In total there were 20 industry leaders around the table and the discussion was chaired by EPA Asia’s Director General, John Ryan.
Special guests, who also participated in the panel discussion at the subsequent drinks and networking event, included Mary Anne Francis from DXC Technology, Phillip Malcolm from Refinitiv, Kenneth Leung from SWIFT, Steven Chan from PayPal and Jane Retimana from Payments NZ.
The industry leaders engaged with the implications and recommendations of the white paper in respect of the region’s move towards open banking. In particular, the hot topics were:
- Data governance
- Digital identity
- Standardisation of APIs
Below is a summary of the discussion.
There is agreement in principle that open banking can bring enormous value into the payments industry. However, there is not yet a unified vision for what the future should look like.
There has been a lot of investment in open banking solutions by technology vendors but it’s unclear in many markets what’s really working well and what’s noise. This is because open banking is still so new and also because the regulatory approach is so different country by country.
Australia, India and Thailand have a prescriptive approach (as do Brazil, the UK and EU) where banks are required to share customer-permissioned data. Third parties who want to access such data are required to register with a particular regulatory or supervision authority.
Other markets such as Singapore, Japan, South Korea and Hong Kong have all adopted a facilitative approach where the regulator is supportive and encouraging but open banking is not mandated.
China is taking market-based approach (like the US). (As an aside, it is unlikely that the US will ever move to an open banking mandate given that there are c.14,000 banks that operate in that market.)
Data governance is challenging! There is a lack of agreement on best practice, for example, whether consumers should OptIn or OptOut.
Open APIs play an important role in open banking as they facilitate the connections between data holders and data recipients. Interoperability is the ultimate goal and is underpinned by several elements, including standardisation of APIs. However, standardisation of APIs could be a pipe dream.
Whilst it’s true that adoption of ISO 20022 as “the” standard could bring substantial benefits to the creation of open banking APIs, for some that will always be a step too far. Therefore the discussion for the moment could be more fruitfully focused on baby steps such as agreeing common fields and formats.
What is necessary is portability of data. This requires ubiquity of modern APIs and speed of operation and integration. This conversation could more easily be called a service integration rather than an API integration.
One participant commented that the benchmark could be something like porting your mobile phone number from one telco to another.
There was a strong desire around the table to get to a discussion in the market around the value-added services that can be enriched by open banking, for example, collections and payments (pull and push), especially real-time payments. No one wants more data for data’s sake, there needs to be a benefit to a decision. There can be freedom within a framework.
The UK experience is that innovation in products and services has been held back by slow progress on APIs and governance. On the one hand it makes sense for regulators to start by imposing requirements on the largest banks (e.g. UK CMA 9, Australian Big 4). At the same time these large incumbents are not normally known for their speed and agility to adopt change nor do they have significant market share upside in their sights. Rather, it is the neobanks and fintechs who see the market share upside, but they are beholden to the progress and quality of APIs made available by the large incumbents.
There was broad agreement that a fixation on whether data is on-prem or in the cloud is unhelpful. Cloud computing is definitely preferred. Data sovereignty means the data is within the realm.
There is very likely going to be a collision between what the regulator wants and what the consumer wants.
Use cases are hugely important, as is CX. Consumers do not care about the back end, they just want the service to work. If the CX makes the experience “too hard” then the customer will not solve the problem using open banking.
Mobile Apps are the way to go but some consumers will not want to re-learn how to do their banking on the phone versus on the web from their computer
India’s Unified Payment Interface (UPI) is a lighthouse within the Asia-Pacific region. There are world-leading innovations in payments in India such as interoperability of QR Codes with scheme payments. A key feature of the UPI is one central digital identity.
There was expert comment and discussion that knowing someone’s identity – KYC – is not the same as preventing financial crime. A huge issue for the real-time payments use case is AML/CTF screening. Most banks are screening twice a day retrospectively against watchlists. It’s expensive and there is a huge number of false positives.
For the purposes of preventing financial crime, the more relevant concept is KYP or Know Your Payment.
The benefits of digital ID and blockchain for trust can supercharge the utility of open banking.
There was some concern expressed at the possibility in Australia that the smaller banks will miss out on the full benefits of open banking due to their choice of core banking provider.
A middleware layer is definitely desirable.
Screen scraping is increasingly controversial.
Regulators have a key role to play. Whilst fintechs “live and breathe” this problem, regulators do not view the opportunity through the lens of consumer pain points.
Consumer education is critical.
A big step forward would be the emergence of a “champion” for open banking within the region.
Until then, let’s keep up the momentum of the conversation.