6 key pillars that make open banking actually work

This is the second article from the series about the value of open banking and the rules it comes with. In the first article we have discussed the value of open banking and the benefits it brings to each market player. Today, we are going to discuss criteria that have to be respected to create perfect conditions for open banking to function in harmony.

First, let’s go through the open banking participants:

• Banks that build APIs;
• Licensed third party providers (TPPs) that integrate with bank APIs; 
• Companies that use TPP services to offer innovative solutions; 
• End-users as final beneficiaries of open banking services; 
• Regulator, who supervises the ecosystem to be self-sufficient.

All of them should take into consideration the factors that guarantee stable and proper functioning of this ecosystem.

Open banking has evolved to comprise 6 main pillars that each country should closely follow so that everyone in the ecosystem actually ends up benefiting from this global movement. While all the pillars are pivotal for creating market discipline, each country can choose to pay more attention to some of them – for a more efficient implementation, based on the country’s specifics. For example, one country may feel that monetisability of APIs is the aspect it should mostly focus on, while another country would direct its efforts to granting the uniformity of conditions applied among market players.

Open banking aspects to be considered by each country when adopting it are:

1. Control

Control means that any market participant that seeks to get access to the open banking ecosystem should be verified and licensed – be it an AIS, PIS, ASPSP, or other players. At the same time, the requirements for getting a regulatory licence should be as transparent and clear as possible. Otherwise, ambiguity leads to unjustified delays in the licensing process, with huge financial resources invested. Therefore, competition would be limited, as only the largest market players would get the real chance to become licensed. In order to solve this issue and ensure control within open banking ecosystem, the responsible authorities should establish:

• a single register of licensed participants;
• a certification authority;
• an open banking API catalog;
• an electronic channel for resolving issues and disputes raised between market participants

2. Security

Easier access to accounts may trigger suspicious and fraudulent activities. That’s why banks and eWallets must apply complementary measures to ensure that access to accounts stays secure. Providing third parties with access to financial data or payment initiation capabilities should apply the most secure, but at the same time, convenient means of authorisation and user authentication. For this purpose, the EU and the UK apply strong customer authentication (SCA) and dynamic linking requirements.

Building a mechanism that verifies TPPs’ regulatory certificates is also part of the security aspect that banks should implement. Banks must be sure that end-users grant access permission exclusively to trustworthy regulated entities.

3. Uniformity of conditions

The open banking market, which has been gaining significant traction recently, can attract large investments, provided that the access to it takes place on centrally unified terms and in accordance with a standard set of requirements. Accessing open banking APIs becomes burdensome when a TPP has to sign an agreement with each bank separately. Banks’ requirements may differ and may even contradict each other. Thus, having to enter into hundreds of different agreements would be a barrier to penetrate the market. In a closed market, the agreements are controlled by each individual bank and, accordingly, may be terminated at the bank’s discretion anytime.

4. Insurance

To use open banking features and channels, every involved party must be insured against risks like fraudulent acts, data breaches, operational disruption. In order to resolve disputes and quickly compensate potential damages, the liability perimeter of each market participant should be clearly determined, and a procedure for resolving emerging disputes and ensuring fast damage compensation be prescribed. As a rule, insurance cost depends on the number of users who have provided access to accounts, as well as on the number of payments carried out by a specific market participant in the open banking framework.

5. Monetisability of API

PSD2 has a major scope to promote innovation, democratising and harmonising access to accounts but at the same time, the directive powers the growth of fresh business opportunities and new revenue streams. If access to open banking APIs is free, banks will not be interested in providing high-quality APIs, which in return will impede their comprehensive use in offering commercial products. Without support from the regulator, reducing risks associated with APIs quality and availability, as well as guaranteeing smooth user-experience during the SCA on the bank’s side would become extremely difficult. One of the solutions to it is setting a single price ceiling and unified billing system for open banking API access (Brazil has chosen such an approach). Another incentive for banks would be to oblige TPPs to build and open up access to their own APIs, too, thereby creating a two-way exchange of information.

6. Open banking inclusion

A directive determines the degree of open banking inclusion within banking services. In the European Union, PSD2 regulates access only to payment accounts, without compelling access to credit, mortgage, investment, and other accounts. The possibility to access these accounts will determine the next step in open banking evolution – open finance.

Currently, the open banking phenomenon comes with certain limitations. PSD2 does not dictate an obligation for banks to notify TPPs about the payment execution process – they must only make available payment status at the moment of payment authorisation. This fact creates a gap in TPPs understanding of the real status of a payment. Also, in regards to account information services, the user has to go through authorisation and authentication procedures every 90 days to confirm access to financial data for each connected bank. However, in Australia – for example, open banking provides full access to reading financial data but does not support initiation of payments, which automatically reduces by half the value provided by open banking.

In conclusion…

The goal of open banking is to solve the challenges that previously were inefficiently handled or hadn’t been handled at all. This is an ideal instrument to build a variety of innovative services tailored to various businesses and use cases including eCommerce, accounting, audit, credit bureaus, finance management, treasury management, and many more. Combined with mobile platforms, open banking provides secure and fast access to financial services anywhere and in the most comfortable format for the user. However, the only way for open banking to operate in synergy and be equally beneficial for everyone is by keeping in mind the fundamentals of open banking and acting accordingly.

Written by Dmitrii Barbasura, CEO at Salt Edge

About Salt Edge

Salt Edge – a financial API platform with PSD2 and open banking solutions. The company has two main vectors of activity: enabling third parties to get access to bank channels via a unified gateway, and developing the technology necessary for banks to become compliant with the directive’s requirements. ISO 27001 certified and AISP licensed under PSD2, the company employs the highest international security measures to ensure stable and reliable connections between financial institutions and their customers. The company is integrated with 5000+ financial institutions in 50+ countries.

More information: www.saltedge.com
Phone number: +1-437-886-3969
Email: press@saltedge.com