The Open Banking movement is encouraging data-sharing in the global financial services industry. Consider the number of new frameworks:

The financial world is clearly undergoing sweeping changes.

Open Banking promises a wide range of benefits, from financial inclusion to financial education in the community. It drives competition, reduces costs and paves the way for rapid financial innovation, which is why various official bodies across the globe have chosen to implement this framework.

But establishing frameworks that ensure steady innovation, increased competition, equilibrium and consumer protection is nothing short of a Herculean task.

In particular, a fast-paced market often leaves regulators behind the innovation curve. In order to propose, design, enforce and review their regulatory framework to the highest standards, official bodies need to take a number of factors into consideration.

So what are the main obstacles that delay the arrival of widespread Open Banking regulation?

Top Challenges for Regulators

As already stated, the financial services industry is undergoing a turbulent transformation. Regulation drives many of these changes, but other market-led developments are challenging regulators to keep pace. This is completely natural. A forward-thinking mindset is not enough to keep pace with the exponential growth of technology. This also requires a thorough analysis of existing open banking regimes and technology, as well as deep knowledge and understanding of the open banking movement.

Regulators face several obstacles when it comes to designing Open Banking regulations:

1. It’s All Data

While financial regulators have abundant experience in designing regulations and overseeing regulatory regimes, there’s something different about the age we’re living in. Now, all attention is on the impalpable asset with very tangible benefits – data.

The benefits of data-sharing have already been described exhaustively on the internet, as have the dangers. Regulators know that their decisions regarding data-sharing could leave consumers with the Sword of Damocles hanging over their heads.

In other words, leave them in a situation in which anything bad could happen at any time. And consumers know this. 

The public’s understanding of data privacy has significantly changed over the years. The Cambridge Analytica Scandal, for example, managed to awaken a sense of privacy that had for long lain dormant. However, it is still a new terrain and requires thorough study. 

Regulators need to be acquainted with data and all that surrounds it in order to protect the public from those who are inclined to use data unethically.

2. Balancing innovation with security

A good open banking framework leaves enough space for innovation without trading the safety and security of the people. At first glance, Open Banking may seem more of a threat than an opportunity. Any cybercriminal would dream of gaining access to customer banking data to perform all sorts of nefarious activities. 

Needless to say, successful data-sharing frameworks calculate this risk and include security measures that keep customer data safe. Regulators should define the vetting process for Third Parties and start thinking about where liability falls should something go wrong. But it’s not simple and linear. Often, risks reveal themselves when the Open Banking regime is already being rolled out. These new problems initially appear to be unforeseeable.

But there’s a tool that fosters innovation while protecting consumers and market players from negative outcomes – the sandbox. Regulatory sandboxes provide a safe environment to test innovative products, services, and business models under a more relaxed regulatory environment. This prevents innovations from being stifled by high regulatory requirements and allows regulators to test the standards before implementing them.

Regulatory sandbox regimes are cropping up around the world, from the MENA region to Asia Pacific. Regions are finding that the balance between innovation and safety may indeed lie in the sandbox.

3. Fast-paced technological change 

Regulators are struggling to identify the risks posed by new technologies and the new business models that they enable.

Technologies can die quickly and are replaced almost instantly. They can also transform at remarkable speeds. Some say the cloud revolution brought us here. By removing barriers to entry and allowing equal access to computational power, the cloud has significantly accelerated innovation. So much, in fact, that regulators find themselves behind on the innovation curve.

Regulators may design the perfect framework to gain control over a certain type of technology or service, just to find that the service has changed so much that the new regulation is already out of date.

So how will regulators avoid seeing their regulations become redundant by the time they are implemented? 

Innovation will always be a few steps ahead. But authorities can avoid trailing far behind by keeping abreast of the most up to date technology trends, consulting with experts in the field, and evolving their frameworks with the changing tides of innovation.

4. The Big Techs

Big Tech companies are very confidently encroaching on financial services territory, blurring the lines between industries as they do. But somehow, they always fall right outside of the regulatory scope. Tech companies will eventually obscure the line between financial and non-financial regulations, creating either value or havoc – or both.

By reason of this, regulators are seeing the need to build broader frameworks that can work between sectors. It is clear that Big Tech cannot continue in this direction without being regulated.

But it’s not just Big Techs. It will become easy for companies to embed services into their offerings and jump from one regulatory category to another. 

5. The Fintechs

On the one hand, one cannot expect a small firm to follow the same exact framework as a large enterprise. Therefore, regulators must ensure a level playing field by treating fintech firms, such as neobanks and challengers, differently to how they would treat a large financial institution.

On the other hand, such a double standard may appear as being unfair on traditional institutions, who will have to deal with more regulatory pressure.  Germany, for example, has decided that no regulatory exceptions should be made for Fintechs, while other regions have decided to use regulatory sandboxes as a means of loosening the leash.

The difficulty in regulating fintechs also arises from their agility. Regulators will have to adapt their processes to monitor these fast and more flexible players. 

6. Traditional Financial Services Providers

Regulators also have to decide who to regulate amongst traditional financial institutions. This may seem simple at first, but is it?

Unlike the Fintech Law in Mexico, which includes various financial services players such as credit bureaus and clearing houses, PSD2 is limited to banks and e-money providers. The Australian Consumer Data Protection (CDR) is currently being introduced to the banking sector, but plans are to roll it out to other sectors, namely energy and telecommunications.

Including all financial services providers is ambitious, but going step by step is more cautious. 

7. Terminology

Like with any novelty, terminology is always an issue. There are always terms that need to be reconciled; definitions that need to be clarified. It isn’t rare to find the same word used in completely different ways because of its infancy.

For instance, there have been debates regarding the true meanings of Bank-as-a-Platform and Bank-as-a-Service. Some say they can be interchanged, while others hold opposite views on the matter. 

Banking as a Service is commonly accepted as a model that enables licensed banks to offer certain capabilities as services. This allows non-banking Third Party Providers to integrate financial services in their own products. 

With Banking as a Platform, the Bank integrates third-party services into its own offering. 

However, a brief search on the internet will show the range of definitions that both have been given. The financial services industry gets creative in its way of describing what it can do with APIs, but isn’t always able to reach a consensus on meanings.

It is easy to see how semantics can cause a problem for regulatory bodies. What should be done if terms are coined by the sector? How does a regulatory authority choose the right terms and why? 

Finding common terminology facilitates communication between regulators and regulated organisations and makes sure that all players are speaking the same language.

But that’s not where the interpretation difficulties end…

8. Lost in Tech Translation

Even when the regulations have been designed and promoted, the fintech community may have issues receiving them. In other words, regulations are written for lawyers, not “techies”.

IT departments expect libraries, toolkits, SDKs, and much of the technical terminology that they understand and are able to work with. By consulting and collaborating with experts in the field, authorities can make their regulation developer-friendly and understandable.

Of course, on the other side, TPPs will work with regulatory experts to understand the requisites for compliance. 

But where do Regulators start?

A good way to start is by picking apart the open banking frameworks in other countries. The analysis of similar regions will produce insights that are relevant to the country in question. By examining the regulations, one can gain some inspiration to build a picture of a potential Open Banking regulation.

Examples of questions that are highly relevant when examining other frameworks are:

  • Why did they propose this framework? Did something trigger the need for Open Banking?
  • Who proposed it? Is it the same body that monitors it?
  • Is the regulation strict or is it similar to a set of guidelines?

And last but certainly not least: What are the weak spots of this regulation?

The early identification of vulnerabilities and flaws in a framework will prepare regulators for missteps and, hopefully, prevent them altogether. 

12 Questions 

If you are at the start of your regulatory open banking journey, we suggest asking yourself these 12 questions to start envisioning your potential regulatory framework.

  1. What problems can Open Banking address in my region? 

  2. What’s more important: The end-goal or the way organisations get there?

  3. Who should fall under the regulatory scope?

  4. Should we tighten the reins or let them roam free?

  5. Will standardisation stem the tide of innovation?

  6. What services should we open up? 

  7. Who are we opening the gates to? Can everybody have access?

  8. How will we assess and vet Third Parties?

  9. If something goes wrong, who is liable? 

  10. Who are the major stakeholders? / Who should pay?

  11. Should we think about pricing or should we forbid charging of any kind?

  12. What is the most efficient way to oversee all of this?

That’s it. 12 simple questions that can help regulators see their future Open Banking regime in their mind’s eye.

Regulatory authorities aiming to transform their regions for the better through Open Banking and Open Finance will encounter hurdles. They will have to study Open Banking, introduce a feasible data-sharing framework, and ultimately decide the future of their region’s financial services sector.

Of course, there will be some regulatory hand-holding in the beginning. But regulators cannot hold all of the burden. Regulatory authorities, financial institutions, and new fintech players must collaborate to unlock the full potential of open banking data in financial services and bring benefit to their region.

Enabling this collaboration may be the biggest challenge yet.

This list is far from exhaustive. Do you think there are more important challenges to add? What challenges do regulators face? Feel free to contact Luca Borella or drop us a quick message with your thoughts on this topic.