Gavin Littlejohn to get his perspectives on progress in open
banking/finance and what we can expect from this year’s
MW: What are the highs and lows for you in the last year, since the FDATA event? What movement forwards do you think there has been?
GL: In the world of open finance we’ve had some really exciting developments. The open finance initiative in Canada moved from consulting on ‘whether’ to considering ‘how’. On the 25th July in India there was the launch of the new account aggregators group.
In India they’re building on universal customer data right to make available all financial services though an API with a proper framework, legal structure and liability model. So that’s not just payments data but loans and mortgages, savings accounts, investments, pensions, retail insurance and even tax. So the Indians are again leading the way with some of their thinking and going all-in.
In Australia we’ve had the landing of the Consumer Data Right – in terms of that being passed through Parliament – and we’ve got a program underway to deliver open banking as a process that will then underpin the extension into other areas of financial services, and then beyond open finance into open life. So hugely exciting developments in Australia.
In terms of what’s happening in Brazil, they’ve got a very exciting program underway. They’ve landed the new LGPD, which is their equivalent to GDPR, again underpinning that fundamental data right. On top of which they’re contemplating building an open banking program which is very aligned with the FDATA vision of reciprocity – where everybody pays for their own technology, where we mutually fund the standards, implementation monitoring and dispute resolution capability, but no party gets charged for data which belongs to the customer. That’s a useful framework for countries to think about, because it’s fair and because it puts the customer’s needs at the centre.
There are still a few frustrations about the rate of policy and regulatory change both in Europe and in the United States. Probably the most important context for people to remember is that when PSD2 was drafted, it assumed screen scraping and not APIs or any of the other new technology. And during the period before the regulatory and technical standards that were applied to PSD2 were finalised, in the UK we had worked in the Open Banking Working Group that led to the publication in February 2016 of the Open Banking Standard.
From that point on, we then had to have everybody thinking about how you deliver PSD2 through APIs. Across Europe, lots of other organisations started working on that same picture. And therefore the regulatory and technical standards that applied to PSD2 had to then – in addition to delivering what they’d anticipated being designed to do – cope with also a pathway to deliver a completely new technical methodology which had serious ramifications on the clarity of the original directive.
That I think, looking back, is the thing that’s messed everything up, because the policy makers and regulators didn’t initially have the deeply technical skills set to understand how to manage that implementation process. And we’ve ended up in a position where PSD2, which is technology neutral in the level 1 text, has had to cope with everybody now moving to deliver new technology which needed to be standardised and it’s become very fragmented.
So the lowlight for me is probably that PSD2 – which was a maximum harmonisation directive – has become the maximum fragmentation directive. It’s all over the place with every country doing different things, different technical standards, even different interpretations of the law, uneven rules around passporting. The frustrating thing is that everybody in the domain that I speak to, across all parties, are all driving for the same thing. It’s just that the laws that run through the European Union are difficult to change, they take time.
In the US, there’s a lot of work being pushed forward to develop and promote the ideas around moving towards a more open version of open banking, rather than based on bilateral contracts. Of course, there are some in the US market that quite like bilateral contracts. It’s probably slightly difficult for new fintechs to get into the market of making direct technical connections, because if you’re a really big bank and you have to do commercial, technical and security due diligence on a company, it’s probably more worth your while if it’s a big company rather than a new start-up.
So my frustration is that the US model is beginning to potentially create an uneven competitive landscape, and as it incrementally gets a little worse, and in the long run it will stifle innovation.
I could go on but that gives you a flavour of some of the big issues.
MW: People are very interested in what’s happening in the US and you have US representation at the Global Open Finance Summit.
GL: Yes, FDATA is as big in North America as it is in Europe. On every panel there will be substantial North American representation, ranging from FDATA members through to consumer champions, the Fed and perhaps also the OCC. There will also be senior representation from Finance Canada. From a Summit perspective, there’s a huge amount of effort going into trying to make sure that the international dimension, and the collaboration and sharing which is the objective of the Summit, is at the fore.
MW: What are the highlights for you of the forthcoming Summit? What are you most pleased about, what are you most looking forward to hearing?
GL: I guess I’m most pleased about the flow of the agenda. Because it starts with the customer data right and looking at that in context in India, Japan, the US and markets across the world.
We’ve got some real thought leaders in the domain of Customer Data Rights leading off the Summit. Is the customer data right a fundamental human right, why is it so valuable, why should we protect it and make it precious.
And then we’re going to start looking at open finance and society, what these different models bring when you go beyond open banking to investments, pensions and other product verticals, why these are important and how we get better customer outcomes from these open models. The FDATA team from across the world will take to the stage to provide a sense of where we are across markets.
Then we get straight into the depths of customer protection, liability, dispute resolution and customer redress mechanics. We’re going to look at the design of the regulations to protect customer rights, explicit consent, who makes the customer whole if things go wrong. It’s an interesting and yet complicated topic.
We’re going to have a look at how data is applied by firms using these open models. We’re going to look at things like ethics, discrimination, how we manage algorithms. Then we’ve got sessions on test environments and data sandboxes. None of this is very light ...
MW: ... but it’s very important, it’s the underpinnings ...
GL: ... there’s not much light chit-chat going on, we’re going to get right into it. It’ll be a conversation amongst the experts. One of the features of an FDATA Summit is at least 90% of the people in the room, if not more, are world-renowned subject matter specialists talking amongst themselves. So it’s an opportunity for people to really tune in to the policy issues and develop answers to difficult questions, rather than just focus on commercial opportunities.
And then we’ve got a panel on identity, consent and going beyond consent into customer experience – how consent is given and taken. Nobody’s properly planned through at an international level the interplay between identity and consent to that extent. We’ve got a number of interesting models to learn from – in India, Scandinavia, Russia.
Then we’ve got technical standards, like we had last year. We have the technical leaders from all of the really big technical standards groups on stage together. So we’ll have the Japanese API leader, Berlin Group, UK Open Banking, the Financial Data Exchange representatives and the FAPI team, the Financial API security profile.
When I’m speaking to politicians and laypeople at summits or conferences where the audience might not have the same degree of technical understanding, I tend to describe an API as having two components: the security profile and the data payload. The security profile works a bit like an electrical plug and socket. It was at last year’s Open Banking World Congress that we signed an agreement to promote the FAPI standard.
The Financial Data Exchange and UK Open Banking have agreed to adopt FAPI. Our hope and expectation is that Brazil and Canada will move to FAPI. Russia has already started working on FAPI – they’re in the process of translating the standard into Russian. And we hope that Japan will go back and regroup around that too in their next iteration. The Australians are working on that too.
So this is an opportunity to have the leaders of all the technical standards groups across the globe that are working in this domain contemplate which bits of the puzzle we might find our way to common parts. And which bits would be more in the data payload slice of the delivery, where different countries might have a different set of fields for different types of product, or they might be named differently.
If we could get to a point where the electrical plugs and sockets were the same, it wouldn’t matter so much if there was more variety in the fridges and TVs that attach to them. As long as they can plug in. We think there’s great merit in seeking to get that plug-and-socket set standardised if we can, because it means there’s a massive reduction in engineering costs and risk, security risk and complexity.
Let’s imagine every bank in Europe had a unique plug-and-socket, then you would have 6,000 different points of penetration test, security audit, the cyber-risks insurance would go through the roof. Nobody would really know whether things were being done correctly, and every time one bank out of the 6,000 made a slight adjustment, hundreds of TPPs connecting to them would have to adjust their build.
Not having standards just doesn’t make any sense. It’s not so bad if, say, all of Europe was on one standard and other markets were on a different one, or if there were three or four standards. But we can’t have it becoming completely fragmented. The ideal solution would be that everybody moves to the same standard. That would be the best if we can make it happen.
So we’re hoping at the Summit to continue the dialogue between these key stakeholders. We continue to promote sharing and collaboration. We don’t like the thought of owners of open standards, so let’s just assume that we’re all working to better customer outcomes and seek to be as open and collaborative as we can be.
MW: Before we go, we’re looking forward to the FDATA Awards…
GL: Yes. There’s been a panel of judges appointed to each of the awards. The process should be open and transparent. I have to confess that the reason I know so little about it is that FDATA, other than announcing the awards, has sought to keep itself at arm’s length from the process. We don’t want to be in any way associated with the judging of our individual members.
So it’s just an opportunity to celebrate and get together at the end of what, for both banks and the fintechs, has been a tough year. We have a nice environment to celebrate in at the spectacular National Museum of Scotland. We’ve got the dinosaur skeletons at one end of the hall to remind the banks of the importance of evolution!
The hope is that all the policy makers and regulators from across the globe can see that open finance can create some wonderful innovation that leads to better customer outcomes. I hope all the firms, both member and non-member, that have entered the awards recognise that not everybody can win – but it is an opportunity for everybody to celebrate innovation and champion the cause of open finance in the community.
Finance Edge highly recommends FDATA's Global Open Finance Summit & Awards 2019, 4-5 December, Edinburgh, for its incomparable coverage of regulations/standards to move open finance forwards. We consider it the perfect partner to our commercial/strategic focus at the Open Banking World Congress, 12-13 May, London, and are delighted to partner with FDATA.