Fraud and Financial Crime Management
Ensure your security with Bottomline's fraud and financial crime management solutions, offering unparalleled protection from fraud and financial crime as well as helping you to comply with regulations.
Jacqueline Powell: Hello, and welcome to the Payments Podcast. I'm Jacqueline Powell. And today I'm delighted to host Marcus Hughes, head of Strategic Business Development at Bottomline. Hi, Marcus.
Marcus Hughes: Hello, Jacqui.
Jacqueline Powell: I'm sure many of our listeners will agree that within the payment industry today, one of the hottest topics is open banking, which has become a global phenomenon in recent years. On today's podcast, which is one in a series of three, we're going to talk about open banking and how it's evolving into open finance, which in turn is forecast to expand into open data. This will take the market trend for secure data sharing way beyond payments and bank accounts, with different types of data like loans and pensions, as well as energy and telecoms information being accessed and exchanged in a controlled and real-time manner.
Thank you for being with us today, Marcus. Before we explore open finance and even open data, can I begin by asking from your perspective, how well is open banking going?
Marcus Hughes: Well, I certainly do agree that open banking has great potential to radically change the way that we all do our banking and payments today, and that it does provide an exciting path to even more ambitious opportunities which relate to open finance and open data. But I'd also say that to date, I don't think that open banking has truly delivered on its potential. That's bearing in mind that planning for open banking in the UK began more than five years ago and the scheme has now been live for nearly four years since January 2018.
To try to qualify that statement, I think that in countries like the UK where open banking is mandatory, it has at least moved from being considered by many bank executives as merely a compliance challenge, and instead it's now become a commercial opportunity as a new way of delivering banking services. But there's a long way to go to achieve open banking's full potential. Recent research by Tink, an open banking platform which has been acquired by Visa, shows that the complete implementation of open banking will take financial institutions many years.
A survey of 300 bank executives in 12 countries found that 40% of them believe it will take their institution 5 to 10 years to achieve their open banking objectives, and a further 37% believe it could take over a decade. These cautious timescales reflect the size of the task at hand, with many organisations embarking on complex and large scale transformation projects. I think we should also recognise that there are different perspectives or interpretations of what open banking really is.
The original narrowest interpretation is the set of rules established in the UK by the Competition and Markets Authority to drive greater competition in UK retail banking. At the other extreme, open banking is now a global phenomenon, with numerous countries developing their own local flavours of new schemes. All of these involve the use of APIs for the secure and real-time sharing of banking data. This data can, of course, only be exchanged with the prior approval of the customer who is fully recognised to own this data.
And just to be clear, it's the customer who chooses which specific banks, financial institutions, or fintechs - usually regulated - that this financial data can actually be shared with. I have to admit that I find the term ‘open banking’ has been stretched in recent times to the extent that it now covers many broad topics in banking and fintech innovation which would not normally fit within the tighter confines of the earlier banking definitions three to four years ago. Occasionally, it even seems that the term ‘open banking’ is starting to be used to describe almost anything in financial services which uses APIs.
In this way, open banking and open finance have become pervasive terms used across the financial services industry for almost any uses of APIs to access or exchange data in real-time, spanning payments, securities, trade, finance and investments, and serving the consumer, corporate and small and medium-sized business segments, in other words, just about anything you want. In this way, open banking, which started as a regulatory initiative in Europe and the UK, has become a global phenomenon today.
According to research by Mastercard, an impressive 36 countries plus the European Union now have some kind of open banking initiative. While the initial impact was in banking, with the focus on payments and account data, the scope has widened to cover the full spectrum of financial services, that's open finance, and the trend is beginning to reach into other industries. In other words, open data. From my perspective, the UK is not necessarily in the lead in its scope or breadth for these initiatives, some of which we're going to look at today for other countries.
Jacqueline Powell: Thanks, Marcus. We'll take a look at those countries’ approaches to open banking and open finance in a few minutes. But for now, let's look at the number of third party providers which seem to be rising every quarter. What are the latest stats in the UK and Europe around this?
Marcus Hughes: Yes, that's right. They're multiplying like rabbits, frankly. According to research by Consensus, at the end of September, they estimated there were 531 third-party providers in the UK and the European Economic Area combined. We should bear in mind that this figure excludes the many banks in Europe and the UK which have launched their own open banking offerings. In terms of transaction volumes, there are five European Economic Area countries which have more than 50 million API calls per month per country.
Germany, with 126,000,000 API calls per month, has the highest volume of any country in continental Europe by far, but this compares quite poorly with the UK's significantly higher volume of 1.2 billion API calls per month. In fact, by way of further comparison, the whole of continental Europe has only about 500 million API calls per month at present. Of those 531 third-party providers in the UK and the European Economic Area, 210 are established and regulated in the UK, so that's a significant percentage.
There's also an additional 45 third-party providers which are established and regulated elsewhere in the European Economic Area, but they are allowed to provide their services in the UK under the temporary permission rights which were created after Brexit. The Open Banking Implementation Entity offers similar but not identical numbers. They recently reported that the UK's open banking ecosystem has 325 regulated providers, made up of 234 third-party providers and 93 account providers, that's banks.
But we shouldn't rest on our laurels because there are other countries in other parts of the world which are also making strong progress in applying the principles of open banking. And it's important to highlight that in many cases their regulators have not necessarily mandated the adoption of open banking. Instead, they're relying on market forces or gentle encouragement from the regulators to drive forward these changes.
Jacqueline Powell: So adoption is clearly on the rise, which is encouraging. Marcus, I'd like to touch on the breakdown, though, between account information services and payment initiation services. Is it still heavily weighted towards API calls relating to account balance and transaction information?
Marcus Hughes: To a large extent, that's still the case, but there are some signs of improvement. The vast majority of API calls today relate to capturing and consolidating account information, and not to payment initiation. This imbalance is because most third-party providers and banks, they began with the easy part and launched digital apps providing account aggregation. Some of these products are really very basic, but a few of the personal financial management products are now becoming quite sophisticated.
And they allow users to set budget controls across multiple bank accounts and give users much greater control over their personal financial management. Another popular and simple use case for account information services is credit checking. By that I mean using current account data to check income and expenses in order to streamline decision-making for loans. Examples here would include using this data to support an application for a personal mortgage or a working capital facility for a small business.
In general, most of the payment initiation use cases for open banking are to make it easier for businesses to receive payments from consumers that are making online purchases. Payment initiation services are also starting to be used to help personal customers who want to invest savings or to pre fund cross-border payments. In most cases, the value proposition to the corporate that's getting paid under these schemes is easier reconciliation of real-time inbound payments, and therefore the ability to reduce the cost of payment processing which is generally much lower than for inbound card payments.
Cards are, of course, still by far the most typical way of paying for these goods and services today. So these new open banking payment apps enable customers, in most cases consumers and some small businesses, to make payments from their current accounts held with a growing number of other banks. Some of the use cases are unique, like a recently launched app to help flatmates to split and pay their shared utility bills. But many other payment apps are fairly standard or vanilla flavoured.
However, we have to recognise that open banking payments are more challenging and they're more time-critical than account information services, so they tend to have a higher failure or dropout rate. This means that consumers are abandoning a payment part way through the process because of a hiccup or possibly the slow API performance of the bank that's actually making the payments. The problem here is that if the user experience is poor, then there's a risk they'll probably revert to a more familiar payment instrument like a debit card or a credit card, of course.
But there are some signs that the situation is improving for payment initiation services. One notable success is that in October, the UK's HM Revenue and Customs announced that they have received more than a billion pounds in tax from more than 500,000 individual payments, all using open banking technology. In March this year, HMRC introduced an open banking enabled service, Pay by bank account, intended for people making online self-assessment tax returns. And more recently, HMRC's Pay by bank account service was extended to other tax types, both for individuals and for businesses.
So, in such a short space of time, this £1 billion in payments received by HMRC is a significant milestone. HMRC should actually achieve important savings on the resources that they normally deploy to reconcile inbound payments, especially those cases where payers have incorrectly entered their tax code or other important information. This problem simply goes away with Pay by bank, since HMRC has all the required information to reconcile these inbound payments, and they'll also achieve lower payment processing charges than the high fees deducted by card providers.
So it's been estimated that these HMRC payment flows are now about 15% of the total payments initiated via open banking in the UK.
Jacqueline Powell: Thanks Marcus. Early in my intro, I touched on open banking evolving into open finance. I'd like to take a look at this in a bit more detail, if I may. From what I've seen, open finance is usually interpreted as the exchange of data covering more than payments initiation and account transaction information. What's your take on open finance and open data?
Marcus Hughes: Well, I think a quick look at what's happening in Australia is a good way to illustrate what this is all about and how open finance and open data might evolve in other countries. Australia is an exciting template to follow. Although they only launched open banking more than two years after the UK, Australian regulators have actually already mapped out a pathway to open data. Starting from July 2020 and on a phased basis, Australian consumers now have the right to instruct their banks to share their transaction data with accredited data recipients, known as ADRs.
That's the Australian equivalent of third-party providers. But this Australian transaction data already relates not only to deposit and current accounts, and credit and debit card accounts, but also to mortgages and loans. Including these credit products takes Australia's consumer data right well beyond UK open banking today. In the UK, the Financial Conduct Authority has been consulting stakeholders on whether open banking should take this next step and expand into open finance.
This concept of open finance, effectively an extension of open banking, would cover the mandatory sharing by banks of additional customer data beyond account information and payment initiation. The broader definition of open finance includes loans, mortgages and investments. Longer term, an even more significant element of Australia's consumer data rights is that it doesn't just cover banking and finance data. Instead, it will also be applied to customer data relating to the energy and telecom sectors, and even to other sectors at a later stage like the travel and leisure industries.
So, Australian regulator's intention is not just to force innovation and competition in the banking sector. Instead, they also wish to ensure that it's easier for consumers to compare prices and to switch gas and telco providers more easily, in those cases where these providers are not performing well or not offering competitive services. That's why Australia's consumer data right is sometimes also called ‘open data’. This is the direction in which advocates expect open banking to develop in other countries, too.
This means it would be a legal requirement allowing customers to be able to demand that their general data is made available to any chosen third-party providers for banking as well as other sectors.
Jacqueline Powell: So you talk about consumer data being a more significant element generally, which I agree with. But how does consumer data right compare with UK and EU laws like GDPR, for example?
Marcus Hughes: For me, there is some consistency here with Europe's general data protection regulation. By that I mean, under GDPR, it's recognised that the customer owns their data and has the right to get it transferred to a third party. This is known as data portability. But under GDPR, the method of travel for the data isn't specified to be in the form of an electronic and real-time transfer. GDPR doesn't yet go so far as Australia's consumer data right, which requires relevant data to be transferred instantly upon receipt of an API call from a regulated accredited data recipient.
Now, it could be argued that in some countries this change will happen due to market forces, but I think it's more likely that it will be driven by regulators seeking to enforce greater competition and innovation across a range of industries. Hopefully, this sneak preview of the future of open data, which is an entirely logical extension of, firstly, open banking and then open finance, will provide food for thought on where other countries will head next in terms of mandatory or potentially market-driven data sharing across multiple industries.
I’d add that another closely related topic here is the power of big tech companies, those well-known tech giants like Facebook and Google. They've amassed huge amounts of data about our daily lives, to the extent that they know our likes and dislikes, and they can even predict what we're going to do next. On this important subject of data protection and data sharing, there's a growing feeling in banking circles that there needs to be a level of reciprocity between banks and big tech companies. This would mean that data would flow two ways.
The early drafts of the European Union's new Digital Services Act show it wants to force big tech companies to share their customer data with other service providers. The European Union is saying that businesses like Amazon, Google, Facebook, shall not use data collected on the platform for their own commercial activities unless they make it accessible to business users active in the same commercial activities. So it seems to me that regulators could adopt an open banking and API-based approach which would require not only big banks but also big tech to enable API access to customer data.
This approach would open up big tech's huge databases and stimulate competition. The reciprocal, instead of a one-way exchange of data, should lead to a rebalancing of the relationship between the banking sector and the tech giants, and it would also encourage the emergence of new competitors to both of these powerful groups. I'm sure we're going to hear a whole lot more about reciprocity relating to data sharing.
Jacqueline Powell: I expect so. Thank you, Marcus. It's very interesting, but what I did notice and hasten to add is that you've not mentioned anything about payments.
Marcus Hughes: Good spot and actually that was intentional. A major difference with the UK's open banking is that payment initiation isn't actually covered by the consumer data rights. Instead, the Australian New Payments Platform, or NPP, are planning a new service known as Mandated Payment Service in the near future. The NPP does already support real-time credit payments, also described as push payments, whereby customers themselves initiate a payment from their account via their banking channel.
But with NPS, which has just been commercially branded as PayTo, NPP Australia will enable customers to authorise third parties to initiate payments from their accounts using the NPP. In this way, PayTo will be similar to open banking payment initiation services, with the advantage that third-party providers will be able to access all Australian bank accounts via a single API provided by the NPP. That's assuming, of course, that they have the account holder’s permission. This approach will be a whole lot quicker and simpler to set up than the complex tangle of disparate APIs emerging in Europe and other countries.
I’d definitely say our Aussie friends have learnt well from our mistakes, or should I simply say they've learnt well from our experiences. Finally, PayTo is not just a modern and real-time alternative for direct debits. It also supports the linking of bank accounts for in-app payments and card-on-file type arrangements. What's more, PayTo can provide funding for digital wallets and buy-now-pay-later services, as well as recurring ecommerce payments.
Jacqueline Powell: Yes, Australia sounds like it makes an interesting test case for open finance and open data. Bringing us a little closer to home if you like, what do you think is going to happen in the UK? I've seen major UK banks are quite concerned about the cost of open finance. Is that truly the case?
Marcus Hughes: Exactly. A recent consultation by the Financial Conduct Authority, regarding the possible expansion of open banking to become open finance, the research found that bank respondents are concerned about the cost implications. That's partly because they've already spent more than anticipated on meeting the initial regulatory demands of open banking itself. Major banks, therefore, feel strongly that more work is needed to ensure open finance can be delivered at a lower cost.
Some respondents to the FCA's call for input have actually argued that open banking needs to be more widely accepted before open finance could even be considered. Meanwhile, of course, in direct contrast, we have many fintechs calling on the government to fast-track a so called smart data right which will enable consumers to control their data, rather like Australia's plans for open data. So, open finance is coming, yes, but it won't have an automatic or easy path.
Jacqueline Powell: I see. Coming back to the here and now of open banking, there's a lot of talk about the growing importance of API aggregators. So, on this topic, I have two questions for you before we close off the first of this three part podcast series. So the first question, what functions do the API aggregators fulfil, and, in your opinion, why are they important?
Marcus Hughes: Well, there are definitely a growing number of API aggregators, which are a specific kind of third-party provider. They've got names like TrueLayer, Tink, Bud, Plaid, Finicity, Salt Edge, Yodlee, and YTS or Yolt Technology Services. At its most basic level, their role is to make it easy for fintechs and for banks to use a single API provided by one of those API aggregators to connect with each other. Digging into a bit more detail, some aggregators help banks to build APIs to comply with open banking regulations.
Others focus on customer-facing propositions and innovation through white labelled apps and third party marketplaces, and a few are increasingly focused on payments. Most aggregators offer value-added services, such as transaction data enrichment, as well as account validation and identity verification. European aggregators dominate the scene at present, though many are now rolling out their solutions in other regions, such as Asia Pacific, North America and Latin America, where open banking is taking hold.
Meanwhile, a few of the large North American aggregators are also growing their European footprints. This API aggregation activity has become increasingly important due to the wide range of APIs which have been developed by banks across the European Union to comply with PSD 2, which is creating a fragmentation with multiple standards. This is instead of following the UK's example of sensibly imposing a single common API standard from the outset.
It's quite a relief that a number of the initiatives for open banking in Asia, not only Australia, but also Singapore, Hong Kong, South Korea, and Japan, they're tending to base their APIs on the UK standard. But I'm sure that as these programmes evolve, they will almost certainly develop their own flavours and will tend to diverge. I'd also add that whilst API aggregation is becoming even more important as open banking ramps up, it's nevertheless likely to become highly commoditised, and the market for API aggregators could well consolidate, especially those aggregators focused purely on connectivity.
We've already seen the large card processors making major acquisitions in this market as a way to ensure they've got a strong position in open banking, so plenty more activity there.
Jacqueline Powell: Yes, it certainly sounds like it's an active space and it's going to get busier still. Lastly, Marcus, and as we close off, how can third-party providers differentiate themselves?
Marcus Hughes: As we saw earlier, there are hundreds of third-party providers in Europe and the UK, as well as many TPPs in other parts of the world, of course. In order to stand out in this very crowded field, it's important that third-party providers evolve from purely connecting with multiple banks to capture data or initiate payments. So, on top of these basic table stakes, third-party providers really need to offer value-add applications which do something really useful, like solving a significant pain point for a specific customer segment.
This might relate to better financial management for private individuals, or rapid credit decision-making tools for finance providers, which are powered by bank statements accessed using APIs; or AI-driven cashflow forecasting based on accounting ledgers and real-time bank statements; or invoice finance using machine learning and predictive analytics to assess the likelihood of sales invoices being paid on time or late or even not being paid at all.
So, instead of mere cash visibility at multiple banks and payment initiation, a solution provider's next generation of open banking or open finance solutions is going to need to do more to help customers manage their business better in areas like optimised working capital management, getting paid faster, with automatic cash allocation. From this trend, you can see that the kinds of solutions traditionally demanded by large corporates are increasingly going to be expected by small and medium-sized businesses.
For example, automated sweeping of accounts to maximise investment income and minimise borrowing costs.
Jacqueline Powell: That's great, Marcus. Thanks so much. Unfortunately, that's all we have time for. So, Marcus, I'd like to thank you for your time today and for bringing us up to speed on some of these foundational open banking elements.
Marcus Hughes: Thank you, Jacqui. I'm looking forward to the next one, of course, as well.
Jacqueline Powell: Yes, of course. In our next episode, we'll look at how different countries are approaching open banking. So tune in for that in a couple of weeks. But for now, it's a wrap. See you all next time.
Our solution experts are here to help.+61 2 9068 9438 | SG +65 6508 8088
Chat with one of our solution experts. We'll recommend the right product to fit your needs.
Tell us a bit about you and your business and we’ll get back to you with all the information you need.