September 29, 2022, Washington, DC -As both Canada and the United States continue to move towards open banking via APIs, it is essential that minimum API standards be set to ensure that consumers and SMEs have uninterrupted access to their financial data.
To this end, FDATA has developed four principles that will be critical to the design of a well-implemented API environment in North America. These principles cover data scope, reliability standards, fallback options, and the necessity of establishing a neutral monitoring agency. These principles can be found here, and below:
- Any non-proprietary data available to an end user through a data provider’s online customer portal or paper statement must also be required to be made available in any API a data provider implements in an open banking environment. At present, data providers unilaterally determine which data elements their customers can and cannot share with third parties. In a true open banking environment, the customer – not their financial services provider – is empowered to make this decision. Within the PSD2 framework in Europe, this has led to services being withdrawn as API functionality did not keep pace with pre-existing technologies.
- Any APIs built by data providers to facilitate data sharing in an open banking environment must, at a minimum, be as reliable as that data provider’s customer-facing online portal. Regulatory agencies in both Canada and the United States have understandably set prescriptive requirements regarding the uptime of online customer-facing portals at financial institutions to ensure that consumers and SMEs have continual access to their data. This same standard must apply in any open banking environment.
- To the extent data requested by a customer is not available through an API connection, a fallback option must be permitted to be used to access the requested data. The legal customer data right upon which an open banking environment is built cannot be ignored if a data element requested by a customer is not available through a data provider’s API or if that API is down or unresponsive. Screen scraping must be maintained as a fallback option that may be used to access any data not included in or available from a data provider’s API.
- A neutral entity must be responsible for regularly monitoring the robustness, reliability, and usability of data providers’ APIs in an open banking environment. A neutral entity should be tasked with the responsibility for regularly measuring and reporting, among other metrics: the uptime of all open banking providers’ APIs; whether all of the data available to the end user on the data provider’s online customer portal and/or paper statement is available through the API; the responsiveness of the API; whether the API is constructed in such a manner that it introduces unnecessary friction in the customer’s data connectivity journey. These measurements should be the basis upon which a fallback option is permitted. Ideally, these metrics would be made publicly available to facilitate the ability of end users to identify the effectiveness of their financial provider’s data sharing capabilities. Such an entity should come from outside of the sector itself in order to not be perceived as having their own fiduciary interest in the metrics delivered.
Issues related to API robustness, reliability, and user experience have stunted the growth of open banking use cases in multiple markets across the globe that have moved more quickly than North America toward implementing legally binding customer financial data rights. It has been evident from experiences in Europe, the United Kingdom and Australia that well-defined standards without equally well-defined systems to measure them in a way that all parties can agree to leads to increased friction and a technical overhead placed on the regulator which they may not be well-positioned to adjudicate. Ensuring at the outset minimum API requirements for any open banking data providers, as well as a neutral monitoring entity to measure the quality and reliability of those APIs, will prevent Canada and the United States from experiencing similar issues as we begin our own North American open banking journey.