State of Open Banking
It is now more than four years since PSD2 was transposed into law across Europe and the ecosystem has changed dramatically. The global Covid pandemic has accelerated the take-up of digital payments, and the number of pureplay TPPs (i.e. Fintechs) able to access online account data has more than doubled. With GDPR becoming enforceable in May 2018, consumers are now in control of their financial data and can demand transparency and accountability from those that use it. For data processors, who under PSD2 are the banks, GDPR laws mean that they need to be much more vigilant about safeguarding their customers’ personal data against theft, loss, or unauthorised access.
With the market maturing, we’ve seen a recent slowdown in the number of newly regulated TPPs, but underlying change is at an all-time high. Existing TPPs are growing their businesses by either extending their product range or passporting their services into new markets. In addition, some TPPs are losing their Open Banking permissions – for reasons ranging from M&As to business failure. Last quarter, nine TPPs had their PSD2 permissions removed – the highest seen in the past three years. So, the number of new TPPs entering the market is not slowing as fast as it seems, this is because the speed of TPPs exiting the market is rising to match it.
There is evidence to suggest that transaction volumes are gaining pace too. Successful API calls in the UK – a good barometer for future growth in the EEA – rose by 212 million over Q1, reaching almost 985 million transactions in March 2022, around 32 million transactions a day. Compare this to a year ago, when there were under 26 million transactions daily, or two years ago, when there were only 13 million transactions a day – and the speed of growth is apparent.
The Open Finance effect
Open Finance is often described as the next stage in Open Banking and will result in new TPPs entering the market offering a wider range of products and services than we’ve seen under Open Banking. There is likely to be an initial growth spurt as we saw after September 2019 – when the European Banking Authority’s (EBA’s) RTS came into force – only to a far greater extent.
Open Banking is narrow in its scope. It deals only with transacting online accounts and gives payment service users (PSUs) the ability to allow TPPs to initiate payments or access funds on their behalf without any interaction by account providers. Open Finance however encompasses the entirety of a consumer’s financial information, therefore introducing a completely different set of participants into the ecosystem.
Open Finance will have several implications from a regulatory perspective. Data providers will no longer be simply banks but will include other institutions like pension houses and insurance companies. In terms of data recipients, these fall into several different categories:
Open Banking fintechs will expand their offering to incorporate the data available under Open Finance;
New specific Open Finance TPPs will enter the market;
TPP-as-a-Service will continue to thrive, enabling agents to sit behind regulated TPPs and rent their Open Banking licences;
With greater revenue opportunities, credit institutions will use their Open Banking permissions to participate in the ecosystem as data recipients.
Open Finance is likely to herald a repeat of the past with an initial surge of new entrants and innovative use cases before the market settles and we will witness TPPs being acquired and others going out of business or changing their business strategy.
All this will lead to an increase in transactions – especially those requesting data. Open Finance is geared towards sharing financial data and driving automation for consumers in their user experiences. It is one step closer to an open data economy, where consumers can harness all their data to receive tailored products and better services.
Payment Initiation – a service whereby a TPP can make a payment on an accountholder’s behalf – is on the rise, and the number of TPPs who are regulated to provide Payment Initiation Services (PIS) in the EEA has doubled in the last two years. Open Finance will continue this trend due to the ability of investments, lending, credit and pensions to be automated and recurring. Embedded finance will enable payments to become a more seamless, invisible part of the user experience leading to an increase in transaction volumes.
Security and risk
When transaction volumes explode and the wave of new third parties start requesting access to consumer accounts, data providers will need to be prepared. It will be essential to check that all API requests are made by authorised and legitimate TPPs, while also having dispute management systems in place for when transactions are questioned.
Disclosing customer account information in error is surely a concern for data providers. There are serious GDPR implications and associated financial penalties for mistakenly giving unauthorised entities account access, never mind the brand and reputational risks. Since GDPR regulation came into force, almost exactly 4 years ago today, the value of the total fines issued is more than €1.6bn. Banks are the trusted custodians of their customers’ financial information and funds, and any breach of that trust would bring significant consequences – something that any financial institution should bear in mind with Open Banking and the forthcoming Open Finance initiatives.
In 2019, Open Banking volumes were not sufficient for banks to invest in robust compliance and verification services. Now that Open Banking has become an operational reality and with Open Finance approaching, it is time for data providers to find a scalable solution and fully protect the financial information of their customers.
About Brendan Jones
Brendan Jones is CCO at Konsentus, a SaaS business that enables financial institutions to transact safely and securely in the Open Banking and Open Finance ecosystems. A payments expert, whose knowledge encompasses both traditional and emerging payment technologies, regulation, and their application to support open ecosystems, Brendan’s leadership career spans banking and financial technology companies. Brendan has held director roles in the banking industry including MBNA and Bank of America. He has also held senior roles within the payments industry for companies such as Datacard and Giesecke & Devrient UK.
Konsentus is a leading global Open Banking regtech company fulfilling an essential role within the European Open Banking ecosystem and the adoption of Open Finance across the globe. Konsentus is trusted by more than 500 customers across both Europe and other international markets. Konsentus Verify provides financial institutions with real-time identity and regulatory checking services, ensuring that unauthorised third parties are never given access to end-user account data or funds.