CMA Will Save Open Banking APIs in Post-Brexit Economy Posted in Open Banking Chris Wood October 5, 2016 “The storm had now definitely abated, and what thunder there was now grumbled over more distant hills, like a man saying ‘And another thing…’ twenty minutes after admitting he’d lost the argument.” -Douglas Adams, So Long, and Thanks for All the Fish Regardless of your point of view and the continued rumbles of the argument, Brexit is a fact: The United Kingdom will be leaving the European Union, most probably by summer 2019 if recent announcements at the Conservative Party conference are enacted by the government itself. While there is a great deal of uncertainty about how Brexit will impact the UK, for the foreseeable future London will continue to be an important financial services center, both for the established banking industry and still-growing Fintech scene. Given this continued importance there is a possibility that London could be a major center for innovation in financial services even in the light of a “hard” Brexit, due to factors such as the need to remould its relationship with Europe and a possible reduction in regulation in an effort to continue to attract investment and maintain its world leading position. In this post-Brexit landscape, open banking will also continue to be an important agenda item for many in Fintech. Open banking represents a mechanism for digitizing banking services in a manner that delivers choice for consumers that far exceeds that offered by the incumbents in the industry, and opens up the market to new entrants who can offer products and services that the existing banking giants do not. Technical standardization and delivery of APIs are important facets of any initiative that aims to deliver it: Without these characteristics, it will be impossible to deliver the consumer choice that is at the movement’s heart. New entrants will be compelled to create a myriad of different integrations that will cost time and money and directly impact consumer experience. With the UK being forced to renegotiate, differentiate and offer reasons why the world’s leading banking organizations should continue to call the UK home, there is the possibility that open banking may climb up the agenda as a means of gaining a competitive advantage in an industry that is about to renegotiate its place in the world economy. Moreover, the regulatory influence of existing initiatives such as PSD2 and the CMA Open API reforms will also continue to shape open banking. In this post we therefore assess the outlook for open banking in the UK and what course it may take with Brexit a reality. Discover the Importance of Open Banking: Making the Bank Programmable The Influence of PSD2 We should take it as read that the open banking agenda will never be fulfilled by the incumbent banks choosing to open their products, services and data to the world with APIs; there is simply no commercial reason for the vast majority (with some exceptions) to do this unless it’s under the mantra of digital transformation and is done from the perspective of self-interest. Regulatory intervention to engender competition in the banking market is the major factor forcing the stalwart banks hand, with open banking being a likely consequence; the nature of this open banking landscape will however entirely depend on what the regulatory authorities enforce and how regulation is realized in technical standards, security protocols, and governance. Discussion of such intervention in Europe and whether it will foster an open banking ecosystem has been focused in recent years on Payment Services Directive 2 (PSD2), the headline grabbing EU initiative that has been buzzing around the API economy. PSD2 is aimed squarely at providing better consumer choice and protection by opening up payments to third parties, allowing banking customers access to a greater range of products and services and giving them more options on how to pay and who to share their account information with. The vast majority of commentators suggest that APIs will be the natural way to deliver the requirements of PSD2, and when implemented open banking will naturally fall out of the standards and governance set-up to facilitate it. The reason for this appears clear from the main edicts of the directive, as the requirements of PSD2 appears to be a natural fit for API technology: Trusted third party access to accounts: This appears to model itself on APIs with OAuth 2.0 for granting delegated access to the account; Secure customer authentication: A likely fit would be an implementation of OpenID Connect, again closely associated with API technology; Account Information Service Providers (or personal finance management gone large): A mechanism for aggregating multiple bank accounts belonging to the same person via a “portal”, again a likely fit for APIs to provide the backbone to the service. While this sounds eminently sensible, the latest drafts coming from the governing bodies in the EU do not explicitly mandate the use of APIs and the use cases only hint that a standardized mechanism for account access (termed XSA2) is on the cards. For example, the recently published draft Regulatory Technical Standards for Secure Customer Authentication only intimate that any standardization is required under the auspices of PSD2, and allows banking organizations to define their own interfaces for some of the features of the implementation. Also related: PSD2 Sanctions Access to Personal Banking Data, Amplifying FinTech Growth With Brexit, the situation has become more complicated as it appears that while the vast majority of banking organizations based in the UK will need to do “something” about PSD2, it is not immediately clear what that something will be and whether it will influence the growth of open banking. Moreover, with the “Great Repeal Bill” Brexit is likely to remove EU regulatory pressure on the UK government which would have been passed on to the banking industry. However, if the UK-based banks, which are naturally multinational in their operations wish to work with the EU (and undoubtedly they will) then they will need to implement a solution appropriate to meet the requirements of PSD2 and the implementation in each European member state. Given the way PSD2 is evolving it is therefore increasingly unlikely that it will be a driver for regulating open banking post-Brexit but an important mechanism for the UK financial services industry to remain competitive on the European stage: Regardless of Brexit the UK will need to comply with the regulations or fall behind in the European banking industry. Open Banking, CMA, and the UK Government The Competition and Markets Authority (CMA) will require open bank APIs, withholding PSD2 themes in a post-Brexit European economy. With the evolution and implementation of PSD2 in the UK uncertain, the key driver for change is now the Competition and Markets Authority (CMA), which has recently imposed a series of reforms to enforce open banking across the industry. Slated for introduction during 2018, the reforms explicitly require UK banking organizations to implement open APIs to drive choice for consumers in how they access their banking services across multiple accounts; consumers will be able to share their account information with trusted third parties, in order to gain access to a greater number of products and services from different suppliers. As a placebo for PSD2 the CMA reforms will obviously fuel both the open banking agenda in the UK and the API economy in general: Driving the creation of an open banking infrastructure by applying regulatory pressure means the incumbent banks have nowhere to hide and must implement open APIs or face penalties from the government. Moreover, once the technical standards and governance are agreed upon, open banking in the UK could offer a significant competitive advantage through open APIs and could help the Fintech sector continue to grow post Brexit. An open banking economy that is geared towards secure account access for the benefit of consumers would obviously be a very attractive proposition for startups looking to leverage the banking network. Companies like Modulr that are aiming to provide API-based services to their customers would be able to take advantage of a leveled playing field and foster the kind of innovative solutions that has seen companies like Figo be so successful. It is even possible, with some forethought that the CMA reforms could drive the post-Brexit implementation of PSD2 as well. It goes without saying that the relevance of a world-wide open banking economy entirely depends on the UK government and the banking industry being savvy enough to understand the opportunity being presented to them. Given the government’s new mantra on the value of open APIs one would hope they understand the potential commercial opportunity for the UK economy in creating an easy to use and accessible on-ramp for the global banking network forged around the UK banking industry. The UK will be renegotiating multiple trade agreements and it is vital that the government looks for opportunities to foster economic growth. Open banking could be a vital constituent: With the right approach the UK has the potential to offer an open banking economy that could be a game changer for the banking industry post-Brexit. More on the importance of APIs for open data platforms: Lean and Mean Open Data Machines The Road Ahead Aside from regulatory pressure, organizations such as the Open Bank Project and their open source API for banking will continue to try and influence the agenda. API management vendors such as Apigee are also attempting to force the debate with products aimed at providing open APIs architected around a generic banking model for PSD2, and other frameworks such as CAPS are also gaining traction. Though PSD2 will continue to influence the growth of the open banking and API landscape, there is the potential for the UK to use the CMA reforms to seize significant competitive advantage by creating a flexible, reusable and cohesive solution to meet these compliance needs that could fuel the post-Brexit banking economy. If the technical standards and governance framework can be built with evolution and extensibility in mind, and those frameworks can be viewed as more than just a compliance exercise by the incumbent banks, there is the potential for the UK to become an open banking powerhouse in the post-Brexit.