Shaping a Canadian approach to Open Banking
Open Banking is coming quickly to Canada, with a new report calling for an initial phase starting in January 2023.
Financial services innovation took another step forward in Canada with the release of the second report on Open Banking by the Advisory Committee on Open Banking. It comes at an important time, with the rapid growth of digital banking during the COVID-19 pandemic making open banking more relevant than ever to the future of financial services.
We were honoured to support the committee as facilitators of the consultation process in the fall. The consultations helped inform the committee’s recommendations, which focus on eliminating screen scraping, enhancing the welfare of Canadian consumers and businesses and supporting innovation through an initial phase of open banking starting in January 2023.
While last fall’s consultations featured a range of views on how to move forward with open banking in Canada, now is the time for the industry to prove that it can make significant progress on what we know will be a major change to the Canadian financial services landscape. With the committee suggesting a short window to get the framework in place, we see significant opportunities for industry input on three key elements of open banking: accreditation, technical standards and common rules.
The accreditation criteria used for admitting participants into the ecosystem needs to be sufficiently robust to avoid introducing risk and flexible enough to apply to entities outside of financial services, striking an appropriate balance that doesn’t set high barriers to entry.
The committee’s report envisions a nine-month timeline for a government-appointed open banking lead to develop the accreditation framework and process. Banks, as the current custodians of customer financial data, have an opportunity to come together to help actively shape the framework by participating in the process and providing their inputs. They’ll need to do this quickly so they can come to the table with a unified perspective on how to mitigate risk.
Canada’s banks have a lot to offer given their experiences with bilateral agreements with financial technology companies (fintechs). In negotiating these arrangements, each bank will have defined a baseline for acceptable security, privacy and counterparty risk. This means that rather than having to define criteria from scratch, banks will need to align as an industry and offer tangible recommendations to the open banking lead that go well beyond general statements of intent and can act as a reasonably detailed model for the accreditation framework.
While fintechs have been entering into bilateral relationships with banks for some time, they tend to view some of the criteria in these agreements as unduly restrictive, largely due to third-party risk management requirements put in place by the regulators. Although these requirements are a way to ensure the safety and soundness of arrangements, like partnerships and outsourcing, that a bank is voluntarily entering into, there’s a perception the open banking framework may apply the same obligations to data exchanges.
If bank participation in open banking is to be mandatory, these data exchanges should be exempt from traditional third-party risk management obligations since a governance body will manage access to the ecosystem through an accreditation process and all parties will need to comply with data access requests under the new system. This makes it important for the regulators to either clarify their position or align their regulations with proposed open banking legislation.
One of the areas where banks can have the greatest impact on an Open Banking framework is around technical standards. While not endorsing a specific approach, the committee acknowledged in its first report the progress already made by the industry.
Technical specifications and standards go beyond the concept of pipes for sharing data to also address customer experience, an area that will be critical to the success of Open Banking. This gives the industry every incentive to maintain the momentum it has generated in this area and take an active role in further defining technical standards.
Help finalize the long list of current and future use cases for Open Banking to guide the design.
Provide representation on technical committees by appointing deep subject matter experts who not only have the knowledge to help shape the standards but also are empowered to represent the bank in decision making.
Engage a broad range of business and technical stakeholders from across their businesses during the comment period to ensure the standards are reviewed from multiple lenses.
Continue their engagement beyond the approval of the first standard to ensure ongoing relevance.
Common rules for liability, privacy and security will be critical to the success of Open Banking. As with accreditation, the report recommends that the Open Banking lead define these rules in consultation with the industry. We see a strong role for the industry to propose a model that can serve as a starting point for accelerating the development of common rules, particularly in areas, like privacy and security, where they already have extensive experience.
With a long record of building consumer trust through strong privacy practices, banks can play a key role in shaping how consumers give, manage and revoke consent to share data. One approach is to standardize the process, possibly through a centralized consent management platform offering a uniform user experience. This will require a careful balance between strong privacy protections and burdensome requirements that could hinder uptake of Open Banking or turn consent into a cumbersome process.
As the report states, common rules for security can evolve from the early days of the Open Banking system to later stages where the risk profile increases. For example, what’s suitable for account aggregation may not be appropriate for write actions initiated on a customer’s account.
In developing the baseline requirements, banks can apply their expertise in areas like authentication, authorization and access management, as well as security and operational and systemic risk, to help with the design of common rules for security. As with technical standards, there needs to be a unified voice, once again highlighting the merits of a working group of different stakeholders as a good opportunity for quick progress.
Now that the committee has outlined a clear timeline and approach for Open Banking to move forward in Canada, the industry has an opportunity to help shape the next stage of financial services transformation by applying their deep experience in several key areas. As the report indicates, in the absence of significant progress during the 18 months leading up to the launch date for Open Banking, there’s a chance the government will take a more hands-on approach.
For Canadian banks, this is also their moment to tackle today’s intense transformation challenges by refocusing their efforts and strategies on the capabilities that will help them win in the market. There are strong arguments for banks to view partnerships with other players like fintechs as an opportunity to spur new growth, whether by reaching new markets, diversifying their product offerings or using Open Banking as a platform to increase engagement and deepen their relationships with consumers through accelerated digitization.
This is a critical time to prepare for what’s next, and we know our banks are ready for the challenges ahead.