Connect with us
Our website publishes news, press releases, opinion and advertorials on various financial organizations, products and services which are commissioned from various Companies, Organizations, PR agencies, Bloggers etc. These commissioned articles are commercial in nature. This is not to be considered as financial advice and should be considered only for information purposes. It does not reflect the views or opinion of our website and is not to be considered an endorsement or a recommendation. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third-party websites, affiliate sales networks, and to our advertising partners websites. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish advertised or sponsored articles or links, you may consider all articles or links hosted on our site as a commercial article placement. We will not be responsible for any loss you may suffer as a result of any omission or inaccuracy on the website.


Regulatory oversight threatens to undermine potential of Open Banking

Regulatory oversight threatens to undermine potential of Open Banking

Matt Cockayne, VP EMEA Envestnet | Yodlee

The central intention of PSD2 was to define common standards across the EU, and get rid of bilateral agreements.

The ‘nirvana’ that is painted as the end result of Open Banking is a world of increased competition beyond banks, a complete overhaul of the assumed value chain and business models, and customer satisfaction with real-time, personalised banking products, as part of an experience designed around them.

So far, so good. However, differing interpretations of Open Banking across Europe threaten to stall its progress, limiting FinTech innovation, and undermining the consumer confidence that will be critical for the new framework to have its desired impact.

Standing alone 

It is noteworthy that the UK is the only nation of all the EU member states to have an Open Banking Implementation Entity. Meanwhile, countries such as France and Ireland – who have made no secret of their desire to take advantage of Brexit to try and lure British businesses across the channel – have written PSD2 straight into their rulebook. This is a significant competitive play, and will be attractive for innovative FinTech firms looking to take advantage of Open Banking APIs to provide new services – without the extra layer of complication that the FCA has added in the UK.

Financial Conduct Authority– a regulatory oversight 

It goes without saying that this new landscape will bring more and different types of businesses into the ecosystem. One such business type is an AISP (“Account Information Service Provider”)– a business which, with a customer’s consent, provides account aggregation services across different banks, giving consumers a single view of their payment accounts in one single portal.

The FCA has decided to use a much more restrictive definition of an AISPthan had been previously set out both by the European Union institutions under PSD1 and also by HM Treasury in The Payment Services Regulations 2017 – and a definition which is at odds with that used across other EU member states.It stipulates that only consumer-facing companies can be defined as an AISP. This means that data aggregators, which supply these FinTech apps with data are not regulated, despite the vast amounts of consumer-permissioned data they handle and have access to.

In addition, the Open Banking Implementation Entity (OBIE) only allows companies registered with the relevant regulatory authority (the FCA in the UK), to directly access Open Banking APIs in the long-term. Without this direct access, third party providers must register such companies as their ‘outsource provider’ so they can gain access to the Open Banking APIs indirectly. This decision and process has surprised many within the Third Party Provider community, who have generally expected that the aggregators would be subject to regulatory oversight.

Liability questions will undermine confidence 

The FCA’s failure to regulate this swathe of the market has a range of possible consequences for the consumer. With 10,000 new people each week using apps that are enabled by Open Banking, it’s a major concern that – in the event of a data breach with an aggregator – consumers would not be able to hold that company liable. Instead, they would be entirely dependent on any provisions included in the liability agreement between the FinTech applications they use and the unregulated aggregator where the breach took place.

Consumer confidence and trust in the Open Banking initiative is the backbone of the success of the entire initiative. Needless to say, this regulatory oversight brings the potential to undermine this. If a significant data breach were to take place and consumers were denied adequate protections, it is difficult to see Open Banking – and the services it enables – becoming widely adopted. The data sharing aspect of Open Banking is already a primary concern for consumers – recent research by Accenture found that 85% of those asked said the fear of fraud would put them off sharing data, and 69% said they would not share financial data with businesses that were not banks.

Calling for regulatory reform

With this in mind, it is our collective industry responsibility to ensure that any loose links in the chain are ironed out. The FCA has already proposed some revisions to the regulation, though have so far missed the opportunity to extend the definition of an AISP to include non-consumer facing data aggregators.

Among the original objectives of PSD” were to “make payments safer and more secure” and to “protect consumers”, while Open Banking promised to ensure that customers can “share their data securely.” We have to ensure that there are the dispute resolution mechanisms in place to guarantee that consumers will be protected and made whole in the event of an aggregator breach. Without holding true to this, we fail the potential of the concept, and most worringly, consumers.

Global Banking and Finance Review Awards Nominations 2022
2022 Awards now open. Click Here to Nominate


Newsletters with Secrets & Analysis. Subscribe Now