Asia’s Open Banking Push
Countries around Asia are implementing laws and regulations to promote open banking to share data and enable third parties to provide products and services around a centralized platform. A move to open banking reflects the increasing digitization of Asia’s economy and the rise of technology platforms that envision a consolidated financial life for customers. The impacts of such a move could be dramatic, increasing competition among financial service providers for customer dollars and promoting efficiency, integration, and inclusion, while also creating new risks.
What is Open Banking?
Open banking envisions a system that offers firms and customers a range of products and services based on open flows of data permitted by consumers, typically through application programming interfaces (APIs). The concept goes beyond traditional banking to include a broad range of financial services and gives consumers the right to control and port their financial data. Europe is an early adopter of open banking. The European Union’s 2018 Payment Services Directive (PSD2) establishes a regulatory framework for secure data flows between companies, creating an integrated market for digital payments by establishing common standards around authentication, privacy, security, and data portability, among other areas. The spirit of the directive is to allow various market participants, whether traditional institutions, technology conglomerates, or new start-ups, to offer services and compete for any customer that uses the payments system. PSD2 also obligates banks to provide third-party vendors with access to customer data. In its implementation of PSD2, the United Kingdom expanded upon the payments-focused directive, mandating that all financial data should be open to consumers. The UK also stipulated that financial institutions must offer APIs for the functional transfer of such data. The UK’s approach has become the de facto standard for describing open banking. While Asia is not quite at this level of mandatory open access through APIs, a number of countries are beginning to take action having seen the potential benefits associated with open banking.
Asian Regulators’ Efforts to Open the Digital Financial System
The Monetary Authority of Singapore (MAS) was one of the first in Asia to formulate open banking policies. In 2016, the MAS released an API Playbook to encourage adoption. The Hong Kong Monetary Authority (HKMA) followed suit by launching its own version of an API framework in July 2018. The HKMA expects banks to embrace open banking in four phases, starting with sharing product and services information by early 2019 before moving to adopt other API functions, including new applications for products and services, account information, and transactions. Both authorities are also following a ‘walk the talk’ approach by creating their own APIs. The MAS has made a wide range of public data available to developers who can now integrate them into apps and software, and the HKMA is planning to provide access to 130 key financial datasets through the HKMA API website by mid-2019.
In contrast with the regulatory approach prevailing in Europe, neither the MAS nor the HKMA currently makes permissioned data sharing or APIs mandatory. The MAS has adopted an “organic” approach and indicated that it has no plan to require banks to share information with fintech and nonbank financial firms. The HKMA has not completely ruled out mandatory open banking requirements in the future, but at the moment appears comfortable with the level of support of open banking has received from the banking industry.
In India, over the past decade a combination of public and private efforts has created India Stack, a series of open APIs that enable digital financial infrastructure to promote financial inclusion and e-commerce. As part of India Stack, services like Aadhaar—a universal national biometric identification system—have made it easier for financial institutions to verify customer identity, while the Unified Payment Interface, a payments API, creates a national, interoperable payments system.
On the regional level, the ASEAN Financial Innovation Network—a regional financial industry sandbox co-founded by the International Finance Corporation, the MAS, and the ASEAN Bankers Association—has recently launched the API Exchange in September 2018 to promote collaboration between financial institutions and technology firms to increase financial inclusion. Participating countries include Indonesia, Malaysia, the Philippines, Singapore, Thailand, and Vietnam.
Elsewhere, Policymakers and Industry Push for Open Banking
Several other Asian jurisdictions are currently pushing open banking regulation. In Japan, government and industry are collaborating on a commitment set by Prime Minister Abe for at least 80 banks to establish open APIs by 2020. The banking industry has already moved forward with 12 banks reportedly having opened up their systems and some 100 additional banks to follow suit by 2020. Amendments to Japan’s Banking Act in June 2018 established requirements for partnerships between fintech payment operators and financial institutions, aiming to formalize registration rules, standards, and the development of open API systems by June 2020. As in Europe, this focuses initial open API requirements on the payment industry—the center of much innovation in the financial sector—as part of a broader push to increase the role of non-cash payments in Japan.
Chinese regulators have yet to roll out open banking rules, but its private sector is pursuing the use of open APIs on its own, and the active involvement of Chinese fintech giants has the potential to set the stage for the rest of Asia. Companies like Ant Financial and Tencent leverage open APIs to allow third parties to offer services to their customers and make data more portable within their ecosystems. In 2017, China’s Ping An Insurance, the world’s largest insurer when measured by market cap, announced its “Smart Insurance Cloud,” a platform through which Ping An offers open-source API to its partners. The proactive adoption of open banking by private sector players has in turn created incentives for country regulators to come up with legal and regulatory frameworks governing open banking.
Protecting Customer Data Rights
While open banking promises many benefits for consumers, it is premised on the broad sharing of customer data across the financial system, meaning more open banking systems will require commensurate protection of user data. Deliberations over data rights often focus on privacy issues, as increasing connectivity makes customers more vulnerable to improper access to and use of their data by either malicious third parties or permitted custodians operating beyond their scope. Indeed, privacy will be a consistent issue in the digital economy of the future, and there are varying levels of concern in different jurisdictions in Asia. In India, the government recently created a national framework for data protection. India is also wrestling with data protection issues in the rollout of Aadhaar. A number of firms are using Aadhaar to increase financial inclusion, but at the same time, the Indian Supreme Court is limiting its use over privacy concerns. This highlights the tension between the promise of open banking and the goal of customer privacy which remains a live issue across Asia.
Open banking also raises also questions over the transparency, interpretability, and portability of user data. As Asia witnesses the emergence of centralized commercial-financial conglomerates like Alibaba in China, the power of unfettered collection and huge amounts of proprietary data becomes readily apparent. Such firms can see how a borrower is performing commercially—how much a merchant is selling or how reliably a customer repays bills on the platform. To the extent an open banking future means more and more firms use such data to make financial decisions, new data rights should be established and protected. Do users of open financial services have the right to transparency in what data are being collected, how they are being used and if they resulted in financial decisions being made by a provider? Likewise, if a customer wants to comparison shop with another firm—another bank or technology platform—does the customer have the right to take that data built up through her own activity on a platform and bring it to another lender? The power of open banking will require vigilance around the potential for monopolies to develop around such new uses of data.
As with open banking regulations, Asia can look to Europe for examples of new laws and regulations that promote data protection for a more open digital economy. Europe’s new General Data Protection Regulation (GDPR) addresses a range of data protection standards including those related to privacy, transparency, and portability. Globally active Asian firms doing business in Europe already have to meet the stringent GDPR standards, which may drive similar practices in Asia. Governments will have to grapple with how to promote both open banking and data protection while enabling cross-border trade and capital flows.
Will a Regional or Global Standard for Open APIs Emerge?
As Asian countries begin to promote more open banking systems, whether common regional or even global standards will emerge remains unclear, but the stakes are high. Should countries in the region pursue conflicting standards for promoting open APIs, the resulting fragmentation could actually inhibit the spread of open banking. Consider the treatment of data storage, for example. Some countries like India are enacting stringent data localization requirements for local financial activity, forcing multinational businesses that operate in country to reconsider their data governance. Data localization requirements are packaged with other standards around things like privacy. To the extent that such requirements heavily restrict the use of data across borders, efforts to integrate and rationalize cross-border financial activity through open banking regulations may be limited. To promote open banking at a regional level then, Asian policymakers and regulators will likely need to coordinate their efforts.
The Impact of Open Banking in Asia
Open banking in the region could have a major impact for all participants in the financial sector, from consumers and businesses to traditional financial firms and new technology entrants. For users of financial services—whether individual retail customers or businesses—the promise of open access finance is the freedom to effortlessly access best-in-classes financial services for the best price. For financial service providers, whether innovative traditional institutions or new entrants, the stakes are massive as competitive pricing may become the dominant consideration for potential customers, driving down profitability. Then again, for the many financial services that still rely on human interaction and relationship management, the ability to connect customers to third parties may become the key value proposition of the intermediary platform. For those non-financial firms with powerful digital platforms that host more and more real economic activity, their data could be increasingly valuable in a world of open access finance.
For now, countries around the region will have to resolve a number of issues as they contemplate an open banking framework. Should financial data sharing be mandatory assuming consumer consent? Should countries require specific technology such as APIs? How will increasingly valuable customer data be protected from the perspective of a user’s right to things like privacy, transparency, interpretability, and portability? And should Asian countries converge to regional or global standards around standards for open banking and data protection? Each of these questions will take time to answer, with significant implications for both the users and providers of financial services and the broader regional economies.
The authors would like to thank Kaitlin Asrow, Fintech Policy Advisor in the San Francisco Fed’s fintech team, for her helpful comments and perspectives.