Open Banking has transformed the financial services landscape and led to more innovation in the past 5 years than in the previous 250 years. Now the UK is set to supercharge that innovation with a new phase of accelerated innovation and an explosion of capabilities.
UK Open Banking Today
We can’t talk about the future without first understanding the present, and how we got here. The UK initially led the world in Open Banking, embracing the EU’s regulation-driven approach and quickly transferring the 2nd Payment Services Directive (PSD2) into UK law via the CMA Order.
The CMA Order instructed the 9 largest retail banks across the UK to create a new independent organisation, the Open Banking Implementation Entity (OBIE), which would govern the creation of Open Banking technical standards across the United Kingdom. Whilst there have been controversies related to the OBIE, the adoption statistics are enviable, with more than 750,000 UK businesses now using open banking capabilities, and over 6 million UK consumers using open-banking for financial management and payment initiation.
A successful trial of Variable Recurring Payments (VRP) for sweeping cash into savings and investments accounts has also sparked the creation of exciting fintech products, but did not go far enough to replace, for example, direct debits and Paypal subscriptions.
Payment initiation capabilities represent a huge opportunity for consumers and businesses, taking payment networks out of the payment flow and allowing businesses to connect (securely, of course) directly to their customer’s banks to take payments; removing fee-charging intermediaries from payments will improve prices for customers and improve margins for merchants. VRP adds new recurring payment capabilities for merchants selling repeat products and ongoing services.
UK and European Proposals
In April 2023, the Joint Regulatory Oversight Committee (JROC), the group responsible for advancing innovation in the banking and payments sector in the UK, published a set of recommendations for the next stages of evolution for Open Banking.
In June 2023, the JROC published their roadmap for delivery and detailed the objectives of the plan.
Only a few days later, the European Commission published proposals to extend and enhance PSD2, creating PSD3 and introduced a new Payment Services Regulation (PSR), which will regulate and standardise Open Finance across the bloc – solving one of the main problems of PSD2: inconsistencies between member-state implementations.
The EU are also moving towards the introduction of a Digital Euro, to enable new payment options for an increasingly digital economy.
I’ll cover PSD3 and the PSR in another blog.
UK Open Banking Roadmap Goals
The 5 high level objectives of the new UK Open Banking roadmap are:
- levelling up availability and performance – ensuring ASPSP (bank) APIs are effective and reliable
- mitigating the risks of financial crime – enabling sharing of fraud data between regulated parties
- ensuring effective consumer protection if something goes wrong – improving the dispute process and giving consumers new options for redress in the event of fraud
- improving information flows to third party providers (TPPs) and end users – standardising information and data (including error messages and statuses, particularly statuses related to payment processing)
- promoting additional services, using non-sweeping variable recurring payments (VRP) as a pilot – this also includes commercial, chargeable services on top of the basic open banking standards that ASPSPs need to offer
In addition, a programme of work covering all these themes including the replacement of the OBIE with a new oversight organisation and introducing new guidance for commercialising ASPSP-provided functionality above and beyond standard open banking APIs to make open banking opportunities fair and equitable for all involved, including banks.
In addition to these functional goals, the new roadmap calls out several key non-functional objectives intended to govern the quality attributes of open banking across the sector:
- reliable – meeting availability and performance benchmarks
- resilient – can continue to operate within benchmarks even when traffic increases (scalability)
- efficient – inexpensive to operate and environmentally sustainable
- consistent – standardising some of the variability in existing open banking implementations (e.g. error messages)
What’s in it for Banks?
Open Banking can easily be framed as a threat to banks. For years, centuries in many cases, banks have worked to acquire and jealously protect the money and data of their customers. Open Banking regulations have forced banks to open up their data and payment initiation mechanisms to anyone with a web browser (and an FCA registration).
The CMA Order forced the biggest 9 banks to implement and offer Open Banking APIs for free, with many not seeing a net positive return on the work. The new roadmap seeks to address this inequity for banks and in June 2023, the JROC published pricing guidelines for premium APIs offered by ASPSPs.
Premium APIs are those offering functionality above and beyond the standard account information, payment initiation and fraud information sharing capabilities mandated by the CMA Order and new JROC roadmap. This may include novel payment features on top of basic payment initiation and VRP, and curated data sets to assist with B2B workflows such as KYC or aggregated account trends.
Open Banking in the UK is an extremely exciting area and the roadmap opens up new possibilities for TPPs, AISPs a ASPSPs alike.
The banking industry will look very different again in 10 years time as the full effects of PSD2 flush through laggard banks and the large number of fragmented fintech companies shake out to a smaller number of players who dominate slices of the market.
We also mustn’t take our eyes off Big Tech who could disrupt the entire economy with the introduction of a new iPhone payments feature or Amazon digital coin. The only way for Apple to continue growing is to start invading other industries, with finance, healthcare and education being among the few large enough to offer enough growth potential.
Meanwhile, the JROC are currently working on measuring the performance and reliability of existing ASPSP APIs and will report on any regulatory changes that are required to improve these qualities. This includes work in Q3 to review how well implementers have adhered to the OBIE standards, potentially leading to a consultation around better error handling, messaging and statuses.
In 2023 Q3, the committee are collecting open banking-related fraud data from financial institutions and again will report on any new regulations required to improve consumer outcomes related to fraud and dispute resolution. It is highly likely that a new standard for sharing open banking-related fraud information between financial institutions and even across TPPs will be implemented.
There is untapped potential for insurance companies and lenders to use bank-held data to better assess risks and viability of customers, and access to fraud-related information will help to reduce losses.
Given the proliferation of access to customer data, new rules need to be drawn up for online gambling companies to better assess affordability, with strong protections being introduced to minimise harm.
One of the most interesting initiatives to watch out for in Q3 is the publication of the framework and plan for non-sweeping VRPs. The impact this could have on direct debits is enormous – putting more control in the hands of consumers, but at the same introducing new failure demand for businesses who might see disgruntled customers switching off their cash-flow.
This is an area of keen interest for me so stay tuned and I’ll you updated.