Anda di halaman 1dari 28

From Open Banking to Open Financial

Services: The Long View


November 2017
2 From Open Banking to Open Financial Services | The Long View
Contents

Executive summary and key recommendations ….........………………………………….04

The foundation blocks ……………………………………………............................................……06

Long-term vision ...............................................................................................................09

Trust is a fundamental ......................................................................................................15

Drawing the threads together .......................................................................................19

Keeping in sync ...................................................................................................................21

References ............................................................................................................................25

From Open Banking to Open Financial Services | The Long View 3


Executive Summary
Technology has been a fundamental part of the machinery of financial services. With
the growth of FinTechs, disruption from the tech titans and ever faster innovation,
technology has also begun to affect business models. In 2018, the Payments Services
Directive 2 (PSD2) and the Open Banking Standard will allow non-bank entities, third-
party providers (TPPs), to access customer payment accounts, initiate payments and
use customer data to provide services - with customer consent.

This regulatory development will enable changes to business models that will have long-term
and far-reaching consequences. In the view of techUK, now is the time to build solid, enduring
foundations for those changes.

This paper argues that access for TPPs to customer payment accounts is just the first step.
We envision this model spreading from payment accounts across the whole range of financial
services to build an interconnected, API-based ecosystem.

We begin with a discussion of the foundation blocks required to put such a system in place,
high-lighting four basic principles: long-term, flexible thinking; collaboration; governance and
trust and standards. ‘The foundation blocks’ sets out the long-term vision of a connected
financial ecosystem, based on data. In the ‘Long-term vision’, we examine the vital need
for trust in new services and detail what needs to be done to engender this trust. ‘Trust is a
fundamental’ and ‘Drawing the threads together’ tackle the additional cogs in the wheel of
digital ID and cyber security together with the need to keep in sync with developments on
European and international standards.

4 From Open Banking to Open Financial Services | The Long View


Key recommendations:

A long-term vision: The UK Government Collaboration to enhance competition:


must come together with all the regulators Traditional ideas of competition must be
(Competition and Markets Authority, tempered to facilitate competition through
Financial Conduct Authority, Payments collaboration. All industry sectors must
Services Regulator) and industry to work together to create a connected
formulate a long-term strategy for creating ecosystem in which all players can thrive –
an innovative, diverse financial services and end consumers and small businesses
sector based on open data. The current benefit.
disparate initiatives should be brought
together into a coherent strategy.

Digital ID to unlock the doors: The key to Common open standards to keep the
a long-term connected sector is access doors open: All collaboration needs a
for the customer through a single digital common language to communicate. The
ID. This is required to minimise the burden interoperability of IT systems depends
of know-your-customer (KYC) and anti- on common standards – nationally and
money laundering rules (AML) on individual internationally. We emphasise the need
companies and to remove barriers to entry for the UK to work towards common
for new players. Work on this should be standards.
made a priority.

Open and inclusive governance: The customer always decides: Open


Collaboration relies on trust which is Banking will only succeed if it is used by
engendered through working together. the customer. There is an urgent need for
The long-term governance of Open Banking these new services to be communicated and
and future work on open financial services explained to the public. Thought should be
must be governed through principles of given to the mechanisms required to provide
transparency and inclusion. reassurance for consumers and
small businesses.

From Open Banking to Open Financial Services | The Long View 5


The foundation blocks

Not another revolution….?

In our fast-moving world - and especially in the world of technology - the word ‘revolution’ is
perhaps overused. But, it is techUK’s view that current developments in retail finance will truly
be, in the Oxford English Dictionary definition of the word, an ‘instance of a great change in
affairs’. The revised Payments Services Directive (PSD2) and the Open Banking Standard in
the UK will fundamentally change business models as well as the technologies used to access
them.¹

PSD2 and Open Banking – payment accounts: phase one

The Revised Payment Services Directive (PSD2) creates a new category of regulated provider –
the third party provider (TPP). There are two types of TPP:

• A payment initiation service provider (PISP): This is a company (not necessarily a bank)
which will be able to access a customer’s payment account information and initiate a
payment on their behalf,
• An account information services provider (AISP): This TPP will seek consent from a
customer to access their payment account information (the consent will be limited to that
data required to perform a particular service). The TPP will use this data to provide further
services (e.g. allow someone to see all their accounts across different banks).

Both types of TPP will need to be authorised by the Financial Conduct Authority (FCA) in the
UK (or other national competent authority if they are outside the UK) and have consent from
the customer to make the payment/use the data. One company may be both a PISP and an
AISP. Existing banks, e-money issuers, payment institutions and account servicing payment
providers (ASPSPs) may decide to also become TPPs.

6 From Open Banking to Open Financial Services | The Long View


Four basic principles
The path to this future is not without hurdles. In our view, to reach a new tech-based financial
services world, there are four basic principles which must underpin all our work:

1.
Long-term, flexible thinking: Open Banking concerns payment accounts only – it
is just the first step. The work done now will dictate whether and how fast we can
advance to the longer-term goals. Difficult issues must be faced from the outset
and thinking elevated to encompass the long-term – many of the most interesting
opportunities may not yet be visible.

2.
Collaboration: The new retail finance landscape will succeed through collaboration,
with customer data at its heart. All players – current incumbent providers, new
entrant providers, service-users, corporates, SMEs, consumers and regulators - must
work together. Building end-user understanding and trust is vital and cannot flourish
in a closed environment.

3.
Governance and trust: Long-term, independent governance, which is open,
transparent and inclusive of all players, will be essential for trust and for
collaboration. This should be underpinned by the long-term strategy at 1 above.

4.
A wide market view and standards: Financial services is increasingly a global
market, and the technologies used, to be scalable, must be interoperable at a
fundamental level. Work on standards to ensure such compatibility at European and
international level must be undertaken at an early stage.

Throughout this paper, we will show that these foundations are intricately linked: they
depend on each other. Like any good foundation, each brick is important, but it is the
solidity, the interconnectedness of the structure that gives the whole its strength.

And let’s not forget the importance of attitude. Those who are building the structure have
to believe in its value and have to depend on each other. For Open Banking to take off,
and crucially to deliver value for the end user, both consumers and small businesses,
it needs enthusiasm and engagement from all parties.

From Open Banking to Open Financial Services | The Long View 7


In its press release in July 2017, HM Treasury announced that the PSD2 regime will:

“ Lead to innovations like managing all bank accounts from one easy-to-use app, enabling
people to budget more effectively, or helping consumers avoid unwanted overdrafts by
making automatic payments between bank accounts when funds are running low. New
innovative apps could provide personalised product recommendations based on exactly


how consumers spend their money, such as suggesting which savings product would
suit best based an individual’s saving habits.

This is the vision but it needs true buy-in from all parties. The nine biggest UK banks have
been mandated by the Competition and Markets Authority (CMA) to build Open Banking.
Much progress has been made and money has been spent, but we still lack a true sense of
collaboration between the incumbents and the new players, the banks, tech titans, and the
FinTechs and, crucially, the end-users - consumers and small businesses. Regulation is all
very well, but it is people who make it work. Open Banking will arrive in January 2018 and
the whole industry must put its weight behind it. However, January 2018 is just the start - the
functionality, which will be provided for Open Banking APIs, will be a minimum viable product
and much work will remain. Indeed, the Regulatory Technical Standards on strong customer
authentication will not come into force until 18 months after they are finally adopted. The
impact, will be gradual, with many institutions adhering to a basic standard until new models
and innovative services come into being. Still open are the questions as to when we will reach
a fully ‘post-PSD2’ world; what this looks like for the industry and what benefits will be seen by
service-users?

We will argue in this paper that there are potential benefits for all. Companies will thrive by
offering customers the services they need and value. Many new services will be made possible
- from the incrementally innovative to the radically disruptive - and there will be room enough
in the market for all. But if some segments of the market go forward only with reluctance, the
opportunity will be lost, investment wasted and the UK could easily fall behind other markets
– both European and international.

Right now, the UK is in a prime leading position; the work being done here is far ahead of
that in any other jurisdiction. This is the UK’s advantage on which we must capitalise. Building
standards and models which can be exported will benefit the whole of the UK economy. If and
when we get this right, the possibilities are legion.

8 From Open Banking to Open Financial Services | The Long View


The long-term vision

Payments is but the starting point


At present, all eyes are on PSD2 and Open Banking and their common implementation date of
13 January 2018. But access to payment accounts is only the first step in an evolution towards
all types of financial services operating within a competitive, open API-based environment.
Real value for customers, over the decades to come, will lie in the aggregated use of customer
data across financial service types to allow individuals and companies a holistic view of their
financial health - past, present and future. We envisage that mortgage, insurance, loan and
savings products and services will all, in time, move to a similar model. The structures put in
place for payment accounts for PSD2 will set a precedent: it is essential that models put in
place now are robust, flexible and meet the needs of all sides of the market.

Financial data + vision = possibility

Imagine a woman called Sarah. In 2022, Sarah lives in a world where all the information she
might possibly need to manage her finances is available in one place. Sarah logs on to her
online ‘My Finances’ portal, she enters her one secure, personal key, which operates across
public and private-sector services.

From one place, Sarah can get information on:

Mortgage
Pensions Loans

Insurance Savings

New
Accounts data-driven
services

From Open Banking to Open Financial Services | The Long View 9


This is not an exhaustive list (and the possibilities for capital markets are even wider). As well
as seeing all this information, Sarah will be able to move funds around these accounts. She
will also be able to have real-time chats with artificial intelligence (AI) bots or she can arrange
personal advice sessions. She can get forecasts on, for example, the state of her pension at
retirement age, what that pension would look like if she took out an additional policy now.
She can compare many types of mortgage, insurance and savings policies using her real
data. Ultimately, these services will become hyper-personalised, predictive and pre-emptive,
dynamically serving a market of one. (Sarah, in this example).

The work of the Open Banking Implementation Entity (OBIE) will put in place the common
standards. But since PSD2 is limited to payment accounts and Open Banking to consumer and
SME bank accounts only, there is a long way to go if Sarah is to be able to see and manage all
her financial dealings.

Looking even further ahead – the open data society

Looking further than financial services opens up possibilities for using connected data in all
sorts of ways. The end model here is a fully ‘open data society’, where the combining of data
from all aspects of a person’s life could give rise to a whole spectrum of imaginative services.
Much work is being done on health data and how it could be combined with insurance, for
example, to allow the individualisation of policies - although this leads to very tricky questions
about the social policy aspects of insurance and the sharing of risk.

But some of the most obvious ways of combining financial and other data could have
immediate and striking benefits for financial inclusion and improving the financial health of the
less well off.

For example:

Debt prevention: the combination of Identifying vulnerable customers:


customer data on spending patterns, data on energy consumption and
welfare benefits and energy household income could be used
consumption could be used to help to target those in need of energy-
people budget and avoid debt. use planning and those entitled to
additional benefits.

Improving post-retirement savings: Tailored services: the rise of


providers are already emerging who smart devices in homes and cars,
automate regular savings into the combined with financial data will
stock market for people who would allow tailoring of, for example,
not otherwise access such saving insurance products to customer
routes. lifestyles.

10 From Open Banking to Open Financial Services | The Long View


It’s the data, stupid

One thing is driving all these possibilities and that is data. The collecting, sifting and organising
of Sarah’s data - past, present and future - into useable formats.

Data is at the heart of everything tech can do: it is the fodder tech uses to work its magic. But
to use data properly, we have to know where it is, what it is and be able to get at it and use it
in a meaningful way. And it’s the tech that does this bit. But the tech can only do what business
models, regulations and, crucially, interoperable standards enable it to do.

What is data and who ‘owns’ it?

To state the obvious: data in financial services is not a new thing. But until 5-10 years ago, no-
one talked about it – certainly not the individual citizen (or legal entity) who generated it. Data
is just a set of facts. From a person’s date of birth, to the value of their weekly shop, to what
hobbies they enjoy – this is all data that can be monetised and provide benefit to that person.

Historically data has been collected and stored by individual companies. Incumbent banks,
insurance companies, pension firms, loan companies gathered it all up and kept it in
compartmentalised databases – the infamous ‘legacy silo systems’. For many market segments,
holding data about an individual allowed a company to view that individual as ‘their customer’.

But the internet, digitalisation and the proliferation of data are dismantling this set-up. The
idea that a consumer chooses one bank and stays for life is being challenged by regulators and
FinTechs alike. Tech firms have developed nimble systems which can organise and manipulate
data, drawing customers away from traditional financial infrastructures. And the fact is that
the mountains of data held in legacy silos cannot be used properly since the silos are all so
disconnected that the data is hidden, disorganised and inaccessible.

From Open Banking to Open Financial Services | The Long View 11


There are two ways to approach this data-driven reality:

The ‘do it all yourself’ view

Existing traditional players can try to radically renew their data systems, expand their capacities
and offer customers all types of services they might need in-house. This can be done through
takeovers, joint ventures and amalgamations with other providers. Incumbent banks can
become PISPs and AISPs themselves and so expand their services.

There is also the possibility that some banks will, unilaterally, progress their API offerings
beyond the scope of the CMA order and the PSD2. Much controversy has resulted from the
debate on screen-scraping and the proposal by the European Banking Authority, in their
original draft of the Regulatory Standards on Strong Customer Authentication, to ban screen-
scraping . At the time of writing, this debate is not yet settled. Yet the truth is that whether
screen-scraping² is banned for payment account data or not, it will continue for all the other
types of account on which data is gathered. Some banks argue that the screen-scraping model
is not secure (as it involves the disclosure of a customer’s credentials to a third party). If they
are serious in these concerns and if they wish to rectify them, the logical and consistent thing
to do, would be to provide TPPs with secure API-based access to customer information, which
goes beyond the scope of PSD2 and the Open Banking Standards.

This would also permit the incumbent banks to work together with TPPs to further expand
the services they offer to customers - here we see the ‘do-it-yourself’ model meld with the
collaboration model below.

The collaborative view

The other model would be for financial firms to focus on their own core businesses and to
collaborate with a wide range of other services providers to give customers access to all the
services they require. It could be argued that in the wake of the financial crisis, this is the far
more credible way to operate. No ‘too big to fail’ problems, but a network of self-standing
mutually beneficial, interoperating service providers. Competition is enhanced rather than
threatened, as each company is free to develop in its own way. Small players can, through
collaboration, bring services to the larger market.

Such a model also provides greater customer choice, multiple service quality options, and
accommodates the needs of the individual consumer according to their circumstances.

A further point of note is the emerging shift in societal thinking towards the idea that data –
that crucial fuel – should be seen as more like a public commodity. It should be open, available
and useable by all players for the benefit of the customers who generate it. The General Data
Protection Regulation (GDPR), which comes into force in May 2018, puts the focus on consumer
control of their own data – consent must be given for its use. And a more radical view is that
the consumer themselves should directly financially benefit from the use of their data. This is
perhaps the next step.

What is clear is that the wide and multiple use of the same sets of data will necessitate a far
greater measure of collaboration among the numerous players in the financial services chain if
the vision outlined in the exectuive summary and key recommendations is to be realised.

12 From Open Banking to Open Financial Services | The Long View


But what about the platforms?

Many see the big internet platforms, such as Google, Amazon, Facebook, Alipay, Wechat,
as challenging traditional (and even to emerging) banking and financial services models.
These players have increasingly been moving into the payments space, and arguably they are
much better placed to succeed than financial services firms. Network platforms have ultra-
sophisticated tech; they have reach, international presence, huge customer bases and they also
have resources. And with Open Banking, they will also have access to data held by banks. Yet
there are several points to make here:

• Incumbent banks have an advantage on which to build: customers trust banks in the same
way that they trust utility providers of gas, water and electricity – often called logical trust.
In this regard, banks outperform the tech titans. Where banks do have an opportunity to
build is in the arena of emotional trust (critical to engagement) – where the tech titans are
leading the field.

• Tech titans do not necessarily want to be banks in the traditional sense. They will use new
payment options and data to create and market financial services to customers - creating
an engaging and valuable layer of services. But they are unlikely to enter the core banking
business. This is where collaboration between technology and financial services providers
can predominate and thrive.

A further interesting point is that there is potential for a shift in our understanding of
competition in markets – and how this could play a part. The competition ethos has become
hard-wired across economic activity in the western world, but digitalisation and the availability
of data (like the internet itself) is enlarging the range of possible models for doing business.
E-services expand markets; they allow providers to concentrate on particular market segments
and to reach out widely – nationally and internationally. ‘Niche services’ can thrive. Growing
ever bigger and doing ever more things need not be the optimum model.

But if collaboration and a connected ecosystem are not embraced by the financial services
sector, the danger is that the technology platforms will move in and come to dominate the
market, relegating traditional banks to the unseen ‘rails’ of finance.

From Open Banking to Open Financial Services | The Long View 13


As we have outlined, and as all commentators agree, data is the fuel that will drive innovation.
It has also been axiomatic in economic thinking over the past decades that competition is also
essential for innovation. But if we deepen our understanding of data, and how best to use it,
this has potentially fundamental implications on our understanding of competition. It can shift
the belief that it is primarily competition which drives innovation and economic progress. In
our view, in a digital age where markets can be worldwide, collaboration will be as important
as competition in driving innovation. In fact, we must come to recognise that collaboration will
enhance competition.

Whether this shift will go further and what its full implications will be is not yet fully recognised.
But it is the view of techUK that the financial services sector must move towards an era of more
sophisticated competition.

A healthy sector of the future will have room for players of small, medium and large size.
Even alongside the powerful internet platforms, small may still be beautiful after all. Increased
partnerships and collaboration will allow incumbent players to compete not merely with each
other, as they have previously done, but with the tech giants who are increasingly operating in
the space.

Once the benefits of such collaboration materialise, this will prompt more, leading to a virtuous
circle of value for all.

In the view of techUK, the best way for the financial sector to thrive, and to maintain its
market share, is through collaboration.

14 From Open Banking to Open Financial Services | The Long View


Trust is a fundamental

Customer trust
Open Banking has been called the biggest change in retail banking since the invention of the
ATM – but who, save a handful of industry experts, knows anything about it? It is true, of course,
that consumers don’t care how back-office systems work, but the whole success of Open
Banking – and beyond – depends on customer use.

The customer, after all, is the most important collaborator. And the danger is that if Open
Banking does not adequately catch the customer’s eye, and they do not trust it, this will hold
back the potential for real financial services innovation for years. Yet is this so obvious a fact
that it is in danger of being overlooked?

For payment initiation

Here we must differentiate between payment services under Open Banking and account
information services. New payment services have a much harder task when it comes to
engaging the customer. Customers will only use a new service if:

• It provides a benefit they don’t already have. Consumers and small businesses are quite
happy with the card-based models already available and Open Banking for payment
initiation on its own provides no new service. Indeed, since it is a push payment, consumers
may lose the charge-backs and insurances they have with credit cards.

• They are incentivised to use it. The most obvious incentiviser for PISP services is the
retail community. TPP-based payments will allow retailers to move away from card-based
payments, which carry interchange fees and other security-related costs for merchants.
They are likely to be attractive to merchants. If customers were offered rewards, vouchers
for using a new payment type, they probably would. If they are simply presented with a new
unknown payment option which offers no benefit and which they do not know or trust, they
will not use it - unless it is part of a known brand.

From Open Banking to Open Financial Services | The Long View 15


For account information

There is much greater scope for account information service providers (AISPs) to engage the
customer. Open Banking will allow them to amalgamate the payment account information from
several different banks and offer access from one point. They can also provide comparison
services for financial information, allowing a customer to compare all sorts of different
products, using their own data. Yet many such services already exist using ‘screen-scraping’
models.

It is our view that the lack of consensus on the future of screen-scraping is one of the most
worrying hurdles to engaging customer buy-in and engendering customer trust in open-
banking type services. Customers need clarity. So if screen-scraping is to be prohibited
post-2019, to make way for a fully Open Banking-based model, a clear message must be
communicated to customers as to how they should use their personal credentials.

To ensure customer trust, techUK calls for:

A customer information and engagement An end to conflicting messages on the


campaign to be developed and rolled out as use of customer credentials. Consumers
soon as possible. must be assured that all regulated service
providers have a duty to secure their data.

Discussion and understanding of how Wholehearted cross-industry and


customers are encouraged and incentivised Government backing for Open Banking
to use new providers and services. in the short-term and the extension of its
principles across financial services in the
long run.

Trust amongst providers

Trust is essential. In the game of open financial services, all actors will play an equally necessary
part. As we noted in the last section, the view of ‘hard competition’ and of ‘winners and losers’
is one we must move away from. If incumbents merely encourage innovative start-ups to fatten
them up for a take-over, trust will not flourish – either among incumbents and new players or
from the end-users to the providers. It is clear that Millennial and Generation Z service users are
much more ready to change provider according to their needs and preferences and they will
turn away from the innovators if they perceive they have ‘sold-out’. The pace of innovation will
stall and all competition will suffer.

If market players continue to view each other with suspicion, we will get nowhere. And
suspicion arises from a lack of understanding, which stems from a failure to engage in open,
clear, honest communication. As in many areas of life, communication is key.

16 From Open Banking to Open Financial Services | The Long View


Open Banking is still to some extent suffering from these problems. From the outset, there was
a lack of information for large parts of the stakeholder community about what work was being
done, what considerations were taken into account and how work was being assessed and
verified. The level of stakeholder engagement and participation, knowledge and understanding
was low and this led to confusion and uncertainty within the FinTech and stakeholder
communities. This was due to many factors: time deadlines, complexity of processes, and the
number of stakeholders involved. It was also due to a lack of discussion and consensus about
the long-term vision which, as we argue in this paper, is so essential.

The CMA order mandated the CMA9 to deliver a number of standards that went a fair way
towards everything required for PSD2, but not the whole way. There were overlaps, elements in
the CMA order not required for PSD2 and elements of PSD2 not covered by the CMA order.

Trust, therefore, needs to be built-up. This fact must be recognised and addressed; concerted
effort must be put into re-establishing it and structures must be reorganised to mend divides.

This brings us on to the urgent work which must be done now: establishing governance
arrangements post January 2018.

Transparent, representative governance

Open Banking comes into effect in a few short months and we must urgently decide how
to address the next phase of PSD2 and Open Banking development. The OBIE has released
a proposed roadmap for dealing with the elements of PSD2 which were not covered by the
CMA order and now need to be incorporated. It also makes a number of proposals on future
governance. For members of techUK the crucial questions are:

• What governance structure will best serve the needs of financial services users and promote
the flourishing of technological innovation, and increased productivity, in this sector?
• What structure will best provide openness, transparency and a fair opportunity for
representation of the interests of all stakeholders?
• How do we populate such a body so that it is representative of the whole market – including
customers?
• How is the continuation of Open Banking to be funded?

There has been a proposal that the governance of Open Banking should be put into the hands
of the New Payment Systems Operator (NPSO). This is the amalgamation of three existing UK
payment systems operators: Bacs Payment Schemes Limited, the Cheque and Credit Clearing
Company and Faster Payments, which builds on the work of the Payments Strategy Forum.

From Open Banking to Open Financial Services | The Long View 17


This proposal should be subject to industry-wide debate. Is its role as central to a new
payments architecture compatible with a wider Open Banking role? More importantly, any
governance body must be sufficiently representative of the needs of the users of payments
services – both SME and consumer. It must include representatives from the innovative sector
within it, and beyond. If not, it would be critically restricted in its outlook and vision.

The crux is that the overall governance arrangements must be fully representative across the
whole market. The aim of Open Banking is to open up competition in the payments and retail
banking sector. In our view, this objective would be entirely defeated if future governance were
to be placed in the hands of a group of provider entities which represent the incumbent part of
the payments sector of the market only.

It would also defeat the aims of trust and collaboration – which we argue are the corner-stones
on which the success of Open Banking will rely.

techUK calls for urgent consideration of Open Banking governance post January 2018. We
need:

An open and inclusive policy discussion Sufficient time must be given for the
on future governance, within which all views of all parties to be canvassed and
possibilities are considered. considered.

All the regulators and key departments – Representatives from all sides of the market
FCA, HM Treasury, ICO, CMA, FOS and PSR and all interested stakeholders must be
should develop a consensus position on included in these discussions.
their own long-term vision.

18 From Open Banking to Open Financial Services | The Long View


Drawing the threads together
In this section, we will look at a number of initiatives which all aim at the long-term vision
described in ‘the foundation blocks’: a joined up digital financial services ecosystem.

Digital ID

A foundation stone for access to digital financial services has to be a trusted and secure means
by which customers can identify themselves. The long-term goal for ‘open financial services’
should be one single digital ID, which gives access to all services – accepted by and sufficient
for all providers. This means that the ID will have to satisfy the requirements of all legislations
on know-your-customer (KYC) and anti-money laundering (AML).

Moves towards a digital ID in the UK began with the Gov.UK.Verify scheme, under the ownership
of Government Digital Services and the Cabinet Office. Its long-term aim was to provide an ID
for UK citizens in their dealings with Government services and its first use case was to be for
universal credit claims.

The Department of Work and Pensions, led a procurement exercise in 2012, and a number of
external companies were identified to do the credit checking. The whole project, however,
suffered numerous delays, not least because universal credit itself (supposed to be fully rolled-
out in 2013) did not materialise and it is not clear if or when it will appear.

However, although signing-in for the first time was supposed to take around 15 minutes, the
process was complex. Around 40% of people were not able to certify their identity in the first
year of its use and take-up, consequently, was fairly low.

But the Verify scheme is now functioning. According to the latest Government information,
it can be used for 12 different Government services including tax returns, driving licences,
checking state pensions and income tax, and renewing passports online.

TISA Digital ID project

For some years, TISA (Tax Incentivised Savings Association) has been developing a digital ID
for opening and managing ISAs.

TISA has a working pilot, which is to be tested at the end of 2017-2018. The plan is to create a
digital ID which will allow consumers to open new savings accounts and to securely transfer
money between funds. Beyond this, it is intended to link online Government services onto one
dashboard to be accessed through the one digital ID, which is fully compliant with the GDPR.
TISA is working closely with the Information Commissioner’s Office, which is writing guidelines
on the GDPR. In addition, the digital ID must comply with eIDAS, PSD2 and the
EBA/RTS as well as the 4th Anti-Money Laundering Directive, which came into force in June
2017. (A 5th AML directive is also already in the pipeline).

From Open Banking to Open Financial Services | The Long View 19


Exactly how the TISA ID would link in with the Gov.UK.Verify scheme is still under discussion.
Part of the difficulty is whether the Verify scheme allows all the checks necessary for
compliance with all the above regulation. The other difficulty is whether a system developed for
Government use can be reused by the private sector.

This is a start but it is piecemeal and it is far behind what other European countries already
have in place. Many countries, such as Belgium, Germany, Portugal, the Netherlands, Austria,
have Government-led e-ID schemes offering access to local and central Government services.
Estonia has developed a sophisticated scheme in a bank-Government partnership which offers
access to banking services.

techUK call on the UK Government to put political impetus and resources towards:

A digital-ID scheme which operates for Working with European colleagues on EU


public and private use and which can evolve initiatives for Digital ID.
to cover all financial services.

Pensions dashboard

In 2016, HM Treasury asked the pensions industry to put together a pilot for a ‘pensions
dashboard.’ This would be an online tool through which a citizen would be able to find all their
UK pensions and view them in one place. The industry, led by the Association of British Insurers,
is running a pilot, to begin in December 2017. This is a good start, but it still has several missing
links:

• The pilot allows visibility but does not allow a consumer to do anything e.g. shift money
from one fund to another.
• It is UK only – thus anyone who has worked abroad for any time will see gaps in their
pension history.
• It is not yet clear if signing up will be mandatory or voluntary. If mandatory, the burden on
small firms could be very heavy. If voluntary, two further problems arise:
- why would a pension fund share its data in this way?
- without full coverage, the usefulness of the scheme would be limited.

20 From Open Banking to Open Financial Services | The Long View


Keeping in sync
Financial services is a global business and a crucial part of a long-term plan for financial
services must be interoperability with the European and international market. This means two
things: (i) keeping abreast of work being done elsewhere to avoid duplication and divergence
and (ii) standards.

European Union work on Financial Services and FinTech

The European Commission has recognised that technology is transforming financial services
across the board and is taking a cross-sectoral approach. In November 2016, it set up a Task
Force on Financial Technology, which led to a public consultation in March 2017 on the role of
FinTech in the financial sector.³ This document considers a wide range of topics: AI and big data
analytics, social media and crowd-funding, IoT and its impact on the insurance market, regtech,
DLT, cyber security and industry standards.

Also in March, the Commission launched a Consumer Financial Services Action Plan⁴, aimed
at creating a European-wide digital market for financial services. Commission Vice-President
Valdis Dombrovskis, said ‘European consumers and firms should be able to take full advantage
of a true Single Market for financial services. Consumers should have access to the best
products available across the EU, not just within their own country. (Technology) has the
potential to change for the better the way people access financial services.’

The ambitious plan includes creating an EU mortgage market with the right to early repayment,
clear information on mortgage credit and the ability for mortgage brokers to work across the
EU. It also plans to extend the Cross-border Payments Regulation⁵ to ensure all money transfers
cost less across the euro-area. A crucial plank of this plan is an EU digital ID for financial
services. The idea is for all the national schemes become interoperable and also extend to
private sector use. The aim is a fully cross-border system of e-ID, which complies with all AML
requirements and can be used for cross-border financial services.

The European Banking Authority (EBA) has also determined a need for further work on
FinTech. It conducted a mapping exercise to find out where the market was developing in each
of the member states. Following from this, it issued a discussion paper⁶ which identified the
need for further work on:

• Authorisation and registration regimes and sandboxing/innovation hub approaches;


• Prudential risks and opportunities for credit institutions, payment institutions, and electronic
money institutions;
• The impact of FinTech on the business models of credit institutions, payment institutions
and electronic money institutions;
• Consumer protection and retail conduct of business issues;
• The impact of FinTech on the resolution of financial firms;
• The impact of FinTech on AML/CFT.

The EBA will issue proposals on how to address these areas in a 2018 work programme.

21 From Open Banking to Open Financial Services | The Long View 21


Standards

Standards are seen as dull, dull, dull, but the reality is that the level of complexity in modern
tech makes industry-wide standards crucial. Innovation means difference but difference is only
valuable up to a point. To succeed, each innovative product or service must be able to work
together with existing and future counterparts. They all must comply with mutually agreed sets
of standards to make them:

• Interoperable with comparative systems and widely useable;


• Trustworthy and reliable on functionality and security;
• Lasting: technologies evolve constantly and standards are a way to ensure that they all
continue to evolve along the same basic lines.

There are clearly numerous standards already in existence and ISO standards 20022 is being
widely implemented in the new payments architecture to be put in place following the work of
the Payment Strategy Forum. But ISO 20022 is not a solution for APIs and the new processes
being developed need more standardisation to develop at the same pace. In our view, not
enough attention is being paid to this need.

Where we are currently on standards?

International

Much work is being done at an international and European level. In March 2017, the International
Standards Organisation (ISO) set up a global FinTech Technical Advisory Group (TAG) to
provide a platform for a dialogue on the growing need for data and technology standards,
required for secure global commerce. Its objectives are to:

• work with FinTech communities, including public sector bodies, and ISO to fill gaps and
educate;
• promote the adoption and implementation of consistent standards, where possible;
• effectively address common issues collectively and consistently;
• encourage strong and open communication and the sharing of information concerning
financial services standards.

The European Committee for standards (CEN) has also set up a working group (CEN:BT WG
220) and is carrying out a mapping exercise to identify all current standards that apply to
FinTech. In its response⁷ to the Commission consultation on FinTech mentioned above, CEN
states ‘Digital innovation is transforming industry at a fast pace; new technologies, competitors
as well as a shifting consumer demand bring new business opportunities as well as challenges.
It is essential that standards are in place to ensure the uptake of these technologies.’

22 From Open Banking to Open Financial Services | The Long View


UK

In July last year, techUK worked with Finextra and the British Standards Institution (BSI)
to produce a ‘Roadmap for FinTech Standards’.⁸ This identified three areas of priority for
standardisation work:

• procurement and on-boarding;


• integrating FinTech into existing standards;
• consumer assurance and trust.

To push this work further, the BSI has set up a FinTech Advisory Group to act as a focal point
for all the various initiatives on standards.

Open API standards

The OBIE is, of course, developing standards for open APIs to be used in Open Banking. These
need to be robust, reliable and trusted by the TPP community. There is a strong need for initial
rigorous testing and a governance structure which sets clear rules for ongoing revision, public
consultation and further testing. To flourish, standards must be regularly reviewed, updated and
revised, with the input of all market players.

Distributed Ledger Technology (Blockchain)

The BSI has also been working on standards for distributed ledger technology (DLT). This has
already taken on an international element. In September 2016, Standards Australia won a bid
to develop a standard for blockchain within the International Standards Organisation (ISO).
To progress this, a group of UK experts joined experts from across the world at a conference
in April 2017 in Sydney. The priority areas they are looking at are terminology, reference
architecture and ontology, interoperability, security and privacy, identity, governance, use-cases
and smart contracts. As part of its work, CEN is also prioritising blockchain standards.

techUK calls for Government action to help develop a financial services standards
body.

From Open Banking to Open Financial Services | The Long View 23


Cyber Security and Insurance
To get certification from the FCA, TPPs will have to provide proof that they have in place
sufficient private indemnity insurance (PII). This is a new market for insurance, which throws up
significant problems. Insurance for payments made via TPPs is fairly simple – as risks can be
identified. However, the problem is with data. The potential loss of misuse of data is very hard
to quantify. Data may pass along a long chain of providers and current systems are not able to
reliably trace where a breach may have occurred in that chain.

There may be significant time lapses between the first release of the data and any potential
misuses and the likelihood and extent of the loss is very difficult to establish in advance.

Clear rules must be established as to how players should be adequately traced so that liability
may be established. There may also be cases where it is not feasible to establish where a
particular breach occurred. Arbitration and dispute resolution may assist in resolving disputes
but above all, clarity is required. We suggest below that an industry-wide insurance scheme
may be the best way to cope with such eventualities.

The cyber insurance market has been working towards expanding existing product offerings
to plug this gap. However, the question remains whether the products which will develop will
be affordable for all FinTechs and TPPs. If they are not, this is a potential market barrier. A
small TPP may incur very large risk – and indeed, there is an argument that a newly established
provider is riskier than a long-established one – therefore premiums on any insurance ought to
be higher. A balance has to be struck here which ensures:

• sufficient insurance protection of customers;


• only responsible companies flourish in the market;
• the barriers to entry for new players are not exclusionary.

techUK calls for regulatory action to ensure that an industry solution is provided in good
time; one possibility could be an industry wide cooperative insurance scheme. Contribution
levels could be geared according to size, risk and capacity. Such a scheme, again, is
collaborative and provides mutual benefit.

24 From Open Banking to Open Financial Services | The Long View


References
1. For ease, in this paper, we will refer to PSD2 and Open Banking Standard collectively as ‘Open
Banking’

2. EBA Draft Regulatory Technical Standards on Strong customer Authentication: https://www.eba.


europa.eu/documents/10180/1761863/Final+draft+RTS+on+SCA+and+CSC+under+PSD2+%28EBA-
RTS-2017-02%29.pdf

3. FinTech: A more competitive and innovative European financial sector: https://ec.europa.eu/info/


sites/info/files/2017-fintech-consultation-document_en_0.pdf

4. European Commission, Consumer Financial Services Action Plan: https://ec.europa.eu/info/


publications/consumer-financial-services-action-plan_en

5. Regulation (EC) No 924/2009 on cross-border payments in the Community: http://eur-lex.europa.


eu/legal-content/EN/TXT/?uri=CELEX:32009R0924

6. European Banking Authority Discussion Paper on the EBA’s approach to financial technology
FinTech) 4 August 2017: https://www.eba.europa.eu/-/eba-publishes-a-discussion-paper-on-its-
approach-to-fintech

7. CEN Response to the European Commission’s Public Consultation on FinTech, June 2017 https://
www.cencenelec.eu/News/Policy_Opinions/PolicyOpinions/Reply-FintechConsultation.pdf

8. https://www.bsigroup.com/LocalFiles/en-GB/PAS/Homepage/FIN_BSI_short_v9_072716.pdf

From Open Banking to Open Financial Services | The Long View 25


techUK’s financial services and
payments programme
techUK’s work in financial services focuses on a wide range of areas: digital banking, insurance, payments
and related issues around identity and authentication, cyber security, financial inclusion and the adoption
of distributed ledger technology. The Programme examines the impact of current and evolving regulatory
framework at a domestic, European and International level.

Central to these objectives is the role that techUK play in representing the expertise and views of the
technology and financial services sector in policy-making and standard setting. This is achieved by
delivering expert consultation responses, insight reports, and policy inputs that have a constructive
impact on policy. We do this by convening expert groups to understand the issues and develop
thoughtful insights and constructive inputs.

Policy Working Groups

• Open Banking & Payments: Directly influence: how PSD2 and the Open Banking Standard
is implemented; the standards for Open APIs; business models for third party providers; the
evolution of the Payment Strategy forum.

• Insurance: Push innovation through advocacy at regulatory and Government level; help
progress innovative technologies and business models - driverless cars, connected homes
and targeted insurance products which fit consumer expectations.

• Blockchain: Better understand and influence what and where the true impact of blockchain
will be felt; lend your voice to our calls for Government to pursue the aims of the Walport
Report and create a concerted plan to further the potential of this technology.

All techUK’s programmes are interlinked - financial services today are inextricable from big data, cloud
computing, cyber security, IoT, artificial intelligence. techUK membership gives access to all these related
programmes and to our expertise, our activities, events, and the knowledge of our members in all these
areas. We are a one stop-shop for tech.

26 From Open Banking to Open Financial Services | The Long View


From Open Banking to Open Financial Services | The Long View 27
techUK represents the companies and technologies that are defining today the world
that we will live in tomorrow.

950 companies are members of techUK. Collectively they employ more than 700,000
people, about half of all tech sector jobs in the UK.

These companies range from leading FTSE 100 companies to new innovative start-ups.
The majority of our members are small and medium sized businesses.

techUK.org | @techUK | #techUK