Posted on Categories APIs, Conference, GDPR, Open Banking, Retail Banking 0 Comment

Nesta_Open_Banking_Paris_event

On the 11th of April 2017,  4by90 and French Digital organised with Nesta an event in Paris to discuss the Open Up Challenge and how French and UK startups were approaching Open Banking. The event was supported by Business France and hosted by our partner Early Metrics.

 

If you don’t know about the Open Up Challenge, you should check it out (here)

In this short post,  I would like to capture some of the points that were discussed during the event as well as highlight a number of questions that ought to be considered. The views expressed here are my own and do not engage the responsibility of anyone mentioned below.

I had the privilege to moderate the discussion with an excellent panel of individuals for whom Open Banking really matter for their business.

  • Bruno Van Haetsdaele – CEO et cofondateur de Linxo (France)
  • Nicolas Ribeaut – CCO de Budget insights (France)
  • Peter Edenholm – Fractal Labs (UK)
  • David Coghlan – Marketing Director OpenWrks (UK)
  • Mark Santall – Product Owner Open Banking (UK)

Open Banking/PSD2 as a straight jacket

From some of the French startups, there was a perception/fear that “Open Banking” (that is PSD2 for most of Europe) might end being a straight jacket. In the French market as well as in some European markets, web scraping is a method widely used by a number of successful businesses in order to offer their services without having to rely on Banks willingness to enable their customers to share data with 3rd parties.

  • Data available: It works relatively well.With customer consent, 3rd parties can have access to all the data available in a customer online banking platforms. ==> with PSD2 the range of accounts that can be accessed is defined and therefore prevents in theory web scraping to occur on type of accounts not covered (e.g. savings account)
  • Frequency of access: the 3rd party can define how often the data is accessed ==> PSD2 is creating restriction as to how often data can be accessed. (i.e. it won’t be real time when a event occur on a customer account)
  • Security: There haven’t been trust shattering fraud events so far, customers are comfortable sharing their credential data to get access to these services. However this imply a security risk for the customers are they have to share their credentials with a 3rd party and be in breach of their bank T&Cs ==> with PSD2 this is sorted as the credentials are never shared, 3rd parties have instead to rely on banks SCA method. This will likely be at the price of user experience, forcing 3rd party to include in their flow some sub optimal bank methods to implement SCA.

 

PSD2 doesn’t mean one single standard across Europe

Albeit PSD2 is a European wide regulation, the local rules and means of data sharing will still vary country by country. There is not an agreed standard that will be implemented across Europe. PSD2 is still a positive step towards more alignment as access to banking data in a country will be improved from what is available today. For instance it should require less effort and less maintenance to aggregate banking data in a specific country.

 

UK is ahead of the rest of Europe

From a regulatory and technical standpoint there are no countries that have gone as far as the UK to define the technical means by which PSD2 will be implemented and the APIs definition to do so.

Furthermore the UK is the only country that have defined data sets beyond PSD2 that will have to be opened up to 3rd party companies in order to drive more competition in the UK market. This is due to the CMA mandate which aim was to bring more competition in the personal and small business retail banking sector.

However there seems little knowledge in the French startup ecosystem as to what the UK is doing in regards to Open Banking and why it goes further than PSD2.

 

Questions to explore further

To conclude I would like to highlight a number of questions that warrant to be explored further.

  • Is there an opportunity to drive more consistency around the local implementation of PSD2 in each European countries?
  • Is there an opportunity for the UK to work with other European countries to enable the set of data that will be opened in the UK market beyond PSD2 (e.g. back book pricing information)
  • Beyond just financial data, how should the means for customer to share their data be standardised. E.g. customer data that sits with retailer and social media companies?