Open banking is a term used to describe a set of technologies and regulations that allow consumers to securely grant access to their banking data to third-party service providers. This data can be used in many ways, such as apps, websites, and services.
The revised European Payment Service Directive (PSD2) came into force in 2018 to better respond to a new generation of service providers and technologies. This legislation was developed with four main objectives:
As a result, financial data can be accessed more easily by account information service providers (AISPs) and account servicing payment service providers (ASPSPs).
This data becomes available through secure application programming interfaces (APIs) developed by banks, following a strict set of security and privacy standards. Said APIs can then be accessed by authorized AISPs and ASPSPs to securely gather consented information about customers accounts.
Although these two terms are used interchangeably quite often, they are definitely not one and the same. Open banking is the concept that started a banking industry revolution, which later pushed banks to provide consented free access to customer banking data.
On the other hand, PSD2 is EU legislation that regulates how open banking is applied. It guarantees secure and safe access to customer financial information by third-party service providers.
PSD2 set the rules for payment service providers across the whole European Economic Area (EEA), and it was adopted by all EEA member states, as well as the UK. Globally we can see that many countries are following the example set by the EU and are eager to integrate the concept of open banking either by introducing new regulations or through a market-driven approach.
The EU has also adopted a supplementary PSD2 regulation called the Regulatory Technical Standards (RTS). It reduces the risk of fraud, ensures secure customer authentication and communication between payment service providers.
While RTS sets some obligations for ASPSP APIs, most institutions have chosen to follow the NextGenPSD2 Framework developed by The Berlin Group. This framework aims to standardise communication access to APIs and communication between payment service provider APIs in accordance with the RTS.
In Europe open banking regulations follow the RTS drafted by the European Banking Authority (EBA) in cooperation with the European Central Bank (ECB).
The RTS specify all the requirements for strong customer authentication (SCA) and requirements for common and secure open standards of communication (CSC) between ASPSPs, payment initiation service providers (PISPs), AISPs, and payment service providers (PSPs).
To ensure good compliance and guarantee security and privacy, all developed APIs must be approved by the designated authorities. This facilitates access for third parties to both transactional data and to payment operations.
In the United Kingdom, most rules that define open banking were implemented through EU regulation, in many cases relying on EU standards. Meanwhile, with the UK exiting the European Union, some changes are expected to be implemented in their open banking infrastructure.
Since the UK has exited the EU, a new Regulatory Technical Standards has come into force in the UK. Although the UK-RTS are currently substantially the same as RTS in the EU, we might see some improvements in this regulation to further accelerate the adoption of open banking.
The open banking application platform interface (API) follows a set of specifications regarding:
In Europe, every country belonging to the European Economic Area has an authority responsible for regulating and controlling the issuance of payment institution licenses. It's through these companies that businesses can become active in the open banking industry as account information service providers (AISP).
According to the information gathered by Nordigen’s AIS open banking tracker, we know which are the 10 most important countries in the open banking industry, or at least the ones attracting the most AIS providers:
You can find the complete list of 30 authorities that regulate the issuance of open banking licenses in Europe here.
Although open banking is widely recognised and adopted in the UK and Europe, it's not exclusively available in these regions. Other countries, such as Turkey, Saudi Arabia, Japan, India, Hong Kong, and Australia, are also creating their own infrastructure. These countries are cooperating with third-party service providers (TTPs) to provide easy access to shared open banking data between banks.
Outside Europe there are two different approaches to open banking: market-driven and regulatory-driven.
With market-driven implementation, TTPs and banks can develop their own application platform interfaces (APIs). Even though in this case governments support and encourage partnerships between banks and TTPs, they don't regulate or interfere with the designing or creation of APIs.
On the other hand, where there is a regulatory-driven approach to open banking implementation, the government has a crucial role. All APIs developed need to follow a specific set of regulations, and data sharing is controlled and monitored by the government.
We frequently share industry news and Nordigen product updates to our closest friends, fintech innovators and industry experts. Sign up to our newsletter to hear more from us.
By providing your email, you accept