Open Banking
   HOME

TheInfoList



OR:

Open banking is a
financial services Financial services are the Service (economics), economic services provided by the finance industry, which encompasses a broad range of businesses that manage money, including credit unions, banks, credit-card companies, insurance companies, acco ...
term within
financial technology Fintech, a portmanteau of "financial technology", refers to firms using new technology to compete with traditional financial methods in the delivery of financial services. Artificial intelligence, blockchain, cloud computing, and big data are r ...
. It refers to: #The use of open
API An application programming interface (API) is a way for two or more computer programs to communicate with each other. It is a type of software interface, offering a service to other pieces of software. A document or standard that describes how ...
s that enable third-party developers to build applications and services around the financial institution. #Greater financial transparency options for account holders, ranging from
open data Open data is data that is openly accessible, exploitable, editable and shared by anyone for any purpose. Open data is licensed under an open license. The goals of the open data movement are similar to those of other "open(-source)" movement ...
to private data. #The use of open source technology to achieve the above. Open banking, as a concept, could be considered as a subspecies to the
open innovation Open innovation is a term used to promote an information age mindset toward innovation that runs counter to the secrecy and silo mentality of traditional corporate research labs. The benefits and driving forces behind increased openness have bee ...
concept, a term promoted by
Henry Chesbrough Henry William Chesbrough (born 1956) is an American organizational theorist, adjunct professor and the faculty director of the Garwood Center for Corporate Innovation at the Haas School of Business at the University of California, Berkeley and Mai ...
. It is linked to shifts in attitudes towards the issue of data ownership, illustrated by regulations such as
GDPR The General Data Protection Regulation (GDPR) is a European Union regulation on data protection and privacy in the EU and the European Economic Area (EEA). The GDPR is an important component of EU privacy law and of human rights law, in parti ...
and concepts such as the
open data Open data is data that is openly accessible, exploitable, editable and shared by anyone for any purpose. Open data is licensed under an open license. The goals of the open data movement are similar to those of other "open(-source)" movement ...
movement. The banks turn into a financial service platforms, technically implemented through a
Banking as a Service Banking as a service (BaaS) is the provision of banking products (such as current accounts and credit cards) to non-bank third parties through APIs. Description As a value network, BaaS aims at seamlessly integrating as many service provider ...
-concept.


History

In October 2015, the
European Parliament The European Parliament (EP) is one of the legislative bodies of the European Union and one of its seven institutions. Together with the Council of the European Union (known as the Council and informally as the Council of Ministers), it adopts ...
adopted a revised
Payment Services Directive The Revised Payment Services Directive (PSD2, Directive (EU) 2015/2366, which replaced the Payment Services Directive (PSD), Directive 2007/64/EC) is an EU Directive, administered by the European Commission (Directorate General Internal Market) t ...
, known as
PSD2 The Revised Payment Services Directive (PSD2, Directive (EU) 2015/2366, which replaced the Payment Services Directive (PSD), Directive 2007/64/EC) is an EU Directive, administered by the European Commission (Directorate General Internal Market) to ...
. The new rules were aimed at promoting the development and use of innovative online and mobile payments through open banking. Support for the concept was not unanimous. Mick McAteer of the UK's Financial Inclusion Centre, thought that only the tech-savvy will benefit. He said that open banking is "a daft idea", which will lead to more financial exclusion for those with low income. He said it is naïve of regulators to expect consumers to own their data and be able to get better deals from banks, and pointed out the danger of consumers being exploited, either by businesses offering new types of expensive payday loans, or misuse of data and personal information that people have revealed in places such as
social media Social media are interactive media technologies that facilitate the creation and sharing of information, ideas, interests, and other forms of expression through virtual communities and networks. While challenges to the definition of ''social medi ...
.


European Union


Regulatory layer

The existence of open banking is conditioned by the law. In the European Union it is the regulations that seem to be the main catalyst for its development. The legal act that governs the functioning of open banking is the amended Directive of the European Parliament and of the Council (EU) 2015/2366 of 25 November 2015 on payment services within the internal market, i.e. PSD2. The PSD2 Directive is the act amending the act on payment services and related acts (including the delegated regulation supplementing Directive 2015/2366 of the European Parliament and of the Council with regard to regulatory technical standards regarding strong client authentication and common and secure open communication standards). It introduced a number of new services, definitions and obligations for market participants. The most important of these are: * Payment Initiation Service (PIS) — a service consisting in initiating a payment order at the request of a payment service user in relation to a payment account held with another payment service provider, defined in art. 67 PSD2; * Account Information Service (AIS) — an online service consisting in providing consolidated information on at least one payment account held by a given payment service user with another payment service provider or at more than one payment service provider, defined in art. 66 PSD2; * Confirmation of the Availability of Funds (COF) — a service of confirming the availability on the payment account of the payer of the amount necessary to execute the payment transaction, defined in art. 65 PSD2; * Strong customer authentication (SCA) — authentication based on the use of at least two elements belonging to the category: knowledge (something that only the user knows), possession (something that only the user has) and customer characteristics (something that the user is), independent in the sense that violation of one of them does not weaken the credibility of the others, which authentication is designed in a way that protects the confidentiality of credentials; * A new category of service providers, i.e. entities providing the aforementioned services, third parties (TPP — Third Party Provider): ** Payment Initiation Service Provider (PISP), ** Account Information Service Provider (AISP), ** Payment Instrument Issuer Service Provider (PIISP). * The obligation to provide Account Service Provider Providers (ASPSP) with a dedicated programming interface (API), enabling third parties (TPP) to provide payment initiation services (PIS), access to account information (AIS) and confirmation of the availability of funds (CAF). The above-mentioned third parties are supervised by financial supervision institutions in all European Union member states. More than two years after the entry into force of the PSD2 provisions, which took place on September 13, 2019, the European Commission announced the commencement of the review procedure of the Directive. In a call for advice published on 18 October 2021, addressed to the EBA (European Banking Authority) the European Commission has outlined the areas that will be analyzed during the review of the directive: * Scope of the directive and definitions used in the text * Licensing of payment institutions and supervision over payment service providers under PSD2 * Transparency of conditions and information requirements * Rights and obligations under the directive * Strong Customer Authentication (SCA) * Access to and use of payment account details in connection with payment initiation and account information services * Access to payment systems and access to accounts maintained with a credit institution * Cross-sector topics * PSD2 enforcement Amendments to the directive (adoption by the Commission) are planned for the fourth quarter of 2022.


Business layer

Open banking is part of the global trend of the economy based on the use of
API An application programming interface (API) is a way for two or more computer programs to communicate with each other. It is a type of software interface, offering a service to other pieces of software. A document or standard that describes how ...
(API economy) to create new services and products that use data or certain functionalities from other suppliers. The use of this trend can be observed in other areas of the digital economy, that include activities of big tech companies. The development of open banking is also connected with changes in customer expectations towards suppliers, in this case, banking and payment services — clients transfer their experience from other areas, such as social networks or e-commerce, and expect that the bank will also provide them with an equally attractive product. Customers want to decide what they will use and in which channel. They expect products tailored to their needs. In order to meet similar expectations, banks must necessarily establish cooperation with other entities. In this way, the way to build new services and products based on the use of financial data is opened. New regulations and standardization of interfaces, combined with the clients' expectations, lead to the emergence of new and attractive financial and payment products on the market. Exemplary benefits for consumers resulting from open banking can include: * support in financial management, * access to products previously unavailable — e.g. due to new creditworthiness assessment methods, better matching, etc., * new types of banking and payment products, * combining banking and non-bank services (e.g. insurance), * promoting e-commerce. However, one must remember that open banking is also a series of risks. The threat of attacks by cybercriminals is obvious, as the number of entities that will have data allowing for fraud and theft increases. But threats also appear in other aspects, primarily privacy — a lot of new business models are based on the concept of " freemium", in which part of the functionality can be "paid" for the sharing of their data. There is a risk of aggressive market practices (including, for example, debt collection) or offering more expensive products based on an analysis of the financial data. Many doubts also arise in the context of the use of automated solutions based on artificial intelligence or machine learning — who is responsible for the decisions made by the machine, whether you can indeed automate all finance decisions etc. Finally, the development of new, often complex services and products can lead to deepening digital and financial exclusion, the part of society that for various reasons cannot benefit from access to the latest technologies.


= SEPA API Access scheme

= Several concepts are developing in Europe that assume solutions implemented by payment institutions based on PSD2 provisions. The SEPA API Access Scheme initiative was launched by the ERPB (Euro Retail Payment Board), a strategic advisory body at the
European Central Bank The European Central Bank (ECB) is the prime component of the monetary Eurosystem and the European System of Central Banks (ESCB) as well as one of seven institutions of the European Union. It is one of the world's most important centr ...
. The initiative was described in two reports, the first was published on May 31, 2019, and the second was published on June 4, 2021. The information on the transfer of the initiative for further works and the implementation of the SEPA API Access scheme by the
European Payments Council The Single Euro Payments Area (SEPA) is a payment-integration initiative of the European Union for simplification of bank transfers denominated in euro. , there were 36 members in SEPA, consisting of the 27 member states of the European Union ...
is also publicly available. The proposed scheme will define the principles of cooperation between the entities participating in it define standard methods of implementing selected services based on the use of API (open programming interfaces) and the billing and payment system for these services. The starting point for the work on the scheme was PSD2 services provided by European credit institutions, which will remain free of charges for third parties. Other services, referred to as value-added services, premium services or extended services, could be monetized by credit institutions based on the rules adopted in the scheme. These rules and the general assumptions of the scheme would be discussed with the relevant Directorates-General of the European Commission.


= The Berlin Group openFinance API Framework

= On October 26, 2020, the Berlin Group established a new task force called
The Berlin Group The Berlin Group consist of almost forty banks, associations and PSPs from across the EU. The objective is to define open and common scheme- and processor-independent standards in the inter-banking domain between creditor banks (acquirers) and de ...
openFinance API Framework, which replaced the previous task force responsible for creating the NextGenPSD2 standard. The new task force's work focuses on the standardization of value-added services (so-called premium services) that credit institutions may make available to eligible third parties based on bilateral agreements or potential new payment schemes (see SEPA API Access Scheme).


Technological layer

The most important element of the technological layer of open banking is the application programming interface (
API An application programming interface (API) is a way for two or more computer programs to communicate with each other. It is a type of software interface, offering a service to other pieces of software. A document or standard that describes how ...
), in the context of open banking — open, that is, assuming public access for developers to systems and solutions belonging to companies (here: financial institutions, primarily banks). In the European Union some financial institutions (including banks) have been obligated under applicable law ( Directive of the European Parliament and of the Council (EU) 2015/2366 of 25 November 2015 on payment services within the internal market, PSD2) to provide the application programming interface (API) in a strictly defined scope, other institutions have independently decided to make the API available. Due to the fact that the involved financial institutions, operating only on the European market, there are several thousand, standardization initiatives started to be created. Such initiatives are aimed at preparing a standard specification of the application programming interface, made available by obligated financial institutions so that the use of them by authorized third parties would be easier and safer. The most important standardization initiatives in the European Union are: * NextGenPSD2 — Pan-European standardization initiative, run by
The Berlin Group The Berlin Group consist of almost forty banks, associations and PSPs from across the EU. The objective is to define open and common scheme- and processor-independent standards in the inter-banking domain between creditor banks (acquirers) and de ...
. * STET standard — developed by the French clearing house (STET); in its shape, the standard has been as close as possible to the NextGenPSD2 standard of
The Berlin Group The Berlin Group consist of almost forty banks, associations and PSPs from across the EU. The objective is to define open and common scheme- and processor-independent standards in the inter-banking domain between creditor banks (acquirers) and de ...
as part of the convergence project. * Slovak Banking API — a standardization project entirely run by the Slovak Bank Association in cooperation with the
National Bank of Slovakia National Bank of Slovakia ( sk, Národná banka Slovenska, NBS), is the central bank of Slovakia, a member state of the European Union since 2004 and of the euro area since 2009. It was formed on from the division of the State Bank of Czechos ...
, made available in the form of documentation. * PolishAPI — the PolishAPI standard defines an interface for the needs of services provided by third parties based on access to payment accounts, i.e. services introduced by the amended directive on payment services within the internal market (PSD2). The participants of the PolishAPI standardization initiative are the Polish Banks Association together with associated commercial and cooperative banks, and third party providers.


United Kingdom


Competition intervention

In August 2016, the
United Kingdom The United Kingdom of Great Britain and Northern Ireland, commonly known as the United Kingdom (UK) or Britain, is a country in Europe, off the north-western coast of the continental mainland. It comprises England, Scotland, Wales and North ...
Competition and Markets Authority The Competition and Markets Authority (CMA) is the competition regulator in United Kingdom. It is a non-ministerial government department in the United Kingdom, responsible for strengthening business competition and preventing and reducing anti-com ...
(CMA) issued a ruling that required the nine-biggest UK banks – HSBC, Barclays,
RBS RBS may refer to: Organisations Banking * The Royal Bank of Scotland, a retail banking subsidiary of NatWest Group ** RBS International, the offshore banking arm of NatWest Group Education * Regent's Business School * Rotterdam Business School ...
,
Santander Santander may refer to: Places * Santander, Spain, a port city and capital of the autonomous community of Cantabria, Spain * Santander Department, a department of Colombia * Santander State, former state of Colombia * Santander de Quilichao, a m ...
, Bank of Ireland, Allied Irish Bank, Danske Bank, Lloyds and Nationwide – to allow licensed startups direct access to their data down to the level of transaction-account transactions. The direction came into force on January 13, 2018, and using standards and systems created by Open Banking Limited, a non-profit created especially for the task. However, enforcement rests with the
Competition & Markets Authority The Competition and Markets Authority (CMA) is the competition regulator in United Kingdom. It is a non-ministerial government department in the United Kingdom, responsible for strengthening business competition and preventing and reducing anti-com ...
. Protection for consumers is the responsibility of the Financial Conduct Authority (FCA) (for account information and payment initiation services, under the PSD2 directive) or the
Information Commissioner's Office The Information Commissioner's Office (ICO) is a non-departmental public body which reports directly to the Parliament of the United Kingdom and is sponsored by the Department for Digital, Culture, Media and Sport (DCMS). It is the independe ...
(for data). The CMA direction only applies to the nine largest banks and works alongside the broader
PSD2 The Revised Payment Services Directive (PSD2, Directive (EU) 2015/2366, which replaced the Payment Services Directive (PSD), Directive 2007/64/EC) is an EU Directive, administered by the European Commission (Directorate General Internal Market) to ...
rules that apply to all payment account providers.


Adoption

As of January 2020, there are 202 FCA-regulated providers who are enrolled in Open Banking. Many of them provide financial apps that help manage finances and also consumer credit firms who use Open Banking to access account information for affordability checks and verification.


Future governance

In March 2021, the CMA consulted on arrangements for the future oversight of Open Banking. This consultation referenced to a proposal by UK Finance (a trade association for the banking and finance industry), which had engaged with stakeholders to develop a blueprint for a new organisation (a 'Future Entity') to replace the OBIE in its current form which would serve the needs of the significantly larger number of financial institutions by enabling an Open Data and payments market.


United States

Financial Data Exchange (FDX) organization was formed in 2018 as a non-profit consortium that started to sign on members from the
fintech Fintech, a portmanteau of "financial technology", refers to firms using new technology to compete with traditional financial methods in the delivery of financial services. Artificial intelligence, blockchain, cloud computing, and big data are r ...
and banking communities in late 2018. The group consists of the largest financial institutions as well as aggregators and fintechs. Founders sought to create a common technical standard to enable secure, consumer-permissioned data sharing for financial data, effectively sounding the first signal that the US was going to pursue something like Open Banking. FDX aims to establish a common, shared standard for Open Banking through a market-driven approach, the idea being to engage with the different market players and use a consortium approach similar to
Bluetooth Bluetooth is a short-range wireless technology standard that is used for exchanging data between fixed and mobile devices over short distances and building personal area networks (PANs). In the most widely used mode, transmission power is limi ...
. The group maintains five core principles: 1) Control: the consumer should have control over how, where, and for how long their financial data is used. 2) Access: the consumer should have access to their financial data at all times and across all account types. 3) Transparency: third parties should be transparent about how they are using a consumer's financial data. 4) Traceability: consumers should be able to trace the routes data takes along the data sharing network. 5) Security: the consumer's financial data should always be protected with secure connections and trustworthy parties. Open Banking in the United States became a hot-button issue with the Biden Executive Order indicating the Administration's desire to harness a robust 1033 rulemaking. The Dodd-Frank Act mandated that consumers have the right to their own financial data and should be able to access it in ways such as through financial applications, regardless if the application sits in the data holder house or not. Some Open Banking providers such as Plaid settled for 58M in a consumer-driven privacy related class action lawsuit in 2021. By contrast, another leader in US Open Banking, Finicity, maintains higher than necessary compliance standards by self-subscribing as a consumer reporting agency and maintaining high standards of consent and privacy-related practices.


Latin America

The specific context of
Latin America Latin America or * french: Amérique Latine, link=no * ht, Amerik Latin, link=no * pt, América Latina, link=no, name=a, sometimes referred to as LatAm is a large cultural region in the Americas where Romance languages — languages derived f ...
as it relates to Open Banking force to consider the importance of the informal economy, the prevalence of fraud with online payment, and the concentration of the banking industry, as well as the early implementation of technologies such as mandatory and centralized
electronic invoicing Electronic invoicing (also called e-invoicing or einvoicing) is a form of electronic billing. E-invoicing methods are used by trading partners, such as customers and their suppliers, to present and monitor transactional documents between one anoth ...
. The importance of electronic invoicing in Latin America also provides an alternative source of information to open banking that does not yet exist in other countries in the world. Mandatory and centralized electronic invoicing was implemented early on in countries such as
Mexico Mexico (Spanish: México), officially the United Mexican States, is a country in the southern portion of North America. It is bordered to the north by the United States; to the south and west by the Pacific Ocean; to the southeast by Guatema ...
,
Chile Chile, officially the Republic of Chile, is a country in the western part of South America. It is the southernmost country in the world, and the closest to Antarctica, occupying a long and narrow strip of land between the Andes to the east a ...
,
Colombia Colombia (, ; ), officially the Republic of Colombia, is a country in South America with insular regions in North America—near Nicaragua's Caribbean coast—as well as in the Pacific Ocean. The Colombian mainland is bordered by the Car ...
, and to a lesser extent,
Brazil Brazil ( pt, Brasil; ), officially the Federative Republic of Brazil (Portuguese: ), is the largest country in both South America and Latin America. At and with over 217 million people, Brazil is the world's fifth-largest country by area ...
, offering the possibility to retrieve open accounting data in a similar way as open banking. In this context the use cases are: Better knowledge of users and potential customers, Automation of KYC (Know Your Customer) processes, creation of new products and services especially for the unbanked, and fraud Reduction. Key Latin American Countries by size are also the countries at the forefront of the adoption of open banking: Mexico Mexico is a leader in Fintech regulations and innovation in Latin America. Whether for centralized mandatory open banking or for the adoption of a coherent Fintech law, Mexico was the first country to implement legislation that serve as inspiration for other countries. The most relevant legislation regarding open banking was the Fintech Law of 2018. On March 9, 2018, the Law was published in th
Federal Official Gazette
(''Diario Oficial de la Federación'' o "DOF", by its
Spanish Spanish might refer to: * Items from or related to Spain: **Spaniards are a nation and ethnic group indigenous to Spain **Spanish language, spoken in Spain and many Latin American countries **Spanish cuisine Other places * Spanish, Ontario, Can ...
acronym). Article 76 states that standardized computer application programming interfaces (APIs) must be established that enable connectivity and access to other interfaces developed or managed by the same subjects referred to in the aforementioned article and third parties specialized in technology technologies. the information, in order to share the following data and information: open financial data, aggregated data and transactional data. As a consequence
more than 2,300 institutions
were technically required to share information. In this regard, Article 76 provides that the information that may be shared by financial institutions, money transmitters, SICs, clearing houses, financial technology institutions, are: * Open data; being those of products and services offered to the general public; * Aggregated data; being those related to any type of statistical information related to operations carried out by or through the mentioned institutions; and * Transactional data; those related to the use of a product or service, including deposit accounts, credits and means of disposal contracted in the name of the customers of financial institutions. In addition, on March 10, 2020, the Mexican Central Bank (''Banco de México'') ("Banxico") published in the DOF the Circular 2/2020 as secondary provisions of the law, specifically dealing with open banking. In such, different financial market entities were required to share information through Computer Application Programming Interfaces. The March 2020 secondary provisions issued in the DOF only apply to Credit Information Companies (''Sociedades de Información Crediticia'') ("SIC", by its Spanish acronym) and clearing houses. In June 2020, the rules for exchanging open data, applicable to all financial institutions (banks, fintechs and companies authorized by the Comisión Nacional Bancaria y de Valores (CNBV, the Mexican equivalent of the SEC). In it, financial institutions, such as banks, popular finance companies and savings and loans cooperatives, among others, were also included in the law In accordance with the above, Circular 2/2020 states that both SICs and clearing houses must obtain authorization from Banxico for the use of the APIs by other institutions. In turn, SICs and clearing houses must enter into agreements with other entities authorized by Banxico for the exchange of information. Additionally, the issuance of fees to be charged between institutions that exchange information is also defined. Finally, Circular 2/2020 states that in case of non-compliance with the provisions of Circular 2/2020, SICs and clearing houses may face fines levied by Banxico. Regulation of aggregated data and transactional data are expected to be legally defined in 2021. Industry experts agree that their enactment will generate value, causing high demand or data requests. Such is the size of the market that Gartner, the consultancy, claims that the open banking opportunity in Mexico tops one billion dollars. In that context, a Finerio Connect survey indicates that 68% of Mexican executives say open banking will be a significant game changer in the Mexican financial industry and 83% of respondents agree that "open banking allows the improvement of the services offered to customers". In addition, 68% consider that "open banking will offer growth opportunities to financial companies" and 65% states that "it will be generating positive competition between companies". Regulatory advances now allow Mexico to be the first Fintech ecosystem by number of startups, according to the Finnovista Fintech radar, with 441 companies, followed by Brazil (370), Colombia (200), and Chile (67). Brazil The most recent movement of the
Central Bank of Brazil The Central Bank of Brazil ( pt, Banco Central do Brasil) is Brazil's central bank. It was established on Thursday, 31 December 1964, a New Year's Eve. The bank is not linked to any ministry, currently being autonomous. Like other central banks ...
was the Bank of Brazil's deployment of its open banking model, which mandates banks and financial institutions (including fintech) to make available information on traditional financial services and products. Brazil's implementation is mandatory for institutions with large size, significant international activity and high risk profiles and optional for all other institutions. This implementation of the first phase happened almost two years after the first open banking framework was published April 2019, in which the fundamental requirements for the implementation of the law were disclosed. From 2021 onwards, the Central Bank of Brazil will continue to release details on the following phases of implementation: * Phase 2 — Customer Information (July 2021): At this stage consumers will have the option share their data (registration, account transactions, card information and credit transactions) with the institutions of their choice, at the time of their choice. This is expected to allow for the development of more personalized products and services. * Phase 3 — Transactional Information and Payment Initiation (August 2021): At this stage, consumers will have access access to services such as innovative payment options and credit offers, through the shared channels by financial institutions, allowing consumers to shop around in a large selection of products and services * Phase 4 — Extra information (December 2021): the following phases will include additional products such as insurance, pension plans, investments, among others. Chile In late 2020, the
Chilean government Chile's government is a representative democratic republic, whereby the President of Chile is both head of state and head of government, and of a formal multi-party system. Executive power is exercised by the president and by their cabinet. Legi ...
announced that it was working on a proposal to regulate the activity of financial technology companies, and incorporate an open banking standard for the market. As a result, last September the government edicted the Financial Portability Act, a set of regulations aimed to facilitate switch between banks and financial providers. As of early 2021, banks have begun to make investments to open their legacy systems to other verticals, which support partner connection, a change impulsed, in part, by the opening laws such as the ones in Mexico. Colombia Colombia also announces its interest in developing an open banking standard, but is betting on a voluntary model; that is, letting the financial institutions open at their own pace. The Financial Regulations Unit (URF) is expected to foster a public-private discussion that will set the stage for open banking best practices letting the stakeholders in the ecosystem free to define the regulatory framework. The regulator asked the stakeholders to come to an agreement on two preliminary stages: * Stage 1 — First semester 2021: Conducting exploration to define the model to be implemented, as well as discussing the roadmap for its implementation. * Stage 2 — Second Semester 2021: Issuing regulation and promoting "possible use" of ''sandbox testing.''


Adoption in the rest of the world

A number of other countries launched open banking initiatives based on the European and UK models. These were either through industry collaboration or through legislative changes. An open banking project was launched in
Australia Australia, officially the Commonwealth of Australia, is a Sovereign state, sovereign country comprising the mainland of the Australia (continent), Australian continent, the island of Tasmania, and numerous List of islands of Australia, sma ...
on the 1 July 2019 as part of the Consumer Data Rights project by the
Treasury A treasury is either *A government department related to finance and taxation, a finance ministry. *A place or location where treasure, such as currency or precious items are kept. These can be state or royal property, church treasure or i ...
and
Australian Competition & Consumer Commission The Australian Competition and Consumer Commission (ACCC) is the chief competition regulator of the Government of Australia, located within the Department of the Treasury. It was established in 1995 with the amalgamation of the Australian Trad ...
. The CDR legislation was passed by the Australian parliament in August 2019. On 1 June 2017, a group of bankers and
Financial technology Fintech, a portmanteau of "financial technology", refers to firms using new technology to compete with traditional financial methods in the delivery of financial services. Artificial intelligence, blockchain, cloud computing, and big data are r ...
experts in
Nigeria Nigeria ( ), , ig, Naìjíríyà, yo, Nàìjíríà, pcm, Naijá , ff, Naajeeriya, kcg, Naijeriya officially the Federal Republic of Nigeria, is a country in West Africa. It is situated between the Sahel to the north and the Gulf o ...
got together for the Open Banking Nigeria initiative to drive the adoption of common API standards for the country.


Security risks

Open banking made banks open their application programming interfaces (APIs) to third-party FinTech companies, which comes with security risks. Customers using open banking apps will now be in an entirely new trust relationship.
Hackers A hacker is a person skilled in information technology who uses their technical knowledge to achieve a goal or overcome an obstacle, within a computerized system by non-standard means. Though the term ''hacker'' has become associated in popu ...
can target third-party apps and excessive access privileges could be given to employees. Malicious actors will get new opportunities to trick banking customers as well as third-party companies with
phishing Phishing is a type of social engineering where an attacker sends a fraudulent (e.g., spoofed, fake, or otherwise deceptive) message designed to trick a person into revealing sensitive information to the attacker or to deploy malicious softwa ...
scams. API security differs from traditional web application security in a number of ways, and as a result OWASP released
new Top Ten list
targeting API Security beginning in 2019 to augment the original OWASP Top Ten that began publication in 2003. A critical difference between the traditional web security attacks and attacks against APIs is that API attacks are logic-based, rather than rule-based. As a result, many companies and governments may have a false sense of security based on security products that were not designed to address logic-based attacks. To combat this, innovations such as the FAPI (financial-grade API) security profile have been developed. This involves additional measures layered on top of OAuth2 and openid-connect, mandating the use of mutual TLS to ensure only accredited participants can produce and consume the APIs.


See also

*
Account aggregation Account aggregation sometimes also known as financial data aggregation is a method that involves compiling information from different accounts, which may include bank accounts, credit card accounts, investment accounts, and other consumer or busin ...
* Open Banking Nigeria


References

{{Reflist Banking technology