Open Banking explained

If you have worked in financial services, or if you’re interested in Fintech, there’s a high chance you’ve heard the term ‘Open Banking’ a lot over the past few years. But our customers and clients often ask us: what actually is Open Banking? And why is it important? In this blog, we explain what Open Banking means, the difference between Open Banking and PSD2 and the implications of Open Banking regulation for you and your business.

What is Open Banking?

Open Banking is a broad term originally given to a series of reforms to the UK banking industry designed to increase competition in financial services. The reforms, which came into force in January 2018, were initially developed as a response to a review by the Competition and Markets Authority (CMA). That review highlighted a lack of consumer choice and a sense of apathy around financial services products. One of the most important aspects of the Open Banking reforms is that all UK-regulated banks must allow customers to share financial data with authorised third parties, as long as customers have given their permission to do so. This has a number of knock-on implications for customers and banks, several of which will be explored later in this blog.

What is the difference between Open Banking and PSD2?

At the same time, in the European Union, a similar, but not identical, set of reforms called the second Payment Services Directive (PSD2) also came into force. The first Payment Services Directive dealt with cross-border payments, a crucial part of unifying the European Union single market. The more recent legislation (PSD2) builds on the first directive, following similar principles to Open Banking. At the same time as embracing openness and sharing data between institutions, PSD2 also seeks to build on PSD1 to improve security for customers when dealing with multiple parties. In part, this takes into account the ubiquity of new methods of payment, such as contactless payment. Strong Customer Authentication (SCA) is the term used to describe how customers must identify themselves under PSD2 regulation - it means that a customer must provide two from the following to initiate a payment:

1. something the customer knows (e.g. a pin number);
2. something the customer has (e.g. a mobile phone);
3. something the customer is (e.g. fingerprint scan).

On a broader level, another way of defining the difference between Open Banking and PSD2 is that PSD2 defines which product and services banks should provide, while Open Banking lays out a specific framework to follow when providing them. The two regulations have become interlinked as they aim to deliver a similar set of goals, so we (and many industry experts) tend to refer to Open Banking.

How does Open Banking work?

Open Banking is designed to open up a whole host of possibilities for banks and payment providers to create innovative solutions for customers, based around the principle of data sharing between institutions. By using API (Application Programming Interfaces) technology, banks and other financial services providers are able to share customer data securely (and with customers’ explicit permission) to drive better customer outcomes. Open APIs, which expose data to developers through a secure application, are touted as the foundation of such payment services innovation. New and existing players who would expose and use those APIs typically fall under two types of business:

Payment Initiation Service Providers (PISP) may initiate a payment order on a user’s request, from an account held with a different payment service provider. For example, a customer could instruct a savings app to initiate an automated monthly payment from their bank account to encourage them to save more, passively.

On the other hand, Account Information Service Providers (AISP) provide a consolidated view of one or more wallets or accounts held by a user with multiple different providers. So, thanks to Open Banking regulation, a customer could log into their Internet Banking app from one bank and see the balance they hold with an e-money institution in the same place. An AISP could also provide an account aggregation or money management service by bringing together a user’s data from their multiple accounts into one consolidated view.

Some providers might also become PISP and AISP. Those providers would be able to aggregate multiple accounts and initiate payments on behalf of customers. There are several other acronyms associated with Open Banking, which you can find in this handy glossary, but AISP and PISP are the two most common and important applications of Open Banking.

The impact of Open Banking so far

Across Europe, banks, Fintechs and payment service providers alike are already experimenting with delivering value to customers by allowing them to open up access to their data. Setting a trend for Dutch early adopters of Open Banking, in June 2016 ABN AMRO launched Tikkie - an app (and PISP), which allows customers of any Dutch bank to request and make payments using Whatsapp. In the field of account aggregation, UK-based Lloyds Bank allows customers to add its accounts with other UK providers. It is positioned as an AISP rather than a PISP and is currently limited to the biggest banks and building societies.

These examples demonstrate two interesting use cases for the Open Banking regulation, but there are several challenges to work through. The Euro Banking Association has been working hard to establish industry-level guidance on technical and regulatory aspects of Open Banking. Banks and e-money institutions inside and outside the EBA working group, as well as consumers, can learn more about the future direction of Open Banking on the EBA website.  However, it is clear that providers are progressing at different speeds, which is a barrier to delivering the vision of Open Banking - a system in which customers and businesses can harness their financial data from any source in an open and transparent system.

What does Open Banking mean for businesses?

In Getting down to business banking we highlighted why most financial services providers are building solutions for consumers first, rather than businesses and why we are taking a different approach. In the second part of our Open Banking blog, we will explore the impact of Open Banking, specifically for businesses. We’ll explore the concept of Banking as a Service (BaaS) and explain why the API opportunity for corporate banking is potentially even more exciting than for consumers.

If you’d like to know more about Open Banking or discuss anything in this blog, please get in touch.