7 Global Open Banking Standards

The different ways countries around the world treat their money has long been troublesome for business travelers, ex-pats, and vacationers alike. As you might expect, open banking is no exception — regulation and availability vary considerably from place to place.

Although we’ve previously written about how APIs are enabling open banking, we’ve never really looked at the myriad of ways that different countries around the globe are mandating open banking. (Though it’s worth pointing out that some aren’t at all).

Below we’ll cover how several countries and government bodies are engaging with the concept of open banking, the extent to which they’ve embraced it, and some of the similarities and differences between approaches currently being implemented.

1. PSD2 (EU)

Payment Services Directive 2, or PSD2, is an EU-wide piece of legislation concerning electronic payment services. Coming into force back in 2016, PSD2 mandates using Strong Customer Authentication (SCA) when payments are processed.

The directive doesn’t explicitly mention APIs, but it was assumed that they would be the key mechanism for banks and payment providers to comply. Stripe offers a range of SCA-ready products and APIs, and the Google Pay API features a whole page on SCA compliance.

At the time of writing, members of the open banking community are invited to submit feedback to drive the next iteration of this legislation, PSD3.

2. Open Banking (UK)

In the UK, the Open Banking Standard has plenty in common with PSD2 — data is exposed to third parties via APIs — but goes one step further.

By providing in-depth technical documentation, usage examples, and OpenAPI files, Open Banking in the UK aims to establish a core set of best practices that are more well-defined than those in the EU.

3. Fintech Law (Mexico)

Mexico’s Fintech Law, passed in 2018, covers three different types of companies:

  1. Collective Financing Institutions, i.e., crowdfunding
  2. Electronic Money Institutions (EMI)
  3. Innovation Model Startups, i.e., startups that deal with financial operations

The law states, among other things, that licensed companies must publish reports relating to their financial activities. It also places various limits on EMIs, such as limits on transaction amounts.

Although the law is designed to improve transparency, it’s worth pointing out that it lacks the scope of PSD2 and Open Banking (UK) when it comes to creating open banking standards. Still, with literally hundreds of FinTech services based in Mexico, the country is a true hub.

4. Open Banking (Brazil)

Launching in 2022, Open Banking Brasil has been unrolled in several phases. In the second of these phases, banks and financial institutions were required to implement APIs that allow customers to share their data.

Since then, the program has also expanded to include information about PIX (the Brazilian Central Bank’s instant payment system). The final stage of Open Banking saw the inclusion of foreign exchange, investments, insurance, and pensions into the mix of what is required to be shareable.

5. Consumer Data Right Rules (Australia)

Australia’s Competition and Consumer (Consumer Data Right) Rules aim to give consumers more control over the sharing of their personal information. For example, this includes data used to verify the following:

  • Identity
  • Account balance
  • Details of payments into and out of accounts

Information can be accessed via banking apps or websites, and more than 100 institutions are already participating. Behind a frontend of identity checks (via a One Time Password) and digital links, data is transferred using APIs.

6. Unified Payments Interface (India)

Unified Payments Interface (UPI) is a real-time payment system developed by the National Payments Corporation of India (NCPI). Introduced in 2016, it can be used to transfer money between bank accounts via a single app. RBI, India’s central bank, regulates it.

UPI uses existing services — Immediate Payment Service (IMPS) and Aadhaar Enabled Payment System (AEPS) — to transfer money, but it’s not surprising that the ‘PI’ in its name has many conflating it with APIs. However, the dominance of UPI in India means that expansion using UPI APIs is a distinct possibility. NCPI is currently eyeing expansion into other countries.

7. Open API Framework (Hong Kong)

In 2018, the Hong Kong Monetary Authority (HKMA) published the Open API Framework for the Hong Kong Banking Sector. As the name suggests this, this framework outlines the implementation of APIs as they related to four key functions:

  1. Product information (deposit rates, credit card offerings, service charges, etc.)
  2. Customer acquisition (new applications for products)
  3. Account information (balances, credit card statements, transaction records, etc.)
  4. Transactions (payments and transfers)

Financial institutions in Hong Kong pursued a phased approach to implementing APIs, with most targeting their completion in late 2022. It remains to be seen how enthusiastically banks will embrace the unrolling of HKMA’s Smart Banking initiatives.

Notable Absences: China, United States

Despite introducing a three-year FinTech agenda at the beginning of 2022 centered around regulation and privacy, mainland China has historically done very little to regulate or encourage open banking. Instead, they took more of a hands-off approach and let tech companies interested in the space get on with things.

AliPay (from Alibaba) and WeChat Pay, and WeBank, by Tencent, have seen explosive growth as a result. More recently, regulators have begun to take steps to limit and control what financial institutions can do via open banking.

When offered a more level playing field with tech companies, which have been able to innovate at will until recently, we may see more conventional banks implementing their own APIs and embracing open banking in China.

Also, as we’ve previously covered, market pressures are encouraging open banking moreso than regulation within the United States.

For more insights on open banking, pick up our free eBook: API Strategy for Open Banking.

The Future of Open Banking Standards

It’s worth pointing out that most of the laws and standards on this page relate either to APIs or the data that consumers must be able to share. In practice, however, that could be semantics — APIs have almost invariably been accepted as the best way to expose and share data with third parties.

We’re seeing some very different ways of introducing open banking concepts, with some much tighter and more comprehensive than others. But that isn’t particularly surprising, since countries have always struggled to align on issues like taxation and financial regulation.

That said, standardization across large blocks of countries or states (like the EU or the US) might help establish a status quo that other countries can adopt. For example, we’ve already seen various countries and states use GDPR as a template for their privacy laws.

In 2020, EY called the UK and mainland China “clear leaders” in Open Banking and, looking at the above, it’s difficult to argue with that. What’s interesting is that one has fostered innovation through clearly defined standards and best practices, while the other has given companies more free reign to experiment.

Regarding the future of open banking, we’d expect to see most countries finding a middle ground between these two approaches.

Research report from Curity: Facilitating the Future of Open Finance