How is Open Banking Regulated?
Regulations and Data Standards
Regulation is a crucial part of the financial industry in regulating the environment that the financial institutions, consumers and third-party providers work within. With the objective of open banking being to place the consumers’ interest first, it is essential that the consumers favour open banking and trust the process – regulation helps create this trust. With data security being a high priority, it is increasingly important to understand the regulation standards in place and how they are being implemented in individual markets to overcome the risks and create opportunities for open banking.
Why are Open Banking Models Regulated?
While we understand that there are different regulation implementation methods being applied uniquely in each country, a very important question remains - why is regulated open banking important at all?
Firstly, we would argue that a regulated implementation is a very efficient implementation model. This is mainly because the regulator will stipulate timelines and also penalties for participants being non-compliant. This forces the participants along in the creation of the technical architecture and data standards required under a road map of deliverables. For participating fintechs, it provides actual dates on which they can access this data and create products and services around those deliverables. Additionally, it also guarantees consumers a supply of new products and services by the financial sector, as a result of the open banking movement.
Secondly, a regulated open banking also provides a regulatory framework. This regulatory framework is important because it will not only hold the guidelines but also the processes of which the sector will follow. These processes may include how data standards are to be updated, how participants register and deregister from the initiative, testing and the go live phases.
How is Open Banking regulated around the world
Here are 6 examples that illustrate open banking regulations around the world:
- The UK’s Open Banking regulation imposed by the Competition and Market Authority, which is usually what we think of when we say “Open Banking”.
- The European Union’s PSD2 regulation, which is the wider European framework.
- The Mexican Fintech Law, as an example of implementation with a strong objective of financial inclusion.
- The Australian open banking regulation, which has a robust focus on information security and privacy protection. Unlike the UK's open banking that only includes payment services and account aggregation, AU's open banking includes all financial verticals.
- Singapore, most advanced in Asia in terms of API but there are no regulatory standards in place and would seem more like a closed banking model.
- South Korea, while they have been using API’s for some time now, the lack of regulation has seen very little benefit for consumers and a continued banking monopoly.
PSD2 Regulations for Open Banking
The EU’s PSD2, full for Payment Services Directive version 2, the regulation was implemented in January of 2018.
The first regulation, known as Payment Services Directive or PSD, was put in place in order to “regulate the information requirements, the rights and the obligations of payment services users, as well as the prudential requirements for entering the market of entities qualified to provide these services like the payment service providers or "PSP".
The second directive, PSD2, expanded the first regulation by going a step further into the harmonisation of the EU payments market by implementing a series of additional features. For example, the expansion into payment transactions in currencies across the EU and not only of the host country. They also introduced new payment services which will be mentioned shortly in this module.
How is Open Banking regulated in the UK?
The UK’s open banking regulation is called the Competition and Market Authority Order or CMA Order for short. The CMA Order was applied to the top 9 banks in the UK, later known as the CMA9. It was implemented in 2017 when the Open Banking Implementation Entity was formed to act as the entity that would have the remit to deliver the CMA Order.
The Order mandated the delivery of an open and common banking standard to allow for the following:
- The release of reference information via Open Data APIs, to include:
- all branch and business centre locations
- all branch opening times;
- all ATM locations
- The release of specific product information via Open Data APIs including Product prices, all charges, Features and Benefits, terms and Conditions and customer eligibility for various products such as Personal Current Accounts (PCA), Business Current Accounts (BCA), SME Loans and Commercial Credit Cards.
Data Standards for Open Banking
They are the rules by which data is exchanged and shared. These rules include guidelines for the format, structure, and definition of data fields. This standardisation is meant to enable and streamline the exchange and interpretation of data.
There are two different types and approaches to data standards related to Open Banking.
- First, we have the UK’s Open Banking Standard, which is also being implemented in other countries, such as Mexico.
- The second type is Berlin Group’s data standard, which is being used for the PSD2 EU Initiative - however, it is not as global as the UK’s Open Banking Standard.
It’s easy to understand why this is the case once you compare both standards.
While both are ISO 20022 based, the Berlin Group standards are very specific to the EU payments directive. Their approach of common API standards is called "NextGenPSD2" with the objective of creating and developing a “uniform and interoperable communications between banks and TPPs”.
On the other hand, the UK’s Open Banking Standards are richer in context and flexibility simply because the standards were based on the entire breadth of the ISO 20022 messages which in themselves are rich in content. However, the biggest difference is that the UK’s mandate was for the creation of an independent body, known today as the Open Banking Implementation Entity or OBIE for short, which provides both a technical framework and interface standards whereas the Berlin Group lacks an independent body and does not stipulate an interface standard.