by Dave Tonge, Chief Technology Officer at Moneyhub
Open Banking has been one of the biggest shake-ups of the financial services sector in recent history. The changes aim to put customers back in control of their data and reset how consumers and businesses engage with their finances. The new legislation ‘opens up’ the sector for third parties to transform the way they connect with larger financial service providers, acting as a catalyst for change across the financial services sector and stimulating competition.
The utilisation of data will provide huge opportunities for innovation while also giving businesses the chance to play a more central role in the relationship between a customer and their finances. To fully realise the potential of Open Banking, businesses need to be agile and responsive and also understand the knock-on implications for legal services. Understanding the role and secure nature of the data at its heart is key.
Open Banking is promoting the adoption of stricter and more modern systems architecture across the financial services sector. PSD2 creates a new category of regulated provider – the third party provider (TPP) of which there are two types. The first is Payment Initiation Service Provider (PISP) i.e. a company that will be able to initiate payments, while the second is an Account Information Services Provider (AISP). The latter uses access to the data to facilitate other services. Both require authorisation by the Financial Conduct Authority (FCA) in the UK and explicit consent from the customer to make the payment or use the data. It is also possible for one company to be both a PISP and an AISP. Existing banks, e-money issuers, payment institutions, referred to as Account Servicing Payment Providers (ASPSPs), may decide to also become TPPs.
Under the new regulations, AISPs will have their data and security controls assessed by the FCA and only those deemed competent will receive authorisation. But as it stands today, only 22 firms will have successfully gone through the process and received AISP approval from the FCA by the deadline given to the CMA9, the big nine UK banks, to open up their APIs. Moneyhub is one of this exclusive group.
Many existing third party providers in the industry had pinned their hopes on their legacy data aggregation partner receiving authorisation, enabling them to circumvent the need to get authorisation themselves. However, this has not proved reliable so the importance of being regulated has increased dramatically since Jan 13th when PSD2 and Open Banking legislation came into effect.
In the short term, some are using grandfathering rights to continue to screen scrape data until the 2019 deadline. However, third parties will not have access to banking APIs until they are regulated as AISPs. Screen scraping is also the least effective way to gather financial data, and ideally should be the last resort rather than first choice. Instead, it is APIs that provide the most reliable and up-to-date service that can be offered to customers. In addition, it is worth noting that when banks make their API available, they are able to withdraw access to screen scraping altogether.
For those that understand data aggregation and in particular payment initiation services are core to their business, being regulated is essential. However, for many businesses there are a vast array of opportunities unlocked by Open Banking where partnering with an AISP or PISP third party is sufficient. For example, credit decisions, income and expenditure analysis, income validation, building internal fraud detection and internal market intelligence.
Identifying and partnering with regulated third parties is the key to seizing the market opportunity created by the Open Banking revolution.