Both consumers’ and small businesses’ expectations have evolved drastically when it comes to accessing financial services. The “traditional” banking model has been transformed to now using data as a catalyst for new products and business models.
In this process of transformation, Open Banking, arguably, is one of the most critical levers towards the development and introduction of new approaches to financial services. To simplify, Open Banking refers to the ability to access customer data historically kept in-house by banks. Using Application Programming Interfaces (APIs) to access this financial data offers an excellent opportunity for fintech organizations to meet the consumers’ requirements for new and better services. Applications focused on personal finance management, account comparison and access to credit services are some examples but the potential is far greater.
While various countries take different approaches to open banking, through this article, we aim to explore how Open Banking is being implemented in two very different markets - India and Australia. Fintechs with global ambitions can base these findings to create new synergies that can further support their growth aspirations.
India’s approach to Open Banking
Unlike the Open Banking initiatives seen in the Australia and US, which are either completely regulations-driven or market-driven, India has adopted a hybrid model where both the market and Government take active roles in the ecosystem's development.
India’s foray into Open Banking originated from IndiaStack - a decade-old initiative consisting of several APIs that aim to create a unified software platform for governments, businesses, startups, and developers. The country’s Unified Payment Interface (UPI) is one such subset of IndiaStack that has been pivotal in accelerating payment digitization in India and is considered one of the most innovative real-time payments systems in the world.
Other key components within IndiaStack include a collective of Account Aggregator ecosystems, and the Data Empowerment and Protection Architecture (DEPA) - a proposed framework that aims to build a consent-based data-sharing infrastructure using Account Aggregators to accelerate financial inclusion.
The Account Aggregator system is a universal architecture being built for all sectors, not just finance. The Reserve Bank of India (RBI) grants licenses to anyone/institution who can become an account aggregator in finance. Currently, 6 Account Aggregators have been approved by the RBI. AAs cannot store or process user data but only enable encrypted flows between FIPs (Financial Information Providers) and FIUs (Financial Information Users) once the user consents.
AAs will enhance the user experience and significantly streamline the availability of credit for individuals and SMEs. Rural businesses, for example, without access to traditional financial institutions and little to no credit history can now use as little as their phone or electricity bills as credit history for a lender to provide credit. The framework could ensure more equitable access to credit by improving accessibility between banks and entities requesting data such as credit platforms, mortgage brokers, or accountants.
Concerns in India
Implementing a technological solution for data transfers in the absence of a legal framework is proving to be challenging. The Indian Open Banking framework triggers three key concerns:
1. Data security - The regulatory framework allows for sharing of vast amounts of sensitive personal information to a potentially unlimited number of entities for no specific purpose as a clear definition of who can access the data has not yet been defined.
2. Financial Self Regulation - AAs are proposed to be self-regulated under the industry body Sahamati. AAs are prescribed best practices for data security, however, financial self-regulation remains unsafe. Many models fail due to a propensity for self-regulatory organizations to allow its members to make standards lax and overlook cases of fraud.
3. Informed Consent - With digital literacy extremely low in the country, millions of users would be unable to freely choose whether to share their consent especially when strong financial incentives exist for AAs.
Australia revolutionizing Banking and Consumer Data
Australia’s regulation-driven approach to Open Banking stands out for its innovative scale of ambition. Banking is only the first sector of the Consumer Data Right (CDR), a data policy initiative to enable the safe and secure transfer of consumer data. Subsequent applications will be in energy and telecommunications before potentially moving to every other sector.
The Federal Treasury is the lead agency for the CDR, and in addition to responsibility for the overall program is accountable for the development of rules to implement the CDR. The Australian Competition and Consumer Commission (ACCC) and the Office of the Australian Information Commissioner (OAIC) are jointly responsible for monitoring compliance. Applications for accreditation are to be made to the ACCC.
Authorized Deposit-taking Institutions (ADIs) are the data holders mandated to share data so consumers could consent to Accredited Data Recipients (ADRs) accessing their banking data. A phased approach was implemented, starting with the major banks - ANZ, Commonwealth Bank, NAB, and Westpac sharing savings and credit card data and later encompassing all other types of financial information. The major banks have completed the implementation while the non-major banks are required to complete this by 1 February 2022.
Similar to the Account Aggregation framework in India, Australia announced that intermediaries can now be used for consumers to share data with trusted advisors who no longer have to go through the long and costly accreditation process. This amendment is expected to spur growth in the industry with lower barriers for new entrants to develop applications. All accreditation models are:
1. Unrestricted ADR (existing) - For organizations with multiple potential use cases such as banks, technology providers, brokers, etc. This will need full unrestricted ADR, the most complex, expensive, and time-consuming of the models.
2. Sponsorship model - This model enables organizations to access CDR data through a sponsor who is an unrestricted and active ADR. A sponsored accreditation which is a lighter accreditation process is required. With lesser reduced initial and ongoing costs, this model is best suited for businesses with broader / ongoing CDR use cases.
3. Representative model - This model needs a commercial arrangement with an unrestricted principal ADR and the CDR representative. While disclosed to the regulator, there is no official accreditation outside of this commercial relationship and can only be with one principal. The ADR holds all the data and is fully liable for the representative.
4. Collecting Outsourced Service Providers (COSP) - This model is for service providers that collect data for an unrestricted ADR. While no accreditation is required, the provider will still need to comply with the rules, maybe audited and the ADR will be liable for the provider.
5. Trusted adviser - This model enables professionals such as brokers, financial advisors, and accountants to receive full access to CDR data through an ADR without itself being accredited. The ADR verifies the identity and registration of the adviser.
6. CDR insights - For lower risk purposes, this can be used by anyone who needs to use CDR data to verify their customer’s identity, income, expenses, ownership, etc. While no accreditation is required, the ADR will process the data and can only share the outcome.
Potential Synergies between the two markets
Startups that are building new products in financial services and with global ambitions, will need to build the required mechanisms at the early stages of development whether or not a comprehensive regulatory framework is formulated in India. Australia is leading in security practices and consent guidelines while India’s payment Infrastructure is already the gold standard for payments globally.
Before launching in any other market, Indian companies may first need to evaluate the investment in the actual collection, processing, and compliance of the users’ data. Open banking practices and requirements vary between countries and mechanisms for communicating standards or aligning standards between jurisdictions are yet to be put in place. When expanding into Australia, a collaborative approach working with an Accredited Data Recipient in the region will help reduce time and costs. One of the access models that best suit the business can be utilized to ensure quick implementation.
CDR in Australia is expected to soon expand into action initiation to enable third parties, with a consumer’s consent, to initiate actions beyond requests for data sharing. India’s close integration with UPI already means payment initiation is possible and building services that require this in Australia will be efficient. Fintechs in India are already innovating in payments and CDR in Australia could make payments agnostic of the underlying payment rails and schemes.
The next phase in the data economy will have seamless cross-border integration and companies with experience in multiple jurisdictions will have the advantage of enabling interoperability between the regions. Fintechs now need a long-term strategy that can successfully participate in these new changing environments, collaborating with the right technology enablers to build its capabilities. Companies need to recognize that customers soon have full control of their data, whether it is the market or regulation that drives this change.
The author, Rehan D’Almeida, is Head of Strategic Partnerships and Marketing at Fintech Australia. The views expressed are personal
(Edited by : Anshul)
Check out our in-depth Market Coverage, Business News & get real-time Stock Market Updates on CNBC-TV18. Also, Watch our channels CNBC-TV18, CNBC Awaaz and CNBC Bajar Live on-the-go!
Lok Sabha Election 2024 — how regional parties are challenging national giants in Phase-4
May 15, 2024 6:17 AM
Supreme Court refuses plea seeking 6-year poll ban on PM
May 14, 2024 7:14 PM
Punjab Lok Sabha elections 2024: A look at BJP candidates
May 14, 2024 7:06 PM
Lok Sabha polls: EC disposes of 90% complaints related to MCC violations
May 14, 2024 4:45 PM