Introduction
Many governments around the world have started their own open banking or open finance initiatives. However, some are more advanced in terms of regulations, standards and implementation than others.
All open banking initiatives share the goal of opening up account data to trusted third parties to drive innovation and improve customer experience. In all cases, APIs are used to provide the technical solution: to open up access to banking data.
Where countries and regions differ is in how they implement open banking standards, as well as the functionality and scope of the data that’s accessible through their APIs. For political, practical and regulatory reasons, no two countries or regions do open banking in quite the same way.
That’s why many global businesses who want to use open banking may go through a Third Party Provider who does a lot of the hard work in aggregating and maintaining open banking APIs and standardising access.
Open banking in Europe and PSD2
The Revised Payment Services Directive, otherwise known as PSD2, is a set of laws in the EU (an EU regulation) which aims to make payments better, faster and easier for consumers. It does this by setting standards for security and by increasing competition — and therefore innovation — in the banking market.
Under PSD2, payment service providers (such as banks) in the EU have to allow their customers to securely share their data with third parties. PSD2 has existed since 25 November 2015. EU countries had until 13 January 2018 to incorporate it into national law. It expands on the scope and reach of the original Payment Services Directive (PSD), which was introduced in 2005.
Unlike the Open Banking standards that are mandatory in the UK for the nine biggest banks, there is no specific technical standard that banks in Europe have to follow. However, a number of standards have emerged to make the transition to API-based open banking simpler: for example, XS2A, STET and PolishAPI.
TrueLayer was an active participant in the discussions to form these standards, and we have built our EU API connections in accordance with them. Since the standards in Europe are generally less prescriptive than the UK’s Open Banking standards, there is a lot of complexity in normalising bank-specific behaviour, even within the same standard. This is one of the reasons why TrueLayer’s clients use us, instead of building their own connectors to banks’ APIs.
Open banking in the UK
Open banking in the UK has been delivered by a number of different initiatives.
The Payment Services Regulations (PSRs) created the legal and regulatory framework for open banking in 2017. They brought PSD2 into UK law.
The Open Banking Implementation Entity is the company established by the Competition and Markets Authority (CMA) in 2018 as part of a competition initiative to develop an open banking standard for account access. The standard is being used by the nine largest UK banks (known as the CMA9) and some other banks to comply with the Payment Services Regulations.
Open banking in the UK began in earnest in early 2018, when the first of the CMA9 banks began opening up their account data as AISPs (Account Information Service Providers). PISP (Payment Initiation Services) followed later the same year. Since then, many more banks than the original CMA9 have signed up to open banking in the UK.
What is the difference between Open Banking in the UK and PSD2?
PSD2 requires banks to open up their data to third parties, but Open Banking in the UK requires that the largest banks in the UK do it in a standard way. For the nine largest banks in the UK, this is mandatory. Such standardisation makes it easier for businesses to access the data.
The UK has had a head start in open banking, thanks to strong regulation (Payment Services Regulations or PSRs) and a common API standard (Open Banking). The nine banks serving the majority of UK consumers were compelled to build high quality APIs to an ambitious timetable, ahead of European banks.
UK banks have delivered consistently on features like app-to-app and biometric authentication, which has led to a frictionless user experience. In the UK, open banking payments also settle in real time, using the Faster Payments network.
Open banking in Europe is 6–12 months behind the UK. The maturity of open banking infrastructure varies across the continent. This is because each country has its own way of interpreting regulation and setting standards. German banks, for example, typically use XS2A standards, while French banks use STET.
In markets like the Nordics and Germany, customer journeys are not too far behind the UK in terms of conversion rates. In markets such as Italy, on the other hand, there is still a fair amount of work to be done to improve user flows.
The approach we take at TrueLayer is to advise our clients on the appropriate countries in which to launch new products and services. We also identify the countries in which take-up might be slower, as the user experience is poorer. We provide constant feedback to banks and regulators to help them eliminate issues and improve reliability. As a result of this feedback, we are seeing fast progress in our active markets.
Open banking in Australia
On 26 November 2017, the Australian government announced the introduction of the Consumer Data Right (CDR). The aim of the CDR is to give consumers (both individuals and businesses) greater access to and control over their data. In the long run, this should promote competition and push for innovative new products and services.
The Australian government took inspiration from open banking in Europe, but went a step further. The CDR is not just intended for the banking sector, but will become an economy-wide data-sharing regime. After banking, the next target sectors are energy and telecommunications.
Since 2017, rules have been drawn up by the ACCC, one of the main regulators in the CDR regime. APIs have been built by the banks, with the “Big 4” delivering transaction APIs in July 2020. The first use cases have since gone live.
As in Europe, TrueLayer has been an active participant in the shaping of the Australian open banking ecosystem. There’s more work to do to make it easy for our clients to access data in this market. We are confident that regulation will evolve in 2021 to make it as easy as it is in Europe. TrueLayer is liaising with the Australian regulator to accelerate this process.
Open banking in Singapore and Hong Kong
The Monetary Authority of Singapore (MAS) and the Hong Kong Monetary Authority (HKMA) are known for their progressive, forward-thinking approach to the role financial technology can have in their local economies. It’s no surprise that both geographies are looking at open banking as a way to broaden choice and foster competition in their markets.
However, they are both taking a more market-driven approach to open banking than the UK. For instance, they have not mandated banks to provide APIs and they do not play a central role in certifying data recipients. Access to APIs remains subject to bilateral agreements between the banks and those seeking access, such as fintechs. APIs are also not standardised, although both the HKMA and MAS are looking into whether this should be facilitated centrally.
Even so, the regulators do influence their markets. In Singapore, for example, the regulator holds digital 'beauty contests' to ensure good user experience in open banking. There’s also the APIX initiative, an open exchange for know-how and solutions-sharing between fintech companies and financial institutions.
TrueLayer has been involved in conversations with the regulators in both Singapore and Hong Kong, and continues to monitor developments for opportunities to participate.
Open banking in Brazil
Inspired by Australia’s CDR, Brazil is taking a similar approach to open banking as both the UK and Australia. The Central Bank of Brazil (Banco Central do Brazil) has defined a high-level timeline and has set targets for data and functionality that must be provided via APIs.
The starting point is generic product information supplied by each bank, with no personal information shared. Over time this will expand into more sensitive transaction and account data. Finally, the central bank intends to look at Payment Initiation, the ability to instruct a bank to make a transaction from a bank account via an API.
TrueLayer is monitoring developments in Brazil and working closely with clients to determine the right time to participate in the local banking ecosystem.
Open banking in Japan
Regulatory intervention of open banking in Japan is primarily intended to make payments convenient and accessible, and to lower digital transaction costs. Japan is a heavily cash-based society even today, an area the regulator wishes to address.
Following a two-year consultation that began in 2015, the Bank of Japan (the central bank of Japan) amended its Banking Act to introduce a framework for so-called “electronic payment service providers”, along with a registry for third party providers.
The Banking Act also required banks to publish whether — and how — they would provide APIs and cooperate with electronic payment service providers. For banks agreeing to participate, the timeline for providing APIs was mid-2020. Bilateral agreements continue to be required, and banks do not have to provide free access to a specific set of information or functionality.
This means that uptake of open banking APIs in Japan has been relatively slow and opaque. TrueLayer has no current plans to offer services in Japan.
Open banking in the US
In the US, financial data-sharing has been active for some time. However, this has been implemented in a less technically-robust and secure way than with open banking APIs.
Traditionally, regulators have shied away from mandating banks to open up access to their data, but open banking is now being actively considered by the Consumer Financial Protection Bureau (CFPB). This process is likely to take at least two years to conclude, but at the end of that journey there may be mandatory open banking APIs, as is the case in the UK.
In parallel to the CFPB’s plans, banks in the US are quite forward-thinking when it comes to premium API strategies. Some US banks are partnering on a commercial basis with aggregators and corporate customers to enable easier sharing of data. TrueLayer is monitoring the US market carefully for opportunities.
A global perspective on open banking
It’s clear that there’s no “one size fits all” when it comes to open banking around the world. Some countries and regions have well developed open banking ecosystems, others less so. Some offer standardised APIs, others require one-to-one agreements and connections between banks and third party providers.
This complex landscape is unlikely to change in the near future. There are many reasons why different countries do things in different ways, including the level of regulatory pressure, market forces, local competition and even cultural perceptions of data protection and privacy.
TrueLayer is at the forefront of providing standardised APIs in all the regions in which it is active, and intends to remain there. Our APIs provide everything third party providers and merchants need in order to get up and running with new products and services, without the need to negotiate or laboriously resolve the quirks of each individual bank’s own API.
Contact our team for more information on how TrueLayer can enable you to build better financial experiences and integrate open banking payments and financial data into your app or website.