What Else is This Open Banking Thing?
In a previous post, I wrote at a high level describing Open Banking in Australia. In this post, I’d like to explain a little bit more about what Open Banking is, and what it is not. I’d like to describe a little about its history, where we are with respect to implementation in Australia, and what it might mean for our banking future.
What Is Open Banking and what is it Not?
As I mentioned in the previous post, Open Banking is about your right to your data. In a way, it’s a new currency. It’s a new way of buying things, using your data to pay. Unfortunately, there will never be a “cash” version of this new currency, but you will be allowed to spend it as you see fit, buying various things that you may never have bought before. The “shops” or “merchants” where you spend this new currency will be Financial Technology companies (FinTechs) and also banks. They will offer you services that will give you back time, give you financial advice, save you money (the other currency) by choosing your “cheapest method of payment”, and save you money by telling you that you can’t afford another loan even if the broker insists you can. By using these services wisely, you the Consumer can find yourself with much more information about yourself and your spending and your saving. You can spend your data more than once, as well — you’ll never get a feature like that on a Blockchain!
What Open Banking is not, is truly open. Some parts are open, and others are not. Most of the data standards are open, and the development of these standards is fairly open. You can take a look at the API definitions and the feedback given so far. Provision of that feedback is open to all — and we can see feedback from Data Holder organisations, Data Receiver organisations, the bodies that represent those organisations, and also from interested individuals. The security standards, however, are not open and you need some paperwork to see and respond to those.
Access to the rules being developed by the ACCC is also fairly open, as is the feedback process. You can see the proposed rules framework and the feedback so far at the ACCC page for ACCC Consultation on Rules Framework.
The non-open aspects of this environment, then, are access and data.
Wait: I literally pause for effect.
You should scroll back up and see that second-last line I wrote. No, wait, I’ll type it again. In this Open Banking thing, two things that are not open are access and data. I really hope that was a collective sigh of relief and not a gasp of horror, because this is how we keep your data yours.
Data Holders (banks) and Data Receivers (the merchants where you spend your data) will have to be accredited by the ACCC in order to work in this new economy of ours. That means they will have to prove that they are responsible, trustworthy, and secure. Once a Data Player (holder or recipient) can prove that they should be accredited, they will be admitted to the Address Book. It is then incumbent on every player in Open Banking to go and check the Address Book before they allow you the Consumer to share any data with another player. So, this is not really what we would call open access to the scheme. Further to this, you the Consumer will also have some restrictions on access. As of November 2018, we are not entirely sure how “shared access to an account” will be handled — what can you share if you participate in the operation of an account but are not the owner? We are not entirely sure what it means if you closed an account and are no longer an active customer of that old bank. We are not entirely sure what it means if you don’t actually use a digital channel to access your bank. There is little doubt, though, that not all people will be able to share all information about all accounts and all transactions.
Nor is the data truly open. It is expected that you the Consumer will have a pretty fixed and finite expectation of what you are buying with your data. That means that when you choose to share your data with a Data Recipient, they will have told you exactly what they plan to do with it and how long they plan to do it for; you read the Tease & Seize, right? The Ts & Cs aren’t allowed to be more than a screenful. They will not be able to do anything else with your data, other than what you have explicitly agreed to. So, let’s say that a FinTech has asked you to share your account and transaction data so that they can help you to choose which method of payment for a large furniture purchase is more cost-effective: credit card, peer-to-peer loan or straight out of your savings. This means that they cannot use your data for anything else. This data is not “open” — they cannot share it with anyone else without your permission, they cannot sell it, they cannot advertise it or show it, and they cannot just give it away. At this point in time, I’m not sure if they are allowed to aggregate it after depersonalisation. I could imagine that if depersonalisation followed by aggregation was allowed, then that data could become a little more open. Open Banking is a name, and not a “Real Thing”, but I figure it’s a good enough name.
Where did Open Banking come from?
Open Banking is already a Thing in the UK. Open Banking was implemented in the UK in January 2018. Two big drivers of Open Banking in the UK were the second Payment System Directive (PSD2) and the General Data Protection Regulation (GDPR). Both of these directives came from the European Parliament and European Council, and the UK responded with its implementation of Open Banking. Note that the second of those European drivers (GDPR) was about giving control of data to the People, and the first was about forcing banks to “open up their perimeters” to technological advancement in order to drive efficiency and competition in banking: especially in payments. We keep in mind that the UK has a decade-old real-time payments system in Faster Payments and the European Union has implemented the Single European Payments Area with a sub-ten-second payments scheme. In Australia, we now have the New Payments Platform (NPP), but our Open Banking will not make use of that in the early stages. The UK Open Banking implementation makes use of “read and write” of your transaction data, meaning that you can not only get access to what you have done in the past, you can also make payments from your accounts via some of these trusted third parties. That’s like driving your bank account by remote control, and it seems that we in Australia are just not ready for that, yet.
So, how did Open Banking make its way to Australia? Well, I guess (as Australian Treasurer at the time) Scott Morrison heard about it, and thought it was a good idea, and said that we should have one, too. In November 2016, addressing the FinTech Australia Summit in Melbourne, he told us:
“I have no doubt the empowered financial consumer of the future will be able to access their own financial data simply, efficiently and in ways that enable them to understand their full financial picture so they can make more informed financial decisions”.
The following year he announced on May 9 2017, budget night, that an open banking regime would be introduced in Australia in 2018. I guess we are nearly there.
What are we doing in Australia?
Since Budget 2017 we’ve had a draft report and industry responses, a final report, a response to the final report by the government, some draft legislation, some draft rules and some industry feedback, some draft standards and some industry feedback, and a bunch of talented people starting to work on the technology that we will need to make this happen.
You can tell, by reading the feedback to the proposed Data Standards, that there are FinTechs looking at how to work in the new techonomy, that the Big Four Australian Banks are considering how they can satisfy the requirements, even before the requirements are solid, and that a number of people are offering their opinions and assistance to make this a robust industry solution in a short space of time. That short space of time means that we necessarily make good use of good work that has already been done. The Australian industry players recognise the good work that has been done in the UK implementation of Open Banking, and also recognise the recommendation of Mr Scott Farrell in his final report on Open Banking from the Treasury. Mr Farrell’s explicit considered opinion is stated as Recommendation 5.2, as follows:
The starting point for the Standards for the data transfer mechanism should be the UK Open Banking technical specification. The specification should not be adopted without appropriate consideration, but the onus should be on those who wish to make changes.
This means that we are not adopting everything as it occurred in the UK, but rather selecting the parts that will just not work in Australia and excising them, replacing them with suitably-considered and suitably-argued alternatives. For all that, unfortunately, I’m still reading far too many zees in “authorization” and “standardization” where there should be esses.
What about the Banking Future?
Well, my guess is as good as yours, I guess. Let’s see what my guess looks like.
My guess is that you the Consumer and me the Consumer, in the short term, are going to have some trust issues. My guess is that in the short term our uptake of the Open Banking tools and experiences is going to be pretty slow. This has been the experience in the UK so far, with some interesting statistics presented by Ipsos. Apparently, 84% of UK consumers would trust an established bank to provide Open Banking services, compared to 4% trusting “another well-known digital brand”. Argue with me that the UK and Australia don’t have some pretty contrasting landscapes. We have four pretty significant players, versus nine in the UK: but many more in the UK that are larger than our Four. We have Royal Commissions at the drop of an Akubra, and we have trust issues of our own with our own banks. We don’t have access to spend our money (lose our money) via Open Banking yet, and we are generally pretty responsive to new technology — for example, we have one of the fastest-growing cash-free economies via contactless and online payments.
So, where will our trust issues lie? My guess is that we will find it hard to trust the unknowns in this new techonomy. What are you really doing with my data once you have it? Will you really destroy it or depersonalise it once our agreement expires? Can I really be sure that someone more tech-savvy and data-greedy than me is not scooping all of my data every time I check my aggregated data balance or budget tracker?
Once we get over the trust issues, I can imagine that there will be a number of very rich experiences and relationships that we can make, collectively and individually, with some attractive FinTechs. The tech behemoths may or may not reach the sophistication required to create financial intimacy with us, and there may be some lingering trust issues with those larger organisations.
Eventually, my guess is that financial institutions will recognise that there is more to be made from money than there is from “individual relationships”. The wholesale manufacture of banking products and the operation of the financial vehicle underlying those products can become an extremely lean operation once you don’t have to deal with millions of individuals on a daily basis. There will be no need for banks to market and distribute the products — FinTechs will do that efficiently and personably, and if your manufactured product is the best, it will sell. Once data security is established in the new data economy, you the Consumer and me the Consumer will be very happy to carry our data wallet from merchant to merchant to purchase the services that do not yet exist, and we may possibly not even know the name of the ultimate provider of the underlying product that we buy.
In the meantime, though, I will expect my current banking providers to blaze the head of this trail.