Open banking is a set of regulatory standards that govern the sharing of financial data between banks and third parties, enabling customers to pay online for products and services.
Revolutionising the commercial payment landscape, open banking has led to an explosion in the popularity of online apps and services. In the EU alone, the value of the payment services market has risen dramatically in the past few years, from $184.2 trillion in 2017 to $240 trillion in 2021. However, the rise of open banking has also led to concerns about the safety of customers’ financial and personal data. To allay those concerns, governments around the world have moved to regulate open banking to ensure that customer data remains safe and secure without stifling the potential of fintech innovation.
The most significant open banking regulatory framework in the EU is the Payment Services Directive (PSD), which originally came into effect in 2007, and its update, the Payment Services Directive 2 (PSD2), which came into effect in late 2020. Other examples of global open banking regulations that facilitate financial data sharing with third parties include the UK’s Open Banking Regulatory Technical Standards (which transposed PSD2 into UK law), Australia’s Consumer Data Right (CDR), the Hong Kong Open API Framework, and Singapore’s proposed Open Finance Framework.
The Next Phase of Open Banking: UK Regulations
PSD2 is the backbone of the EU’s internal electronic payments infrastructure, but the fintech landscape moves fast, and as innovations emerge, so do new risks. In June 2023, the EU set out its proposal for PSD3, which will “further improve consumer protection and competition in electronic payments” while maintaining the safety and security of customers in the digital landscape.
The next phase of open banking has seen proposals for new regulation around the world. To keep pace with the evolving payments landscape, the UK government’s Joint Regulatory Oversight Committee (JROC), part of the Financial Conduct Authority (FCA), has also published its vision for the next phase of open banking. The report sets out a range of challenges and opportunities for firms managing current and emerging financial crime risks associated with online payments – not least the need for effective anti-money laundering (AML) measures such as customer and transaction screening technology.
JROC characterised its vision as a plan for developing UK open banking regulations in a “safe, scalable, and economically sustainable way”, and focused part of its report on “mitigating the risks of financial crime”.
With new UK open banking regulations on the horizon, along with PSD3 and other global regulatory efforts, let’s take a look at some of the challenges (and potential opportunities) that firms can expect as open banking evolves over the next decade.
Regulatory Challenges for Open Banking
JROC research suggests that there is currently only partial information on the levels of financial crime in open banking. The issue is made more complex by the frequency and footprint of online payments, which take in multiple independent service providers, across different jurisdictions. The next phase of open banking must focus on enhancing data-sharing between financial institutions and third-party service providers.
As the amount of data transiting open banking infrastructure will increase, it is possible that banks and payment providers could harness that data’s potential. Combined with strong cyber-security measures, open banking data-sharing protocols could improve protections for customers and broaden institutional understanding of criminal methodologies, without degrading the quality of the products and services.
As open banking changes the payments landscape, new criminal risks will emerge, and institutions must be ready to adapt their compliance response to keep pace. However, financial compliance should be a proactive, rather than reactive, effort. Institutions must find ways of detecting AML/CFT threats before they cause damage, which means developing new risk indicators.
Open banking has the potential to improve responses to financial crime with tools that address specific risks (such as money laundering, terrorism financing, and fraud). Practically, this means automating data-heavy processes like customer due diligence (CDD), and customer screening, and leaning in to innovations such as artificial intelligence and machine learning software as a way to improve risk detection.
Open banking has expanded the commercial landscape for businesses around the world, but cross-border payments carry higher levels of criminal risk and make it harder to establish the identities, and to track, parties involved in transactions.
New open banking regulations will increase the CDD compliance burden on service providers, along with the need for firms to maintain suitable records of transactions. The regulatory disparity between different jurisdictions may also create problems – the EU, for example, is focusing strongly on harmonising its AML/CFT regulatory ecosystem and will likely emphasise this in the next iteration of the PSD.
The more data collection requirements that open banking regulations mandate, the more likely it is that firms will encounter data privacy challenges. Jurisdictional disparity may play a part in the data privacy challenge: some third party firms may employ ‘screen scraping’ tools as a way of harvesting data – a practice which is restricted in a lot of jurisdictions, including the EU.
As open banking regulations meet existing data privacy regulations, banks and third party providers will need to increase their focus on ongoing compliance, and consistently review their cyber-security protections to ensure customer data remains protected.
Know Your Customer
The anonymity and speed associated with online payments means that financial institutions must improve the quality of their know your customer (KYC) processes, so that they can understand the true risk that certain payments present.
To tackle the specific KYC challenges of open banking, firms must enhance the application of CDD, and screen for criminal risks more intensively. Those factors inevitably slow down onboarding, lead to an increase in the cost of products and services, and create negative experiences for customers. To address this challenge, firms should lean in to KYC innovations, including the use of biometric and dual factor authentication, or the integration of advanced screening strategies such as global adverse media searches.
Next Generation Screening Solutions
The open banking landscape will evolve dramatically in the coming years, and firms will need to be proactive in their approach to compliance, staying ahead of potential penalties by understanding their risk environment as completely as possible. Customer screening will be critical to that challenge: firms that understand the true risks that they face will be able to make faster, stronger decisions that help them address threats and capitalise on opportunities.
With that goal in mind, firms must integrate screening solutions that match the speed and demands of the open banking risk landscape. This means they must be able to screen with global scope, across multiple languages, and capture up-to-date information as quickly as possible.
Powered by next-generation machine learning technology, Ripjar’s Labyrinth Screening platform offers the flexibility, efficiency, and accuracy that firms need to meet open banking screening challenges. Labyrinth Screening enables customer name searches in over 25 foreign languages, taking in thousands of adverse media sources, government watchlists, and sanctions lists.
Labyrinth also offers a new screening advantage in the form of AI Risk Profiles, which allows firms to identify and pull the most relevant risk data from their searches, and build out in-depth profiles for each entity they deal with. AI Risk Profiles can help firms take on the data-intensive demands of new open banking regulations, resolving risk factors quickly and clearly, and facilitating effective decision making.