Open APIs, open data and opportunities to better serve customers

Financial services sector head John Salmon and the Pinsent Masons financial services sector team bring you insight and analysis on what really matters in the world of financial services.

FinTech Week took place in London last month and brought together some of the City’s best minds on financial services, innovation and technology.

They discussed payments innovation; digital currencies; the diverse applications for blockchain technology; replacing legacy systems, and freeing customer data amongst lots else.

We presented at the mini-conference on ‘Payments and Money’ and spoke about the opportunities that changes to payments regulation and access to banking data will create in Europe and the UK. Delegates attending from other parts of the world including Australia and Russia told us just how surprised they were to learn about these reforms.

In Russia new laws restricting the flow of data outside the country are hampering innovation according to those we spoke with. In Australia, the thought of free access to banking data seemed completely unachievable due to local market constraints.

As Eileen Burbidge, the UK Treasury’s newly appointed special envoy for Fintech and chair of Tech City UK, pointed out on the day, while there are regulatory challenges to innovating in the UK there is opportunity for UK financial services businesses to take a lead internationally.

Below we consider two of these opportunities in more detail.

The Treasury and access to bank data  

Following on from a report last autumn and a call for evidence in January, the Treasury earlier this year made a commitment to deliver a “detailed framework” for the design of a banking API standard. It expects the standard to be completed within one year, confident that it can meet data protection and security requirements and have it developed at reasonable cost.

APIs, for those unfamiliar with how they work, enable systems to talk to each other and data to transfer from one organisation to another. They are generally seen to be a much more efficient and secure way of transferring data than other methods currently used. There is less hassle for customers when their data passes through an API than when they are asked to download and upload static files. There is also greater security – consumers do not need to hand over their logins and passwords to enable the transfer to take place.

The bottom line for consumers is that this initiative will mean a greater ability to access data that banks and other account providers hold about them. Aggregated with other personal data they may hold, this initiative creates the opportunity for consumers to gain a clearer picture of their spending and saving habits.

For banks and other account holders it means re-thinking the value they place on customer data as an asset. As they will have the same ability to access data about customers as everyone else, engaging in collaborative projects with other service providers, innovators and perhaps even direct competitors may be a positive way forward. Whoever makes best use of the data available and provides trusted tailored products will gain an early strong competitive advantage. Questions remain however, as to the extent to which competitors will be able to share data with one another.

Account holders will also have to spend money reworking their technology infrastructure to enable access. Open APIs are one thing, real-time standardised personal financial data, another. Both are necessary if consumers are really to benefit from any open access initiative and although the Treasury has not made this explicitly clear, it seems that these reforms will not only require access, but also standardisation of data on an open basis, creating more cost.

Payments Services Directive 2

A parallel, but unrelated, initiative is taking place at EU level with the Payment Services Directive 2 (PSD2) entering its final stage. It is a ‘pillar’ of the single digital market and EU law makers have all but finalised new rules designed to, amongst other things, enable more innovative payment-related services for customers.

Consumers will be guaranteed a right to use the services of ‘payment initiators’, which initiate payments and do not hold client money, and those of information account aggregators. Banks and other account holders must give these new providers access to customer accounts in a non-discriminatory way.

For consumers it will mean a greater choice in determining how they go about making online payments and a more secure way in which to gain an overall view of their financial situations in real-time from any device. For financial services providers it is an opportunity to become the gateway to for the customer to his or her financial life.

There may also be an opportunity to overcome internal and external barriers that have kept customer data siloed and restricted opportunities for greater cross-selling in the past. Access to other products and services about customers may make it possible for some providers to construct a single view of customers as has never been possible before.

Network and data security risks should not be overstated but they should also not be understated and will be making banks and other account holders nervous. The consensus amongst the EU PSD2 negotiators seems to be that it would be “disproportionate to impose own funds requirements on these new market players” given the limited roles they will play in the financial system.

But the new rules will mean that any innovator can establish a payment initiation service if he or she can source €50,000. Account aggregation service providers will be able open their doors without any capital at all and without going through an authorisation process, so long as they carry professional indemnity insurance and are registered.

If anything goes wrong the intent is for the consumer to be largely covered – whether it is the fault of the bank or the new service provider. Multiplication of losses for thousands of customers as the result of a thinly capitalised payment initiator or the lack of cyber security measures of an account aggregator is understandably causing some concern.