Open Banking year two: Insights from the CMA9

The financial services industry was forced to endure a steep learning curve with the launch of Open Banking in 2018, but what followed the one-year anniversary of the UK’s experiment? Here’s a review of Open Banking’s second year. What worked? What didn’t? And what’s next?

  28 7 comments

Open Banking year two: Insights from the CMA9

Editorial

This content has been selected, created and edited by the Finextra editorial team based upon its relevance and interest to our community.

After establishing a springboard for a possible revolution in retail finance, the following months started to show market-defining transformation with banks leveraging the opportunities that Open Banking offered to champion transparency, serve new demographics of customers and enable other regions to implement similar disruptive programmes.

However, in line with the events of 2018, while financial players delivered with application programming interfaces (APIs) and complied with standards put forward by the Competition & Markets Authority (CMA), deadlines continued to be missed and extensions had to be put in place, as shown with Strong Customer Authentication (SCA) in 2019.

In February 2019, the Open Banking Implementation Entity (OBIE) published operational guidelines to provide clarity and recommendations to financial institutions – Account Servicing Payment Service Provider (ASPSPs) – on the regulatory requirements for a dedicated interface, as set out in PSD2, RTS, EBA Guidelines and FCA Approach documents. Here’s what followed and what some members of the CMA9 have to say about their experience of Open Banking in 2019.

What happened in 2019?

In early 2019, it was announced that Lloyds Banking Group had joined the Open Banking scrum and allowed its customers to see their current accounts from other providers from within its app.

Steve Smith, customer development and innovation at Lloyds, also highlights in conversation that the bank was “the first to market to release Credit Card and Savings aggregation in our mobile apps in all three brands, Lloyds, Halifax and Bank of Scotland, using Open Banking.”

Smith continues: “We believe that we have entered the new Open Banking world from a position of strength, and we will be there to help our customers take advantage of Open Banking as it continually develops.”

In a similar vein, Danske Bank’s chief digital officer Søren Rode Andreasen says that the CMA9 bank’s focus was on using Open Banking to meet the needs of retail and business customers and developing solutions accordingly.

“For personal customers, we have expanded the open APIs to include all Danske Bank personal current accounts, online instant saving accounts, and credit cards. We have also enabled our customers to add accounts from other major banks directly into Danske Bank’s Mobile Banking app. I believe it is important that our customers can get an overview of their entire day2day financials.”

He goes on to explain that Danske have also experimented with more innovative such as automated switching of subscriptions, but demand for such solutions and Open Finance remains limited.

“We are still monitoring Open Banking adoption, but for now we are holding back until consumers get more comfortable with Open Banking and there is an increased demand for it.

“For Business customers we have expanded our APIs to include all business current accounts and MasterCard corporate cards. We have focused on integration with cloud-based accounting systems, as this was the most requested feature from our customers,” he adds.

Chris Jones, chief product officer for Open Banking for Nationwide, summarises that “the priority in 2019 was the delivery of a large number of demanding regulatory requirements to meet PSD2 and the Open Banking CMA order.”

However, he continues to say that as “consumer uptake remains limited,” propositions which create significant consumer demand are still reaching maturity. It will take time given the amount of change that has happened, and is still happening, for propositional value to flow through.”

Following footsteps vs. learning from mistakes

How did the UK’s open banking experiment progress? What changed in 2019? What direction did the FS industry take? Are other countries following in the UK’s footsteps or learning from the UK’s mistakes?

Andreasen explains that the UK took a regulatory approach to Open Banking and were at an advantage because banks were asked to agree on a standard. However, as he explains, this was not a simple task as one approach needed to be agreed across many stakeholders with different underlying platforms, data models and security approaches.

“It simply took a lot of time to analyse and agree on the most optimal solution. TPPs, regulators, and banks all have different objectives, ambitions, and concerns that needed to be balanced. Ease of use needed to be balanced with security and fraud concerns. Trust in the financial industry and the resilience of the sector are important elements that need to be maintained.”

He goes on to say that other countries are taking a less restrictive approach to API design and in many cases have not defined a regulatory standard, but this has not stifled innovation.

In an interview at Money20/20 Asia 2019, John Stecher, chief innovation officer at Barclays, highlighted that “open banking is one of the most transformational things that has happened in the industry, especially in the retail space.

“Open banking is not just going to make it easy for you to access your information in one place, it will unlock a host of new fintech and banking products that will come to market. These will rank from what you see today with spend analysers to intelligent agents that actually manage your money and make it go further than it does today because it can always be looking for opportunities for you while you’re enjoying life.

“We’ve only seen inning one of this new game of open banking and it’s critical we all heavily apply the lens of privacy and data security,” Stecher said. Despite teething problems, were the initial signs encouraging? Did banks up their game in the face of strong competition from innovative third-party products and services?

In April 2019, Imran Gulamhuseinwala, implementation trustee of the OBIE, told Finextra that: Two years ago, Open Banking was regarded by many as a typical compliance exercise championed only by a handful of fintechs - more tech spend driven by compliance rather than business case or customer need. This is no longer the case. Banks have very firmly moved from viewing Open Banking as a compliance exercise to an opportunity to compete and innovate.”

“Open Banking is not happening simply because the regulators are mandating it - it is happening because there is a commercial opportunity and because there is an opportunity to make the financial infrastructure of a nation more efficient, more flexible and serve customers better. We are looking forward to the opportunities it will bring across the economy and society as a whole.”

Soon after this, the OBIE announced the publication of the latest Open Banking Standard, which includes the following enhanced functionality:
- Proposition P2 (Two-way notification of revocation) to allow ASPSPs to notify Account Information Service Providers (AISPs) in real-time via a web-hook whenever a customer revokes access to their account.
- Proposition P8 (Trusted beneficiary exemptions under SCA) to allow ASPSPs to accept a payment initiation without Strong Customer Authentication for PISP payments to a trusted beneficiary.
- Proposition P9 (Status of payment) to allow ASPSPs to provide more detailed and meaningful payment status back to the PISP, beyond just initiation.
- Proposition P22 (Corporate Accounts) to cater for accounts where more than one person needs to authorise account access.

Evolution from AISPs to PISPs

Despite SME lender Growth Street calculating that the UK's Open Banking revolution was being hampered by outages that banks have been taking weeks to fix, the growth of Payment Initiation Service Provider (PISPs) will see payments likely bypassing card networks.

Yapily’s chief commercial officer Matt Cockayne believes that “momentum has been driven by AISPs, such as budgeting or money management apps, but the promise of Open Banking goes far beyond this.

“In 2019, there has been an increasing number of PISPs launching and being developed. With the growth of PISP, payments will likely bypass card networks. This will enable greater flexibility for retailers and service providers to make more money, as card payments usually take a small percentage of any payment made online.”

However, in September 2019, American Express made its move into the account-to-account space. The move acted as a bulwark against the incursion of account-to-account payments into the credit card business, mirroring similar initiatives by Mastercard and Visa. Consumers can now make online payments without a card to hand, view their bank current account balances prior to confirming payment, and will benefit from bank-level data security.

Andreasen believes that there is increased interest in PISPs as there has been a shift in focus from aggregation to building a sustainable business model, or revenue. “The successful use cases are limited and easy to copy, since there is usually no protected intellectual property.”

Nevertheless, he also says that while contactless payments are popular, cards will remain the preferred methods of payment, because it is difficult to create an easier proposition, even with Open Banking.

Jones agrees: “Innovation is difficult to predict. We are expecting increases in the use of payments capabilities to replace or supplement card-based e-commerce or existing person to person services.

“For this to work at scale, we need to understand what is right for consumers and what rights and liabilities will exist for Open Banking payments versus the many protections in place for consumers using cards to shop online. While there may be an impact on revenue, it is too early to determine the scale and timeline.”

Tapping into other markets

Following a few other UK banks making moves in the mortgage space, Nationwide partnered with CreditLadder to support first time homebuyers, tapping into the Open Banking initiative to analyse the income and expenditure data of its users and overlay them against Nationwide's qualifying mortgage criteria.

A month later, Nationwide picked seven fintech startups to take part in its £3 million challenge to develop Open Banking-based apps and services that help financial vulnerable people. The Open Banking for Good challenge aim to tap into the power of Open Banking to improve the lives of the one in four UK households who are financially squeezed - equivalent to 12.7 million people.

Joe Garner, chief executive, Nationwide, said: "While others may be looking at Open Banking through a commercial lens, Open Banking for Good is driven by our social purpose. The programme will see us partner with some of the UK’s smartest fintechs, debt charities and academics to use this revolutionary new technology to support people facing financial challenges."

Challenger bank Starling also partnered with CreditLadder to help renters get on the property ladder in July 2019, with Tandem following a month later.

An independent study by OBIE also found that Open Banking could realise £18 billion in value for British people and small businesses over the course of a year but only if the industry, government and regulators act to ensure the project realises its potential.

People could gain £12 billion a year through the project, with businesses realising a further £6 billion in value. Overstretched people could save as much as £287 per year, 2.5% of their annual income.

But many of the most valuable Open Banking-enabled propositions are not yet available to consumers and there are a range of barriers which prevent these services coming to market today.

Even where services are available, the past scandals of PPI mis-selling combined with tech giants’ questionable use of data makes consumers wary about who they can trust.

The report recommended that to deliver greater value for consumers, build a trustworthy ecosystem, and stimulate the market to action quicker. Central to all of this is co-ordinated action by government and regulators to create a more holistic regulatory regime for data sharing.

Faith Reynolds, independent consumer representative, said: "Managing money is at best a distraction and at worst stressful and anxiety-inducing. Open Banking offers a golden opportunity to reimagine consumers’ relationship with financial services.

"What’s needed now is co-ordinated action and purpose to set the industry on the right trajectory to deliver a data-driven financial system which stops detriment occurring and instead improves UK citizens’ financial health and the productivity of small businesses.”

Mark Chidley, independent SME representative, added: "Open Banking-enabled products can take the drudgery and guesswork out of running a business. It can also help the UK’s small businesses get better deals, make their money work harder and access the banking products they need more effectively. The effect on UK plc could be transformational."

A serious commercial opportunity?

But are banks taking open banking seriously? In March 2019, a Tink survey of 442 European banks found that close to half of banks (41%) failed to meet a recent deadline for PSD2 to provide a testing environment or 'sandbox' for any third party service providers (TPPs).

An interim deadline was established to give TPPs the opportunity to test APIs that they would use to connect to banks and serve as the basis for any payment services offered to consumers under the European Commission's Open Banking initiative, prior to the implementation deadline of Strong Customer Authentication on the 14th of September.

In addition to this, the CMA were forced to reprimand five banks for dragging their heels over the delivery of Open Banking functionality within their mobile apps. Bank of Ireland, Danske, HSBC, Lloyds Banking Group and Santander were found to be mainly in breach of deadlines for app-to-app redirection functionality, forcing users to rely on desktop-only data sharing.

The enforcement directions specify actions that the banks concerned must take, including the employment of external professional consultants to validate their plans and monitor their progress. At the time, three banks issued their responses to Finextra:

Lloyds Bank

“While we have met all of the other requirements, we are sorry for this delay and we are working hard to roll this out in April and May. All of our personal and business customers can continue to use open banking services either using our apps or third-party providers.”

HSBC

“The bank has embraced Open Banking, both in terms of meeting key regulatory deliverables and also bringing additional benefits to our customers with innovations such as Connected Money, Artha by first direct, and more.

“We remain committed to meeting our obligations under the CMA Order and will implement the outstanding mobile app authentication functionality by September 2019. Our priority is to ensure a smooth introduction of this function and we are making significant IT and infrastructure changes to achieve this.”

Danske Bank

“Danske Bank UK was reliant on related IT infrastructure changes being implemented centrally within the Danske Bank Group. For operational reasons, these changes were subject to delay. We are committed to completion by 13th September 2019 and continue to retain a valued close working relationship with the CMA and the Open Banking Implementation trustee.”

The uncertainty surrounding the UK’s withdrawal from Europe also had repercussions for some firms operating within the ecosystem, according to the OBIE that announced that in order to remain part of Open Banking, EEA participants will need to ensure that they have made a Temporary Permissions Regime (TPR) notification to the FCA by 11 April 2019.

Taking its lead from the EBA, the UK's Financial Conduct Authority also confirmed a delay to the enforcement of stronger payment security standards to give firms more time to prepare in June 2019.

The rules, which were pushed through under the PSD2 Directive, faced strong opposition from a market which is widely seen to not be ready for the switch.

In a statement, the FCA said that it recognises the challenges in meeting the September deadline and has been working with the industry to implement SCA for card payments in e-commerce as soon as possible after this. An 18 month delay was put in place.

Lloyds’ Smith tells Finextra that “the missed deadlines across the industry, reflect the complexity of the programme at a time of significant wider technology/regulatory change. Despite this challenge, the fact remains that the UK was the first in the world to do this, even with and the challenging deadlines set by the CMA/OBIE.”

The future of open finance

Open Banking alone is not enough as a customer’s bank account does not provide a full view of their financial situation, or a business’s holdings in other international markets for that matter.

For a move from Open Banking to Open Finance, Smith explains that the UK will need to “learn from our experience and deliver a better governance model that prioritises effectively and builds functionality to match customer demand and interest.We also need a much leaner, more efficient central infrastructure with a sustainable funding model.”

Nationwide’s Jones has a similar view. “Open Finance is being defined now, so this will take time to emerge, but in readiness the focus should be on creating a sustainable Open Banking model to enable the development of the service beyond both the CMA order and the CMA9 and supports the delivery of real commercial and consumer value across the ecosystem.”

At Money20/20 Asia 2019, Gavin Littlejohn, chairman at FDATA, took to the stage to dispel myths and said that it is shocking to see how so many in the financial services space do not fully understand what open banking is. “It’s not about APIs, it’s about consumer data rights.

“Open finance is about sharing the data that you want to share. If it’s not about this, then it is a technology partnership, not open banking. If a bank is seeking a relationship with a fintech, that’s not open banking either.”

Littlejohn continued to say that in reality, it’s about the customer’s right to share data and while PSD2 allowed customers to share payment data, other data is still in an unregulated space and this information is not covered by any of the protections that PSD2 provides.

He also spoke about liability and how this differs in different regions: when banks transfer data to a third party, a fintech for example, due to different regulations in different countries, occasionally banks are still liable if something goes wrong. In the UK, the open banking initiative was developed in September 2016 but only tackled payments data, not data regulation across the entire financial services scope.

Littlejohn advised the audience that while the UK has been put on a pedestal for pioneering open banking, “be aware that it has serious weaknesses in its architecture.” He then set out seven points that should be considered when introducing an open finance framework:
1. Implement customer data rights
2. Ensure the customer can give and take away consent
3. Consider liability
4. Put in place a regulatory framework
5. Discuss technology specifications
6. Set up an implementation capability that considers governance and funding
7. Explore implementation journey and monitor success

In a later session at the event in Singapore, Littlejohn stated that while the implementation journey in the UK was “rough” and maturity and resilience problems were encountered, he predicted this will stablise.
Littlejohn said that the growth in the UK has not been based on the customer being educated about what open banking is.

“Third party providers have communicated the benefit of using open banking to customers. Open finance is the plumbing, but I’m not sure if the barrier to growth is customer education – they’re just waiting for great apps that solve problems in their lives.”

Capgemini also claimed that the financial services industry is already looking beyond Open Banking to what they refer to as ‘Open X’. The Open X period will create an integrated marketplace, with specialised roles for each player that will enable a seamless exchange of data and services, improving customer experience, and expediting product innovation.

Open X is being driven by a change in focus from products to customer experience, as well as the growing importance of data and the related shift from prioritising ownership to enabling shared access, and a move away from buying or building to partnerships.

While Open Banking is starting to be leveraged by financial players around the world, Big Tech firms are also tapping into its power.

In 2019, it was revealed that Uber is providing unbanked drivers with access to a digital account from BBVA within its mobile app in Mexico. The deal saw the bank in Mexico make its services available on a third party application for the first time.

2020 predictions

Despite Open Banking initiatives having only been implemented recently in the UK, other countries may seem to be a step ahead. More needs to be done in relation to TPP licensing and registration processing, for example.

Andreasen does believe that Open Banking is a “more secure method of accessing customer information than screen scraping,” but fears “that we will see breaches with Open Banking TPPs.” He foresees a “slow increase in the adoption of Open Banking. It will be a slow evolution and not a revolution. We may see some successful niche solutions, but I do not see a demand among the general population in the near future.”

Jones says that “security is one of the areas that the participants in Open Banking has spent the most time and effort ensuring and is not something that is ever compromised on as we make prioritisation decisions.

“Reiterate that before we scale Open Banking further, we need to ensure we have a resilient and scalable platform for an ecosystem which will be the basis for financial services in the coming decades.”

Smith concludes: “We need a period of consolidation of what we have built to date where we see all of the CMA9 deliver the existing mandated standards and improve the operational performance of the APIs. This will create the platform for TPPs and banks to innovate and deliver services and propositions that drive customer use of open banking.”

Sponsored [Webinar] Behavioural Biometrics: Meeting the deployment challenge

Comments: (7)

A Finextra member 

Perhaps I have missed something, but I do not see anything here that explains the benefits to a bank to provide Open Banking. It is common when investing in any new technology to carry out a cost / benefit analysis. The cost is obvious. What are the benefits?

A Finextra member 

Errr. The cost / benefit analysis for the UK CMA9 banks is that the regulator won't further shame you, fine you, break you up or shut you down.

There is also a more positive spin on innovating with new services to remain relevant to your customers. But I suspect the first argument is enough.

David Oneill

David Oneill CEO at APImetrics

A part of the problem really is the idea that this something that should be done and should have been done anyway, and the regulator piece gets in the way so some quarters are seeing it as a box ticking exercise.

We see the same with a lot of services where the quality and monitoring is seen as a thing to do rather than the point of having a service that does useful things for people.

My concern for Open Banking remains the same as it ever has: if the banks don't see the value and focus on why they need to do this they'll find themselves blocked out of new and innovative solutions. The carriers did exactly the same thing with messaging services and I can see a lot of the banks ending up in the same place.

A Finextra member 

To answer the second comment - the regulator will do none of those things. Open Banking is just not that important.

Chetan Ghadge

Chetan Ghadge Head of Payments solutions at Wipro

I wonder when regulators will force the Googles and amazons and netflixes of the world to make their data accessible to banks. 

A Finextra member 

I think there is more than a "positive spin" to be gained by banks.  As open banking (hopefully) develops to provide retail/SME customers with a marketplace of banking products, banks will be forced to innovate, but in doing so are likely to gain (or at least retain) custom.  If the broader idea of open finance develops further, this could be a really exciting prospect for banks who are trusted by consumers and have greater experience with more traditional finance products.

Ketharaman Swaminathan

Ketharaman Swaminathan Founder and CEO at GTM360 Marketing Solutions

@Chetan Ghadge + 1. 

Far from forcing, the regulators just seem to be standing by and watching the Amazons of the world erect even taller walls around their walled gardens. 

After Honey, the discount coupon browser extension was recently acquired by PayPal for $4B, Amazon has started displaying a warning on its checkout page warning customers that Honey harvests their Amazon shopping history and telling them to delete the extension.

And then there are stories of LinkedIn regularly blocking several third party tools that collect the profile information of opted-in users, despite the fact that 100% of the information was submitted by users in the first place. 

If customers' banking history should be opened up to others, why not customers' shopping history and profile info?

But we haven't heard a word from the regulator against such practices by Amazon or LinkedIn.

New Event Report – Natural Capital FinanceFinextra PromotedNew Event Report – Natural Capital Finance