Legal tips on Data Sharing for Open Banking Products and Collaborations


Following on from the January meetup, Open Banking Excellence held its first
webinar in partnership with Finance Edge. The webinar brought together Helen Child and Philip James to discuss some of the issues around open banking data sharing.

Helen is the co-founder of Open Banking Excellence, a monthly think tank for those in the industry to contribute and collaborate with what is now a global movement to make bank data accessible. OBE’s webinars aim to reach open banking pioneers who are unable to attend the monthly meetups.

Philip James is a Partner at Sheridans. Philip leads Sheridans’ Data and Information Technology Group, advising clients on commercial data strategy, brand integrity, innovation and asset growth.

This article offers an edited transcript of their discussion.


HC: Phil, maybe you’d like to start by sharing a little bit about yourself and Sheridans please.

PJ: I’m a lawyer and lead Sheridans’ data practice. As you may appreciate, data is a pretty hot topic. Five or ten years ago, if you said you were doing data or data protection, people tended to get a pillow out and they weren’t that excited about it.

Now more and more people have realised that there are increasing opportunities in and around data. In addition to that, you’re seeing there could be significant sanctions if you handle any data – but in particular, people’s data – in the wrong way.

Last year we had the onset of the infamous EU General Data Protection Regulation. We’ve been helping clients to comply, and also advising what opportunities there are in and around that.

But it’s a very exciting time, and open banking builds on that really. It’s intended to create a more level playing field in banking, to allow new entrants like fintechs to get access to account data. If it’s done well, I think this could be a win-win for the existing banks and those fintechs.

HC: It seems that every week there’s another story about technology companies and people’s data. At the same time, in terms of open banking it’s been suggested that not enough has been done to educate consumers on the up-and-coming changes – would you say that’s fair?

PJ: I think it is fair to a certain extent, but obviously like any lawyer that answer is caveated. For example, if you are a new fintech entrant, clearly you want more to be said and you want there to be greater awareness. However, I think there are some good reasons why there isn’t too much promotion at the moment.

If you’re bringing a new test bed of data or a new application to market, it’s obviously sensible not to create too much of a fanfare before it’s had an opportunity to walk. If the light is shone too strongly and there are hiccups getting it off the ground, that may actually have an adverse effect.

So I think it needs to be promoted well, but I think also the timing of that is crucial. Open banking is being launched in a staged way, with key dates in March and September. If I was a banker, I would be a little bit reticent about promoting a fantastic new open banking application or interface too soon, because it may not have had sufficient time to be fully integrated.

I think the same applies to new entrants. If they’ve invested a lot of time and money preparing for this, clearly they’re keen to make sure they make it a great success.  Anyone who’s invested is chomping at the bit to see when that investment going to be realised, but timing is everything. Possibly next year would be a better  time, to allow it to bed in for at least six months or so before we really push the button on promotion.

HC: Interesting take, thank you. So what would you say are the hurdles in data-sharing now?

PJ: This is all quite complex when we’re talking about fairly granular data sets which are highly regulated. Being able to move that data around in an ordered way, and in a format which is compatible with all the platforms and interfaces, is no mean task.

So the technical challenge of making sure the data is conveyed in the correct format and in a regulated way is substantial. It also needs to be done in a timely way – you don’t want to have delays in that data. Ideally you’d want everyone in that supply chain to have real time access to data, and that will take time.

Also, existing institutional banks will have concerns around security, and of course they will want to make sure that consumers are protected. Ensuring that fintechs, and people further down the supply chain, have sufficient secure infrastructure to handle that data in an efficient and rapid way is a challenge.

HC: On the evening of our Open Banking Excellence meetup, you talked quite extensively about the existing laws and how they can help fintech companies. Would you mind just expanding on that a little please?

PJ: I think there’s been a lot said about the FCA rules and regulations. I’m going to focus more on data protection and GDPR in relation to open banking.

The regulatory framework around GDPR is designed to protect personal data. However, if you implement all the processes and procedures to process personal data well, those processes and procedures can also be used for non-personal data like accounts data.

If you have systems that are compliant with GDPR, security is commensurate with the sensitive nature of banking information. And of course that’s not just how much someone’s spending or how little they have, but what they are spending it on – medical treatments, mistress, boy/girlfriend/partner … These are all fairly sensitive areas. I think there’s a lot that can be learnt from the standards of GDPR.

HC: And what about some of the hurdles that open banking has to overcome?

PJ: One hurdle for the new entrant fintech companies is for them to build an infrastructure and data handling capability that is secure. If they are looking to partner with banks that have significant procurement teams – which will also have significant experience of compliance with FCA regulations and so on – the challenge is to ensure that they are sufficiently prepared.

They need to pre-empt the questions that are asked by those institutions, so that they can pass security and assurance procedures. Being more pre-emptive, rather than reactive to the sort of questions that are asked.

We’re passionate about this, not just because we like telling people what they can and can’t do under the law. The principles and the framework under GDPR and other related laws create fantastic opportunities for those new entrants to win an advantage over some of the institutional banks.

A lot of legacy systems and existing incumbents are quite jealous in a way of new companies that are starting up. Although there’s a challenge, you have the ability to build from the ground up, hardwiring your security and process into your development and build. In an existing bank or legacy system, some of that has to be retrospectively fitted, and that’s a much harder task. So to some extent the new entrants have a significant advantage there.

HC: Would you see any more opportunities for new entrants over the larger organisations?

PJ: I think that the opportunities that surround insight – consumer and data metrics – is a huge area.

Banks have traditionally been fantastic at what they’ve always been good at – keeping money secure, accounting, selling additional products and services that fit with your requirements. What’s been evident from the likes of Revolut and Monzo is that to some extent – and I mean this as constructive feedback – some of these banking applications have really been a little bit lazy. They could have innovated a lot more.

What open banking offers is to create a more competitive environment. Not only will this create new opportunities for fintechs, but I think the incumbents are going to have to improve their game.

Helping consumers with their spending habits is a huge issue for a lot of people facing debt. If we can help those who have debt or who are less able to manage their finances, by having these more engaging interfaces, I think that’s a fantastic benefit for society at large.

HC: For everyone that knows me, this is something very close to my heart. Would you say that social impact is an unintended advantage of open banking? Are there any other unintended advantages?

PJ: I think creating greater competition in itself results in greater social impact. So although it may not have been the aim, that is one of the benefits of having greater competition.

I also think the incumbents themselves are going to get a much richer return path of data than they might have otherwise had. They will have lots of applications and fintech providers feeding off their data. No doubt some of the licences and deals that are to be struck in those supply chains will allow more valuable data to be fed back to banks. That of course creates greater opportunities, and may alert banks to issues they weren’t necessarily aware of. You get a much greater insight into the account holder.

HC: Finally, if you had to give some advice to a fintech provider in this space, from all your years of expertise, what would it be?

PJ: I think probably the best advice I could give is don’t undersell yourself. Although the incumbents have traditionally had the financial strength, leverage and bargaining power in the market, they are very, very keen to learn from some of the companies that are innovating in this space. Given the way they are structured, incumbents are not able to be as innovative in a lot of ways as those fintech companies.

Incumbents will clearly try to do deals in a traditional way, whereby they seek to get a greater commercial advantage than they might have otherwise had. Don’t undersell what you’ve developed because I think there probably aren’t too many of you around. If you give away too much exclusivity or you agree not to work with too many others, you will sorely regret it later on.

HC: Just before you go, is there anything else that you would like to add? I know on the evening you had such a lot to share.

PJ: This may be common sense to those who are developing these applications and models. But make sure there is a proper road map, not just on the development side of things but also from a legal and regulatory standpoint. Failure to do so can not only incur significant cost and delay further down the line, but it can also result in unnecessary roadblocks, hurdles and delay which might otherwise have been avoided (as well as ease contracting process, investor appetite and deal flow).

Don’t forget the legal aspects, because it can really put you in a great position. Have a plan and road map and prioritise that. I know a lot of this can seem quite overwhelming, but if you work through it bit by bit it can be very useful.

The opportunities for developing IP assets in the data sets are huge. For example, if you’re processing data, the derivative data or the metadata that flows from that is likely to have significant value. So try where you can to make sure you have sufficient rights, either to retain ownership of it or have a sufficiently wide licence to enable you to do what you want to do.

Analyse the content of the data that’s flowing in and out of what you’re proposing. Make sure you’re not over-reliant on any one data source. Because if someone shuts that API off and you haven’t any contingency in place, it can be a significant loss to you.

HC: … going back to your original point about prevention rather than cure.

PJ: Yes, exactly.

It won’t surprise you that we have clients in different situations who handle their legal terms in different ways. But it’s always frustrating for clients if you end up in a dispute which you can see could have been quite easily avoided – by looking over a term sheet or inserting a little bit about liability at an early stage. It can really hold you back and also be very costly.

HC: Thank you Phil for generously sharing your time and your wealth of expertise.

PJ: Thank you very much Helen, it’s been wonderful. I look forward to continuing the conversation.

Got hooked in this conversation? If you'd like to hear and discover more about Open Banking visit to book or provisionally reserve your spot today by registering your interest.