Europe News

by No Comments

UK’s Open Banking Project Expanded

Open Banking Standards to Expand Functionality and Cover all PSD2 Products

The Open Banking Implementation Entity (OBIE), the body set up by the Competition & Markets Authority (CMA) to enable a new, secure way for customers to take control of their financial data and share it with organisations other than their banks, today announces a series of important enhancements to its original scope as set out in the CMA Order (published in August 2016).

As referenced in the Chancellor of the Exchequer’s Autumn Budget today, the OBIE has now been asked by the CMA9 and Her Majesty’s Treasury to create open banking standards for all payment account types covered by the European Union’s second Payments Services Directive (PSD2). This means customers using credit cards, e-wallets and prepaid cards will also be able to take advantage of open banking services. In parallel, the CMA has today approved amendments to the agreed arrangements under the CMA Order, to include a programme of enhancements to ensure that Open Banking delivers maximum benefits for retail customers and SMEs.

The Open Banking project was created in 2016 by the CMA to bring competition and innovation to the personal and small business current account markets. The CMA mandated the nine largest current account providers in Great Britain and Northern Ireland (the ‘CMA9’) to create the OBIE and work with it to build a common set of API standards that would allow regulated companies safe and secure access to their accounts with the explicit permission of the customer.

The enhancements announced today will build on the core requirements of the CMA Order, which come into force in January 2018, and form a programme of releases throughout 2018 and into 2019.

Imran Gulamhuseinwala, Trustee of the OBIE, said:

“This is a truly innovative project and the UK is leading the world in opening up the banking system to new services and, ultimately, re-shaping it around the customer. Key to any innovation is the process of discovery and it became clear through the second half of 2017 that there is much more the OBIE could do to drive adoption of Open Banking and create a richer environment for new services. These enhancements should give even greater confidence to the FinTech community to seize the opportunity to participate fully in the financial services ecosystem.

“They will create standards for future dated, recurring and international payments as well as all the payment and product types covered by PSD2. These enhancements will maximise the benefits of open banking services for the customer. The OBIE will continue to work with the CMA, HMT, CMA9 and other stakeholders to drive this forward.”

Adam Land, Senior Director at the CMA, commented:

“Today’s announcement is a major milestone in the delivery of open banking, which will transform UK banking for retail customers and small businesses. This will make it easier for customers to manage their money, find the best deal for their needs and avoid overdraft charges.

“There is huge interest globally in the way that UK regulators have worked together with the banking industry, the FinTech sector, consumer groups and others to drive this project forward at pace. This plan, which the CMA has approved today, is both deliverable and bold in scope.”

The full details of the enhancements will be made available today on the Open Banking website which can be accessed here.

A copy of the CMA’s Notice of approval of changes to the Agreed Timetable and Project Plan will be made available today on the CMA website which can be accessed here: https://www.gov.uk/cma-cases/review-of-banking-for-small-and-medium-sized-businesses-smes-in-the-uk.

by No Comments

FDATA WELCOMES THE START OF OPEN BANKING

Leading fintech trade association calls launch “the first waypoint on a long journey”

The Financial Data and Technology Association, the leading advocate of open banking in the UK and around the world, has welcomed the parallel implementation of PSD2 across Europe, and the launch of Open Banking amongst the large banks here in the UK.

FDATA, which is chaired by Gavin Littlejohn, who represents the fintech industry on the Open Banking Implementation Entity Steering Group, was set up by six fintech companies in 2014 at the request of HM Treasury, and has been working directly with government, regulatory authorities and financial industry stakeholders in our mission to open up Britain’s financial sector to the benefits of financial data and technology.

FDATA has members from across the financial sector who provide innovative financial applications and services to empower personal and small business consumers to make better decisions and take fuller control of their financial lives across all their bank accounts, credit cards, loans and investments.

PSD2 and Open Banking empower the customer, through his or her explicit consent, to ensure that their chosen third party provider can access their data, make payments and provide them with innovative financial solutions.

Commenting on today’s launch, FDATA Chairman Gavin Littlejohn said:

“This is an important day for consumers and small businesses. From today, PSD2 gives consumers the right to share their payments data with their chosen third party app without any lingering fear that they are breaching the terms of their bank account, and those third party providers are being brought into a regulated environment to further increase consumer protection. And, in the UK, the delivery by the nine largest current account providers of a common Open Banking standard has provided the opportunity to reduce fragmentation, enhance innovation and provide additional security measures for the whole ecosystem.

“The standardisation of Open Banking delivery will see the continued expansion of fintech companies, models and products, and this is an extremely exciting time for the consumer and for UK plc.

“However, Open Banking in the UK is merely the first waypoint on a long journey. The scope of this launch – only current accounts and only from certain banks – is limited, and customers will only experience the full benefits when the scope is expanded.

“FDATA has successfully campaigned to get us this far, and we will now campaign with renewed vigour to bring all financial products, from all over the world, into a standardised open banking system.

“The drive towards open banking has been, and will remain, customer outcome led. The fintech industry exists because customers required better outcomes. Today is the day where consumers of financial technology in the UK can know for sure that they are being listened to.”

by No Comments

FDATA responds to EBA consultation

The Financial Data and Technology Association has responded to the European Banking Authority’s consultation on authorisation and registration under PSD2.

The responses (submitted online) are:

Q1: Do you consider the objectives of the Guidelines as identified by the EBA to be plausible and complete? If not, please provide your reasoning.

FDATA considers the objectives to be plausible and almost complete. Our key concern, though, is to ensure that smaller applicants providing narrower services are not subject to the same requirements as large multi-state applicants with broad services. An adjustable, tiered system would be preferable to facilitate this.

—-

Q2: Do you agree with the options the EBA has chosen regarding the identification of payment services by the applicant; the way information is to be submitted to the competent authority; the four-part structure of the Guidelines, and the inclusion of authorisation for electronic money institutions? If not, please provide your reasoning.

FDATA has no objections to these chosen options. However, we would ask you to clarify the process for an applicant with multiple lines of business.

—-

Q3: Do you consider it helpful how the EBA has incorporated proportionality measures in the Guidelines in line with PSD2? If not, please explain your reasoning and propose alternative approaches.

FDATA does consider this helpful and has no specific objection. In general terms, however, we would ask the EBA to constantly assess whether barriers to entry are too high and may stifle innovation. Would the EBA consider an exemption for some applicants under defined conditions?

—-

Q4: Do you agree with the Guidelines on information required from applicants for the authorisation as payment institutions for the provision of services 1-8 of Annex I of PSD2, as set out in chapter 4.1? If not, please provide your reasoning.

Please treat this answer as a catch-all for questions 4, 5 and 6.

Again, FDATA’s key concern here is the potential stifling of innovation which would result from barriers to entry for early-stage applicants. In this respect, the requirements around business plans, marketing and forecasting seem overly onerous.

Secondly, some of the information required appears too granular and technical in nature and lacks focus on the more important issue of the quality of an applicant’s information security management system.

Furthermore, for applicants with dynamic, cloud-based systems, some of the information requested is likely to change on a regular basis. We would ask the EBA to clarify whether notification of every change would be required.

In all these cases, it is possible to be more selective in the information required and still ensure that the approval process ensures only well-qualified applicants.

Finally, we would ask the EBA to clarify why ISO27001 has not been recommended as a standard to apply, having been mentioned in the Regulatory Technical Standards and recommended by the UK’s Open Banking Standard.  Adoption of this would reduce the workload on competent authorities.

—-

Q5: Do you agree with the Guidelines on information required from applicants for registration for the provision of only service 8 of Annex I PSD2 (account information services), as set out in chapter 4.2? If not, please provide your reasoning.

See answer 4.

—-

Q6: Do you agree with the Guidelines on information requirements for applicants for authorisation as electronic money institutions, as set out in chapter 4.3? If not, please provide your reasoning.

See answer 4.

—-

Q7: Do you consider the Guidelines regarding the assessment of completeness of the application, as set out in chapter 4.4 to be helpful? If not, please provide your reasoning.

FDATA would recommend an addition. We would ask the EBA to explicitly state how long an incomplete application can wait before it is invalidated, after which a new application will be required.

by No Comments

FDATA responds to CMA order on open banking

The Financial Data and Technology Association (FDATA) has responded to the CMA’s draft order following its publication of the retail banking investigation, which led to the creation of the Implementation Entity.

Commenting on the submission, which can be read here, FDATA’s Executive Director Andy Maciver said:

“FDATA’s interpretation of the purpose of this order is that it should reflect the letter and spirit of the CMA’s final Retail Banking Investigation report. In that sense, we are broadly satisfied that this Order achieves its purpose.

“However, in our response we have taken the opportunity to make a series of general points which we believe are critical to the successful delivery of ‘open banking’, surrounding three areas: the ‘live market’ for fintech, the market for cyber-insurance and the need for a public awareness programme.”

by No Comments

FDATA responds to EBA insurance consultation

The Financial Data and Technology Association has submitted a response to the EBA consultation “Guidelines on the criteria on how to stipulate the minimum montary amount of the professional indemnity insurance under PSD2”.

There were seven questions, which can be seen below along with FDATA’s answers:

Question 1: Do you agree with the requirement that competent authorities require undertakings to review, and if necessary re-calculate, the minimum monetary amount of the PII or comparable guarantee, and that they do so at least on an annual basis, as proposed in Guideline 8?

FDATA agrees with the principle behind this proposal. It is good for all market participants that operators are adequately insured, and we support the concept of competent authorities being in control of that regime.

However we would stress the need to minimise the administrative burden on the operators, especially in the case of start-ups who have little resource for such tasks. If the administrative burden is significant it could be seen as a barrier to entry to the market.

Question 2: Do you agree with the formula to be used by competent authorities when calculating the minimum monetary amount of the PII or comparable guarantee as proposed in Guideline 3? Please explain your reasoning

We have applied the proposed formula to some theoretical companies of different sizes, and we believe that the financial outcome tends to be fair. However whilst the outcome seems reasonable, we have concerns that the formula itself is overly complicated.

We would therefore encourage more work to investigate whether the same equitable outcome could be achieved through a less complicated formula.

Question 3: Do you agree with the indicators under the risk profile criterion and how these should be calculated, as proposed in Guideline 5? Please explain your reasoning.

As we noted in answer to question two, we generally support the indicators and the result they produce. However we are concerned that some companies, start-ups in particular, will find the system onerous and complicated. The EBA needs to be satisfied that a similar outcome cannot be achieved through a less complicated formula.

Question 4: Do you agree how the indicators under the type of activity criterion should be calculated, as proposed in Guideline 6? Please explain your reasoning.

See answer to question 3.

Question 5: Do you agree how the indicators under the size of activity criterion should be calculated, as proposed in Guideline 7? ? Please explain your reasoning

See answer to question 3.

Question 6: Do you think the EBA should consider any other criteria and/or indicators to ensure that the minimum amount is adequate to cover the potential liabilities of PISPs/AISPs in accordance with the Directive? Please explain your reasoning.

We do not believe the EBA need consider any other criteria or indicators to set a minimum amount, however we would encourage the EBA to consider criteria which would enable the setting of a maximum amount of adequate cover.

Question 7: Do you have any other comments or suggestions that you think the EBA should consider in order to ensure that the minimum amount is adequate to cover the potential liabilities of PISPs/AISPs in accordance with the Directive? Please explain your reasoning.

We believe that it is important that the EBA consults with the insurance industry to ensure that the calculations correspond with the current insurance industry assessment of risk for AISPs and PISPs.

by No Comments

FDATA COMMENDS CMA FOR FURTHER PROGRESS TOWARDS OPEN BANKING

Fintech’s trade body welcomes end of redaction and committment to direct representation
 
The Financial Data and Technology Association (FDATA) has today welcomed the Competition and Markets Authority’s Final Report of its Retail Banking Market Investigation.
 
FDATA’s members provide innovative financial applications and services to empower customers to make better decisions and take fuller control of their financial lives across all their accounts, credit cards, loans and investments.
 
FDATA has been campaigning since the release of the CMA’s provisional remedies on a series of remaining concerns, as follows:
  • low uptake of the API as a result of redaction and limited data scope
  • an unambitious timescale
  • a lack of commitment to the future role of screen-scraping
  • a lack of clear post-launch governance
  • representation of FDATA’s members on the Implementation Entity
FDATA’s key issues are addressed in section 13 of the report, which can be read here.
 

Commenting on the release of the Final Report, FDATA’s Executive Director Andy Maciver said:

 
“Between its provisional remedies and its final report, the CMA has done a great service to the UK’s banking consumers, and on behalf of third party providers in the fintech sector we welcome its work.
 
“We are particularly pleased that the CMA is requiring direct representation for providers such as our members on the Implementation Entity and its Steering Committee, and we look forward to discussing which shape that might take with the existing Steering Committee.
 
“We also commend the CMA for accepting the compelling case against redacted data, which would have rendered the API unuseable for third party providers. 
 
“We remain concerned that the proposed timetable, which is now effectively aligned with PSD2, lacks ambition and risks losing the UK the competitive advantage in fintech which the sector has worked hard to create. And whilst we fully understand and respect the CMA’s logic for not widening the scope of data, we remain committed to making the case for extending the inclusions in the API well beyond current account data.
 
“Furthermore, we believe there is an urgent need to put in place enduring governance arrangements and we look forward to working with the IE to help put these structures in place as an immediate priority.
 
“However, we have always accepted that compromise is required in order to achieve the open banking environment which UK consumers demand, and in that spirit we welcome the CMA’s report and welcome the enthusiasm which the nine banks, along with Payments UK, have shown towards the implementation of the API.”
Top