There are now over 65 open banking or open finance programmes either live or in-development globally. The industry has come a long way since 2014, when the early-stage discussions of bringing open banking to Europe really began. As the market has started to mature, there has been a level of consolidation around key questions that must be asked as part of any national programme. Here at Open Banking Exchange (OBE), part of the Konsentus Group, we have helped many national markets dive into these questions and navigate answers that work for their local market.
To regulate or not to regulate? This is a common first question that authorities often ask themselves when embarking on an open banking or open finance journey. The assumption that regulation can be constructed slowly and purposefully and remain unchanged for many years does not work in today’s fast-paced world. Therefore, it is easy to see why regulators are perhaps slow to react to emerging trends and would rather the industry self-regulate. This, combined with the fact that national regulations are often fragmented with various responsible agencies exercising overlapping authority, makes for a difficult job for regulators.
The regulatory environment for open ecosystems has many different flavours:
- No formal regulation but strong guidance from the regulator on technology and governance e.g., Singapore
- No formal regulation but regulatory deployed technology and governance arrangements e.g., South Korea
- No formal regulation and market-led governance and technology e.g., the US
- Regulation but market-led governance and technology e.g., the EU
- Regulation followed by strong guidance and/or mandatory requirements from the regulator on technology and governance e.g., the UK
- Regulation and regulatory deployed technology and governance arrangements e.g. Brazil has a lightweight version of this. Although there are indications that some markets will have much broader regulatory deployed technology.
When it comes to open ecosystems, and data sharing in general, it is vital to invest time in understanding the appropriate type of regulation for the local market. There is no ‘cookie-cutter’ approach. Whether this be in the form of lightweight regulation such as Nigeria, or a more extensive, outcome-based style of regulation such as in Europe.
Countries in Asia, particularly Singapore and Hong Kong, have not legislated for open banking or open finance but have implemented very successful regimes. This has been helped by strong support by financial providers of open banking. In Singapore, 99% of respondents to a recent Finastra survey consider open banking either ‘a must have’ or ‘important’.
In other markets, it has been challenging for the industry to move cohesively towards open banking or open finance without some form of regulation. Take Canada for example – with drifting deadlines and no collective voice, the market has been slow to make progress. Industry self-regulation often lacks transparency and coherence and, in the future, may not go far enough to protect customers and competition.
Who to govern and by whom? Governance is often considered the least exciting issue in national open ecosystem development, but it is arguably the most important. Defining the operating model and governance structure is crucial for long term success.
Based on our experience, leaving the industry to coordinate itself is rarely sufficient. The conflating needs of the incumbent market players, newer technology providers and the regulator, often means that an industry-led consortium, without explicit backing from the regulator, will be plagued with inertia. A central entity, whether that be under the auspices of the regulator, an existing association, or a new purpose-built vehicle, should coordinate the industry in delivering open banking or open finance. This central entity can deliver a range of services from strategy and standards design, to procuring central technology based on the needs of the market.
In the UK, there is heavy, centralised governance to support open banking delivery. The Open Banking Implementation Entity (OBIE) was mandated by the Competition & Markets Authority (CMA) in September 2016 to fulfil one remedy required by the CMA following an investigation into UK retail banking. This was namely to agree, consult upon, implement, maintain and make widely available and without charge, open and common banking standards. Whilst the scope of OBIE was narrow, its obligations were deep. OBIE built the Open Banking Standard (including processes and rules) and the Directory. However, its funding is only disbursed across the nine banks caught in the scope of open banking in the UK, making the cost to the incumbent nine banks extremely high.
Other countries have a much lighter touch. The Monetary Authority of Singapore (MAS) provided the industry with the ‘gold-standard’ of advice on open API ecosystems when it published the ‘Financial World: Finance-As-A Service API Playbook’, in collaboration with the Association of Banks in Singapore (ABS). The guide includes a framework for governance, implementation, design principles for APIs, a list of over 400 recommended APIs and more than 5,600 processes for their development. It is highly likely that this approach would not be as effective in other markets.
Hesitating on governance will come back to bite you.
Operations and Technology
Open banking and open finance allow for transparent and controlled financial operations while ensuring maximum data security and privacy. There are a number of processes and mechanisms behind it. Once the governance framework has been decided, key questions around the operational and technical requirements of the ecosystem will need to be asked. The operations and technical aspects of open ecosystem delivery often overlap. How will consent be managed? Which standards will be adopted and how? How will disputes be resolved? Is centralised technology needed to support these?
Based on the agreed-upon governance regime, these questions may need to be decided upon collectively via a central entity or individually by each data provider.
As open banking has progressed, OBE has seen two primary options for operational and technology delivery, (i) the decentralised model and (ii) the centralised model. Although, it must be said, these two options are on a spectrum with slight variations of each already being seen across the world.
In the former, much of the operational and technical development is the responsibility of the data providers and fintechs. Fintechs must invest in the development of the individual API connections into the data providers and test against the specifications in the data provider sandboxes and developer portals. Dispute management, consent and even standards are generally decided on bilaterally. There may be some elements of the ecosystem that are centralised e.g. the directory of participants, but the majority of development is decentralised.
As many in the payments world already appreciate, standards, specifications and rules should not be seen as competitive. Standards are a foundational building block for value added services. In our work, we have seen that fragmented standards can lead to significantly slower development, adoption rates and significantly higher development, deployment and operational costs. Often ‘standards’, in relation to open banking, seemingly equate to API standards. However, there are many more standards considerations such as data, identification, messaging protocols, security and consent, amongst others. Decisions around which standards to use, how to use them and how to ensure compliance are crucial for the safety and efficiency of the ecosystem. It is OBE’s view that successful open ecosystem regimes develop these centrally and it is not left to the market to decide these on an individual institution basis.
The decentralised model, whilst perhaps an open banking purist’s dream, will often drive up cost and complexity. There are few, if any, conformance tools available, and testing is all undertaken bilaterally. This will often lead to fragmentation of implementation.
In the centralised model, much of the operational and technical capabilities are developed centrally e.g., performance metrics, directory services, certificate checking and even API routing. This minimises the build for both data providers and fintechs. Management and conformance to the standards can also be controlled centrally. This enables data providers to build and test their APIs as well as fintechs being able to test their performance. Centralised components can allow for increased scalability and faster time-to-market for innovative services. OBE does not necessarily advocate centralised API switches (although these may work in some markets), but the centralisation of some components, for example directory services, makes for a far more effective and efficient ecosystem.
So many questions, but how to answer them?
Open finance has the capacity to be revolutionary, if delivered effectively. It should be considered like all major infrastructure programmes – purposefully, inclusively and flexibly. If an open ecosystem is delivered without a complete understanding of these different considerations and challenges, it is unlikely to stand the test of time. National programmes need to work for all facets of the industry otherwise they will always be viewed as a compliance exercise. OBE has developed a strong methodology to help regulators, central banks and national implementers ask the right questions and find answers that fit the local market. We have found this methodology to be a rigorous and effective way of navigating the development process, leading to the successful launch of open ecosystem frameworks globally.
For more information, please contact firstname.lastname@example.org.
Open Banking Exchange is part of the Konsentus Group, an organisation wholly dedicated to the delivery of open data ecosystems. Combined, the Konsentus Group delivers end-to-end advisory services to support national open banking programmes, as well as technology solutions to central entities across the globe enabling data and funds within open ecosystems to be securely exchanged in a reliable, consistent and automated way.