Open Banking in UK from 13 January 2018 – Exciting or Scary?
Have you recently had letters from your bank saying that there will be changes to the way you do bank on 13 January 2018?
Me too! Lots of them…so far from Halifax, Barclays, Co-operative and that’s just the ones I’ve managed to find this morning. Normally I’m so busy I think ‘I’ll look at that later’, and file it away.
Then, this morning, I thought, ‘Hey this date is coming up soon, what’s it all about and should I be worried about data sharing?’ With a little effort, I did some research to help me understand a little more about the jargon and possible implications. Spoiler alert! I think the real answer is that the banks don’t even know the possible future scope of the new data sharing…read on.
This is my very basic understanding, but I hope the banks will make things clearer as we go into 2018.
Some of the letters mention the term open banking. For example, Barclays say open banking,
…will enable you to share your data and make payments through third parties.’
Woah there! I’m sharing my data… Why?
SHORT ANSWER: The aim of ‘Open Banking’ is to increase competition between the payment services providers (PSPs). It’s future proofing banking for the technological advances offered. Possibly saving you money and give you more choice on financial products.
LONG ANSWER: It's happening partly because of UK and European banking regulations, but also because advances in communications technology now allow third party providers (TPPs) to access and share information with consumers securely.
Mortgages: In theory, Open Banking can allow you to securely share your personal banking transaction data with mortgage lenders who will use to check how much you can borrow. Potentially making it easier to compare lenders, quickly and easily from your phone, tablet or computer. Although, it’s possible it might show you as more high-risk if it doesn’t provide all the relevant data.
Monitoring tools to help you manage your finances: New apps to see all your accounts in one place, suggesting banking needs, monitor your comings and goings. Recommendations for new products. If you agree, the third party who provides the app could make payments, so you avoid unnecessary charges.
Why is the date 13 January important?
SHORT ANSWER: They must tell you by 13 January by EU legislation.
LONG ANSWER: An EU directive called the Second Payment Services Directive (PSD2), a payments-related legislation in Europe, came into force in January 2016. The directive requires payment service providers (PSPs) to make a significant number of changes to existing operations. The Directive requires that all Member States implement these rules as national law by 13 January 2018.
Will Brexit affect it?
SHORT ANSWER: That’s up to Parliament to decide, but it looks like we are in.
LONG ANSWER: Much of UK financial regulation is derived from EU legislation and existing and incoming regulation including PSD2 will remain applicable until any changes are made, which will be a matter for Government and Parliament. Any changes ultimately required within the UK payments industry as a result of the referendum outcome will need to be scheduled and prioritised into existing industry long-term strategic planning.
Open Banking is being led by the UK's Competition and Markets Authority (CMA) in collaboration with building societies, consumer groups, banks, online retailers and financial technology (fintech) providers. All Payment Service Providers active in the EU are going to be subject to supervision and rules. The first delivery of Open Banking (“Open Data”) was released in March 2017, making product, branch and ATM data from the nine institutions available. (Allied Irish Bank, Bank of Ireland, Barclays, Danske, HSBC, Lloyds Banking Group, Nationwide, RBS Group and Santander).
Who are these PSPs I could be sharing data with?
SHORT ANSWER: Building societies, consumer groups, banks, online retailers and financial technology (fintech) providers.
LONG ANSWER: According to Openbanking.org Open Banking enables personal customers and small businesses to share their data securely with other banks and with third parties, allowing them to compare products based on their own requirements and to manage their accounts using regulated third parties to provide new and innovative payment services.’
There are six categories of PSP, namely (https://www.paymentsuk.org.uk/sites/default/files/PSD2%20report%20June%202016.pdf)
- credit institutions;
- electronic money institutions;
- post office giro institutions;
- payment institutions;
- the European Central Bank and national banks; and
- Member States or their regional or local authorities, when not acting in their capacity as monetary authorities or other public authorities.
Who are Fintech providers?
Companies who provide technology software and innovation to consumers and businesses in the financial market like e-wallets.
New tech like Blockchain technology is reducing costs and removing banking intermediaries. It is also increasing peer-to-peer collaboration. Another Fintech innovation is automated services, or robo-advisors, for asset management.
• NFC / E-Wallets or digital wallets, like Paypal, TransferWise (peer-to-peer international money transfer), WorldRemit (specialists in Africa), Blockchain (Bitcoin wallet) and Apple Pay/ Android Pay
• Peer-to-peer lenders like Zopa, Ratesetter, LendInvest, MarketInvoice, Funding Circle.
• Social Network / Trading Platforms like Nutmeg, eToro, Seedrs and Algomi
Is sharing my data with Third Party Providers safe?
SHORT ANSWER: They are trying to make it safe using Application Programming Interfaces (APIs) for regulated TPP.
LONG ANSWER: The Open Banking Implementation Entity (OBIE) creates software standards and industry guidelines that drive competition and innovation in UK retail banking. You can find out more about them here.
It’s important to note here that not all PSPs are on the directory that will be approved by the banks. OBIE will define and develop the required Application Programme Interfaces (APIs), security and messaging standards that underpin Open Banking. Nationwide Building Society have done a nice summary of the safeguards that API’s provide:
‘Since March 2017, we and a number of banks have been building things called Application Programming Interfaces, or APIs, so that it is possible to share your bank account information. This will also allow third party developers of mobile and web applications to create new personalised services for you. Just as importantly, though, APIs are a secure and well-tested technology. And there are these safeguards too:
- All Third Party Providers (TPPs) have to be approved by the Financial Conduct Authority (FCA) before they can appear on the Open Banking Directory.
- No TPPs can access your information without your say-so. Members need to give TPPs explicit consent to let them contact us in the first place.
- When the TPP asks you to give them access to your financial information, you'll be redirected to our interface so you can identify yourself. When that happens, we run our own security checks. If the TPP is not on the Open Banking Directory, they don't pass go.’
- If it’s not through an API and you give your permission for a PSP to use your login details, BEWARE - you are responsible for any money lost.
- If it's through an API, in theory - according to the experts on the BBC Radio 4 podcast (link below) - the TTP or the Bank should re-imburse you for any mis-use of your data resulting in financial loss. How easy this will be in practice remains to be seen.
Let me know what you think about open banking. Scared or Excited? I started off scared, but I'm edging towards excited, with some reservations.
My bedtime reading list:
http://www.bbc.co.uk/programmes/b09hp2lz (BBC Radio 4, Money Box: Will you be joining the Open Banking revolution?)
https://www.openbanking.org.uk/
https://www.paymentsuk.org.uk/sites/default/files/PSD2%20report%20June%202016.pdf
https://www.nationwide.co.uk/guides/news/articles/2017/09/what-is-open-banking