The European Commission is working on a legislative initiative, currently expected at the end of June of this year, for an EU Open Finance Framework. This follows more than two years of internal discussions inside the European Commission and a public consultation on the topic last year. The planned initiative is expected to come at the same time as the hotly awaited review of the EU’s second payment services directive – PSD2, which aims to fix all that is not yet working around banks allowing their customers the use of licensed third party providers (TPPs) for payment services.
With that, the European financial services industry has been on a path of opening up for some time now and this has also been enshrined in law with GDPR which says that everybody has the right to access and/or move their data to somebody else in a structured, commonly used, machine readable form. However, not surprisingly, incumbents often prefer to keep their customers’ data in silos for themselves and must be forced, by law, to unlock this data when requested by the customer. We’ve seen that with banks, and we’re likely going to see that within other sectors as we move forward.
The next stage is Open Finance, which will enable third parties to develop exciting new propositions on top of basic services that incumbents are offering, beyond payment accounts only. This will be quite disruptive, but this increasing opening up is happening in all industries and could be seen as an open API mash-up economy which essentially means all the application programming interfaces (APIs) from different industries are getting connected to provide new services. A simple example is Uber, which is basically interlinking four APIs: the user’s location, the driver’s location, maps and finally a payment API. Those four are mashed together to provide one service which has proved rather disruptive. This disruption has led to unexpected innovation as a consequence of digital transformation.
When you unleash the creativity of third parties the result can lead to quite interesting services. Open Finance presents great opportunities for consumers and businesses (not only fintechs) and for Europe as a whole. Indeed, an increasing number of banks are seeing the advantages of opening up.
Ensuring the right balance between oversight and leaving room for innovation is essential. Learning from - but not replicating - PSD2 (globally the first industry-wide opening) will be key. Opening up is difficult - for technical, security and business reasons - and the regulator has to strike the right balance between the stick and the carrot. Raising awareness is crucial when attempting to demonstrate to all parties involved, not just banks, the opportunities that Open Banking presents, such as creating new platforms and how to monetize APIs. There are also lessons to be learned from regulation where the stick simply isn’t working and enforcement is necessary, as some incumbents are preventing users from accessing their data or creating unnecessary obstacles because they believe they have an interest in keeping the data closed. In fact, ETPPA has documented some of the obstacles to access under PSD2, and it’s a long list (see here) so clearly there is a need for putting regulation in place for accessing data and GDPR is not enough.
It is important to note that, similar to Open Banking, here in Europe we are not starting Open Finance on a green field. We have already witnessed the existence of Account Information Services (AIS) for almost two decades beyond just payment accounts. Therefore, we should aim to build on this foundation and avoid taking any steps backwards.
Many of these AIS providers are members of ETPPA, and this is why we have worked on an Open Finance manifesto. We`ve also received additional input from some of the leading academics and industry practitioners around the world, to lay out basic principles for what we believe should be a light-touch regulation and a regime that will foster more innovation, not less. The manifesto calls for five core principles (below) to be included in any Open Finance Framework, and it is our hope that the European Commission (and maybe other regulators around the world who have taken impulses from Europe on PSD2) take these five points into account in their expected legislative initiative later this year.
Light touch horizontal regulation: payment accounts need special protection. This is where money is at risk directly, and it thus made sense to bring PSD2-TPPs under regulation and supervision, i.e., making AIS and PIS licensed activities. Other data should be accessible without heavy licensing (i.e., evidence-based regulation depending upon risk) since this could act as a disproportionate barrier to innovation. Horizontal principles for data access - that work across all sectors - are preferable to many individual vertical regulations for each sector;
Customer-centric model: an Open Finance Framework should not be about what the industry (i.e., data holders, TPPs, etc) should or should not do, but it should above all enable consumers and businesses to access and re-use their data in real-time as they see fit to empower a broad new range of products and services. Thus, customers must be in full control. GDPR principles such as access rights must be extended to non-personal data, and customers should not be hindered from using alternative service providers to automate that access;
Technology-neutral approach: Open Finance must take a technology-neutral approach to avoid over-complex prescriptive legislation and to allow future technologies and scenarios (who knows how technology will evolve). The continuation of existing open finance services provided by existing TPPs must be guaranteed and should set the minimum standard;
APIs first, but not APIs only: the development of well-functioning dedicated APIs ensures the best customer experience, but to avoid obstacles TPPs must have the choice between dedicated APIs and directly accessing customer interfaces (API-based or not) with secure identification mechanisms, based on the customer’s consent;
Level playing field between open finance and open data more broadly: open finance and open data should follow the same principles. This would then ensure that open finance providers could also offer services to their customers based on data held with other data holders in other industries.
Following these principles, we believe that two simple stipulations could build the basis of an Open Finance Framework, which would naturally extend to open data in general:
Data owners (both natural persons and legal entities) shall get free access to their data at any time, i.e., data holders must provide a customer interface for that purpose.
Data owners shall be allowed to automate that access by using software or a TPP.
With this, both data holders and TPPs would have the necessary incentives for the market’s self-regulation, i.e., to collaborate for minimising their cost and maximising their efficiency in providing their services. Data holders would be encouraged to use APIs as the basis for their customer interfaces, as they are more efficient and less costly for automated access. Most banks are doing this already today for their mobile apps.
Data holders already offering web interfaces may want to provide an additional API-based interface for machine-to-machine automated access, which could be done without regulation on a commercial basis, i.e., for a fee, as long as the abuse is disabled by allowing fallback to the customer interface.
ETPPA is continuing to build on this work and its Open Finance Working Group is open to potential collaboration from more interested parties. To find out more visit https://www.etppa.org/openfinancemanifesto.
Dr. Michael Salmony is an internationally recognised leader on strategy of business innovations in digital and financial services. He works with all stakeholders across the payments value chain and is board-level advisor to major international banks, industry associations (here as strategy adviser to ETPPA), regulators, and finance bodies across the world. For example with the World Bank in Central Asia, as Board Member of Fintech Africa, as Advisory Board Member to Mastercard in Latin America, etc. He lectures at global conferences and universities e.g. the Oxford Business School on 'AI in Fintech and Open Banking' and has published much own original work which has been extensively quoted and translated into many languages.
The European Third-Party Providers Association (ETPPA) represents the interests of TPPs independent of incumbents, arising out of the EU’s second payment services directive (PSD2) but is open to all TPPs from all industries. ETPPA’s current focus is on the review of PSD2 and the evolution towards Open Banking, Open Finance, and eventually Open industry more broadly.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now