Cookies on Pinsent Masons website

This website uses cookies to allow us to see how the site is used. The cookies cannot identify you. If you continue to use this site we will assume that you are happy with this

If you want to use the sites without cookies or would like to know more, you can do that here.

Getting data privacy and security right is 'paramount' to success of open banking, says regulator

Getting data privacy and security right is "paramount" to the success of open banking, a regulator has said.26 Oct 2016

Alasdair Smith, an inquiry chair at the Competition and Markets Authority (CMA), said without "the right safeguards" banking customers will not give their consent for their data to be "shared with anybody".

At the conclusion of its retail banking market review, the CMA said UK banks would be required to implement an open banking standard by early 2018, to allow businesses and consumers to share their own current account data with other banks and third parties and manage multiple providers through a single app.

Open banking will be built on linking different systems together via application program interfaces (APIs). In a recent speech, Smith said the use of open APIs in banking would "give customers control over what data is shared and with whom".

The CMA has recently published details of the initial work (2-page / 214KB PDF) being undertaken towards the development of the open banking standard. It includes work to set up an 'implementation entity', containing representatives from industry, to "act as the forum for the discussion and agreement of the application program interface (API), data and security standards".

In his speech, Smith said that the timetable for implementation of open APIs in banking was scheduled with data security in mind.

"To ensure that enough time is available to work through the important details of this remedy, particularly those that ensure that customers’ data is secure at all times, we are requiring that the release of information under this remedy takes place in stages," Smith said. "The least sensitive information – for example about banks’ prices, terms and conditions and branch location – will be made available by the end of March 2017. We expect that all aspects of an open banking standard will be up and running in early 2018 to coincide with the implementation of the second Payment Systems Directive (PSD2)."

Smith described the CMA's open banking plans as "the most fundamental" of its remedies from its market review and said open APIs have the potential to "transform the financial services sector". He said there are sure to be "commercial winners and losers from a radical change in the information sources available to bank customers".

"The development and implementation of an open API standard for banking will permit authorised intermediaries to access information about bank services, prices and service quality," Smith said. "This will enable new services to be delivered that are tailored to customers’ specific needs."

The new services that emerge as a result of open banking being implemented, which Smith said might include third-party credit rating and lending services for small businesses, "will need to be carefully regulated".

"The fintech sector itself is clear that strong regulation is needed before bank customers will share their data with intermediaries," Smith said. "Commercial digital intermediaries will of course use the tools of their trade, and regulators will need to ensure that the well-known biases in human decision-making – framing, loss aversion, overestimation of low probabilities, and so on – are not unfairly exploited."