Australia has begun its trek towards an open banking regime but has a lot to learn from the UK, which is much further down the open banking track.
A group of influential financial services executives recently sat down with Chris Michael, the chief technology officer with the UK’s Open Banking Implementation Entity (OBIE) to mull over the issues in constructing a workable open banking regime.
Mr Michael has had a bird’s eye view of the open banking journey through his work with the OBIE which came into being in 2016.
“I’ve been there pretty much from day one,” says Mr Michael.
“We were set up by the Competition and Markets Authority. I think it’s quite a similar construct to what you’re doing in Australia, which is interesting to see a central body or group that is responsible for not just creating the standards but making sure they are implemented.
“This isn’t something that exists across Europe.
“There are a number of initiatives and standards across Europe but there is no one actually looking at the whole concept of implementation – and that’s absolutely key.
“The difference in the UK from Europe is that the nine biggest banks (known as the CMA9) were mandated to pay both for the implementation entity and for adopting the standard.
“So, the standard that we are creating is a mandated standard for those nine banks and it’s optional for everyone else.”
Mr Michael’s OBIE is working on the critical API standard for read/write data which are set to be published in August.
“We think it’s a fully open standard. We’ve taken great pains to ensure that it’s fully open and everyone can contribute globally to it and that everyone can adopt the standard, if they so choose.
“We’re working on a version three of the API, which we’re going to publish in August this year.
“It will cover all Payment Services Directive 2 accounts. So basically anything that is an online payments account and in any currency for both read and write.”
The technical standard piece of PSD2 requires banks to be live in the market either with an API solution or a fall-back by September 2019 and have a testing facility available to third parties by March 2019.
Mr Michael believes Australia needs to look into its own open banking testing regime.
“I think you need to think about Australia having enough time to test and validate things.
“It is not a one-off process because as we all know this concept of minimum viable products is a very important concept, so I don’t think this has been very well thought through in Europe of how this is going to play out beyond 2019.
“The concept of having enough testing time is an important one, something we all need to think about.
Mr Michael says identity is at the heart of unlocking how the APIs work.
“The most important thing is getting the security model right: both in the point of view of protecting the customer with their credentials and banking credentials and how the customer authenticates with a third-party or a bank.
“The standard has to be able to be implemented effectively by vendors and third parties.
“If you’ve got variances in the security model it creates potentially a huge barrier for third parties to develop and integrate their applications with each bank that can be a significant barrier.
“It also creates huge problems from a user experience point of view where you’ve got different banks adopting different ways of authenticating customers and requiring customers to go through different flows.
Australia is working through identity and one of the big initiatives is the Digital Transformation Agency led federated trust identity.
Australia Post has been working with the DTA on federated trust says Cameron Gough, General Manager of Australia Post’s Digital Identity and Digital Delivery Centre.
“You would’ve seen the trusted digital identity framework has been released, and it is working to evolve some previous standards and take those to a level where there’s clarity around what a digital identity means and what assurance level would have been achieved behind it to provide greater confidence to those that might depend on it,” says Mr Gough.
“If we can get a standards framework in place, probably public sector and private sector, that would unlock a lot of value in the economy.
“We’re excited by what an agreed framework can do. It is possible we’ll see a public sector framework and a private sector framework. They will likely differ but we hope they align at some level to broaden interoperability.
“But what is critical is knowing what you’re accepting as an identity and being sure of what was done to verify that identity.”
Sarah Squire, the Chief Technology Officer at Ping Identity in the US and a member of the OpenID Foundation says open banking APIs are a key digital enabler of free markets.
“Since its inception, the OpenID foundation has intended open APIs to act as a facilitator of the free market.
“So, we want people to have control of their data to be able to move their data to whatever company provides the best value proposition,” says Ms Squire.
MoneyPlace founder and CEO Stuart Stoyan believes bringing customers along on the path to open banking is crucial.
“I think the royal commission very much puts the customer front and centre of this.
“The lens of the Treasurer and all the stakeholders should be putting this through is what is the customer outcome that has been driven from this and that’s going to be where the trade-offs are going to be.,” says Mr Stoyan.
Ping Identity Asia Pacific CTO Mark Perry agrees and reckons a wave of new apps will entice customers into an awareness of open banking.
“I think this is being driven out of customer demand for new products and services, rather than being pushed from the other way.
“Nobody is going to walk into a bank and say, ‘I want open banking’, that doesn’t happen.
“But what will happen is that someone will release a fantastic new application on the phone or what have you, and people will use that application and they will say, ‘does my bank connect to this? Can I use my banking data to provide that service to me?’
“And what we need to be doing is providing the mechanisms to allow that person to firstly allow that data to be shared securely, but also with informed consent.
“I think open banking gives us a model where we can actually, at fine detail, provide that information to the consumer and make them feel as if they are in control, and then be able to remove consent at a later date using a very easy mechanism,” says Mr Perry.
Thor Essman, Founder and CEO of Versent, wonders if digital consumers have already become so used to services like Netflix and Spotify that they would take the shift to open banking – and the experiences that would generate – as a given.
“In our customer lives we are living that experience in almost everything else we consume in our life. I think it’s just a, ‘why not banking?’, versus really having to prove it is banking.
“My playlist would tell you more about me than my bank balance,” he says.
Beautiful new banking apps won’t convince customers if they are not secure says Myles Hannan, Director of Enterprise Architecture at Westpac.
“The thing is you can have the most beautiful widgets, but the moment that it starts putting people at more risk or there are data breaches it doesn’t matter how beautiful the functionality is.
“Being able to take my funds hurts a lot more than being able to see my music. That is why we need the accreditation process,” says Mr Hannan
Mr Perry believes the OBIE experience has given Australia a method for moving in to open banking one chunk at a time.
“I think we’ve got a real opportunity here now with the UK breaking ground in this area that we can follow and learn from those mistakes.
“I think that Chris (Michael) has given us the recipe they’re moving forward which is about having the centralised directory of participants enabling accreditation, and starting off in small chunks, as well as not trying to bite off too much.
“So, start with read access then in the future move to read write.
“But I like to think of this as the plumbing. This is the infrastructure that all the great services that people want to build, all the FinTechs and the banks and so on. This is just the underlying piece of the puzzle.
“Yes, we’ve got to provide enough trust behind this for the consumer but in terms of the technology it’s all pretty much there now, we’ve got a few things to do in terms of standards and so on, but I think the UK has that fairly well in hand.
“It’s all a matter now of going to market and evangelising this to the technology companies, but also to the consumers so they can then take that on and have that trust,” says Mr Perry.
Tom Grissen, CEO at Daon, references how the rapid emergence of the rideshare industry impacted traditional providers and Open Banking’s potential to be fairly dramatic and share shifting.
“Similarly, Open Banking coupled with how technology is enabling the shift of power from the enterprise to the consumer will have a big impact on people and traditional providers of banking services.
“Changes are now underfoot, and those who are nimble enough to adjust to this new reality have the opportunity to parlay the change into a fruitful business opportunity.
“While transportation-based applications were key technology enablers for the rideshare industry, having trust in the “identity” of a legitimate user is key to unlocking Open Banking, says Mr Grissen.
What will the advent of open banking in Australia do to the local financial services marketplace, especially with regard to the likely entry of big, non-bank global players like the eBays, Amazons, and Alipays?
Mr Michael suggests embracing the new.
“It’s almost inevitable that you’re going to get the very big technology players coming into this space and they’re there for all sorts of financial products, not just banking, pensions and loans
“They might do partnerships, they might do their own products. I think it’s potentially a worry for any bank or any financial institution because these big technology companies have potentially more cash, can move more quickly, and have more customer footprint,” says Mr Michael.
“It’s also an opportunity if we know they’re coming and that they’re going to do this. How can other companies react to that?
“My view around the whole concept of open banking and open APIs in general is that everyone should think of it as an opportunity. If you think of it as a threat, you might as well go home, pack your bags, and go and do something else.
“It’s an opportunity for everyone to embrace and look at how you can make the most possible value out of this for your customers and for your business.”
Pip Freebairn, Policy Director, Economics and Industry Policy at Australian Banking Association argues for a modicum of protection for smaller local players.
“If a very large company – of which we are a partner of – were to go into banking they would go into the SME world and with just the sheer balance sheet strength of the really big companies like the Amazons and Facebooks they could just kill a market because they want to and they can buy a market, almost.
“We need to particularly protect against that to protect those tier twos, in my opinion,” says Ms Freebairn.
Ping Identity, Versent and Daon partnered with InnovationAus.com to present the Open Banking Roundtable. The white paper can be downloaded from any of the links below: