Cookies on Pinsent Masons website

Our website uses cookies and similar technologies to allow us to promote our services and enhance your browsing experience. If you continue to use our website you agree to our use of cookies.

To understand more about how we use cookies, or for information on how to change your cookie settings, please see our Cookie Policy.

Getting data privacy and security right is 'paramount' to success of open banking, says regulator

Getting data privacy and security right is "paramount" to the success of open banking, a regulator has said.26 Oct 2016

Alasdair Smith, an inquiry chair at the Competition and Markets Authority (CMA), said without "the right safeguards" banking customers will not give their consent for their data to be "shared with anybody".

At the conclusion of its retail banking market review, the CMA said UK banks would be required to implement an open banking standard by early 2018, to allow businesses and consumers to share their own current account data with other banks and third parties and manage multiple providers through a single app.

Open banking will be built on linking different systems together via application program interfaces (APIs). In a recent speech, Smith said the use of open APIs in banking would "give customers control over what data is shared and with whom".

The CMA has recently published details of the initial work (2-page / 214KB PDF) being undertaken towards the development of the open banking standard. It includes work to set up an 'implementation entity', containing representatives from industry, to "act as the forum for the discussion and agreement of the application program interface (API), data and security standards".

In his speech, Smith said that the timetable for implementation of open APIs in banking was scheduled with data security in mind.

"To ensure that enough time is available to work through the important details of this remedy, particularly those that ensure that customers’ data is secure at all times, we are requiring that the release of information under this remedy takes place in stages," Smith said. "The least sensitive information – for example about banks’ prices, terms and conditions and branch location – will be made available by the end of March 2017. We expect that all aspects of an open banking standard will be up and running in early 2018 to coincide with the implementation of the second Payment Systems Directive (PSD2)."

Smith described the CMA's open banking plans as "the most fundamental" of its remedies from its market review and said open APIs have the potential to "transform the financial services sector". He said there are sure to be "commercial winners and losers from a radical change in the information sources available to bank customers".

"The development and implementation of an open API standard for banking will permit authorised intermediaries to access information about bank services, prices and service quality," Smith said. "This will enable new services to be delivered that are tailored to customers’ specific needs."

The new services that emerge as a result of open banking being implemented, which Smith said might include third-party credit rating and lending services for small businesses, "will need to be carefully regulated".

"The fintech sector itself is clear that strong regulation is needed before bank customers will share their data with intermediaries," Smith said. "Commercial digital intermediaries will of course use the tools of their trade, and regulators will need to ensure that the well-known biases in human decision-making – framing, loss aversion, overestimation of low probabilities, and so on – are not unfairly exploited."