Explained: What is Open Banking and PSD2?

What is Open Banking?

Open Banking, a concept of democratising the customer data fastened with the banks, stimulates an increased competition within the financial services market by bringing more innovation to the quality of the products and services delivered to the customers. Open Banking requires the banks to expose their data in a secure, standardised format, allowing information to be exchanged more freely online between authorised organisations.

This data comprises some simple facts, such as branch locations and specific details about banking products. It enables the customers to easily discover banks that provide disabled access, or to compare the features of various personal and corporate accounts to get the best price. The more significant release concerns the data contained in transactions. Banks have a definitive record of everything we spend, lend, and borrow. Open Banking allows this valuable information to be shared with third companies, who can then utilise it to develop new products.

How does Open Banking work?

Open banking can help businesses accept online payments from customers, speed up new customer onboarding, and provide value-added services to customers. Open Banking enables users to grant secure access to their bank account so that their financial information such as earnings and expenses can be used to provide them with value added services such as budgeting advice or recommendations for other financial products, they may be eligible for. It can help the customers to manage their money in a variety of ways and make secure payments more easily than traditional online banking. Also, it brings new business opportunities to the banks and create a healthy competition in the marketplace in delivering the better customer experience. Open banking can help businesses cut costs, reduce risk, and improve the customer experience. Currently more than 3 million people started using open banking apps and we expect an exponential growth in the usage of open banking by 2023.

Adapting open banking Not only from a compliance perspective, leveraging the OB as a strategic plan for banks for their growth

The Open banking wave provides a new revenue opportunity by creating improved experiences, frictionless banking journeys and customised services that help them to stay ahead of the competition by opening up the shutters for collaboration with innovative fintech firms.

Banks unlock the promise of open banking by revisiting their existing customer authentication and consent management mechanism enabling the safe and secure exchange of data and services for customers. Banks adopting open banking can monetise their infrastructure by exposing different APIs to a wider range of fintech and other financial institutions that will be mutually benefitted from connecting these APIs for building their service offerings.

What is PSD2 in Open Banking?

Open banking differs by country, but in general, it entails banks or financial institutions revealing their financial data to third-party providers via open Application Programming Interfaces (APIs). The scope and format of that data vary and are frequently determined by a country’s specific regulations and implementation standards. In the United Kingdom, open banking began in 2018 with regulations allowing nine of the country’s major banks to implement standards for enabling secure access to customer data. This was accompanied by EU Regulations (PSD2) requiring all banking institutions and payment service providers (PSPs) to grant authorised service providers access to their customers’ financial data with their customers’ consent.

Through Open Data APIs, banks grant access to their financial data available in the UK in a secure, standardised manner. This makes it easier for businesses to use data to create consumer-friendly services. Third Party Providers (TPPs) are companies that use open banking data and should be controlled by the Financial Conduct Authority in the United Kingdom (FCA).

PSD2 (Payment Services Directive Two) is European Union legislation that came into force in January 2016, with a deadline of January 2018 for its incorporation into national legislation. PSD2 is governed by the Financial Conduct Authority (FCA) in the United Kingdom.

PSD2 is designed to make open banking possible and secure by:

  • Using multi-factor authentication, we can enforce greater security standards for online transactions (MFA).
  • Making it mandatory for banks and other financial institutions to allow account holders to offer third-party applications access to their account and payment data.

PSD2 is a statutory necessity for all payment service providers (PSP) in Europe. It requires banks and all payment providers to open up their data to third-party providers if an account holder consents. It also mandates banks to utilise strong customer authentication (SCA) to improve payment security and reduce fraud.

Open Banking is also a component of the second Payment Services Directive (PSD2). Sometimes these two are confused: Open Banking is essentially the UK version of PSD2. The distinction is that, whereas PSD2 mandates banks to make their data available to third parties, Open Banking requires them to do so in a standard way.

Integrate with TPPs to deliver customer-centric services in the competitive world

Open Banking provides the customers with more ways of managing their money, lending, and making payments. It has also created a plethora of chances for financial innovation.

Open Banking has obliged banks to give customers more control over their financial data by letting them connect their data to other regulated providers, such as a third-party financial management application that can display their transaction data and balances in one location.

Accessing customer bank accounts through a single integrated platform along with open APIs play a vital role within the banking ecosystem interfacing between the banks, third-party providers (TPPs) and payment service users (PSUs). Customers with their consent can leverage the benefits of open banking by securely exposing their data to any of the trusted third-party providers to avail of bespoke financial products and services.

By adopting Open Banking, the TPPs (e.g., Account and Payment Aggregators) offer predominant customer-centric services with enhanced agility accelerated upon obtaining the user’s consent to access their bank accounts.

Benefits of Open Banking for consumers

Open Banking simplifies the consumer’s life by consolidating all their financial information into a single app, allowing them to manage their finances more easily. This may assist consumers in budgeting more effectively and saving money. For example, such apps may help them see their overall financial picture and identify areas where they are overpaying for a utility bill, credit card, or overdraft.

Open Banking enables secure faster payments in the most convenient way. Open banking payments are faster than traditional online payments, especially on mobile. It doesn’t require any credit card details and no need to log in to bank account. Consumers can simply choose the bank from the list shown on the screen and make the payment securely after fingerprint or face ID verification. This can be done in few seconds and the receiver gets the money immediately. It’s as simple as using a contactless credit card in person, and it’s protected by bank-grade security.

Through Third Party Providers apps, consumers can generate their financial statements for rental agreements, mortgages, loans, and investments. Regulated companies can use open banking with consumer’s consent to get an overview of their income and expenses, for example, to make a quick decision on loan or rental application. Also, it is not required to upload or print any bank statements as the consumers can directly give access to certain services to the financial institutions through the apps more quickly you can sign up for certain services and apps more quickly.

Benefits of Open Banking for Businesses

Open Banking facilitates online accounting by providing safe and secure access to the financial records. It can even assist in classifying business expenses for tax and accounting purposes.

It can make it easier to obtain capital. Potential lenders can use open banking with the consent to gain an overview of the business finances to make a quick decision on loan application.

Open Banking enables online payments at low transaction fees and reduce fraudulent transactions and increase the conversions. Any business that transacts online can use open banking can accept instant bank payments without the use of card networks.

It can assist you in accelerating customer onboarding. If you need to collect financial information from your customers at signup, such as proof of income or bank account ownership for a payment, open banking can assist you in doing so in a secure, automated manner.

Macro Global offers 40+ compelling use cases for businesses around open banking. Pls reach out to us to explore more.

Open Banking APIs Endpoints

Open Banking relies extensively on the use of Application Programming Interfaces (API) to securely share customer data among banks, as well as allow third-party providers (TPPs, e.g, Account and Payment Aggregators) to access the bank’s technology environment to build innovative applications and services.

Banks expose the Account Information Services (AIS) and Payment Information Services (PIS) through various API endpoints.

Account Information Services (AIS) through which the bank account-related information of the user such as account holder name, account type, account balance, account statement, etc. are displayed within the TPP application.

Payment Initiation Services (PIS) through which the users can initiate a payment to the different beneficiaries from their multiple bank accounts through the TPP’s application without accessing their dedicated online banking applications.

Some of the AIS & PIS data endpoints are set to be mandatory in the Open Banking Framework (example: accounts, balances, transactions) which means these data should be exposed by banks through specific API endpoints.

There are some data endpoints (example: supplementary account info, offers, events subscription) which are optional hence banks can decide whether to expose or hide these data. Optional APIs can be integrated subject to the bank’s requirements.

Conditional APIs are the data endpoints that should be exposed if the banks have certain services available in their net banking environment. (example: beneficiary data, future payments, standing orders). These data endpoints are exposed only if the bank offers these services.

Note these mandatory, conditional & optional APIs for all the TPPs vary for each country subject to their local Open Banking Framework and regulations.

Adoption of Open Banking in the UK and Europe

The efficacy of Open Banking has always been dependent on the large financial services providers, who ultimately control the data. It was dependent on them allowing third-party providers to use their Open APIs, as well as assisting in the promotion of the new options and benefits to consumers. Is this what happened?

It appears so, despite lethargic beginnings marked by a lack of customer awareness and traditional institutions that were hesitant to get the system up and running. And, with the collapse of conventional banks and the advent of challenger banks that have organically connected with fintech, Open Banking has been a stimulus for the expansion of fintech in Europe.

Open Banking in the global perspective

Open banking has already emerged in various countries having different regulations but open banking as a concept goes well beyond the regulatory environment and is applicable globally to uplift the existing landscape of the financial industry.

Countries like UAE, Saudi Arabia and Qatar are driven by the market where the third-party providers and banks are allowed to develop their API platforms as they are conscious of the strategic importance of Open Banking to attract new customers and to gain a competitive advantage.

Countries like the UK, Bahrain, Egypt and Kuwait are driven by the regional regulations where the APIs are developed as per the government specifications and sharing of data between entities is controlled & monitored by the government. These regulator-driven countries should perceive open banking as a chance to promote innovation in their financial services rather than a compliance burden as it embraces a more inclusive financial culture and brings all categories of individuals and businesses into an ecosystem where they can further integrate and flourish as a broader economy.

Is Open Banking safe?

Security is the most important concern in Open Banking for all the parties involved. Would it render banking data exposed to attack? Can consumers put their trust in new fintech providers?

So far, no PSD2-related cyber incidents have occurred, however, the Financial Conduct Authority is probing opaque marketing and data used by some digital companies, particularly considering GDPR, which went into effect this year.

Open banking has lowered the risk to customer data by reducing the popularity of scraping, the original method used by many fintech businesses to acquire users’ account information. In addition, AISPs and PISPs must be registered, licenced, insured, and controlled under PSD2.

The ultimate responsibility is on third-party providers (TPPs) to protect their infrastructure from cyber-attacks, while banks are concerned with limiting fraud risk because they are the first party accountable for unauthorised financial transactions from a customer’s bank account. Therefore, banks should invest in a diverse set of analytical technologies to validate authorized customers and spot threats.

Insurance security also has been improved, as PSD2 regulations mandate PISPs and AISPs to have a specified type and degree of technology-based professional indemnity and cyber insurance. One of the reasons this is critical for fintech is that if a third-party provider is breached, it is required to repair the situation and restore any money to the customer via their bank within 72 hours. This can be covered by PSD2 insurance.

To discover more on how  Macro Global  can help you to monitor, manage and mitigate the above challenges, please visit Tavas – Open Banking Product Suite and Solutions.

Try Macro Global’s

Tavas - Open Banking Product Suite and Solutions