Open Banking - are you doing enough to protect your customers?

Mike Woods, the CEO of Konsentus, addresses the issue of protecting customer data in the context of Open Banking, providing valuable insight into how PSD2 helps TPPs thrive and gain trust in this environment

For the last two years, the UK has set the pace in Open Banking across the EEA with the aim of driving safe, secure, and frictionless data exchange between end customers, financial institutions, and third- party providers (TPPs).

However, with the implementation of PSD2 Open Banking on 14th September 2019, which mandates financial institutions to allow regulated third parties access to customer transactional account data (provided customer consent has been given), adoption across the rest of the EEA has accelerated. 

The growth of TPPs

Over the last twelve months, the number of TPPs approved to provide services has more than doubled, with the total number reaching 399 at the end of August 2020. The UK accounted for 51% of all TPPs a year ago, but its share has reduced due to recent growth in Sweden, Germany, the Netherlands, and France which today account for 24% of the total number. 

At the end of August 2020 there were only three countries in the EEA without a ‘Home’ regulated TPP, a year ago this number was nine. There are some countries with an absence or low number of TPPs, but this doesn’t necessarily mean that customers in those countries are disadvantaged when it comes to accessing innovative Open Banking products and services – far from it. 

We reported that at the end of June 2020, every country in the EEA had at least 55 TPPs approved to provide services due to passporting ‘rules’ - meaning that these TPPs can provide their products and services to customers across multiple jurisdictions. At the end of August 2020, that number had risen to 70.

Whilst this brings tremendous benefits for the end-user, this should raise a flag for financial institutions.  No longer are due diligence processes limited to any one country, language, or regulator. Suddenly it’s become paramount to have a real-time pan-EEA view of all regulated entities so customer data and financial information can be protected, and the Open Banking ecosystem can operate as intended, in a secure way.  

Are Open Banking API calls increasing at the same rate?

As we’ve seen with the UK leading the way in the growth of third parties being approved for services, the UK is also the barometer when it comes to the number of Open Banking transactions. In September 2019, Konsentus estimates that the UK was experiencing 173 million Open Banking API calls per month*. That monthly figure could be 2.7 billion if the Open Banking adoption rate reaches 10% by December 2022**.  

As with TPP growth, other countries are following the UK’s lead. Taking a realistic 10% Open Banking adoption rate**– Germany, France, and Italy could all exceed monthly API calls in excess of 1 billion by December 2022. Germany would hit 1 billion calls by December 2021, France by June 2022, and Italy by August 2022. 

If levels reach these volumes, automated risk and fraud prevention tools are critical. 

So, what are the risks and how can these be avoided?

With a steadily increasing number of TPPs and API calls following the same upward trajectory, what are the risks for those involved? For the customer, the risks are low. However, for financial institutions the risks are high – and it’s complex and time-consuming to identity these third parties, check they’re authorised to provide the services being requested, and to find the relevant passporting information. All this needs to be determined at the time of the transaction request.

To verify a TPP’s identity and know its latest authorisation status, there are over 115 databases and registers from across the EEA to access. Knowing how to interpret and standardise the data presents additional issues. Different languages, duplicated entries, and missing information are just some of the issues that need to be taken into consideration. And, if there is a disputed transaction or issue the Financial Institution is liable. 

All this points to the need for real-time, on-line checking solutions so data security and trust in the Open Banking ecosystem can be maintained – without them customer confidence and loyalty will be lost. 

*This figure refers to the whole UK market, not just the CMA9 Banks

**For further information on Konsentus’ look at API rates based on different adoption rates and the methodology used, see ‘Open banking API calls – what lies ahead?’ 

The editorial was originally publihed in Global Open Banking Report 2020, which follows the journey from Open Banking to Open Finance and Open Data Economy and provides key insights about the benefits of Open Finance for different areas of financial service.

About Mike Woods

Mike Woods, CEO of Konsentus, has significant Board-level experience in financial services and the corporate world, including being a director at NatWest Bank and Royal Bank of Scotland. He also founded and was CEO at Aconite, a global payments technology software company.

About Konsentus

Konsentus is a RegTech company providing confidence in the Open Banking ecosystem. Our award-winning SaaS solution, Konsentus Verify, protects financial institutions and their customers from open banking fraud and risk by ensuring account access and data is only ever given to legitimate and regulated third-party providers (TPPs).