The announcement from the Open Banking Implementation Entity that the number of users of open banking services in the UK has passed the 5 million mark means that open banking is a service which is nearing critical mass. The growth trajectory also looks very impressive (4 million to 5 million in 4 months) and, as more people use it it will, like contactless payments, become so ubiquitous that people will not give it a second thought. The privacy and fraud concerns that might have stopped people from adopting early are likely to fade away as it becomes a fact of life and the benefits become clearer.
Searching for a good interest rate for some of my savings last week, I was interested to see that the bank I chose were using open banking, both as an option to fund the account and for validation of the nominated account as source and destination of funds. This use of open banking to make life easier for customers both at onboarding and for money management is likely to grow and the forthcoming introduction of variable recurring payments will add further to the possibilities for integrated customer services.
What is the impact?
On the authorisation front we are seeing a fairly steady flow of fintech applicants seeking Account Information Service Provider (AISP) registration and Payment Initiation Service Provider (PISP) authorisation, including from accounting software providers. The increasing acceptance of the services is likely to mean that the public will expect that they will be available not just on accounts held with the main CMA 9 banks (where the vast majority of the consumers have their current accounts at present), but also wherever they have a payment account which is accessible online.
The Payment Services Regulations, of course, already mandate that where payment accounts are accessible online the payment service provider must facilitate access for AISPs, PISPs and Card Based Payment Instrument Issuers (CBPIIs) in Regulations 68 -71, but it has been the case up until now that there has been little if any demand from AISPs or PISPs for access. This has meant that, notwithstanding the regulatory requirements, some Payment Institutions and E-Money Institutions (and indeed some smaller banks) offering payment accounts which are “accessible online” have managed to get away with offering very limited, if any, effective access for AISPs and PISPS because nobody is complaining to them or the FCA about it. The wider public acceptance of open banking and greater range of providers and added value services seems likely to invalidate that assumption.
As a reminder, the FCA say in the Approach Document “In our view, an account is accessible online if the ASPSP (Account Servicing Payment Service Provider) offers online banking services in relation to that account. Online banking services may be provided through websites or applications, and may be accessible using a desktop computer, mobile phone, tablet or any other such device.” The basic premise of open banking is that where an account is accessible online, the customer should be able to do anything which they can do directly with the ASPSP online through an AISP or PISP, and customers seem increasingly likely to expect that this is the case, whether their ASPSP is a high street bank or a new challenger EMI or PI. This is one of the “level playing field” aims of PSD2 – if EMIs and PIs are to be enabled to compete with the banks, they are expected to comply with the same regulations.
Next steps
Covid has meant a much greater shift to online business in the payments world, and customer expectations have changed, and are changing accordingly. PIs and EMIs offering online services which have not put in place proper technical and organisational arrangements to meet the full requirements of regulations 69 and 70 of the PSRs would be well advised to start doing so now to avoid customer (and AISP/PISP) complaints and FCA attention.
Related resources
All resourcesIdentifying the weaknesses in firms’ transaction reporting governance and control frameworks
Bitesize webinar: Establishing a robust prudential monitoring framework
Operational Resilience: regulatory guidelines for critical third parties aim to avoid systemic disruption
Press Release: Cosegic launches new Consumer Duty audit.