In December 2019, we published a blog post introducing open banking; here, we provide an update for 2020. To briefly summarize, open banking comprises a set of rules which permit third-party providers (TPPs) of financial services to access a customer’s financial data with their explicit consent.
In the United Kingdom, open banking is delivered through the Open Banking Implementation Entity (OBIE), which was established by the Competition and Markets Authority (CMA). All TPPs must be authorized by the UK’s financial regulator, the FCA. As of July 2020, there are 267 regulated providers, up from 104 at the beginning of 2019.
The two types of TPP identified by the revised Payment Services Directive (PSD2) are “Account Information Service Providers” (AISPs) and “Payment Initiation Service Providers” (PISPs). AISPs include budgeting applications, while an increasing number of “challenger banks,” such as Revolut and Monzo, are offering PISP services. Meanwhile, a number of traditional banks have launched open banking platforms on their own apps, enabling access to accounts across various banks thorough a single, secure API. Moreover, card scheme providers are adding open banking to their product offerings: in January 2020, Visa announced its intention to acquire Plaid, a US open banking data aggregator, for $5.3 billion.
Through legislative frameworks such as GDPR and the PSD2, EU customers are increasingly in control of their own data. From their perspective, open banking facilitates competition, financial inclusion, and innovation in the banking sector, providing welcome rivalry to the hegemony of traditional banks. The OBIE estimates the potential annual benefit from open banking at £12 billion for consumers and £6 billion for SMEs users.
The coronavirus (COVID-19) pandemic has undoubtedly expedited digitization in financial services. According to API provider TrueLayer, UK payments made through open baking surged 832% between March and July 2020, and in August 2020 HMRC initiated a £3 million tender for the provision of an open banking-based “Payment Initiation and Account Information Service,” signaling the government’s increased attention into this area.
Though COVID-19 has highlighted the benefits of open banking, it has also laid bare the risks of cybercrime, including fraud and privacy breaches. Between January and April 2020, Interpol’s private sector partners detected approximately 907,000 spam messages, 737 incidents relating to malware and 48,000 malicious URLs – all of which related to COVID-19. Cybercriminals are reformulating their tactics: by sending COVID-19-themed phishing emails, frequently impersonating health authorities and governments, cybercriminals are enticing victims into sharing their personal information.
Therefore, although open banking provides many benefits for consumers and SMEs, especially during COVID-19, it is paramount that all stakeholders – from banks, to regulators, to TPPs – continue to prioritize cyber health.