Open banking license and benefits of the initiative – 7 key questions answered.
FinTech is commonly associated with innovative technologies that aim to disrupt and revolutionize how financial services are provided. Such firms as Wise (formerly Transferwise), Revolut, N26, Monzo, etc. came along with the idea of challenging the status quo of high street banks by reducing costs and offering more convenient services to the customers. However, the trend has steadily shifted from competition to collaboration. This is true not only in practical terms, where each week you hear an announcement of a new partnership (such as between Plaid and prominent Dutch banks), but as well in the legislative sphere where initiatives are aimed at fostering collaboration between market participants. One of such initiatives is open banking that was introduced by PSD2 across the EU and gained quite a lot of traction in the past years. In this article, we will look at open banking and answer 7 key questions that revolve around this topic to provide you with a deeper understanding of how it works in practice and why it is important.
What is an open banking license?
The speed of technological development in the financial services sector is accelerating at an unprecedented pace and initiatives such as open banking only add more gasoline to the fire. Open banking in itself is a data sharing and data access initiative which requires financial service providers (primarily account servicing payment service providers (ASPSPs) such as banks, payment and e-money institutions) to share access with other third-party providers (TPPs).
For the TPP to have access to ASPSPs it must be authorised, i.e., hold what is known as an open banking license. Generally speaking, there are two separate types of open banking licenses that allow for payment service providers (PSPs) to benefit from data access capabilities. First is the account information service provider (AISP) license that allows collecting the information about the financial activity of the users and presents it in a consolidated manner. It is a separate type of registration and can be in fact considered to be a specific license designated solely for this activity. The second one is the payment initiation service provider (PISP) license that allows initiating payments from the accounts of the clients held with ASPSPs. It is not per se a separate type of license, rather it is authorisation to provide payment initiation service by the payment or e-money institution. The illustration below outlines how TPPs and ASPSPs are categorised and what each of them offers in the ambit of open banking:
How does open banking work?
Open banking works by providing unrestricted access to the accounts of the users through the employment of the open banking APIs (APIs themselves are discussed further in more detail). By reducing the barriers of access, open banking fosters competition and offers a possibility for new market entrants to expand available solutions to the customers. For instance, it allows AISPs to collect all of the information in one place and provide a consolidated view to their users. Such a service can be used for wealth management, financial planning, operations management, budgeting, accounting, and alike. As well, it may allow to quickly and securely share financial information with a lender or a broker.
While speaking about PISPs, open banking helps to remove friction when performing payments by initiating account-to-account transfers from the accounts held by the customers of ASPSPs while carrying out merchant acquiring services. For customers, it offers convenient means of payment and for merchants, it reduces costs and time required for the settlement of a transaction. The latter point is especially relevant in the UK since both Mastercard and Visa have announced that they will increase interchange fees rate for the transactions involving Europe. In respect of timing, open banking acquiring transactions settle to the merchant’s account on the same day via SEPA or FasterPayments, while transactions carried out with the payment card, usually settle on the third day, and sometimes only once a week.
Moreover, if a single entity has AISP and PISP licenses in combination, it can offer even more convenient services, such as payment reconciliation. For instance, a TPP which has both AISP and PISP license can offer transfers between savings accounts of the customer based on the favourability of the prevailing rates offered by the ASPSPs with whom the customer has accounts. It does not end here and if a holder of the open banking license has the authorisation to open and manage an account and execute payments itself, it can create a single point of contact where the customer will be able to oversee all of its financial life. In this case, the PSP would not only enhance the customer experience but as well increase the use of its application/website. Ultimately, when open banking licenses are properly combined with other services/products there is a possibility to create a super app.
What is the purpose of the open banking initiative?
The purpose of open banking is to improve competition to better serve customers, which was initially considered in the impact assessment accompanying the original proposal for Directive 2015/2366. In the UK, the same was advocated by the Competition & Markets Authority (CMA). The initiative was launched because the older and larger banks do not have to compete hard enough for customers’ business and smaller and newer banks find it difficult to grow. Open banking resolves this problem by allowing newcomers to offer a wider choice of products to consumers. The already briefly mentioned information sharing and transaction executing capabilities allow to reach this purpose by creating a framework where TPPs may collaborate with banks in order to offer complementary services to their clients. For customers, it adds more convenience as they don’t need to permanently switch accounts with a beloved bank or monitor numerous accounts in different places but rather to have a consolidated view of their financial standing.
What is open banking API – bank API?
As already noted, open banking revolves around the employment of the APIs (short for Application Programming Interface(s)) that allow various regulated entities to connect with each other. API is a set of codes and protocols that direct the interaction of different software components. Open banking APIs allow the entities to exchange the payments-related data securely by providing a connection that facilitates the interaction of the parties in the market.
Open banking APIs themselves are public but can be accessed with the use of a private key that is designating a specific entity in question. This ensures that there won‘t be any unauthorised parties that would have access to the network. Furthermore, the TPPs that already hold an open banking license must also have what is known as an open banking certificate. In the EU, they are known as eIDAS certificates which are issued by regulated bodies called Qualified Trust Service Provider (QTSP). After the Brexit, the UK-based entities can no longer rely on the eIDAS (because of the direction by the EBA to revoke all eIDAS certificates of the UK-based TPPs) and the FCA has mandated the ASPSPs to accept at least one additional identification form issued by an independent third party. Furthermore, while recognising the challenges the FCA established a transition period until the end of June 2021 for complying with new rules. The certificates themselves are part of the private key and are used while exchanging the information between open banking participants.
What is the benefit of employing open banking API for the exchange of data?
To talk about the benefits of open banking APIs we need to look at how data was exchanged before their employment. To illustrate this point we can look at financial data aggregators such as budgeting apps. Budgeting apps have been around for a couple of decades and older versions had used screen scraping to collect the data. Screen scraping is a method where the software is acting as a user and consolidates data that the user would otherwise see when logging into his/her account. This method has a couple of major drawbacks. Firstly, in order for the software to have access to the dashboard where the information is displayed, it must have access credentials. Hence, the login information must be held with the budgeting app so it could log in to the bank account of the user. Secondly, screen scraping is conditional upon how the information is displayed on the page so it could capture the correct elements of data. If the website of the bank would be updated, the budgeting app would also require an update in order to account for the change of the interface. These drawbacks were noted and the reason why the EBA advocated for the abolition of screen scraping in their RTS on Strong Customer Authentication.
On another hand, there is the exchange of data via open banking APIs which provide direct access to the source of information from the back-office of the ASPSPs. With the use of the API, the end user does not need to share his/her access credentials with a budgeting app, rather it authenticates the information of the user when connecting with the ASPSP. Furthermore, open banking APIs are not reliant on the design of the dashboard and gather the exact data that is required. By doing so, the APIs eliminate the core weaknesses of the screen scraping. Moreover, as already briefly noted, both the entity that requests the information and TPP must have appropriate certificates for their identification which minimises the risk of abuse. The employment of the API allows to exchange the data in a secure manner and minimises the risk of a data leak.
While speaking about payment initiation, it was always conducted via integrations through APIs. However, prior to PSD2, there was no explicit requirement for ASPSPs to open up their APIs to any third parties (or even develop them for that matter) and the establishment of infrastructure for payments by such means was much more cumbersome. Without any explicit requirements imposed on ASPSPs, they were reluctant to invest the time and effort in the data-sharing practices. Furthermore, the financial information is seen as something that must be kept secret and confidential (think here about notorious bank secrecy obligations whether established in statutes in continental Europe or at common law as in the UK) and allowing third parties not only to view but as well to manage the financial information was generally unimaginable. It does not mean that it was non-existent before the open banking initiative, rather it means that it was much more onerous and generally unregulated. For instance, in Germany, there is such a well-known provider as Sofort that provides payment invitation services already for more than a decade. With the open banking initiative, it became a regulated entity while its service offering and manner of its provision remained substantially the same.
Is open banking safe?
When considering that open banking revolves around the exchange of financial information naturally you get the question of whether it is safe. From one point of view, you, as a customer, have a lot of control over your financial data. If you want to share your data with a specific third party, you can do so; if you feel that the data you share is being misused, you can cut the connection immediately. Open banking is safe because all banking data can be fully encrypted and data sharing can be cryptographically authorised by appropriate parties. However, open banking as any technological solution is susceptible to hacking. Hence, open banking is as secure as the ASPSPs and TPPs which are involved.
To ensure that open banking is safe the regulators and industry associations created various certification licenses and standards (e.g., there is a so-called Open Banking Standard in the UK). TPPs that connect to banking APIs are usually licensed entities that are assessed for their compliance with the established standards during the authorisation process and their connection is conditional on properly held open banking certificates. In order to get an open banking license, the regulator will perform an overview of the risk management policies and procedures of each TPP and ascertain whether there are adequate measures to protect the users. Furthermore, after the open banking license is granted the TPPs are subject to ongoing reporting and adherence to the standards that emanate from the legislation and guidance provided by competent authorities. Last but not least, they must maintain appropriate certifications at all times.
How open banking payments are benefiting everyone?
I hope that at this point you already understand numerous benefits that are offered by open banking and have a general understanding of how it works. If we speak about account information services, the benefit is quite clear. Rather than keeping all user’s information locked up for their own use, banks able to share it with other parties that can offer users better services and more options. This way, everyone wins- customers get access to new services of their choosing and banks get to increase their revenues. While the benefits of account information service are easy to understand, payment initiation service is a little bit more complicated. Therefore, I suggest diving a bit more into the practicalities of employing open banking for payments while looking at real-life examples of how it can benefit merchants and their customers.
Cards remain a prevalent method of payment, during 2019 they represented 51% of all transactions in the UK and 48% of transactions in the Euro area (in the UK inclusive of cash payments, in the Euro area exclusive of cash payments). However, card transactions have their drawbacks that can be eliminated by open banking. Firstly, card payments include multiple middlemen that are engaged for the funds to arrive from customer to merchant and each of them takes its piece of the pie. Card transaction involves interchange fees charged by issuing institutions, card network fees, and acquirer fees. All of these fees are imposed on the merchants which indirectly pass them onto customers by increasing the prices of the products/services sold. On average card transaction fees in the UK will cost the merchant 1.63% of the processed amounts. Furthermore, the funds derived from card transactions are retained by the acquirer until the payout is done, which is typically 3-7 days after the transaction is processed. And last but not least they are prone to abuse, only in 2019 fraud losses on UK-issued cards totalled £620.6 million.
So how open banking could benefit the merchants and at the same time the customers? First of all, due to the reduction of numerous intermediaries and direct account-to-account transfers the fees would be lower. For instance, such providers as Nuapay, Fire, and Vyne can reduce the transaction fees by close to almost half of the average fees outlined above i.e. have a flat fee for a transaction processing of around 0.8-1%. Consequently to the reduction in fees, the prices for goods/services would also drop as merchants would have lower overhead costs. This creating a win-win situation for both customers and merchants. One more benefit stemming from the same peculiarity of open banking is that merchants can receive their payments faster i.e. at the same time as the transaction is processed rather than waiting for the acquirer to perform a payout. Transactions that are executed via payment initiation are account-to-account transfers and therefore instant. When speaking about fraud in open banking, it is virtually non-existent because customer needs to authorise each payment. Furthermore, the issue with stolen card details is eliminated as there are no cards involved. The illustration below outlines how conventional card payment flow differs from the one which involves PISP:
The abovementioned illustration for Card Payment Flow is based on the presumption that Card Acquirer is directly interacting with the Merchant and there is no Payment Facilitator, otherwise, it would involve one more step between current steps 3 and 4 prior to the settlement to the account of the Merchant.
How can PSP Lab help you?
In this article, we looked at what is the purpose of the open banking initiative, what is open banking license, what is open banking API and how does it work, whether open banking is safe, and how open banking payments can benefit both consumers and merchants. All of these questions are important for both market participants and consumers to reveal the potential benefits that open banking offers and promote its adoption.
If you are a PSP that would like to benefit from open banking capabilities reach out to PSP Lab and we’ll be happy to assist you- whether by obtaining your own open banking license or partnering with an already established provider of open banking services.