REVOLUTION day – Saturday 13th of January 2018
The first real indicator the public had about Open Banking, was when the banks issued new Terms and Conditions last year.
They weren’t like the ones we are used to. They were bright and shiny. The banks really wanted us to read them this time.
So why did they do it?.
It’s the new Payment Services Directive (PSD2) and the CMAs ‘Open Banking Remedy’ or what everyone is calling Open Banking.
PSD2 standardises how banks process payments across Europe. In effect payments will clear nearer to the transaction date, So no weekend delays.
But what is really interesting are the changes to data access rules brought about by the CMA..
The plan is to create greater competition within banking and financial services and to do this, the CMA is making it easier for third parties to access your banking data.
So what is the problem the CMA wants to solve?
Wouldn’t it be good if you could collect all of your online financial data in one place? You could open an app or perhaps a cloud-based accounting system and access all of your banking and credit card data in one go.
In the jargon it is called “data aggregation” and it has many attractions for consumers and businesses.
There are already companies in the UK providing these services, but to access your account details you have to give them your online banking details. Up until Open Banking, this would have been in breach of your banks Ts & Cs.
And it still could be.
UK banks, unlike many of their international counterparts, have been very reluctant to share data. To some extent this has hindered the growth of alternative and more cost effective services.
What is happening?
Your bank has a lot of information about you.
It knows where you get your money from, how often it happens, where and how you spend it. Your bank knows how much you owe and how often you are overdrawn.
It shares this information with you in a statement. If you want to analyse it yourself, it’s up to you to do the work.
The best the bank will do is give you an electronic version of your statement.
Under the new rules you effectively own your data and can share it with whomever you wish, and the bank cannot stop you.
The CMA hopes that a new range of service providers, known as Third Party Providers (TPPs), will be able to use this information to offer you a variety of products and services and promote greater competition.
There are two types of TPP.
- Account Information Service Provider (AISP) – They gather all of your account information into one place. They might use your information to offer you services such as better credit card rates or an alternative electricity provider.
- Payment Initiation Service Provider (PISP) – They will offer payment services, in other words move money from your account to someone else.
So how might it work in practice?
In essence its very simple. You authorise a TPP to access your banking information.
You will subscribe to the TPP service. They in turn will pass you through to your bank website where you will authorise their access and that’s it.
For your protection, the bank should only accept requests that come from TPPs that are registered with the Financial Conduct Authority.
In turn the TPP will advise you of the type of data they will request and what they will do with it.
It might even be possible to put time limits on the authorisation, e.g. it expires after 10 days.
Which banks are involved?
Nine UK banks (The CMA 9) are required to take part, but at the time of writing, five have been given extensions to the deadline.
- Allied Irish (UK) / First Trust
- Bank of Ireland
- RBS / Ulster Bank
Furthermore, they aren’t necessarily making all the same facilities available, but they must be provided in a technically consistent manner.
So for example one bank might only release balances whereas another will release balances and transactions.
Two banks might release transactions, but one bank might provide the last 6 transactions whereas another might provide the last 20.
The development of on line or cloud accounting
Open Banking could be a real boon to accountants and their ability to provide online accounting services.
Bank statements are an essential part of what they do for small clients, especially in January.
If accountants could have access to a continuous feed of data from a client’s bank, the completion of tax returns etc. would be so much simpler.
More importantly, accountants could provide more appropriate services to their clients.
As yet I haven’t seen any cloud accounting service announce their intention to adopt Open Banking, but I am sure they will.
Some cloud accounting providers do have bank feeds, but in my experience, they ask you for your online banking details or rely upon data aggregators who ask for your online banking details.
Can you trust Open Banking?
To make Open Banking work, the major UK banks have had to create a set of tools that allows TPPs to access your banking information. We call these tools APIs.
For any TPP to access your account information under Open Banking they must at least:
- Be registered with the Financial Conduct Authority – https://register.fca.org.uk/
- Have developed software using the approved Open Banking Implementation Entity standards – https://www.openbanking.org.uk/standards/
- Have your permission.
As far as your bank is concerned, once you have released your data to the TPP, how it is used is between you and the TPP.
These are the problems as I see it.
- I have not read any documentation that explicitly states if a regulated TPP needs to use or store your online banking details to provide the service. I have been told they don’t, but it would be good to see it stated.
- Data aggregators’ have been around for a long time and they don’t have to be regulated. To access your banking data, they need your online banking details, which probably puts you in breach of your banks Ts & Cs.
Up until now the security message has been simple, but now the public have to distinguish between regulated and unregulated.
How are we going to educate the public to tell the difference?
For maximum protection you should use a regulated provider.
- Terms and Conditions of service. Can you be confident you understand what you have signed up for? After all, how many of us read the online Ts & Cs of any service? As you have seen, Open Banking is full of terminology.
- The risk from fake sites. Its relatively simple for a fraudster to create a fake banking site that prompts you to enter your banking details.
Well you have made it this far.
Open Banking creates a world of opportunity if harnessed well.
A continuous feed of banking data to an accounting system is just common sense.
But I won’t be signing up just yet. I am still concerned by the issue of fraud.
My bank can’t simply walk away from a fraudulent online transaction just because it is in their Ts & Cs, but if it originates in a TPP application I would expect them to put up a fight.
What is going to be really interesting is the wider response of the banks to this ‘revolution’.
Will they sit back and allow others to develop these new services or will they exploit the trusted relationship they have with customers and develop their own applications?
We have been here before with the dotcom boom. Companies like Boots and M&S did not rush in and many predicted their demise. But they are still here.
NB This article is simply for background information and does not claim to be authoritative. It should not be used as a basis for decisions or planning.