Few consumers have likely heard of open banking and even fewer of open finance. But behind the scenes, regulators have been busy designing new models, standards and infrastructure that force banks to share data with third-party providers like fintech companies.
Regulators’ aim for open finance – the next stage in the open banking journey – is to encourage innovation and competition by reducing some of the control banks have over valuable customer data.
The scope of open banking in the UK has so far been limited to payment accounts. However, open finance will force banks to make data available to third parties with explicit consumer consent on a wider selection of consumer data, including mortgages, savings accounts, insurance, and more. This will be achieved via an application programming interface (API), which establishes an online connection between a data provider and an end user.
The move forms part of a wider government initiative on “smart data”, which looks at ways of unlocking data’s value for consumers and the wider economy and ensure it’s used appropriately.
The Financial Conduct Authority is working with the government to help design future Smart Data legislation. It supports industry-led efforts to develop common standards and roadmaps to open finance.
Over 3 million individuals and businesses use open banking products, according to the Open Banking Implementation Entity (OBIE), which is governed by the Competition & Markets Authority (CMA). Rather than a “big bang” roll-out, open finance is expected to be implemented in a “proportionate, phased” manner and be consumer-focused.
Clear consumer consent
Open banking is still in the implementation phase, but the OBIE estimates a potential annual benefit of £12bn for consumers and £6bn for small businesses, in terms of cost savings. Consumers are expected to enjoy similar fiscal benefits from open finance.
As with any digital transformation, there are concerns over data privacy and security. Experts argue that any consent for open finance must be transparent, clear and in plain English. But as is already apparent with the implementation of GDPR and the data tracked by companies through cookies, cookie consent has become long and complex. The requests are so pervasive that consumers rarely read them in full before giving consent.
“For open finance to succeed, we need to ensure that customers’ consents are clear and simple to understand, can be tracked by consumers, and also provide flexibility, so that consumers can opt out of sharing non-critical data at their own discretion,” says Nick Raper, head of UK at open banking payments pioneer Nuapay.
Jocelyn Paulley, partner at Gowlings law firm, is sanguine about open finance. “From the point of view of privacy, the sharing of the data is only happening when a consumer says, ‘yes, I want to engage with the service’. From my privacy practitioner’s point of view, this is all happening the right way round.”
Banks are some of the most regulated businesses in the world and are used to controls and checks and new legislation like GDPR, so for now UK regulators want them to be the ultimate gatekeepers of open finance.
“Ensuring that users are aware of what apps have access to what and what they need it for is critical here,” says Nick Maynard, lead analyst at Juniper Research. “If users are fully aware of what is being shared when, then the risks are minimal. Outside of this, banks and other parties must have substantial controls in place from a cybersecurity point of view, but banks are already well established in this regard.”
Cyber attacks are viewed as one of the biggest risks in sharing consumer financial data. However, “it’s rare for a bank to suffer a ransomware attack” due to their sophisticated IT systems, notes Hans Tesselaar, executive director of Bian, a not-for-profit organisation establishing a common architectural framework for enabling banking interoperability.
Professor Markos Zachariadis, chair in financial technology and information systems at the University of Manchester, says there are some hypothetical drawbacks in security terms, because data openness in any sector “may mean that fraudsters may find a way to intervene somehow. But I think using APIs is a major advancement. Many of the open standards that are used as part of the infrastructure are quite sophisticated.”
Zachariadis says most of the risks are around “the use cases where the data demands aren’t matched by sufficient consumer benefits. Think, for example, of the benefit you get from Facebook in response to the data you’re sharing on Facebook.”
It’s clear that robust data management, such as time limits on data usage and the ability to revoke access, must be in place to protect consumers and ensure that the promised benefits of open finance actually reach them.
“We’ve been giving access to data generously without really thinking about the implications and ways to control access have only very recently come into play with certain court cases. With open banking and finance you need to have a sophisticated control system of data,” Zachariadis says.
Strong consumer adoption of open finance will depend on the finance industry, which must educate consumers on the benefits and risks of the concept. Tesselaar says the adoption rate has been slow for consumers. “Banks should educate consumers about open finance. They should be the engine for adoption.”
Experts argue that concerns about exclusion are somewhat exaggerated because open finance is about consumer choice and enabling individuals to benefit from sharing their data. If they don’t want to share their data, they won’t gain the consumer benefits. It remains, on the surface, a matter of consumer choice.
Digitisation is already boosting financial inclusion around the world. Digital payments have accelerated since the arrival of Covid-19, with digital finance already becoming a force for inclusion in countries such as Singapore, Kenya and Brazil.
“We see open finance as an opportunity to bring greater financial inclusion into the marketplace, especially after the pandemic has caused financial stress for a significant proportion of the population,” says Raper.
Another concern is that open finance will simply shift power from the old to the new: from the entrenched banks to the big tech companies like Amazon, Facebook and Google.
In theory, a big tech company could become an ASP (Account Servicing Provider) or PSP (payment service provider) through the open banking infrastructure. Big tech companies are digital natives, better at handling data and using it strategically, as well as creating algorithms and narratives around artificial intelligence. Some like Apple already have digital wallets.
Zachariadis is slightly surprised that no big tech giant has as yet registered to become an ASP or PSP in the UK. However, he says the tech giants may already be creating their own proprietary products. “They’re already equipped with enough financial data, more than the banks have, so there’s no need for more data.”
However, Tesselar doesn’t anticipate big tech moving into this space any time soon, because the companies would have to comply with stringent financial regulations, and “that would be too much of a restraint for them”.
As open finance is phased in, the main entry point is likely to be social media, where big tech already has the monopoly. The challenge for banks will be luring consumers to their own platforms where they can sell their open finance products.
“By enabling open APIs, any intermediary can begin to offer aggregation or payment initiation services, once appropriately licensed,” says Maynard. “This can threaten to disintermediate banks, but this can be managed by banks offering strong services around open finance.”
Tesselaar says it’s likely there “could be different entry points for different age groups because young people share so much on social media. It will depend on where you are in maturity as a person.”
As with any industry transformation, open finance promises a new world of opportunity, but also poses risks. A lot is at stake. However, data is here to stay. Unless all parts of society find ways to benefit, the commercialisation of data will continue – without actually helping consumers.
There are many issues to iron out first. Data security, privacy and management must be watertight before regulators and consumers will be comfortable with widespread data sharing. But the innovation and transformation of financial services is already happening and promises exciting returns for all.