Open banking standards” is a term used for technologies and regulations used to provide third-party service providers consumer’s banking data. This data can be used in many ways. To provide and keep operational things like web and mobile apps, financial services, and more. To make it all possible, governments issued open banking standards and open banking directives. Since compliance, along with security, is the most vital part of FinTech business, we provide you with a brief list of open banking regulations and application programming interfaces (APIs) standards to watch out for in the upcoming months and years.

Open banking standards - API

Table of contents

What is open banking?

Soon we will talk about open banking directives and open banking standards, but first, let’s talk about basics.

Open banking is basically a process of enabling a third-party financial service provider to access consumer banking information. They can see and monitor data like transactions and payment history. From a technical standpoint, this is possible through the use of APIs.

What kind of information do these financial institutions have the access to? They can see the account holder’s name, account type, open date, currency type, and transaction details (amounts, merchants, spending patterns). 

Based on that information, companies, through apps and services, can give consumers various tips. Information on building and securing a budget, spending and income notifications, price comparison information, loan options, and even real-time updates on stocks (with the ability to invest) is important to many customers. These features can be served through consumers’ profiles, which are built during the course of applications’ usage. 

Because the data is so sensitive, the market needed regulations. Open banking directives and even broadly, open banking standards, were established to build, civilize and protect customers. 

It all started in 2007 when the first Payment Services Directive (PSD1) was announced and implemented. With the PSD2, launched in 2018, the market had even more reasons to pay attention to compliance. But that’s only the beginning. 

What are the current open banking regulations?

Major open banking directives and regulations in 2022

It may have started with the PSD but today the compliance landscape is growing exponentially. It’s the idea of open banking regulation playing catch up with what’s happening on the market. Or should we say markets, since the financial ecosystem is fragmented like never before? To keep tabs on what’s happening and protect the data, the following laws have been made. You need to know them if you plan a digital product’s open banking development.

An important act of law is the Open Banking Implementation Entity. Issued in the UK by the Competition and Market Authority, it adopted PSD2 and launched the first version of the open banking standard in 2017. It instructs banks how they should allow an API to access consumer information and request payments. With the knowledge and consent of the user, of course.

Next is NextGenPSD2XS2A. This is a common open banking API standard created by The Berlin Group. It consists of almost 40 banks, associations, and payment service providers, in the entire European Union (EU). 

Then we have the Open API Framework established by the Hong Kong Monetary Authority (HKMA). This is a framework with a phased-launch approach that requires banks and third-party entities to cooperate on creating systems for seamless user experiences. 

The API Exchange (APIX) is a legal framework issued by the Monetary Authority of Singapore (MAS). It was created to encourage banks to open their systems and data for use by third-party companies and fintechs.

We also have a Consumer Data Right in Australia. Created by the treasury Laws Amendment (Consumer Data Right) increases data control factor for local consumers. They now have the right to choose which data they want to share with API providers. The goal is to share information only for authorized purposes.

Major open banking standards

Aside from previously mentioned open banking directives, we also have open banking standards that are implementation guidelines for open banking directives. These specifications vary depending on a world region and local market conditions, but the goal is the same. Best open banking solutions need to be safe and secure.

When you’re developing a FinTech app, make sure you follow these specific laws:

  • Open Data ATM API specification in Mexico
  • API Playbook in Singapore
  • Open API Standards in Nigeria
  • Unified Payments Interface in India
  • The Joint Resolution in Brazil
  • The Open Banking Policy in Saudi Arabia
  • The Open Banking Framework in Bahrain
  • Regulatory Technical Standards (RTS) in the UK

Also, make sure to be up-to-date with industry developments. For example, in late 2021, British Financial Conduct Authority (FCA) dropped the 3-month re-authentication requirement. It means that fintechs no longer need to force customers to confirm their identity every 90 days. Under the law, customers who access account information through third-party providers must authenticate their identity via strong customer authentication (SCA) solution. This policy led to customers’ dissatisfaction, confusion, and high drop-out rates. 

It’s especially important in the context of digital transformation. If your company is experiencing bottlenecks in business development, simple compliance will help but it’s not the only factor. Don’t chase far sparks in the wind, bet on proven solutions. If you want to transform your business, cooperate with companies that understand what is needed for market success. The technological aspect is one thing, implementing policies is another.

Also, pay attention to initiatives like the Open Banking Standard launched in the UK by Open Banking Working Group (OBWG). This particular effort works towards making customers understand their account options and choices they made about finances. 

There are also other, interesting and important open banking standards. Some of them are under development.

The Open Financial Exchange (OFX). This is a leading banking standard for access to financial data. It’s used by over 7,000 financial institutions and providers. It supports financial data exchange. Interesting fact: it supports OAuth tokenized authentication model.

The Durable Data API (DDA). This one was created by the working group from the Financial Services Sharing and Information Sharing and Analysis Center (FS-ISAC). The goal is to improve data exchange related to OFX. 

The Convenient Access to Payment Services (CAPS). This is a very interesting case. It’s a coalition of stakeholders touched by technical, business, and operational issues caused by PSD2 in the entire Europe. Participants are mostly solution providers, and they work to create a framework for the future. Among them are traditional banks, fintechs, corporations, and service providers.

Local authorities on open banking regulations and payment service provider licenses

This is a selected list of national authorities that are responsible for issuing open banking regulations, including open banking API standards.

Why are open banking directives important?

Contrary to a popular belief, their nature doesn’t have to be purely regulative. These standards were developed, with newly issued almost every year, to help civilize the market and protect vital consumers’ interests.

These standards:

  • strengthen consumer privacy and control over data
  • expand financial inclusion (especially in emerging markets and in Africa)
  • improve rules for competition
  • increase consumer choices

In a nutshell – FinTech stakeholders cooperate to compete on healthy principles. These laws are not oppressive, they are merely pro-active regulators. With them, everybody wins. The real question is – can your application compete on equal terms? A lot depends on API development and your willingness to scale the business according to long-term market changes.