Europe made the first steps toward open banking with open banking regulations in the UK and PSD2 for the European Union. As a first mover, the EU introduced PSD2 to increase competition in a payments sector dominated by a few big payment service providers and credit card schemes. Taking Europe as a blueprint, other jurisdictions are now using open banking as an accelerator to meet their own specific goals.

Some of the most prominent regulations globally include:

• PSD2 in the European Union: APIs to be provided starting September 2019 for account information and payment initiation, confirmation of funds (see my blog)
• CMA Open Banking in UK: APIs on ATM locator and product information since 2017, and for account information and payment initiation since 2018 (see my blog)
• HKMA Open API in Hong Kong: Rolling out APIs in a phased approach, firs on product information by end of 2018, on new product applications by 2019 (see my blog)
• Australia Treasury Open Banking: beginning July 2019
• Other countries in Asia Pacific (e.g. Japan, Malaysia), North America (e.g. US, Canada) and Latin America (e.g. Brazil, Mexico) are currently investigating open banking regulations.

Regulators have different reasons for pushing for open banking in their markets, but the main motivations generally include a desire to:

• Increase competition and reduce cost: Fees and charges for loans and credit cards may be reduced as consumers have the ability to compare products, improving price transparency and promoting the rise of new competitors (as with the HKMA Open API regulations and PSD2 in Europe).

• Foster innovation: Innovation is a competitive advantage for a market, and helps it keep pace with other regions with fintech innovation (Singapore and HKMA).

• Address consumer rights: Customers are the owners of their financial data held by the banks and have the right to share their data with other third party providers, TPPs (e.g. in Australia).

In some cases, the regulations are moderate and favor the banking industry, while others more aggressively favor competition, which could potentially threaten banks’ existing business models and revenues. There are multiple levers that regulators can use achieve their specific goals, including:

Target group: Who is regulated? Usually banks are required to open up their networks – in some cases all banks are in scope (e.g. PSD2), while in others the target is a selected set of banks, e.g. Tier-1 private banks (CMA UK Open Banking, HKMA Open API).

Product scope: What banking products are targeted? Regulations can touch just one type of product, such as payment accounts (CMA UK Open Banking, PSD2); customer insights, such as credit scoring (Australia); or even several products, such as credit cards, mortgages, loans, stocks (HKMA Open API). The more products are affected, the more banks will have to find strategies to defend their existing business or take a leader position by innovating themselves.

Use cases and access types: What type of use cases and access operations can be performed on the regulated products? Some use cases are "read only" – providing access to product and transaction information (HKMA Open API, CMA Open Banking), or customer insights, such as credit scoring (Australia). Banks could lose their role as the trusted gate keeper for customer, particularly in markets where the regulations require banks to open their networks to allow third parties  to initiate transactions, for example  a payment on a current account (PSD2, CMA Open Banking UK), or the ability to open a new credit card account or purchase stocks through a TPP (HKMA Open API).

Cost of usage: What are the cost for TPPs to use the APIs? Most regulations require banks to open up access for free, with PSD2, CMA Open Banking UK and Australia allowing TPPs to use APIs free-of-charge. In such cases, banks need to find to monetize open banking, perhaps by offering services to third parties at a fee. HKMA, for example, does not define pricing – a model that could help banks identify and build new business models.

Level of openness: Who has access to the APIs? PSD2 and CMA Open Banking UK allow TPPs to register with the authorities once and gain access to banks’ APIs without any contractual agreements or bank-specific registration processes. In contrast, HKMA Open API benefits banks by allowing them to remain as the gatekeepers of the customer relationship and data (at the moment), and allows banks to choose what TPPs they wish to collaborate with.

Level of market involvement: Who is involved in designing the regulation? Market involvement can be moderate (PSD2), with market consultations to gain and incorporate feedback, or even more inclusive by involving fintechs (CMA Open Banking UK). HKMA have involved banks from the beginning to enable a more bank-friendly approach and take their concerns and ambitions into account.

API standards and infrastructure: Who is designing API and security standards and building the central infrastructure for the market? This question is vital to the success of any open banking ecosystem. Regulators tend to leave it to the market to come up with API standards for different use cases and the central infrastructure. The PSD2 regulator asked banks to use industry-wide recognized standards – but what does that mean? Multiple standardization initiatives, such as Berlin Group's NextGenPSD2 and ERPB's API Evaluation working group on PIS, were created, but they are not legally binding. On top of this, central infrastructure that adds value to the ecosystem is either not clearly mandated or does not satisfy the needs of the ecosystem (such as EBA register under PSD2). This could lead to fragmentation of standards and directory services. CMA Open Banking UK has formed a dedicated company called the Open Banking Implementation Entity (OBIE) that is responsible for one single API standard, central infrastructure and governance. Overall, there are either centrally mandated initiatives designing standards and infrastructure with working groups mandated by the regulator, or the regulators leave it to the market to come up with a workable solution for all stakeholders. While both approaches have their advantages, it can be beneficial for regulators to coordinate and mandate binding working groups for critical design aspects of the ecosystem. This will provide banks with legal clarity and reduce design and implementation costs.

How should banks act now?

As open banking rolls out worldwide, regulators are watching developments closely to learn best practices and implement a regime that will best meet its goals. However, too much regulation could threaten banks’ revenues and jeopardize their financial stability – which is not in regulators’ interests. The art of open banking regulation is in finding the right balance between regulation and market dynamics. However, banks in both regulated and unregulated markets should join forces now to take the lead in self-regulating rather being forced to act. By doing this, banks can remove the need for regulation – and ensure they play a more proactive and pivotal role in the inevitable move to open banking.