In 2019, Fingleton and the Open Data Institute were commissioned by the Open Banking Implementation Entity to carry out a review of Open Banking’s first year, and to make recommendations about enhancing it to gain wider customer adoption.
It is too early to assess Open Banking’s full impact but the foundations appear to have been established successfully, in particular the data sharing APIs and the security framework. There have been significant improvements to the process that enables customers to authorise a new third party app, and initial evidence suggests this could increase the rate of completed signups by over 50%.
Many other countries, including Australia, are now using the UK approach and standards as a blueprint for their own Open Banking projects. In the UK, a similar model is already being considered more broadly for financial services, as well as for energy, telecoms and digital markets.
While Open Banking was established by CMA order, it also has to fit within the EU’s Second Payment Services Directive (PSD2). In our view, the shortcomings of PSD2 are likely to hold back the development of key features and subsequently the adoption of Open Banking in the UK, and there are further gaps emerging as well.
The report outlines our key recommendations for strengthening Open Banking:
- Improving payments capabilities: Open Banking’s payments APIs do not yet have refund functionality. This is a critical feature for online merchants and should be introduced as soon as possible. Currently customers also have to manually authorise every payment, and cannot pre-approve payments to merchants, for subscription services or to automate moving money between different accounts for example. This could be resolved if Open Banking were able to mandate “variable recurring payments” which would be less costly for merchants and more secure for customers, who currently have to hand over their card details to merchants to hold on file.
- Improving consent protections for customers: We suggest adding three elements to the existing standards to further build consumer trust: one, giving customers greater control over how their data is used; two, requiring third party apps to delete customer data when customers revoke their permission for the app to access their data, and three, allowing customers to re-authenticate via the apps themselves, rather than having to visit their bank’s app or website to do so.
- Expanding Open Banking into Open Finance: The CMA Order and PSD2 only apply to current accounts and other payments accounts. This limits potential to drive competition more broadly in the financial sector, restricting customers’ ability to shop around for savings accounts, mortgages or insurance, for example, and to manage their financial products through a single interface. Extending Open Banking to other financial products such as these would drive competition and enhance Open Banking’s value to customers. The FCA is planning to consult on Open Finance imminently.
- Development of Premium APIs: Some of the increased functionality that we recommend may be best delivered by APIs that banks provide voluntarily, under contract with third parties. The OBIE is planning to create “Premium APIs” that sit above the mandatory “Regulatory APIs”. These should provide a commercial incentive for banks to grow the Open Banking ecosystem and improve the performance of their APIs.