to allow third party providers access their financial information; it requires banks to grant authorised third party providers access to account data and payment initiation. An important element of PSD2 regulation, Strong Customer Authorization, was due to come into effect in September of 2019. However, a lack of preparedness among businesses, banks and payment providers resulted in an extended deadline to do so – until December 31, 2020.

In 2018, the United Kingdom became the first country to implement open banking, pursuant to an order from the Competition and Markets Authority requiring the UK’s largest banks to share customer data with third parties. By the end of 2018, all of the UK's largest banks had achieved PSD2 compliance.

Other countries, including Canada, have followed suit in reviewing the merits of open banking or developing legislation, with each at varying stages of implementation. A more in-depth review of these, and other, jurisdictions will be included in an upcoming article as part of this series.

WHO WILL OPEN BANKING AFFECT?

Open banking will affect three primary stakeholders.

  1. Customers, including both individuals and businesses, will have access to an increased range of financial products and services. They will also have greater control over their financial information, including the ability to choose which third party applications are granted access.
  2. Financial Institutions will no longer be the sole custodians of financial information. Because open banking will enable third party providers to be granted access to customers' financial information, financial institutions will experience increased competition and innovation in their industry. New services that allow for product comparison and that facilitate switching accounts could introduce such competition. Open APIs, which allow third party providers to leverage financial institutions' existing technology and data, are expected to create innovation within the industry.
  3. Third Party Providers will also become custodians of financial information, diversifying the ecosystem of financial services providers. Open banking will provide a platform for third party providers to access financial information and provide a broader array of products and services to customers.

A review of how each stakeholder will be affected from a legal perspective will follow in an upcoming article as part of this series.  

[i] https://openbankinghub.com/screen-scraping-101-who-what-where-when-f83c7bd96712

[ii] https://www.fin.gc.ca/n18/18-085-eng.asp