Open Banking

From MgmtWiki
Revision as of 08:32, 21 September 2018 by Tom (talk | contribs) (External Sites)

Jump to: navigation, search

Full Title or Meme

Open Banking is both a concept and an actual implementation in the UK.

This page will address both the UK implementation of the EU banking standards and the concept of Open Banking.

Context

A Chris Michael interview[1] described Open Banking Limited, the brand name of the Open Banking Implementation Entity (OBIE), as a private, non-profit company established in 2016 by the UK’s Competition and Markets Authority (CMA) to create standards and implementation guidelines for United Kingdom retail banking. The organization is funded by major UK banks. Open Banking originally was focused on a subset of PSD2, namely personal and business accounts in UK currency. Now the group is tackling a broader set that covers all PSD2 requirements for payment providers across Europe and includes credit cards and e-wallets, all currencies, and FX international payments—and the landscape continues to shift.

“I think the standards will evolve even beyond that, so this is a really interesting space,” Michael said.

Part of that evolution revolves around the fact that while Open Banking is the name of a UK initiative, “open banking” as a concept is spreading globally. In Australia, for example, the Australian Government is pushing forward with Open Banking, recommending adopting the UK’s standards. Japanese banks and financial institutions are registering as payment providers and soon will be required to open their APIs. And here in the United States, Intuit’s Mint now uses OAuth to connect to select banks like Bank of America, Chase Bank, and Capital One with tokens instead of username and password. At Ping, we expect that Open Banking’s version 3 standard, released in September, will reflect this growing scope.

“We're also trying to make sure that these standards are true global standards. So we're working with other standards bodies globally, whether it's in Europe or other emerging markets like Australia, to try and make sure that everyone's using the same core standards,” Michael said. “What we're doing now is creating standards and implementation services for not just the CMA order but for the whole of PSD2, and our standard is designed to be one that is a European, if not a global standard, for financial APIs.”

“It's really great to see so many other markets who are adopting open banking and also who are looking to our standards as a kind of gold standard to build on,” he added. “But it's also great to talk to those other markets and talk to the identity professionals who are looking at open banking in those markets because I think there's also quite a lot that we can learn from them as well.” When it comes to standards creation, the open banking arena is changing rapidly. Open Banking originally was focused on a subset of PSD2, namely personal and business accounts in UK currency. Now the group is tackling a broader set that covers all PSD2 requirements for payment providers across Europe and includes credit cards and e-wallets, all currencies, and FX international payments—and the landscape continues to shift.

“I think the standards will evolve even beyond that, so this is a really interesting space,” Michael said.

Part of that evolution revolves around the fact that while Open Banking is the name of a UK initiative, “open banking” as a concept is spreading globally. In Australia, for example, the Australian Government is pushing forward with Open Banking, recommending adopting the UK’s standards. Japanese banks and financial institutions are registering as payment providers and soon will be required to open their APIs. And here in the United States, Intuit’s Mint now uses OAuth to connect to select banks like Bank of America, Chase Bank, and Capital One with tokens instead of username and password. At Ping, we expect that Open Banking’s version 3 standard, released in September, will reflect this growing scope.

“We're also trying to make sure that these standards are true global standards. So we're working with other standards bodies globally, whether it's in Europe or other emerging markets like Australia, to try and make sure that everyone's using the same core standards,” Michael said. “What we're doing now is creating standards and implementation services for not just the CMA order but for the whole of PSD2, and our standard is designed to be one that is a European, if not a global standard, for financial APIs.”

The Open Banking team is working with the OpenID Foundation to create a profile of OpenID Connect and OAuth 2.0 called Financial-grade API, or FAPI.

Banking APIs Now in Deployment

Definitions of interest from the UK Open Banking effort.

Entity Name Type Cat Description Access
Payment Service User (PSU) Real World Entity N/A a natural or legal person making use of a payment service as a payee, payer or both No
Payment Service Provider (PSP) Legal Entity N/A A legal entity (and some natural persons) that provide payment services as defined by PSD2 Article 4(11) Yes
Account Servicing Payment Service Provider (ASPSP) Legal Entity PSP provides and maintain a payment account for a payer as defined by the PSRs and, in the context of the Open Banking Ecosystem are entities that publish Read/Write APIs to permit, with customer consent, payments initiated by third party providers and/or make their customers’ account transaction data available to third party providers via their API end points. ??
Third Party Providers / Trusted Third Parties (TPP) Legal Entity PSP organisation or natural person that use APIs developed to Standards to access customer’s accounts, in order to provide account information services and/or to initiate payments. Third Party Providers are PISPs or AISPs. see below
Payment Initiation Service Provider (PISP) Legal Entity TPP provide an online service to initiate a payment order at the request of the payment service user with respect to a payment account held at another payment service provider. read write
Account Information Service Provider (AISP) Legal Entity TPP provide account information services to consolidated information on one or more payment accounts held by a payment service user with one or more payment service provider(s). read only
Financial Conduct Authority Legal Entity Federation Owner The FCA is the competent authority for the UK No

Problems

https://www.bloomberg.com/news/features/2018-09-11/why-the-eu-is-furious-with-malta

Solutions

  • The UK open banking specs are keep on an open source repository.[2]

References

  1. Sarah Guthrie, Open Banking and Identity: Chris Michael Talks Current State, Trends and the Future. Ping https://www.pingidentity.com/en/company/blog/posts/2018/open-banking-identity-chris-michael-talks-current-state-trends-future.html?
  2. Open Banking Specs version 1.1.1-rc1 https://openbanking.atlassian.net/wiki/spaces/DZ/pages/28737919/The+Open+Banking+Directory+-+v1.1.1-rc1

External Sites