Francesco Simoneschi, CEO and Co-Founder of financial API provider TrueLayer, discusses whether security concerns surrounding Open Banking are justified
The UK has just undergone a seismic shift in how its financial services operates thanks to the advent of Open Banking. The new rules give consumers the freedom to allow financial data held by their banks to be shared with third parties of their choosing. Although we are just at the beginning of the journey, the destination will be a boom in a choice of services and products, improvements to customer service, more much needed competition and a reduction in prices. Associated with that will be high growth in the fintech sector, new challenger banks and a need for existing financial institutions to raise their game.
In short, Open Banking and its EU sister legislation PSD2 are good news. However, if you have read any of the recent media coverage, you would be forgiven for thinking it represents a clear and present danger to data security. Specifically, numerous scare stories have been written about the risks of hacking and fraud linked with third parties gaining access to data. For the most part, these risks have been hugely overblown and, in some cases, the arguments used show a complete misunderstanding of how Open Banking and PSD2 work.
First, it’s important to recognise that consumers need to explicitly provide permission to a third party for that company to access their data. This is not a free-for-all of companies tricking people into handing over their most sensitive information. Access is granted through an Application Programming Interface (“API”) that is made available in conjunction with the banks, and is compliant with EU and UK regulatory and technical standards.
The second major consideration is that companies directly handling financial data under Open Banking are strictly regulated by the FCA. They essentially need to gain a license. TrueLayer has just completed this process after months of rigorous security and governance checks. We can now offer access through APIs to data (“AIS”) and payment initiation (“PIS”). Only a handful of licenses have been granted so far because of the complexity of the process and the high level of security required.
To put this another way, the companies that would deal with financial data in a way that, if they were hacked, the information would provide any value, are regulated to the same standard as a bank such as Barclays or HSBC.
It would be naive to fully dismiss all security concerns. Indeed, no system is completely foolproof as we are reminded of on a near daily basis. Consumers still need to exercise caution and common sense, and businesses need to act responsibly and ethically. However, viewing Open Banking through the lens of how data is currently shared and used in other industries that have been subject to hacking, poor governance or lax security, is wrong.
The misplaced focus on security concerns has simply obscured the great potential of Open Banking.
Businesses and consumers will soon gain access to services that will make their life a lot easier. On a basic level, this could include services to vastly increase access to credit – going far beyond what is currently available today. Price comparison sites will soon become the norm – doing for financial products what has already happened for hotels and flights. More complex finance management tools will be built. Printing out bank statements to prove your identity or earnings will soon seem quaint and arcane as companies can simply confirm these details with a click of a button. Undoubtedly, by creating new opportunities for direct bank payments, competition and consumer choice will increase, especially in the credit card market. The list goes on and on and, undoubtedly, will include game-changing technology that completely revolutionises how we all deal and think about money.
‘Disruption’ is an overused term but it is apt for Open Banking. These regulations genuinely lay the groundwork the financial industry to be completely disrupted. The playing field between Silicon Roundabout and the City of London has been levelled. Fintech companies can now directly compete with legacy institutions. This could have profound implications for banks – they may turn into hubs for innovation or simply become the ‘pipes’ through which data flows. It could be the spur that allows the tech industry to take over the financial industry as the most important sector in the UK economy. This will have profound political and economic implications.
The only headwind is, as is the case for most new technology, fear of the unknown. In this case manifested as security concerns. The onus is on the fintech industry to directly address these issues and treat security as a top priority. In time, when consumers and businesses realise the value of these new services, Open Banking will be considered one of the most important initiatives of our generation.