The processes and mandates around PSD2 in Europe and Open Banking in the UK and Australia should exacerbate the pace of NPCI work

The financial sector is changing fast than ever before. The newest wave of financial reforms has been triggered by the technological advancements, the regulatory intent of promoting competitive and innovative strategic business models and providing improved choices to banking customers.

Using latest technologies for enabling customers to better manage their finances, facilitating their transactions and bringing innovative payment options to their digital gadgets – an area broadly known as Fintech – has caught the fancy of regulators all over the world and interestingly, regulators have been pro-active in this area unlike any other disruption in the past.  

Payment Service Directive (PSD), followed by its version 2.0 (PSD2), that went live in January this year in Europe, has obligated banks to provide approved third-party providers access to their customers’ accounts and transaction data through open APIs (application program interface). This is expected to enable third-party providers to mine this data and innovate with financial services for banks’ customers, both retail and institutional (or in popular parlance, B2C and B2B).

In the context of Europe, this directive has further relevance as it is expected to blur the boundaries between the EU countries and encourage a more integrated and efficient digital financial market across Europe with common third parties, offering a range of services across the member states.

The United Kingdom followed it with a more localized version, called as the Open Banking Regulation, which gave licensed startups direct access to data of UK bank customers. The regulators (Competition and Market Authority – CMA) there have rolled out this change with an initial set of nine largest banks controlling more than 80 percent of UK’s current accounts market.

These selected banks were mandated to make the information such as ATM and branch locations, details of the loan offerings and customer data such as transaction history available to the approved third parties. Regulators will approve these third parties based on data security measures and the intent for use of this available data among other parameters.

However, the ultimate choice on sharing the data lies with the account holders, and whether they will agree or not, will depend upon the services on offer.

While most of the banking customers are still unaware of such provision across EU and UK, a small segment of the aware ones has expressed concerns around the privacy and security of the data that will get shared. Regulators are now provisioning to address these concerns, given that the premise of this regulation itself is customer-centric. They are establishing legal frameworks to protect certain types of customer information.

To quote an example, each third party that will be eligible to access the disclosed information of customers will be vetted for aspects pertaining to security, business model, processes etc. before being given the operating approval. Similarly, the consumer liability would be limited if a consumer’s information is lost or stolen and the consumer incurs a loss as a consequence.

Diligence and processes aside, it is also being increasingly recognized that regulators will have to collaborate with both banks as well as FinTech players to create integrated digital infrastructure. FCA in the UK already has ‘Project Innovate’, which is a sandbox for FinTech firms to support industry advancements, where open banking would simply add to the spectrum of initiatives under it. Industry experts are excited at the prospect of the scale of innovation this can trigger and drive.

Potential benefits of this disruption were recognized by the Australian authorities as well, who were grappling with a number of reviews and inquiries within their banking eco-system that necessitated the need for increased diligence anyhow. Australian Government released a Consultation Paper in August 2017 seeking industry response to their proposal on Open Banking where they intended to enable customers to access their banking data, either themselves and/or direct the bank to provide it to a third party of their choice.

They deem that such a move to encourage data sharing would further evolve the financial services space by accelerating the development of alternative business models, products and services. Such is the conviction in the idea that the planned compliance date for this has been set to July 2018, less than a year from the proposal itself.

Singaporean regulator MAS (Monetary Authority of Singapore) is also set to bring in “access regime” by way of Payment Services Bill. Being a very cautious regulator, MAS is currently focusing on bringing in common standards and a common platform to expedite interoperability between payment service providers, whether it be a large bank or a third-party player.

India story
In India, the RBI has already implemented BBPS (Bharat Bill Payment System) to improve the security and speed of bill payments through multiple modes, including online and network of agents; something that is currently limited to Utilities and Telecom billers. While the intent is to drive the society towards cashless state by providing an integrated bill payment system that is interoperable, this automatically gives these agents access to the payments data of the payees.

Indian authorities are also aligning themselves with the ardent use of technology to build a digital infrastructure. IndiaStack is a great step forward with API access to the biometric-enabled Aadhaar system. Unified Payment Interface (UPI) – a mobile-first payment platform like e-wallets and Aadhar-enabled payment system (AEPS) – a biometric first payment platform to create a cardless payment network, are the initiatives by NPCI (National Payments Corp. of India) to push for free movement of money in retail transactions and abetting both small merchants and consumers in their business.

The versatility of the IndiaStack would be ably supported by the Open Banking trends seen across the relatively more stable economies mentioned earlier. Markets across the globe would soon move to such business models that either the banks themselves provide the complimentary services based on customer data or let the third-party service providers eat into their customer base and margins.

Given the Indian government’s long-standing push on financial Inclusion and new-found focus on a cashless economy combined with the growth of the FinTech sector, it is indeed time for the Indian regulators to consider the Open Banking regime. NPCI has paved the way by putting the infrastructural blocks such as UPI and AEPS in place, where multiple FinTech startups are rewarded for creating more consumer-focused merchant solutions to remain competitive. Existing platforms are now extending their offerings to accept NPCI devised modes of payments.

What lies ahead?
The processes and mandates around PSD2 in Europe and Open Banking in the UK and Australia should exacerbate the pace of NPCI work, and the Indian regulatory guidelines by providing a blueprint and an early peek into the impact on the industry, as well as consumers.

If a customer’s or a business’ transactions across banks in a geography or globally could be accessed by a third party, which is obligated to share pertinent insights with the regulators, potential impact could be as far reaching as the early identification of bank frauds, a phenomenon plaguing the Indian banking system. If regulated diligently, Open Banking can become a potent tool for the regulators as well.

As for the Indian market players, entrepreneurs in FinTech space would be closely watching, itching to customize or replicate some of the sustainable models working abroad and suitable to the Indian needs. With free movement of money owing to the revolution in the payments industry and other initiatives for a cashless society, transformation and reshaping of the existing business models would simply get expedited.

-- Mahima Gupta, senior manager, Sapient Consulting.