Brendan Jones, co-founder and CCO at Konsentus, discusses learnings from the early adopters of Open Banking and the importance of correctly balancing standards, governance, and regulation.
It is now over five years since the revised Payment Services Directive (PSD2) came into force in Europe and introduced a regulatory framework for Open Banking.
Despite clearly laying down the scope, there were major challenges with the regulation from the start. Participants were told what to do but not how to do it.
Whilst it cannot be denied that great progress has been made, in both the UK and the European Economic Area (EEA), by shining a light on some of the learnings from these markets, other jurisdictions can now easily create the appropriate conditions to set up safe and secure vibrant open ecosystems.
Regulation is important in setting out the scope and entry criteria. It enables participants to be qualified and to understand the operational boundaries. But regulation does not set out the rules and standards about how participation should take place, what the rules of engagement are, what to do when things aren’t working as they should, or how remuneration for participation in the ecosystem is fairly distributed.
PSD2 was very narrow in its definition. It was focused purely on ‘payments accounts’ so, in reality, was limited to debit accounts via an online interface. This was largely due to the regulation being written at an inter-bank level rather than the end-user experience being the driver of the legislative agenda.
In contrast, the UK, despite having a narrow regulatory definition, (i.e. Consumer Current Accounts and Business Current Accounts), was able to benefit from a baseline set of rules and standards meaning that the banks had to conform to an agreed way of doing things. This created cooperation and a framework for the ecosystem in the UK to successfully operate under standard rules and procedures. It is this collaborative environment which paves the way for the operation of a successful ecosystem that meets market demand.
Regulation is about creating the foundations and a level playing field upon which standardised levels of service can be offered. If there is a market desire for value-added services to be built, via contract and agreement between data providers and data recipients, regulation should not preclude this.
It is then about creating the rules and standards to ensure a level of uniformity resulting in an efficient and smooth-running ecosystem. This is not just about API quality and availability but also about the guidelines and rules for participant onboarding, how ecosystem players can identify and trust each other, how to determine which services different entities can provide, and the processes for dispute resolution.
Without these common guidelines and standards, fragmentation occurs, trust in the ecosystem erodes and market adoption slows.
In the EEA, the use of different API standards, of varying quality and availability, resulted in third parties (TPPs) having to connect to multiple APIs to access end-user account data and funds. The TPP community struggled in the early days with many having to do single integrations with each of the banks which increased complexity and time to market.
Under PSD2, the rules around dispute processing are largely absent. There are also concerns about how customer data is ultimately being accessed by those outside of the regulatory umbrella. These are all questions and issues that can be addressed via a collaborative approach and guiding principles for those operating within the trust framework.
Creating the rules and standards themselves is complex. What is required and starting to be seen in many markets is the establishment of a central entity or scheme that creates and defines the rules that participating organisations sign-up to.
This entity does not necessarily need to be driven by the central banks or regulators but can be overseen by them instead. It can then take a collaborative approach and work with ecosystem members – whether they be data providers or data recipients – to ensure the standards, processes, and procedures created are what the market requires and can adapt them based on market needs.
This central entity may only require a lightweight organisational structure to ensure the market is monitored and that there is coordination and common implementation. However, its creation also plays a valuable role in removing complexity and fragmentation as well as creating a suitable environment for remuneration models to be set out and created, if required.
For an open ecosystem to be successful, education is key. This requires bringing together all industry practitioners to create clear, defined, and tailored messaging on the value and benefits of market propositions. Without this, gaining traction in the market will be difficult.
In both the EEA and the UK there was a failure in communicating the benefits of engaging in a secure open economy. Access to Open Banking services requires consumers to give permission to third-party organisations so that they can access account information or initiate payments on the customer’s behalf. In the past, consumers were always told not to share confidential banking information.
There is clearly a change in consumer mindset that must take place. They need to be educated that these new services, which use Open Banking rails, are secure and that sensitive log-in credential details are not being disclosed. Additionally, they need to be assured that they control the consent and access rights of these third-party organisations.
Last but not least, to understand whether an ecosystem is functioning as required, it has to be monitored.
Unless there is a central entity that can oversee the whole ecosystem it is very difficult to determine how successful it’s been. Are the participants adhering to SLAs? Are consumers engaged? Are the applications and use cases being used?
And lastly, are the policy aims being delivered? The UK and the EEA provide two very different examples. In the EEA, reporting is largely absent, and any data is anecdotal whereas, in the UK, the level of monitoring allows us to see how the ecosystem is performing and evolving as market needs change, at least for the top 9 banks.
It is only by understanding these different variables and how they inter-relate, alongside the stakeholder responsibilities, that a successful ecosystem can be created, implemented, and maintained.
Brendan Jones is co-founder and Chief Commercial Officer at Konsentus, a global RegTech company that enables financial institutions to transact safely and securely in the Open Banking and Open Finance ecosystems. A payments expert whose knowledge encompasses both traditional and emerging payment technologies, regulation, and their application to support trusted and secure open ecosystems, Brendan’s leadership career spans banking and financial technology companies.
Brendan has held director roles in the banking industry including MBNA and Bank of America. He has also held senior roles within the payments industry for companies such as Datacard and Giesecke & Devrient UK.
Konsentus powers trust in open ecosystems by enabling participants to interact with each other safely and securely. Our award-winning SaaS technology solutions provide a protected environment for data and funds to be exchanged in a reliable, consistent, and automated way. Safeguarding the customers of 500+ clients, Konsentus is operational across Europe and selected countries in Latin America, MENA, and South East Asia. Konsentus is ISO 27001 certified.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now