How open banking has facilitated data-driven business models, and what's next
Published on 14th Jun 2022
Open banking offers opportunities for data-driven business models by allowing customers to share their banking data securely with third parties. We explore examples of business models successfully using data shared under this framework. The next step is unlocking customer data across the financial sector. Open finance has the potential to promote innovation and benefit customers, but effective and ethical implementation will be challenging.
This is chapter 2.3 of Data-driven business models: The role of legal teams in delivering success
What is open banking?
Open banking is a framework allowing customers to share access to their bank accounts and data with trusted third-party providers.
In the past, the relationship between bank and customer was private, with the bank controlling customer data. 'Screen scraping' offered customers a workaround to aggregate their financial data by sharing bank log-in details with unregulated third parties, but was plagued by security concerns and lack of trust, as well as constituting a breach of customers' terms and conditions with banks in some cases.
Under open banking, the customer gains control of their banking data and can choose to share it securely with regulated third parties. Importantly, banks are legally required to permit and facilitate this data sharing. Open banking has unlocked opportunities for innovative business models in the Financial Sector, ultimately enabling customers to access more and better products and services.
In the EU, the key legislation underpinning open banking is the EU's second Payment Services Directive (PSD2), which took effect on 13 January 2018. PSD2 was implemented in the UK before the UK left the EU. Separately, the UK Competition and Markets Authority (CMA) has been instrumental in driving the UK's open banking initiative from an early stage, as open banking is seen as key in promoting competition and innovation in the retail banking sector.
Account information services and open banking
PSD2 created two new regulated payment services:
- account information services (AIS), where the customer gives a trusted third-party provider (TPP) access to information on their payment accounts held at account servicing payment service providers4 (ASPSPs); and
- payment initiation services5 (PIS), allowing customers to make payments to third parties directly via a TPP, as an alternative to paying online with a credit or debit card.
Firms carrying out AIS and PIS need to be regulated or registered with their local financial regulator and must comply with certain obligations when providing these services. The PSD2 framework has enabled the growth of new business models, including those making use of customer data shared via AIS.
Data-driven business models
The role of legal teams in delivering success
AIS providers and models
AIS is generally provided by three categories of market players:
- Traditional or established payment service providers (e.g. credit institutions, electronic money institutions (EMIs), and payment institutions);
- Fintechs and other technology companies offering innovative solutions based on AIS; and
- Marketplaces and other businesses looking to enrich their existing offering and add value to their core services.
In practice, companies utilising data collected through AIS operate under various business models, including:
- White labelling: the company offers a combined service of data collection and utilisation under its brand and contracts with the customer, while a partner behind the scenes provides technological capabilities;
- Co-branding: the company provides a combined data collection and utilisation service and uses the services of an account information service provider (AISP) as an outsourced service provider to collect the required data; and
- A redirection framework: the company only utilises the customer data; the customer signs up for AIS directly with an AISP and agrees that the AISP may share their data with the company.
Depending on the business model used and the service offered, firms operating in this sector must be appropriately authorised in the relevant jurisdiction(s); both AIS and PIS activities may be "passported" from a firm's "home" state into the rest of the EU and European Economic Area on either a cross-border services or establishment basis.
AIS use case: online financial dashboards
AIS facilitates an increasingly popular personal financial management tool: online dashboards which provide a consolidated view of a customer's finances across their accounts and/or banks. Providers, which include firms such as Emma, Money Dashboard, and Plum Analytics, may offer free and/or paid-for options for their dashboard service, depending on their business model and the range of tools provided.
This type of service allows customers to review their spending in the round, without having to log in to separate online banking portals and record the data manually. This can help the customer manage their finances effectively. This service also makes it easier for a customer to manage accounts at multiple banks, thereby promoting competition in the retail banking sector. Dashboards can offer numerous money management tools, including:
- Viewing the total balance across all accounts in one place;
- Alerts for low balances and bills falling due; and
- Other budgeting tools, such as categorising spending, setting savings goals, and recording 'streaks' to motivate saving.
Some dashboard services use the customer's transactional data to suggest which subscriptions the customer may not need and could cancel, flag bills which would be cheaper with alternative providers, and offer vouchers or deals for businesses at which the customer shops frequently.
AIS use case: loan eligibility
Another use case for AIS is to support creditors assessing the loan eligibility of new borrowers. Credit scoring is carried out by creditors to assess their risk exposure on credits to be granted. In addition, for consumer loans, the EU's Consumer Credit Directive requires creditors to assess the consumer's creditworthiness on the basis of sufficient information, to be obtained from the consumer and a relevant database. In consequence, obtaining information about the consumer’s income and regular spending allows the creditor to fulfil its legal obligations.
The AIS model allows account information to be provided to the customer, but also gives the option to send the information to a third party at the customer's instruction. The customer can therefore instruct their bank to send specific account information to potential creditors looking to assess the customer's creditworthiness. This service simplifies the process for the customer to provide information to a potential creditor, and also benefits the creditor as they can obtain the required information directly from the bank.
Using AIS to check loan eligibility is growing more widespread, with the service being offered by providers such as finAPI and FinTecSystems. In contrast to online financial dashboards, which are usually targeted at consumers, use of AIS for loan eligibility checks is typically offered to creditors. This means that while the AISP has a regulatory relationship with borrowers, its commercial relationship (from which it derives its revenue) is with creditors.
AIS use case: accountancy services for small and medium enterprises (SMEs)
A third core use case for AIS is its use in accounting and banking management solutions. Here are three examples of innovative French
companies with this AIS use case:
- Expensya: this company has entered into a partnership with an EMI authorised to provide AIS and uses the information collected via the EMI in order to provide automated business spend management solutions for its large corporate and SME customers. The solution allows Expensya’s customers to manage their employee expenses, reports and follow-up more easily;
- Pennylane and its sister company REV: this company is an accountancy firm providing automated solutions for accounting operations, using the information collected either by its sister company, the fintech REV acting as AISP, or by third parties such as Budget Insight or Fintecture; and
- Indy: this company has developed solutions enabling automated book-keeping, generation of tax returns, and other finance management tasks (much like QuickBooks in the UK).
AIS has allowed these companies to aggregate data on a customer, using the information from their bank accounts. In support of AIS, the technology companies have developed technical solutions, such as operating systems and algorithms allowing utilisation of the data.
Technology firms are also exploring the commercial possibilities offered by AIS. For example, some companies are considering using a customer’s banking data to offer new products and services in a targeted manner, based on the customer's purchase history. Naturally, the utilisation of data in this context raises questions regarding the application of data protection rules.
Beyond open banking: open finance
In the EU and UK, open banking only applies to payment accounts (most typically, current accounts), whether held by individuals, SMEs, corporates or institutions. Payment accounts represent a small subset of the financial products a customer might hold, such as insurance, mortgages, personal loans, investments, and pensions.
The success of open banking is prompting governments and authorities to consider broadening the initiative to other parts of the Financial Sector, looking to open banking as one model for how this could work. The move to open finance would create even more opportunities for successful data-driven business models, as customers would be able to share significantly more data across a range of financial products.
Progress in the UK
Regulators are working on how best to bring about open finance. The UK Financial Conduct Authority (FCA) has run a Call for Input process on open finance, concluding in its feedback statement (March 2021) that "[o]pen finance has the potential to transform the way consumers and businesses use financial services" and "help unlock the value of data across the economy".
Authorities are also working on initiatives for sharing customer data beyond the financial sector. The UK government calls this "smart data", defined as "the secure and consented sharing of customer data with authorised third-party providers". In future, customers may be able to benefit from services driven by simple, secure sharing of their data, such as automatic switching between providers and better management of accounts and bills, across sectors like energy and communications. The extension of smart data is expected to promote innovative services, stronger competition, and improved customer outcomes.
Challenges for open finance
In the UK, the FCA considers that open finance "would create or increase risks and raise new questions of data ethics", ranging from the use of artificial intelligence, machine learning and data bias, to potential discrimination in favour of open finance customers and how to ensure an equitable distribution of risks and benefits. These questions would need to be considered upfront as part of system design, and risks managed with appropriate regulation. Customers would need to be confident their data is being used ethically and in line with their expectations and consent.
It remains to be seen whether participation in all future open finance initiatives will be mandated, and how firms will be incentivised to participate. For example, the UK government has indicated its intention to introduce primary legislation to "improve [its] ability to mandate participation in smart data initiatives". Legislative compulsion, whereby ASPSPs are required to facilitate data sharing in line with PSD2 rules and using standardised application program interfaces (APIs), has been a key factor in the success of open banking, and could be crucial to ensuring open is taken up by a sufficient proportion of the market to be useful to customers. This would impose costs on smaller firms with fewer resources, but would benefit businesses seeking to capitalise on the newly unlocked data.
Another challenge will be whether a central standards body is established to support the delivery of open finance, similar to the UK Open Banking Implementation Entity or the Berlin Group in the EU, and if so, how this will be funded.
Open finance in action: the Pensions Dashboard
In the UK, the open banking concept is being taken forward into the world of pensions: UK law will require pension providers including pension trustees to feed data into pensions dashboards. The requirements are being introduced with effect from April 2023 and will be staged according to scheme size. Pensions dashboards will allow savers to see at a glance how their investments are performing and how much they will need to save for their future retirement.
A public body, the Money and Pensions Service (MaPS), has been tasked with designing and implementing the digital infrastructure that will make pensions dashboards work. MaPS will also establish and operate the first non-commercial dashboard. Providers will be able to establish their own commercial versions later provided they are regulated by the FCA.
Pensions dashboards will not store data themselves; data will continue to be held by providers. The dashboard ecosystem will act like a search engine following a saver's request. A key concern for providers is to ensure that the data they hold is accurate, readily available and in a form that will be compatible with dashboards. MaPS has published a comprehensive data standards guide which provides details of what data providers must hold. Data cleansing work is now being undertaken because the provider's liability in case the data provided by the dashboard is wrong remains unclear.
Pension providers are also concerned about their potential liability for data breaches if their systems are not robust enough to prevent or mitigate a cyber attack. Providers are, therefore, looking closely at contractual relationships with pension scheme administrators and/or software providers. Providers will also face civil penalties for failing to comply with pensions dashboard requirements as well as reputational damage.
While the initiative will need time to bed down, dashboards will help savers take control of their pensions and make better informed decisions about their money.
Data-Driven Business Models: The role of legal teams in delivering success
Explore the full report
Data-Driven Business Models: The role of legal teams in delivering success
We have partnered with European Company Lawyers Association (ECLA) to produce a report exploring the challenges and opportunities associated with new data-driven business models.