It is common in politics to talk about a lack of bank regulation. The word salad of clichés involves stuff like “casino capitalism, Wild West, bonuses, financial crisis and Lehman Brothers”.
The leader of Her Majesty’s Opposition knows he’ll get an instant round of applause with blood-and-guts quotes like this: “For 40 years, deregulated finance has progressively become more powerful. Its dominance over industry, obvious and destructive; its control of politics, pernicious and undemocratic.”
Ah, but the view from banking is now rather different. Since the 2008 financial crisis, at least, the industry has been inundated with new rules. It’s an alphabet soup of initiatives. Since the crisis we’ve had AIFMD and UCITS 5 for asset managers, Basel III for banks, PRIIPS for retail investment providers and Mifid II for pretty much everybody. Not to mention GDPR, the rules to stop unauthorised data-sharing, something every business needs to obey.
And for high street banks there’s been the revolution known as open banking, or PSD2 for acronym junkies. Since January, they’ve been required to offer third-party providers access to customer bank accounts, so long as the customer consents.
And the really interesting thing is this. Far from complaining about the new open banking regulations, the industry is uniformly demanding more rules. It’s an instructive lesson in how business actually works, compared to how outsiders assume it must.
And the message from more than 30 financial institutions surveyed, including high street majors, open banking startups and global consultancies, is uniform: if open banking is going to succeed, the rules must keep coming.
Marten Nelson, co-founder of Token, a Silicon Valley-based builder of open banking products, says the notion that finance providers want less regulation is daft. For starters, the new rules opened up what had been a sterile industry.
Far from complaining about the new open banking regulations, the industry is uniformly demanding more rules
“Regulation is the very thing that has enabled open banking,” says Mr Nelson. “Despite consumer demand for more customer-centric financial services, which has been evidenced by the early success of digital challenger banks, high street banks would not have opened up to third parties without the PSD2 legislation.”
Strict regulation ensures a higher level of consumer confidence. Mark Mullen, chief executive of Atom Bank, a new smartphone app current account provider, puts it like this: “A decade on from the banking crisis, I ask you, do you feel that banks have earned your trust? I don’t. And I’m a banker.”
He says innovation in the industry is at breakneck speed, so regulators are playing catch up. The deluge can seem onerous at first glance, but the innovators appreciate the clarity the rules bring. “It’s little surprise that regulatory intervention in banking technology comes across as intrusive or limiting,” says Mr Mullen. “But that doesn’t make it wrong.”
Regulations can establish uniform processes. This simplifies life for service providers. “It is where there is no common standard that problems start to arise,” observes banking entrepreneur Indrek Neivelt, chief executive of Pocopay, a current account and payment provider.
He offers a technical example: “The regulatory technical standards adopted under PSD2 specify a broad set of principles on how payment service providers should communicate with each other. But they do not define the specific standards to which the account servicing payment service providers’ (ASPSP) actual application programming interfaces (APIs) should comply.
“The result is that each ASPSP is now developing its own API. And an application compatible with one ASPSP’s API is not necessarily compatible with the application of another. The bottom line is that the current lack of a common standard materially limits the use and spread of open banking applications, and allows banks to enjoy their data monopoly for a while longer.”
To prove the point, look at areas where the rules have not yet come into force. The absence causes stagnation. Daniel Melo, senior director of business development, Europe, Middle East and Africa, at analytic software company FICO, points to security as an example.
Take-up of open banking is low because the market is still waiting for regulations
“Open banking will only take off if it’s secure and the technical standards required to guarantee its security were only approved by the EU in February 2018, and will not be legally enforced until September 2019,” he says. “It’s difficult for banks, fintechs and others to begin investing in an open banking environment ahead of that. In a nutshell, take-up of open banking is low because the market is still waiting for regulations.”
Sometimes a simple lack of clarity around interpretation can stall progress. GDPR proves it. Senthil Ravindran of Virtusa, a Nasdaq-listed technology consultancy, says: “Banks are finding it difficult to know what data can be shared and when. What if a customer asks their bank to share data with a third party and then the third party suffers a data breach? Which party is ultimately responsible?
“Given all this uncertainty, not to mention the hefty fines that GDPR threatens, it’s no surprise banks are opting to worry about GDPR issues over open banking where there’s an overlap between the two.”
For these reasons the banking industry is unanimous in its demand for strong regulation of open banking. If there is a dissenting voice out there, it will come from a dubious provider, unable to comprehend or comply with the rules.
Duncan Barrigan, vice president of product at GoCardless, says: “In many ways, there’s a direct relationship between innovation and agility. Agile companies don’t see regulation for open banking as a roadblock. They see it as an opportunity to further differentiate themselves against the competition and aim to take full advantage.”
So the next time a politician quips about “deregulated banking”, it is worth contesting the point. The industry wants the freedom to innovate and that comes with, not against, strong regulation.
