the state of open banking in the uk · 10/11/2016 · background: uk banking market • highly...
TRANSCRIPT
The State of Open Banking in the UKAPIdays London, 11th October 2016
Background:
UK Banking Market• Highly concentrated
- Top 5 banking groups control 85% of the market
• Poor competition - 57% of customers >10 years - 37% of customers >20 years - 3% of customers switched in 2014
• Barriers to Entry - Regulatory requirements - Incumbents’ ownership of payment
schemes
• Competition = Innovation
Other 2.8%
Co-op 2%
Nationwide 6%
TSB 4.2%
RBS 18%
Santander 10% Barclays
18%
Lloyds 27%
HSBC 12%
• No Competition = No Innovation - No banking APIs for retail or SME customers
• UK FinTech leadership under threat - Germany: HBCI / FinTS fosters a FinTech sector - US: Greater competition amongst banks fosters innovation
• No Competition = No investment in technology
The next-generation bank will be powered by APIs
September 2014: Fingleton Report
Data Sharing and Open Data for Banks
Key Recommendations:
1. Banks agree on an open API standard for third party access.
2. Independent guidance provided on technology, security and data protection standards that banks can adopt to ensure data sharing meets all legal requirements.
3. Industry wide approach established to vet third party applications and publish a list of vetted applications as open data.
4. Standard data on PCA terms and conditions published by banks as open data.
5. Credit data made available as open data.
March 2015:
Support for FinTech, RegTech and APIs announced in the Budget
• Tasked with “designing a detailed framework to enable the development of an open API standard in UK banking”
• Over 100 people from banks, fintechs, industry bodies, schemes, Open Bank Project…
• Multiple sub-groups looking at different facets: - User reference group - Governance - Data - Security & Authentication - Standards & Technical Design - Regulation & Legal
September 2015:
Open Banking Working Group convened
Open Banking Working Group
Key Areas of Focus• Liability
- Who pays if fraud is perpetrated through a third party?
• Governance - How can banks’ concerns and duty to protect their customers’ interests
be balanced against the need to foster innovation and competition?
• Security - How to ensure that third parties will adequately protect customers’
data and access to their accounts?
• Data Protection - If your name appears on my bank statement because I sent you a
payment, am I allowed to share that with a third party?
• Payment Initiation Service - “a service to initiate a payment order at the request of the
payment service user with respect to a payment account held at another payment service provider”
• Account Information Service - “an online service to provide consolidated information on one or
more payment accounts held by the payment service user with either another payment service provider or with more than one payment service provider”
• Comes into effect 13 January 2018
November 2015:
PSD2
February 2016:
OBWG Report publishedKey Recommendations:
• Open Banking Standard to be overseen by an Independent Authority
- Should act transparently and support wide participation
• Third parties to be vetted and whitelisted - Subject to security standards, insurance requirements
• OAuth-style authorisation of third parties’ access to customers’ data and accounts
- Bank retains ability to shut down access if evidence of fraud is detected
August 2016:
Competition & Markets Authority Retail Banking market investigation
Requires that the nine largest banks in GB and NI: • “adopt and maintain common API standards through which they
will share data with other providers and with third party service providers including PCWs, account information service providers (AISPs) and payment initiation service providers (PISPs)”
• "set up an entity (the Implementation Entity) that will be tasked with agreeing, implementing and maintaining open and common banking standards”
• “appoint following approval of the CMA a suitably qualified, independent person (the Implementation Trustee) … to act as chair of the Implementation Entity”
• “agree to be bound by the decisions of the Implementation Trustee”
• “agree with the IT open standards for APIs with full read and write functionality and make available through them PCA and BCA transaction data sets, to be released no later than the transposition deadline of the second Payment Services Directive (PSD2) ie by 13 January 2018.”
August 2016:
Competition & Markets Authority Retail Banking market investigation
Today
• Open Data Institute formed an Open Banking Development Group
• Banks have formed an Implementation Entity Steering Group within Payments UK
• Implementation Trustee to be appointed in coming weeks?
• Challenger banks (and Barclays!) forging ahead
Jack Gavigan jackgavigan.com @JackGavigan