The UK Government is poised to develop Smart Data legislation in 2021 to bring the benefits of open banking-style data sharing to new sectors.

This is great news for consumers who are still locked out of their own data in many areas, from utilities to insurance, despite wide ranging data laws (GDPR) aimed at data portability.

But developing legislation and building sectoral frameworks around the new smart data rules is likely to take a number of years.

We believe it’s possible to achieve open finance much more quickly in the financial sector, where the groundwork has already been laid by open banking.

It’s important that open finance happens quickly, to fully realise the benefits unlocked by open banking, and to ensure the UK doesn’t fall behind Europe, where open finance is being looked at by the EU Commission.

We hope the outcome of the FCA’s open finance consultation and the Treasury’s Payment Landscape Review will enable the UK to get ahead on open finance, through an agile, targeted set of rules and facilitated industry collaboration.

In what follows, we discuss how open finance can progress at speed by:

1. Building on the foundations of PSD2 and open banking

2. Introducing interim requirements for open savings and VRP

3. Incentivising data holders to develop well performing open finance APIs

But first: a note on definitions, use cases and sequencing.

What is open finance?

Open finance is the concept of extending open banking to a wider range of financial products. PSD2 limited open banking to payment accounts. This means consumers can’t currently get full control of their financial lives through a third party provider. For example they can’t view their savings accounts in a dashboard, or ask a third party provider to transfer funds from one ISA to another. The FCA believes open finance can eventually extend across:

• savings and investments

• consumer credit

• mortgages

• pensions

• insurance

We believe there are specific use cases that should act as a focal point for open finance:

• aggregating savings and investments data alongside the payment account data already available — to bring holistic financial management closer for consumers

• allowing access to financial account information in savings and investment accounts, to power value-add services like financial advice, ID verification and KYC

• enabling third party providers to initiate fund transfers between savings accounts, ISAs and other investments

• enabling third party providers to initiate bank and ISA switching

Sequencing

To make open finance manageable for regulators and the industry, it should start by correcting some of the shortcomings of PSD2 — eg extending API access to savings and enabling variable recurring payments.

This is the logical step to build on the foundations of open banking and give consumers more holistic control of their transactional accounts.

In what follows we suggest ways to speed up the delivery of open finance, using insights from our experience with open banking.

1. Build open finance on the foundations of PSD2 and open banking

We believe open finance can progress at speed if it builds on the foundations of open banking, rather than an entirely new regulatory regime. This means:

• replicating the PSD2 ‘right of access’ in legislation for open finance

• ensuring both ‘read’ & ‘write’ access in open finance, as with PSD2

• ensuring APIs are the basis of open finance

• re-using the PSD2 authorisations regime

• creating a permanent independent standards body to develop and maintain API standards, and oversee their implementation.

Access right

As we’ve argued before, one of the key foundations of the Open Banking regime in the UK was the legal right, stemming from PSD2, for customers to access their payment accounts through third party providers.

This right stopped banks from prohibiting the use of third parties and made it an obligation for them to facilitate third party access. It was revolutionary.

With open finance, as with PSD2, the legal right for customers to access open finance accounts using third party providers should be front and centre.

Enshrining this right in law is necessary to shift financial institutions away from the mindset that they own the customer’s data and account access. This is key to driving competition, so customers benefit from innovative new services offered by third party providers, and financial institutions are incentivised to improve their own services.

The PSD2 access right also gave banks (as data holders) a straightforward legal basis on which to release data to third party providers under GDPR. The same right should be introduced to ensure other types of financial institutions aren’t having to wrestle with GDPR and liability worries when allowing access to data.

Ensure both ‘read’ and ‘write’ access

​​The PSD2 access right did not just cover ‘read access’ of payment account data, but also ‘write access’ — the ability for third party providers to initiate payments on behalf of customers.

This has paved the way for a new type of bank to bank payment to compete with cards and other payment methods. ​​Adoption of open banking payments has grown significantly since 2018, as more businesses start to understand the security and cost benefits.

‘Write’ functionality should be a pre-requisite of open finance.

‘Write access’ would, for example, allow authorised third party providers to:

• initiate fund transfers between savings accounts, ISAs and other investments

• initiate bank and ISA switching

In Australia, where the Customer Data Right has been introduced to encourage open finance, ‘write access’ was overlooked in initial legislation, significantly restricting the use cases that consumers can benefit from.

Ensuring APIs are the basis of open finance

PSD2 has shown that APIs are a more secure and efficient way for third parties to access financial data, compared to methods like screen scraping.

PSD2 also demonstrated that where APIs are not mandated, as was the case outside the nine largest retail banks in the UK, they were not built, or were built slowly and in some cases to a low standard. This locked some retail customers out of open banking.

Because APIs require up-front investment from data holders, making API implementation mandatory is the only way to guarantee that open finance will succeed.

The FCA has recently acknowledged this in its proposals to mandate the use of APIs to a broader set of UK banks noting that ‘alternatives to APIs cause inconvenience to customers and significantly reduce the appeal of the service provided by TPPs’.

Re-use the PSD2 authorisation regime

Authorities could dedicate a lot of time and effort building a brand new authorisations regime for firms wanting access to open finance data. We think this would be a mistake.

PSD2 has resulted in a well functioning FCA authorisation regime for open banking providers. We believe targeted rule changes should be made to add new open finance permissions to the PSD2 authorisation regime, which would allow:

• existing authorised open banking providers to notify the FCA of their intension to carry out open finance activity (without having to undergo further authorisation)

• new firms could apply for both PSD2 and open finance permissions at the same time

• as open finance broadens to new financial sectors, new permissions could be added to the existing regime sequentially, reducing the burden on regulators and firms of additional regimes per financial sector

The importance of an independent standards body

The UK is 12 months or so ahead of Europe on open banking — this is evident when we look at the quality of user experience and overall conversion of open banking journeys.

This is largely because the UK had a competition initiative to develop a common API standard running at the same time as the implementation of PSD2.

This resulted in mandatory open banking standards being used to implement PSD2 by the 9 largest banks, overseen and monitored by an independent body, with oversight powers — the open banking Implementation Entity (OBIE).

This meant the banks serving the critical mass of UK consumers were compelled to build high quality APIs to an ambitious timetable, ahead of European banks.

We believe the OBIE is a UK centre of excellence for the development of financial sector API standards and an important safeguard to ensure open banking is working well in the UK.

The future of OBIE is now hanging in the balance, with UK Finance (the body representing UK banks) building proposals for its future.

We believe that OBIE should be repurposed into an independent, permanent open finance standards body, tasked with developing and overseeing the implementation of standards for the wider financial services industry.

This would:

• maintain a monitoring body for open banking

• ensure that learnings and expertise developed through open banking are put to use for open finance

• lead to a more equitable funding model for the industry because costs could be shared more widely among participants

Such a model has recently been proposed by the Kalifa Review of UK Fintech.

The Savings & Investment Alliance (TISA) seems well placed to take on a coordinating role for open finance. But it’s not an independent body with oversight powers like OBIE. Because of this, although TISA has been running an Open Savings & Investment Pilot since January 2019, it has not yet resulted in progress towards APIs to enable third party access to investment data. This is likely due to reticence from investment platforms to participate in the voluntary work.

This supports the case for an independent standards implementation body to be tasked with open finance.

2. Introducing interim requirements for open savings to maintain momentum

It would be easy for any authority to be overwhelmed with the enormity of implementing ‘open finance’, much less extending open data principles across multiple other areas. Where to begin?

We believe that the broader Smart Data initiative will take a number of years to be developed and implemented between 2021–2023. Work to migrate the UK’s open banking infrastructure to a permanent body will also take a long time.

While this is happening, the Treasury, CMA and FCA should maintain the momentum of open finance by introducing interim measures to complete open banking and extend it to open savings.

What would this look like?

• In early 2021, the Treasury and FCA should extend the requirement for read/write API access to retail bank savings accounts

• The Treasury and FCA should support the work of OBIE to develop variable recurring payments (VRP), to enable open banking payments to compete with cards and direct debits

• The Open Banking Implementation Entity should be maintained beyond its current roadmap to develop the open savings and VRP standards

In its January consultation, the FCA proposed to mandate APIs for access to personal and SME ‘current accounts’ where APIs have not already been built. These same powers should be used to quickly realise the interim measures above.

3. Incentivising data holders to develop well performing APIs

While we believe that APIs need to be mandated for open finance, these APIs don’t necessarily need to be free, as they are with PSD2.

A lesson of PSD2 has been that when banks are asked to build and maintain APIs for compliance reasons, rather than because they are revenue generating, the quality and reliability of the APIs suffer.

It’s important that data holders understand that APIs are not purely a compliance exercise, so that they build API infrastructure to a high quality for commercial use.

It’s also important that data holders have an incentive to maintain those APIs to a high standard, so quality services can be built by third parties connected to them.

We support the idea of developing open finance as a revenue sharing model between data holders and third party providers.

There is already work to consider such a model in the SEPA API Access Scheme Working Group, overseen by the European Central Bank.

Strong safeguards will need to be put in place to ensure data holders cannot exert overdue control over price and that access to APIs remains proportionate and non-discriminatory.

Conclusion

The fast track to open finance lies in reusing successful elements of the UK’s Open Banking regime, putting interim measures in place to maintain momentum, and ensuring there are incentives for the institutions opening up access to data.

The UK is well-placed to deliver open finance, showcasing yet again how to empower consumers through technological innovation.