As fintech reshapes how we bank, Canadians need a flexible framework that builds consumer trust without thwarting innovation.
Canada has a strong, vibrant and internationally envied financial sector. But change is upon us. Skillful fintech entrepreneurs are leveraging disruptive technologies to create new financial products and services for consumers and small businesses. Those small businesses are seeking ways to unlock value, and consumers want more control over their financial lives. For all these reasons, open banking has become a reality around the world.
In the open-banking ecosystem, fintech companies and data aggregators use technologies to empower consumers to better understand and control their financial lives. It is consumer-centric, delivering value to businesses as well, and it increases competition in the financial services marketplace, driving innovation.
Recognizing the global spread of open banking, Finance Canada launched open-banking consultations earlier this year; the results won’t be known for some time. On June 19, the Senate Committee on Banking, Trade and Commerce issued an informative report on open banking, saying, “Not only is open banking necessary for Canadian consumers, it needs to be implemented decisively and with urgency.”
A golden opportunity exists for Canada to adopt a flexible governance framework designed to drive specific market outcomes. Financial services regulators need only set out broad principles for market conduct, then let market participants decide how best to apply them in the ways they do business. There is no need for regulators to interfere in the direct relationship between service providers and their customers by establishing a set of prescriptive rules in a one-size-fits-all approach. Instead, providing guiding principles for market conduct will allow companies flexibility in how best to meet the needs of consumers.
The framework must also have the full trust of consumers, which means questions of consent, privacy, cybersecurity, data ownership and liability must be addressed. Figure 1 provides a useful visualization of open banking.
With open banking, the information a bank has about its customers can be made available through a secure channel to a data aggregator, with the customer’s consent. The aggregator can take that information, aggregate it or combine it with other data pertinent to a consumer, and help the consumer have a complete picture of his or her finances and take advantage of a competitive marketplace.
Competition and innovation are the key. As the Competition Bureau cautioned in its December 2017 report, Technology-led Innovation in the Canadian Financial Services Sector, financial services regulatory frameworks “can inadvertently deter innovation and the competitive benefits that follow.”
In the retail payments marketplace in particular, the Competition Bureau recommends encouraging the entry of nonbanks and other new firms so that merchants can take advantage of discounts and other incentives that would support the development and adoption of lower-cost payment methods for consumers.
Open banking expands consumer choice and allows for comparison shopping on price and service. It broadens the available range of money management and investment products, improves credit application processes and establishes new payment initiation options beyond traditional payment methods.
For example, bank customers can learn through an online platform which banks are partnering with fintech companies to offer innovative and/or lower-priced products and services that better meet their financial needs. Open banking can then enable customers to more easily switch their business to that bank or other financial institution.
Here’s another example of how open banking is advantageous: Someone saving to buy a house can authorize a money management service to gather his or her financial data held by all of the financial institutions he or she does business with. The money management service can then look at the potential homebuyer’s spending patterns over several years to offer insight into how he or she can better save for a down payment.
Open banking can facilitate the creation of digital banks and digital lenders. It can also encourage partnerships between traditional banks and data aggregators so that new services for consumers and businesses can be developed.
In addition to offering increased competition, more attractive prices and enhanced service levels for businesses, open banking supports business-to-business transactions. It facilitates B2B payments between companies, reduces the risk of bouncing checks, automatically reconciles accounts and offers an easy “know your customer” process.
Consumer confidence is at the core of a successful open-banking system. Consumers and business owners alike must be confident in the safety and security of the overall system and trust that their financial data are being used in accordance with their wishes and in their best interests.
Accordingly, a market-driven open-banking system must address several public policy issues, including customer consent, protection of personal privacy, mitigating cybersecurity risk, determining the ownership of financial data and allocating liability among the participants in the event of error. Each of these issues can be managed effectively to establish a sound, vibrant open-banking ecosystem.
To address legitimate concerns about consent, access and use of personal financial data, there must be requirements for opting in, explicit and informed consent, revocation of consent, third-party standards and dispute management.
Privacy rights are protected in Canada by the Personal Information Protection and Electronic Documents Act (PIPEDA). Any temptation to establish a separate and duplicative privacy regime should be resisted. PIPEDA establishes the ground rules for the collection, use and disclosure of personal information held by an organization. It requires industry to obtain a consumer’s meaningful consent through transparent opt-in mechanisms prior to any collection, use, sharing and/or disclosure of personal information. It also limits the uses and sharing of such information as well as providing other protections, all of which are described using guidelines from the Office of the Privacy Commissioner of Canada.
Cybersecurity is a top-of-mind consideration with any technology-based system, particularly one involving personal financial information. It is doubtful that an open-banking system would increase the risk of cybersecurity attacks. Indeed, an argument can be made that open banking can reduce this risk.
Here’s how. The reality is that hundreds of thousands of consumers have already provided their financial information and passwords to third parties through account aggregation apps provided by nonbanks, outside of a formal open-banking ecosystem. In doing so, they have unwittingly increased the risk of cybersecurity breaches through the practice known as “screen scraping,” in which companies that have developed smartphone apps store unencrypted log-in credentials of customers, increasing vulnerability to cyberattack.
An open-banking regime can mitigate this risk. For example, software can be used to securely share data between a bank and a third-party service provider. The software, an application programming interface (API), offers a degree of security that reduces the risk of a successful cyberattack, the Senate Banking Committee has noted in its report.
Ownership of data
Who owns a customer’s data? This is a complex question, one that is much debated in policy and legal circles. Many would agree that the customer owns the information about her or his financial transactions, accounts and investments. Which entity owns the data must be addressed while answering the other outstanding questions around open banking, such as liability and error resolution.
Liability within an open-banking system can arise with data breaches, errors and unauthorized payments — when a transaction has been wrongly processed, for example, and the amount or the recipient is incorrect.
How do the parties within an open-banking system allocate responsibility for addressing liability if any of these unintended consequences arise? Currently, banks and data aggregators enter into contracts and spell out how these scenarios are addressed. Policy-makers should allow private sector actors to allocate responsibility for liabilities among themselves through mutually binding commercial contracts.
Policy-makers and financial industry players worldwide have thought through and confronted head-on the policy challenges that arise when implementing an open-banking system. It is clear these issues can be dealt with effectively and efficiently. It is also clear that the time has come for the distinct advantages of open banking to be widely available to Canadian consumers and businesses.
Do you have something to say about the article you just read? Be part of the Policy Options discussion, and send in your own submission. Here is a link on how to do it. | Souhaitez-vous réagir à cet article ? Joignez-vous aux débats d’Options politiques et soumettez-nous votre texte en suivant ces directives.