“A full view of your financial world”
From my perspective, Open Banking is one of the most interesting things happening right now. It’s like going to tech conferences back in the day when Google and Facebook were interesting. Now, it feels like they are the laggards.
It’s not about tech, it’s a data-driven, seismic culture change in how a community thinks about our global financial infrastructure
Now, it’s of constant surprise how quickly a global community is now running with Open Banking, which will impact the lives of billions of people.
Closing session announces the Global Open Finance Centre of Excellence (GOFCoE).
- Create a digital sandbox of up-to-date global financial data to train algorithms
- Create a global economic observatory to help policy & regulators understand what is happening in the global economy, with support from data scientists to help model potential policy interventions
- Explore ethics in multi-variant data sets, and with AI, to ensure that there is no bias or prejudice
- A secretariat to look at how open banking is actually being implemented around the world
To address things like: unfair access to credit (e.g. open up access to credit to those excluded from the system); address the property markets of ownership vs rental to address the rapid polarisation of these two communities; saving for long-life (how are we going to provide for ourselves for the long term).
Part of an initiative with over £160M investment to make Edinburgh the ‘data capital of Europe‘ and invest in building a “strong global data infrastructure” that creates “mission-driven initiatives”.
Great to see people *finally* linking together the needs of individuals, openAPIs, global finance … and the SDGs (cf dgen.net/0/overview/)
The Summit really highlighted how much is happening. (Chatham House rule applied):
The following content is CC-BY.
- On the panel: USA, Russia, Japan, India … and Cynthia
- “the only way forward is together”
- “don’t let the perfect be the enemy of the good”
- The #1 action countries looking to implement open banking should take is to establish a consumer data right. The tech implementation is #5…
- Open Banking in the US has flourished, even without regulation (‘tolerating screen scraping’) and no consumer data right …
- NZ has done the tech first without establishing a consumer data right
- Canada has appointed an advisory committee to explore open banking
- India expects their implementation of open banking could help the 600M people in poverty in their country. Indiastack is one of the most progressive and ambitious programmes in world right now.
- “Brings millions of Indians into the formal economy by reducing friction”
- Some UK bank’s implementations have demonstrated that a bad UX leads to less switching, a good UX leads to more. How much? 20% vs 80% completion….
- Best case is 2-step, average is 4-step, worst case is… 16-steps (!)
- Japan wants to encourage innovation through legislation and FinTech centres
- 80+ banks in Japan will have Open Banking by 2020
Open APIs will unlock far more innovation than other technologies, such as blockchain
- We need to watch what China is doing carefully (Alipay, et al)
- Questions and discussion about Standardisation vs Interoperability
- How to balance freedom of expression through data with political environment and potential ‘control’
- Open APIs will dramatically reduce the cost of services
- Learnings from the UK:
- it’s still early days but we are very excited about the potential.
- UK standard cover 90% of the market for consumers and small businesses.
- What we’ve created so far falls short on what is possible — we’re going to fix this in 2019.
- We’re going to open up Open Banking to the mobile app space, including using biometrics to do 2 factor authentication.
- There are two ideas that are no longer in discussion: (1) the data belongs to the customer not the the institution, (2) standards are a good thing, ‘portability’ doesn’t necessarily mean good competition. Portability + interoperability are important in the standard.
Just building a technical standard on its own doesn’t just create an ecosystem
- Standardise the operations too
- Standards must be supported by implementation
- Needs regulation to make it work as part of the activation criteria
- We need to provide some kinds of incentives to the banks themselves to help support the overall ecosystem
- Will be rolling out commercial APIs that will sit on top of the same stack
- Extensibility of the APIs into other products and frameworks in other sectors such as insurance and asset management
Customer expectations are changing. The world of digital is an API-enabled world.
- UK learnings:
- Once the consumer understands this it will help them across all types of service for utility-scale businesses
- The ‘stars aligned’ in the UK with the desire from Treasury + the ODI + Fingleton Associates + PSD2 to create enable the CMA order that led to the creation of the Open Banking Working Group
- The latest version (v3.1) addresses all the major PSD2 use-cases
- The whole process is hugely collaborative, involving 100-150 people (over 50 meetings so far) and published online
- It has not been a bank driven initiative, it has had over 1,000 people collaborate over the last two years
- UK has put a lot of effort into making it an Open Standard so that it can be copied by anyone
- Security has been developed in conjunction with OpenID
- Tools and services are needed to help people implement — this was an oversight (for example there were no testing tools before the launch)
- Although not the fault of anyone, it has been a bit of a moving target for the large banks, but the shaping of the CMA and the OBIE have really helped provide a strong basis for working. It has required a lot of patience on all sides but the result is positive and we expect that it is the beginning of the journey, not the end.
We have been learning by doing
- “We wanted to be an API-enabled bank — we had a sense of excitement about fixing many things”
- We need to change our T&C, retrain our entire staff … this is not a small undertaking
- We are seeing changes in mindset: we are seeing the emergence of an innovation agenda not just a compliance agenda
- “Our own developers are now using these APIs in their own development for our own services. It’s a game-changer.”
- “By empowering users with their own data you can drive better outcomes for them”
- There were no really significant Fintechs in this area when we were creating it
- Screen scraping will cease to exist
- It was challenging launching all major banks on the same day (13th Jan was a Saturday) with almost no test environment. We couldn’t push back due to both legal implications but more importantly that if you delay you end up going at the pace of the slowest.
- Historically testing was always done in-house. Open Banking inverted this by mandating that the Fintechs had to be let in: a very different set of security and cultural challenges. The industry, as a whole, underestimated the complexity of the initiative.
- Should OBIE have the authority (regulatory permission) to test and accredit implementations?
- They are looking at a potential contracted 3rd party that might be able to do this
- We can automate elements of compliance and performance testing due to the nature of the services themselves
- Are EU PSD2 groups (Berlin Group) working closely enough with the OBIE (and OpenID)?
- What would we do differently if we had the chance?
- Make PSD2 not a maximum harmonisation directive
- To have the concept of commercial APIs from day 1
- Establish framework for identity
- Establish what good looks like on operational and UX
- Set OB as a ‘scheme’
- Bake in performance testing and standardise more not less
There is a continuous tension between the pace of the development and ability of those involved to implement
Kate Forbes, Minister for Public Finances and Digital Economy, sets out the ambition to make Scotland a centre for Fintech development.
“Our ability to flourish in a global digital economy will be based on our skills in design and development of secure services that meet the needs of people around the world.”
- We need to protect customers from themselves (e.g. using the same password for all services, use public wifi, click on random links) and introduce some friction into the user experience to do so
- We also need to educate the ‘less experienced’ developers on how to take privacy, law and data ethics seriously
- These steps protect not only the customer, but the broader ecosystem
- Dispute resolution needs to be clear from a consumer perspective: there are potential challenges with GDPR vs PSD2 and OB
- A major is issue with GDPR is that there is no case law, so we don’t know how it might be applied
- If multiple actors are holding the same data, how do we know where the liability really sits if there is a breach? How do we create and manage a dispute resolution system for this? How would an insurer know how to evaluate and against whom?
- Can we track the provenance of data, continuously, through all data supply chains? Compare with DRM…
- Consumer’s take trust of our institutions for granted, and this could easily be broken if they are not given the right tools
- To be an effective regulator, we need to be forward looking. We also to ensure that the leadership of companies understand the implications of what they are doing, and ensure that consumers are informed.
- Edinburgh Futures Institute is co-creating a Global Open Banking Centre of Excellence
GDPR and PSD2 unlocked technologies that create permeable boundaries through which consumers can trade their data
- On ID, why don’t we just copy Aadhaar? Or Estonia?
- The fact we are still using passwords is a failure of technology: a lot of what we’re doing is security theatre.