Regulatory Technology

How to Choose a Right Open Banking Compliance Software Suite

14 September 2023by salesdesk@macroglobal.co.ukOpen Banking Product Suite and Solutions | Tavas Regulatory Technology

Within the dynamic realm of financial technology, the concept of open banking is progressively revolutionising the landscape by facilitating enhanced banking experiences that are characterised by increased efficiency and convenience. The primary objective is to establish a more equitable and lucid platform for customers to engage with financial services. However, with this innovation comes the necessity for finding the right Open Banking Compliance Software Suite.

Factors to Consider Before Choosing the Open Banking Software Suite

An overwhelming number of factors must be considered when choosing an open banking compliance software suite. Here are the key aspects to consider upholding the agility, security, and compliance of your business.

Secure and Safe Payment Initiation

A solid open banking compliance suite must be a cloud-based SaaS solution that enables banks to engage with third parties who need access to customer accounts or data to initiate payments in a secure and open manner.

Customisable Open APIs

The optimal Open banking compliance software should offer dedicated API services through a full-stack Open Banking solution, allowing banks to manage business processes. It should expose all mandatory, conditional, and optional APIs and consistently monitor changes impacting the Open Banking regulatory environment to ensure future proof and stay competitive.

FAPI & RTS Compliance

To be considered good open banking compliance software, it is essential for the software to have certified financial-grade APIs (FAPI). These APIs should be specifically designed for Account Information Services (AIS), Payment Initiation Services (PIS), and Confirmation of Funds (COF) services.

The software should prioritise adherence to strict regulations while achieving interoperability in the payment ecosystem. Also, it must comply with Open Banking Regulatory Technical Standards (RTS) by enabling Strong Customer Authentication for accessing customer financial accounts.

Secure Access to Open Banking APIs

An appropriate open banking suite ought to foster authentication and authorization of Open API access via a dedicated identity server that complies with OAuth 2.0 and OIDC protocols.

Seamless TPP Onboarding

An ideal Open Banking suite must provide a dedicated developer portal to facilitate the smooth onboarding of Third-Party Providers (TPPs) within a secure Sandbox environment. The system should manage and cater to all onboarded TPPs and empower the bank to approve or reject new registration requests. Moreover, the onboarding process of TPPs should be frictionless and automated, effectively managing their identity and validation, enhancing both security and efficiency.

MIS Dashboard with Data Analytics

A MIS Dashboard with data analytics should be part of the effective Open banking suite for managing TPPs, PSU Consent, and reporting.

API Health Check

It is critical to feature centralised, real-time monitoring of the PSD2 API’s health status for pre-empting failures or significant issues. The open banking solution must also include robust incident management & reporting, fail point notification & recovery, along with log management to ensure smooth operations and quick response to any potential challenges within the system.

Complete Assistance and Support from Vendor

In the realm of open banking, the solution provider must be capable of offering extensive assistance from subject matter experts backed by thorough mastery of PSD2 Regulatory Technical Standards (RTS). They should be adept in navigating the regulatory environment and facilitate smooth implementation. Guidance of SMEs is fundamental for effectively carrying out an open banking approach.

Advanced Roles and Security Administration

An ideal open banking solution should include advanced roles and security administration features to ensure high-level account management and data protection.

Reduced Implementation & Maintenance Costs

Additionally, it must emphasise minimising the costs associated with implementation and maintenance, making it a more affordable banking alternative.

User Controller

An optimal open banking platform must be engineered to simplify user access control across diverse application modules.

Consent Management

Having an option to either authorize, revoke, or reject the obtained consents from Payment Service Users (PSUs) is a critical feature. With this level of authority, banks can ensure that their services continue to be compliant with the ever-changing open banking regulations by setting the terms of user consent.

Encryption

The Open Banking Platform needs to be built with a strong encryption mechanism that ensures security against potential cyber threats such database invasions, DDoS (distributed denial of service), and man-in-the-middle attacks.

Developer Portal & API Sandbox

An open banking solution must ideally include features like an integrated developer portal and an API sandbox to encourage third-party providers to build and develop Open APIs. This setup promotes innovation and enhances the capabilities of banking solutions to meet diverse user needs.

Tavas of Macro Global: Leading the Open Banking Compliance Suite Revolution

Seeking an all-inclusive solution to your open banking compliance needs in this digital age?

Macro Global’s Tavas is a comprehensive open banking compliance suite designed to align operations with legal norms and innovative banking practices. It adheres to FAPI (Financial Grade API) Compliance and PSD2 Regulatory Technical Standards (RTS), providing protection against potential regulatory breaches. Tavas offers features such as Identity and Access Management (IAM) with OAuth 2.0, OpenID Connect Standard Protocol, contingency mechanism, self-service developer portal, strong customer authentication and API health check, seamless change management, and strong encryption mechanism.

Tavas also provides regulatory reporting for financial institutions worldwide, offering a MIS Dashboard, Data Analytics, customisable reports, incident management, fail point notification, and log management. The platform is flexible and scalable, integrating with existing architecture, ensuring minimal disruption while maximizing compliance requirements. Tavas accommodates both multinational corporations and local startups, ensuring a personalized system for each client.

Tavas is the perfect partner for institutions seeking robust, reliable solutions in a rapidly evolving Open Banking Landscape. Its ability to foster compliance in an increasingly complex regulatory ecosystem sets it apart from competitors. Choose Tavas for the gold standards of Open Banking compliance while ensuring seamless and secure operations for your enterprise.

Try Macro Global’s

Tavas - Open Banking Product Suite and Solutions

Understanding PSD3 Regulation in Modernising the Fintech and Payment Industry

24 August 2023by salesdesk@macroglobal.co.ukOpen Banking Product Suite and Solutions | Tavas Regulatory Technology

Following the comprehension of PSD (Payment Services Directive) and PSD2 (Revised Payment Services Directive), the next step in the evolution of payment services is the development of PSD3 regulation. This will be accompanied by the implementation of PSR (Payments Services Regulation) and the Open Finance Framework. Notably, this transition will introduce the concept of Financial Services Information Providers (FSIP) and Financial Data Access (FIDA).

PSD3: Redefining the Payment Industry

The forthcoming PSD3 Directive represents more than a mere upgrade or improvement of its predecessor, PSD2. Instead, it will serve as a distinct and novel regulatory framework, drawing upon the foundations established by both PSD2 and the e-Money Directive.

PSD3 regulations function as the comprehensive framework outlining the principles governing licensing and the criteria for attaining the status of a licensed Payment Institution or an e-Money Institution (EMI). This regulation provides extensive details regarding the authorization and supervision of Payment Institutions (PIs) and Electronic Money Institutions (EMIs).

One of the key features of the PSD regulations is the impact it has had on cross-border transactions. Current cross-border transactions are often slow, expensive, and lack transparency. With PSD3, the EU aims to address these issues by enforcing rules that will ensure speedy, affordable and transparent cross border transactions.

This PSD3 proposal system is designed to enhance consumer protection, ensure secure payments, and ultimately foster innovation and competition within the fintech space. Most importantly, it also encompasses a few measures aimed at ensuring adequate financial inclusion.

To mitigate fragmentation throughout Europe, the commission made the decision to consolidate the remaining aspects into a Payment Services Regulation. This approach was chosen to circumvent the need for the transformation process and the subsequent interpretation into national law.

With Tavas from Macro Global, deploy the optimal combination of Open Banking APIs and technologies utilising the prevailing Open Banking ecosystem to accomplish the desired business outcomes.

New Regulatory Bodies of PSD3

Among many other changes, the Third Payment services Directives introduced new PSD3 regulatory bodies, each with their mandate and function. These include the Financial Instruments Service Provider (FISP), the Financial Innovation Databases (FIDA), and the Payment Systems Regulator (PSR).

FIDA: The Promoter of Digital Economy

Financial Innovation Databases (FIDA) is a legislative proposal, PSD3 regulatory body, made by the European Commission for a framework governing access to financial data. This framework will create explicit rights and obligations to regulate the sharing of consumer data in the financial industry beyond payment accounts. Once ratified by EU institutions, this framework would pave the way for Open Finance by encouraging innovation in the financial services industry and increasing competitiveness.

The European Commission’s goal with FIDA is to integrate Europe’s financial sector into the digital economy. Although the extent of the data covered by this proposal could potentially be expanded, it is a step in the right direction towards enabling the creation of new business cases and cutting-edge solutions for all value chain participants.

Payment Services Regulation: Strong Ally of PSD3 Regulations

The European commission’s Payment Services Regulation (PSR) is closely associated with PSD3 and has binding legal effect across all EU Member States without the necessity for implementation in national laws.

Recent guidelines from the European Commission state that PSR must offer clear guidance on the disclosure of terms and information needed to make payments.

By expanding IBAN verification, refining SCA rules, and strengthening fraud information transmission amongst PSPs, PSR in combination with ‘PSD3 regulations and compliance’ hope to increase user protection and consumer trust.

Open Banking competitiveness is enhanced by mandating dedicated data access interfaces for ASPSPs (Account Servicing Payment Service Providers), outlining data interface specifications, and introducing dashboards for consumers to monitor what data access privileges they have offered and to whom, and to withdraw access.

This significant PSD3 proposal increases the number of non-bank PSPs that can open a bank account for a Payment Institution/Electronic Money Institution (PI/EMI) and give them the option of direct involvement in all payment systems to improve access to data.

PSR also replaces unclear elements of PSD2, strengthens penalty provisions, and consolidates E-money legislation into PSD3 and PSR to improve enforcement and harmonise implementation.

The PSR is beneficial for PSPs as it unifies the legal framework within which they may conduct business throughout the entire EEA.

Tavas’ cloud-based, mature Open Banking compliance solution will help you enter new markets faster by exploiting the advantages of Open Banking.

Financial Infrastructure Security Protocol (FISP): Steering PSD3 Governance

The Financial Infrastructure Security Protocol (FISP) is an integral part of the revised Payment Services Regulations (PSD3) and serves as the backbone for operational security. FISP focuses on security guidelines, data handling principles, and operational practices, strengthening the payment service directives.

FISP harmonizes security measures across payment service providers, eliminating potential cyber threats and ensuring higher levels of financial data protection for consumers. This alignment eliminates potential cyber threats and increases consumer trust and confidence. Banks and FinTech companies are the soldiers on the frontline under PSD3 directive, and the implementation of FISP requires these institutions to enhance their security practices, increasing consumer trust and confidence.

The new regulatory bodies of PSD3 represent a landmark evolution in the regulation of payment services, enhancing the security of money transactions and instilling customer trust. Understanding the finer aspects of PSD3 regulations with frameworks in place, we can rest assured that our payment transactions are safe and secure.

Tavas, Macro Global’s Open Banking solution, builds confidence between banks and TPPs, helping them conform more closely to Open Banking regulations, while also ensuring that their customers’ identities are protected.

Highlights of EU-PSD3 Proposals

The EU Commission has proposed several highlights in its payments proposals, known as PSR1. These proposals aim to harmonize the payments market across all EU member states and improve the quality of open banking services. Some of the key highlights include:

Transformation of PSD2 to PSR1

The PSD2 revised regulations have been transformed into PSR1, aiming to broaden the path from open banking to inclusive banking, fostering data sharing and a more accessible and equitable financial system.

It offers enhanced user experience, security-reinforced data sharing, and a competitive landscape by streamlining data access. The transformation unwinds opportunities and challenges but promises a significant leap forward in the realm of financial services by redefining data sharing norms and bringing us closer to a more inclusive, user-focused world of finance.

Better APIs for Open Banking

Introduces new rules on API performance and functionality to ensure a higher quality of implementation across banks. It also requires the sharing of the account holder’s name with payment initiation service providers (PISPs) before initiating a payment.

Fraud Prevention Via IBAN and Name Matching

PSR1 extends the requirement for IBAN, and name checks to all forms of credit transfers, reducing cases of fraud or misdirected payments.

Integration of e-money and Payment Institutions

PSD3 merges the licensing and authorisation regimes of PSD2 and the E-Money Directive, creating a clearer and simpler framework for e-money and payment institutions.

Direct Access to Payment Infrastructure for Fintechs

PSR1 allows payment and e-money institutions to directly access payment settlement infrastructure, reducing their dependence on banking partners and promoting competition and innovation.

Simplified Authentication

The revised Payment Services Directives prohibit obstacles to open banking and requires authentication journeys to be as seamless as online banking. Users will no longer have to go through lengthy authentication processes or type in their own lengthy IBAN for payments.

Re-authorisation for Payment Firms

Payment and e-money institutions will need to seek re-authorisation within 24 months (about 2 years) of the new rules coming into force to ensure their fitness to operate and protect consumers and businesses.

Overall, PSD3 proposals aims to improve the payments market, enhance open banking services, and create a more efficient and secure payment ecosystem in the EU.

We, with Tavas, diligently observe and execute the modifications that impact the Open Banking Regulatory framework in a consistent manner, to assure our preparedness for the future and maintain a competitive edge among the industry counterparts.

PSD3: Modernising the Payment and Fintech Sector

PSD3 is a significant milestone in the fintech sector, offering transformative potential for the payment industry. It provides enhanced protection against fraud and sensitive data misuse, enhancing consumer confidence in electronic transactions.

PSD3 also promotes innovation by mandating open banking regulations and stimulating a healthy competitive environment. It also promotes standardization and interoperability across the banking sector, ensuring seamless and user-friendly experiences for consumers.

Additionally, PSD3 regulations pave the way for a more competitive landscape in the payment services market, with charges associated with electronic transactions expected to decline significantly.

Overall, PSD3 proposals play a pivotal role in redefining the fintech and payment industry by bolstering security, encouraging innovation, promoting standardization, and reducing costs, resulting in a modernized and more efficient payments landscape.

The Tavas, Open Banking Product Suite and Solutions, provide financial institutions with the ability to safeguard their brand, reputation, and business operations from fraud and financial risks. Additionally, these solutions enable the secure handling of payment service user data through the implementation of multi-factor authentication.

The Future: PSD3 Regulation

PSD3 regulations are projected to be an important catalyst in the fintech sector, which is undergoing a constant process of transition and modernization. The ramifications of PSD3’s integration with cutting-edge technology like AI (Artificial Intelligence), blockchain, and machine learning are vast.

The potential benefits of this groundbreaking law are definitely thrilling, but the route to full adoption may be hard and challenging. Although PSD3 regulations and compliance are currently in their early phases, it is anticipated that they will be finalised by mid-2025 and put into action by 2026.

Macro Global’s Open Banking solution, Tavas, equips the financial institution with the tools it needs to provide a seamless customer experience and gives it the agility to seize emerging opportunities as it prepares for the next generation of banking.

Try Macro Global’s

Tavas - Open Banking Product Suite and Solutions

Exploring The Promising Future of PSD3 Regulation: What to Expect

18 August 2023by salesdesk@macroglobal.co.ukOpen Banking Product Suite and Solutions | Tavas Regulatory Technology

The advances in technology have significantly transformed how individuals and businesses transact financially. Among these changes is the introduction of the PSD3 regulation that redefines the operations of the banking industry and payment services within the European Union. As a directive, the adoption of PSD3 will have far-reaching impacts on the banking sector, with changes set to spread over to other regions worldwide.

Understanding the PSD3 Regulations

The Payment Services Directive 3 (PSD3) is the third iteration of the regulations purposed at unifying and regulating electronic payments within the European Union member states. These directives trace their origin to the Payment Services Directive (PSD) established in 2007, followed by the revised version PSD2, which came into effect in 2018.

The PSD3 regulation seeks to provide an open banking framework that allows third-party providers (TPPs) to access banking data and continues the commitment of its predecessors, directing its focus towards extended consumer protections, enhanced security measures, and the promotion of innovations in the digital payment ecosystem.

Scope of PSD3 Implementation

Enhanced Emphasis on Open Banking

PSD3 could broaden the horizons of open banking by extending its provisions to sectors beyond banking. This could include insurance companies, mortgage lenders, and other investment firms, collectively amplifying the financial data pool and hence, allowing for more robust solutions.

Designed by Macro Global, Tavas epitomizes a revolution in open banking suites. With its versatile functionality, Tavas offers all-rounded digital banking solutions for businesses of all sizes, fostering seamless transactions and better financial management.

Streamlined Cross-border Payments

In a global economy, seamless cross-border transactions are essential. PSD3 could potentially revamp the present scenario by integrating faster, cheaper, and more secure cross-border payments.

Fraud Reduction

The potential of PSD3 to reduce fraud is substantial, considering the enhanced security measures and stringent regulations expected to come with it. PSD2 has already set a precedent with the introduction of Strong Customer Authentication (SCA), which is expected to escalate with PSD3. PSD3 will likely continue to impose stringent security provisions on transactions and data sharing while simultaneously encouraging financial service providers to adopt new anti-fraud technologies.

Furthermore, PSD3 could play a crucial role in promoting cybersecurity in digital payments. With customer consent required, banks are propelled to heighten their security measures to protect their customer data from external threats. This could potentially fuel the advancement of high-grade security features, leading to a more secure digital payment environment.

Using state-of-the-art encryption and a multifactor authentication process, your financial data is safely guarded with Tavas that priortises security at every juncture.

Data Control

PSD3 provides enhanced privacy and data protection features, giving customers more say over who can access their information and for what purposes. Data ownership is recognised as important and valuable in this directive, following the patterns of PSD2 and the General Data Protection Regulation (GDPR).

Tavas is an innovative, seamless, user-friendly open banking platform that utilises advanced analytics to provide effective and efficient real-time financial management tools.

Data Transparency

The success of PSD3 is intrinsically tied to data transparency. Customers, banks, and third-party providers will have access to more accurate and timely data, which can significantly enhance decision-making processes in the financial ecosystem. Transparency in data storage, usage, and sharing protocols will continue to build trust between different stakeholders and bolster the industry’s integrity.

Uniform Legislation Across the Globe

One of the primary objectives for PSD3 is to extend the principles of a more open, innovative, and secure payments ecosystem beyond Europe and create global uniformity in regulations. It can foster international co-operation and create a global payments ecosystem that can leverage the benefits of an open banking paradigm.

Innovation

PSD3 will likely foster a more competitive landscape that encourages innovation. By opening up the market to more FinTech and third-party providers and creating a fair-playing field, PSD3 can drive the development of groundbreaking financial services and products. For traditional banks, this will mean adapting to new technologies and innovating their services to maintain a competitive edge.

Collaboration with FinTech

Under PSD3, partnerships between banks and FinTech companies are expected to thrive due to a mutual interest in exploring the benefits of open banking. By working together, banks with well-established customer bases and trusted brands can combine forces with agile, innovative FinTech companies to create novel financial solutions that align with contemporary consumer requirements.

Increased Customer Service

Through PSD3’s emphasis on data transparency, enhanced security, and increased competition, a central benefactor is the customer and their service experience. With customers gaining more freedom to choose their service providers, banks and financial entities are compelled to improve their service to retain customers.

Tavas promises consistent updates, in line with industry advancements and customer demands. This commitment to staying abreast of the newest trends and adapting accordingly gives customers the confidence to entrust their banking needs with Tavas.

Unveiling the Challenges of PSD3 Implementation

Compatibility Issues

With the integration of Application Programming Interfaces (APIs), connecting the multifaceted programs and entities in the banking system poses a significant challenge. The inherent diversity in systems and infrastructures between banks necessitates the conversion of diverse data models to a unified format, which is a complicated task.

Implementation Cost

Implementation costs could be burdensome for banks as they need to modify their existing payment infrastructure to comply with PSD3. This might impede the realization of PSD3 benefits especially among smaller banks and newer fintech companies.

Navigating Complex Legal and Regulatory Issues

As PSD3 promotes greater participation from non-banking entities in the financial sector, operating within the stringent regulations of the financial industry can be a hurdle for many participants.

The complexity of legalities gets amplified when taking into account global operations, where multiple jurisdictions and their respective laws come into play. This requires entities to know both domestic and international regulations. Additionally, regulatory organisations must balance innovation with consumer and financial market protection.

End user Experience

The shift from a singular banking system to a more interconnected service raises substantial UI/UX challenges. Implementation of numerous APIs often leads to an increased margin of error in user interface, affecting the overall customer experience.

Market Dynamics

The implementation of PSD3 has led to significant changes in market customs. These changes have driven the banking industry towards a difficult path of adapting to new market behavior, competition, and business models. Institutions now have to deal with increased customer expectations, fiercer competition, and an uncertain and changing environment.

Filled with features ranging from splendid API connectivity, robust safeguarding measures and remarkable financial management, Tavas is a groundbreaking product proving to be the best open banking suite, compliant with latest PSD regulations, offering the financial technology solutions.

Future of PSD3 Legislation: The Long Road Ahead

The introduction of the PSD3 regulation to the financial ecosystem aims to make financial transactions efficient, reliable, and highly secure. Among other sweeping reforms, PSD3 could have remarkable implications for consumers, financial institutions, as well as FinTech companies, driving a new era for the payment industry.

By stressing more on digital security and further enabling competition, PSD3 could inspire consumer-centric innovations offering more control to customers over their data and creating robust multi-factor authentication systems to safeguard their financial transactions and personal information.

Furthermore, PSD3 is expected to empower consumers with more flexibility and transparency. It could make switching between banks easier and less costly, making the banking sector even more competitive. It may also introduce consumer-centric pricing models, thereby promoting fair pricing based on usage or consumption.

PSD3 could also enhance payments’ efficiency by incorporating instantaneous payment capability within its framework. This would significantly expedite cross-border transactions, reducing the waiting time typically associated with such transfers.

Thus, the journey towards full-scale PSD3 regulation implementation will be a remarkable milestone in the evolution of the financial services industry. By prudently addressing the prospective challenges, the PSD3 can potentially pave the way for a democratic, and inclusive financial services landscape. This responsive adaptation would be critical for businesses, governments, consumers, and society as a whole to thrive in an increasingly digitized, interlinked, and dynamic global economy.

Tavas plays a vital role in synthesizing complex banking operations and fostering a thriving ecosystem where customers can access a broad array of financial services. From secure payment initiation to a consolidated view of account information, Tavas provides all the benefits stipulated under PSD2. Its multi-tiered security framework helps protect sensitive customer data while promoting an open and transparent banking system.

Unlock New Business Possibilities with 40+ well-diversified Open Banking use cases

Tavas - Open Banking Product Suite and Solutions

Understanding Open Economy: Distinguishing it from Open Banking and Open Finance

31 July 2023by salesdesk@macroglobal.co.ukOpen Banking Product Suite and Solutions | Tavas

One of the vital developments in the banking and finance industry is exposing customers financial data, in which financial institutions’ customers may share their data with their organizations of choice to effectively handle their financial assets. This shift, known as open banking or open finance, paves the way for a more freely trading open economy.

An open financial ecosystem is emerging from changes in customer expectations, technological advancements, and regulatory policies. To better serve their customer base, financial institutions, and other participants (such as fintech firms) in this ecosystem collaborate to provide a wide range of resources. This ecosystem is growing and diversifying, ranging from “open banking” and “open finance” to “open economy.”

What is an Open Economy?

By building on the principles of open banking and open finance, an open economy fosters unprecedented rates of digital collaboration. It merges all user data with financial data, giving businesses access to a wealth of current information that can be used to deliver customized products and services to consumers.

An open economy will radically alter how society functions; however, consumers must approve third parties to access their data. New infrastructural and technical advances, along with extensive legislation and consumer protections, will be needed to achieve a completely open economy.

Open economy reflects the obvious placement of individuals as the true owners of their data, the power for them to authorize the sharing of their financial data with any third party of their choice, and the enabling technology.

Data will be freed, innovation will speed up, and organizations of all types will have the ability to develop new business and income models if the open economy is effective.

Open Economy Outlook

It appears that by 2024, the number of people using open banking would have increased by about 50%, hitting around 132.2 million people worldwide. The explosive growth of open banking indicates well the future of open finance and an open economy. These innovations will transform every sector of the economy and alter how consumers, companies, and financial institutions use data.

How Open Economy differs from Open Banking and Open Finance?

Customers and businesses alike have gained advantages from the enhanced accessibility of the financial system that has resulted from the development and widespread implementation of open banking and open finance.

Together, open banking, open finance, and now open economy are redefining digital finance in revolutionary ways. These three initiatives are reshaping the future of consumer finance, consumer data, personalized service delivery, and more, causing widespread change across several sectors.

Though these concepts are interconnected among each other, they are not the same.

Let us explore the difference between Open Banking, Open Finance, and Open Economy

Open Banking	Open Finance	Open Economy
Open banking enables banks to share consumer data with third-party service providers via application programming interfaces (APIs) and a centralised dashboard for interrelated banking services.	Open finance differs from open banking in that it includes not only banking data but all financial data and transactions.	To promote a higher level of digital connectedness, an open economy builds on the principles of open banking and open finance. It will merge all user data with financial data, giving companies access to a wealth of added information that can be used to deliver personalised products and services.
Data is shared for Account Information, Payment Initiation	Data is shared across financial sectors such as Mortgages, Insurance, Pensions, Investment	Data is shared across different sectors such as E-commerce, Payroll, Healthcare, Utility, Gaming, etc.
The third-party organisations are granted authorization to access user account information via a protected back-end technological link and may afterwards use such information as stated.	This information can also be used by third-party organisations to conduct evaluations.	Before third-party organisations can utilise a user’s data, they still require the user’s consent.
Helps financial institutions in their efforts to enhance consumer interaction and new product development.	Banks may enhance and extend their present services by incorporating both financial and non-financial items to provide customers with more choice and personalisation.	Build a banking platform that provides customers with a seamless, unified, hyper-personalized, contextualised, accurate, and proactive banking experience.
Applications include Account aggregation, Subscription models, KYC (Know Your Customer), Anti-money Laundering, among others.	Applications such as PFM solutions, Embedded finance, Open pensions, among others.	Application extends to Tax authorities, E-commerce, healthcare, digital banks, etc.

Role of Open Banking/PSD2 regulations in leveraging Open Economy

Open Banking and the adoption of PSD2 regulations have given a major boost in recent years to the idea of an open economy. These regulatory frameworks have paved the way for a more open and interconnected financial ecosystem, thereby promoting increased competition, improved innovation, and constructive cooperation between financial institutions and fintech firms.

Open Banking promotes customer-focused banking experience by making financial data more accessible to businesses and consumers while increasing the efficiency of the financial system and making transactions more affordable and accurate. Implementing PSD2 rules reinforces the underpinnings of an open economy.

Banks are obligated to allow authorised third-party providers access to customer account information and payment initiation services per Payment Services Directive 2. This not only benefits consumers by expanding their options, but it also promotes innovation by facilitating partnerships between established financial institutions and newer, more innovative fintech firms.

An open economy is greatly aided by Open Banking/PSD2 regulations by removing barriers to the free and secure exchange of financial data. These regulations increase competition among financial service providers and offer customers more agency by allowing for seamless integration between different service providers. They additionally motivate fintech companies to provide personalised products and services and ultimately lead us closer to a more inclusive and successful open economy.

For instance, establishment of financial services like cross-border payments, fraud detection, and risk evaluation could be made possible with the assistance of open banking/PSD2 regulations.

Implications of Open Economy for Consumers, FIs and Businesses

An open economy minimises barriers for the free flow of products, services, and funds across boundaries and thus has broad implications for consumers, financial institutions, and businesses.

An open economy, therefore, promotes international trade and investment at affordable terms. Now more than ever, consumers have the power to assess costs and quality across many markets to zero in on the greatest deals. Moreover, an open economy stimulates innovation as businesses try to suit the needs of customers all around the world.

The role of financial institutions in an open economy is equally significant. They make cross-border transactions easier, offer options for funding to businesses that plan to grow worldwide and provide a range of investment opportunities for people looking to diversify their investment portfolios internationally.

Financial institutions (FIs) have evolved their services to accommodate the needs of customers in an open economy by offering worldwide banking services, foreign exchange services, and investment products intended for international markets.

The open economy presents both challenges and prospects for businesses. Competition from foreign businesses entering domestic markets is one challenge they confront. Yet it can also be regarded as an opportunity for businesses to connect with more customers by tapping new markets besides their current ones. To keep up with the rest of the world and thrive in today’s global market, businesses must continually explore and upgrade.

Role of Fintech in Open Economy

The importance of financial technology, or Fintech, has grown, as businesses and consumers look for global integration and connectivity.
Utilisation of Application Programming Interfaces (APIs) is a significant factor in Fintech’s advancement in an open economy. APIs allow smooth communication between many platforms and systems.

Applications programming interfaces (APIs) are crucial to the success of Fintech because they allow for the safe transfer of information between banks, TPPs, and other parties involved. This enables improved cooperation and interoperability across different participants in the financial ecosystem.

The development of TPPs has further altered the way Fintech functions in an open economy. These third-party providers employ APIs to gain authorised access to consumer information from banks and other financial institutions. TPPs can provide cutting-edge services like account aggregation, payment initiation, and customised financial guidance in this way.

Additionally, the function of Fintech in an open economy goes beyond that of a traditional financial institution. It includes a broad spectrum of sectors, from fundraising to financing to investment management tools to digital currencies. The extensive adoption of such technologies has enabled protected, hassle-free cross-border payments.

By connecting with TPPs using APIs, banks and other financial institutions can increase both the scope and depth of their product lines. By doing so, FIs may speedily introduce cutting-edge offerings from the industry’s top vendors.

Instruction to Third-party Providers

Open ecosystems operate on the premise that customers have full control over all their data, both financial and otherwise. Financial institutions and fintech companies provide services “on behalf of” their customers.

Third-party access to financial data should adhere to the following fundamental principles:

Customers’ data can only be accessed or shared after receiving their explicit authorization. Also, they ought to be offered a simple and reliable way to revoke it.
The duration and frequency of the requested access to the customer’s data, and the stated purpose (function), must be disclosed to the customer as part of the permission procedure.
The TPPs should give users the option to limit the scope, duration, and/or frequency of the data’s use by authorized recipients
Strong customer authentication (SCA) must verify the identity of the customer giving consent. Each use case will have a different level of risk, which will influence how SCA is implemented. For example, SCA may be required every time a payment is initiated, but just once to report account balances.
To avoid unauthorized access to data, TPPs must authenticate themselves to data providers (e.g., FIs) in a secure manner. For instance, PSD2 in Europe mandates that TPPs use an established electronic identification certificate (eIDAS) to verify their identities.
Customer information must be kept private in the same way it always has been. This means that your communication route must be secure. To prevent the unwarranted disclosure of private customer data during transmission, third-party access should be granted only through secure (encrypted) methods, such as an API.

Strategies that Bank & FIs should Follow to Leverage Open Economy

Banks and financial institutions must welcome the concept of an open economy to stay competitive in the contemporary financial market. These businesses may expand their reach and better serve their customers by taking advantage of the benefits of the open economy.

Financial institutions and banks call for new strategies that are in accordance with the principles behind an open economy to endure this transformation. Fostering transparency, collaboration, and interoperability is vital for establishing an integrated system that suits the needs of every party involved.

By Collaborating with fintech companies and other non-traditional players in the financial industry, banks shall integrate third-party services and technologies into their existing framework to expand their customer base while enhancing their services

Adopting open APIs (Application Programming Interfaces) is also essential for promoting the exchange of data between participants in an open economic environment. This not only encourages innovation but also offers personalised service to each consumer.

Furthermore, financial institutions (FIs) should work to promote a setting that supports innovation and experimentation. Creating such a setting involves allowing employees the opportunity and resources to experiment with cutting-edge technologies and notions.

Financial institutions can establish themselves as market leaders in the open economy era by adopting these tactics. In today’s interconnected world, they can make use of modern technology, work together with third parties, and provide improved services to satisfy the varying demands of their customers.

Global Perspectives & Initiatives

While open banking and finance provide several potentials for FIs to give more value to their customers, they also increase competition from fintech companies and other startups to the open ecosystem.

Financial institutions in Europe are increasingly able to provide open payments to retailers and other companies. Financial institutions may facilitate the operations of fintech businesses by meeting their requirements for BaaS, therefore enabling fintech businesses to serve their customers.

The global initiatives regarding open economy range from those that are limited to financial services alone (European Union) to those that reach beyond finance into other areas (Australia). In Europe, banks are required to grant TPPs access to payment accounts, but TPPs are not permitted to grant banks access to any of the data they collect or store. Some other regions have open-door policies when it comes to data exchange.

Though, legislators in many nations are implementing a variety of initiatives that encourage and speed up the roll out of data sharing frameworks in the banking sector.

Open Economy Use Cases

Financial Services

Next-generation financial services can be powered by combining banking data with data from e-commerce businesses, payroll providers, healthcare institutions, energy companies, and so on in the digital arena.

Payroll data supports innovative financial products including automated investing, earned wage access (EWA), income-based loans, and savings programs.

Embedded Finance

One of the most important developments in the financial sector, embedded finance, will let brands and digital companies introduce embedded financial solutions to their customer base.

Remote Employment

Technology in the workplace has evolved to accommodate the growing trend of remote employment. They help multinational corporations with global payroll, taxation, compliance, and benefits administration.

Digital Bank

The debut of the digital bank is intended to appeal to youthful clients with its digital services and lifestyle platform. In three distinct applications, it markets hyper-customized monetary and non-monetary goods to children, teenagers, and adults. Especially, facilitates a unified banking environment for clients.

The ‘Open Economy’ is changing the ways businesses and customers interact for mutual advantages through the proliferation of open data, models, talent, and experiences.

Open Economy Regulations & Data Privacy

The proliferation of “open economy” initiatives is widespread. Some are market-driven, such as the U.S., while others are governed by regulations (such as the EU and the U.K.). The initiatives vary in scope: While some are limited to financial services only (in the EU), others reach well beyond banks.

Globally, regulators are working to encourage innovative ideas and healthy competition between traditional financial institutions and fintech startups. Regulations are being issued by an increasing number of nations that provide individuals with the right to decide who has access to their financial data and by extension, who benefits from it. These consumer rights are sometimes extended to other spheres of the economy.

Let us quickly go over the worldwide landscape of consumer data ownership, sharing, and protection regulations that are in effect.

European Union

Data Act

Empowers both consumers and businesses to define who can derive value from data and under what circumstances.

General Data Protection Regulation

A set of guidelines for how the personal information of European Union (EU) citizens should be collected, stored, and processed. It safeguards the data and offers greater authority to the EU citizens over their data.

United Kingdom

United Kingdom adheres to the GDPR guidelines of European union.

United States

California Consumer Privacy Act (CCPA)

Allows customers greater power over the personal data that companies collect about them.

California Privacy Rights (CPRA)

Includes additional consumer privacy safeguards which will go into effect in 2023.

Canada

The Consumer Privacy Protection Act

This piece of federal legislation requires businesses to adhere to new minimum privacy standards. Consumers would have more control over firms’ data collection and use and reinforce the penalties for businesses that disregard the new regulations.

Australia

CDR (Consumer Data Right) law

Governs how businesses must safeguard customer data and how they can access, use, and share it. The industries of telecom and energy will be the focus of the upcoming phases.

Brazil

General Data Protection Law (LGPD)

A comprehensive regulation that mandates that organizations implement sufficient safeguards to protect personal data and adhere to specific processing guidelines.

Top Concerns About Data Privacy

Data must be kept confidential, and their data ought to be used exclusively for the stated reason.
Ensure that the data is secure and will not be breached, mishandled, or leaked to unauthorized parties.
Make it simple for consumers to provide and revoke their permission to access data.
Offer interoperability i.e., the same experience for granting consent to the exchange of data among various suppliers.

A growing number of nations are enacting legislation to protect individuals’ privacy when using TPPs. As a result, service providers must prepare their infrastructures for the shift towards data that has been granted permission by individual users.

Final Thoughts

Unlock the potential of your bank’s portfolio and business model with an open economy that boasts a diverse range of compelling use cases. Banking is just the beginning – take your business to the next level with the power to re-engineer and expand your offerings.

Access new market opportunities with Macro Global’s Tavas – a reliable and fully compliant cloud-based Open Banking (PSD2) solution.

Harness the power of Open Banking, which is the key foundation of open economy to propel your business forward and empower your bank to build a seamless and connected experience for your customers with MG’s Tavas.

With unparalleled flexibility, you can easily embrace the latest developments and position yourself as a leader in the new era of consumer-centric banking.

Unlock New Business Possibilities with 40+ well-diversified Open Banking use cases

Tavas - Open Banking Product Suite and Solutions

Open Banking API Strategies for Banks & Financial Institutions

21 July 2023by salesdesk@macroglobal.co.ukOpen Banking Product Suite and Solutions | Tavas

The idea of “open banking” has been receiving a lot of attention recently and we are bound to an evolution in our interactions with banking and other financial services due to it. This paradigm shift is fuelled by application programming interfaces (APIs) rendered by banks.

Management of customers’ confidential data by banks is significant because of the UK’s “open banking” initiative and the EU’s implementation of the Payment Services Directive 2 (PSD2). Using the application programming interfaces (API), we can authorise certain applications or services to access our data. Hence, Open banking with standardised APIs would reduce a lot of barriers between diverse kinds of banking services.

For instance, it improves our lives as we opt to share our personal financial data with a mobile app that displays such data in a consolidated view or to perform payment initiation directly from a checking account through an online accounting package.

Both traditional banks and new “Fintechs” stand to benefit from these developments, since they present an opportunity to transform the business model that has defined banking for decades.

Open Banking

Open banking is a drive that enables third-party financial service providers to access consumers’ banking data. The basic objective of open banking is to provide consumers with more control over their financial information by allowing them to safely use alternative financial services that tap into banking infrastructure.

Much of this new ecosystem is supported by Web API technologies. Using an API is a necessary part of Open Banking in this setting, as it offers more options to banking consumers.

Reasons for Adopting an API Approach to Open Banking

Many financial institutions are motivated to adopt Open banking in response to the implementation of the European Union’s Second Directive on Payment Services (PSD2).

There are numerous solid reasons in favour of open banking and numerous tangible financial incentives for financial institutions to make the transition. Let us look at the top reasons that follow.

Adhering to Compliance

Compliance is the main driving force for institutions to adopt open banking practises. PSD2, also known as X2SA (Access to Account), is the greatest example of a broad law that requires banks to disclose customer data with third parties.

The US Treasury has proposed new financial data sharing legislation, contradicting the country’s traditional market-driven strategy. Other major jurisdictions are also heading in this direction.

Obviously, the goal of compliance is not to increase income, but rather to maintain a viable firm. Compliance increases profitability by preventing pointless fines and fees.

Enhanced Digital Agility

Being able to share data rapidly, safely, and effectively is one of open banking’s biggest challenges. Many financial institutions are rethinking their data architectures as a result, opting for an API-first, microservices-based strategy to make information more readily available. Therefore, open banking is both necessary and beneficial in fostering more digital agility.

Open banking improves security and transparency and makes it easier for banks to use their own data internally, such as for service customisation or frontend applications.

An enhanced digital infrastructure enables data to be utilised more effectively internally to enhance the customer experience, thus improving customer lifetime value.

Superior API Packages

Open banking makes it easy to create new API offerings that generate remarkable revenue. Banks can generate more direct income if they design and market new API products. For other banking services (such as specific business accounts), these premium APIs can be utilised as up-sells or cross-sells.

Improvement in Customer Satisfaction

With open banking, customers have unparalleled choice in selecting from a wide range of banking options.

Customers are less likely to look elsewhere for their banking needs if their present financial institution offers a wider range of financial service integrations, regardless of whether such integrations are the bank’s own or not.

Customers are less inclined to switch banks if they are satisfied. As a result, the lifetime value of a customer rises, which boosts profits eventually.

Collaboration Prospects

Banks can offer enhanced features, personalised assistance, or even research and development partnerships to third-party companies in return for non-monetary benefits like cross-branding or product functionality for the bank in exchange.

Banks can attract new consumers by working with the third-party financial services industry to develop distinctive value propositions and innovative marketing approaches.

Broad Customer Base

With open banking, banks now have an immense opportunity to introduce new financial products and services based on its integration and can serve customers of other banks, potentially generating much more revenue and a progressive customer base.

Banking Made Accessible through Fintech APIs

There is a massive quantity of information that banks collect, from timestamps to transaction IDs. This data prompted the Fintech to think about how it could be utilised for better banking. “Better” means more open, transparent, and less corrupt.

FinTech services are reshaping the banking industry and the global financial system by eliminating traditional approaches such as paper checks, physical donations, paper currency, and investment businesses.

Technology is crucial to financial service industry advancement and thus APIs help banks improve speed and cost compared to outdated systems.

Banks and other financial institutions must upgrade to modern technologies to thrive in the years to come. And London prevails as an epicentre for the global fintech sector owing to a substantial number of investments in the fintech sector over there.

The meteoric growth of FinTech firms and open financial data initiatives worldwide is largely attributable to Application Programming Interfaces (API). The decision to construct the banking platform with an ecosystem of third-party developers in mind due to the following reasons:

A bank API facilitates a faster onboarding experience for the end users.
Banks can acquire partners that provide niche FinTech services with optimised front-end user interfaces by using APIs.
Their APIs can be easily integrated with crowdfunding platforms, payment-splitting apps, and more.
This is especially useful for startups with innovative financial-oriented products that may lack the resources to manage funds or set up their own bank.
To help FinTech businesses succeed, particularly those who are developing their own APIs, banks can share this information through partnerships and APIs.

Banks require well-designed, standardised APIs and self-serving adoption processes with documentation, sandboxes, simulated account structures, and more to gain developer users quickly. A successful banking API requires more partnerships and lower startup costs for FinTech businesses.

Getting the bank programmable is a win-win situation on all fronts

Developers can experiment with banks’ authority and expertise to produce cutting-edge services and resolve compliance difficulties.
Customers now have access to a whole new class of services that operate in tandem with their existing accounts. Open banking could reduce political corruption.
By capitalising on partner resources, banks may generate new revenue and boost client satisfaction.

What Experiences Can Customers Have With Open Banking?

Breaking through the technological barrier and emphasising solutions rather than technology is one of open banking’s biggest challenges. Although the heart of open banking is APIs, which enable users to safely share financial data with platforms and apps, the typical customer is more interested in knowing how this will benefit them. Simple use cases that provide perspective for end users are crucial for bridging this gap.

Consumers can better comprehend open banking’s advantages by highlighting screen scraping’s limitations while offering a user-focused approach.

Open banking’s proponents must evangelise the technology by refining the message in several ways to successfully put it on the consumer agenda:

User Control

The focus of open banking should shift away from its technological aspects and towards how consumers are at its core, managing access to their accounts according to their own conditions. Open banking becomes more enticing by emphasising consumers’ sovereignty over their financial data and account access.

Promote Amazing Use Cases

Open banking unlocks the prospects of several banking providers for consumers. Open banking advocates may excite customers by showing real-life use cases and how they can profit from accessing and using their account data.

Reduce Security Concerns

Security problems must be addressed to build trust in open banking. By adopting high-grade API security procedures and clearly communicating the robust security protections in place, users may feel secure in the safety of their financial data.

These techniques can turn open banking into a consumer-centric movement that enables people to manage their finances.

Control Matters

A common set of questions that arise when discussing open banking with customers is who can access their accounts and who is ultimately liable if anything goes wrong.

Open banking is decentralised like the Internet and APIs, which raises fundamental issues. Consumers don’t know what they consented to or who gets their financial information without centralised control.

To solve this issue and build trust in open banking, consumers need tools to observe and manage their consented activities. Open banking empowers consumers by giving them control and visibility.

Without blindly trusting other parties, consumers should understand their role in their financial environment.

Furthermore, building an open banking marketplace would organise and make available all the solutions that make use of open banking APIs. Providers could promote their products and consumers could search for and consume them in one spot. The marketplace lets regulators evaluate, monitor, and certify new products.

Open banking can boost customer trust and create a trustworthy financial services environment by introducing signage and creating an open banking marketplace.

Best-in-class API Protection for Financial Institutions

The necessity for top-notch API security for banks has become critical with the rise of open banking, in which financial institutions exchange customer information with third-party providers. To prevent cyber threats and data breaches, financial institutions must implement secure API systems.

Multi-layer Protection

Multi-layered security protections against hacking and data breaches are an integral part of any high-quality API security solution for financial institutions. API security relies heavily on authentication and authorisation.

Banks must authenticate and authorise API users before allowing access. Multi-factor authentication does this by demanding users validate their identities in more than one way. These ways can include providing additional passwords, biometrics, or tokens.

Robust Encryption Mechanisms

Banks should use robust encryption mechanisms to secure data at rest and in flight. Given this, even if an outsider intercepts the data, they will not be able to decode it or use it to their advantage.

Constant Monitoring

High-grade API security for financial institutions also involves constant monitoring and the discovery of threats. Strong monitoring systems should be in place at banks to immediately spot any unusual or fraudulent behaviour. To this end, advanced analytics and machine learning algorithms can look for obvious indications of a security attack.

To proactively resolve any vulnerabilities in their API systems, banks should not only monitor, but also undertake frequent vulnerability assessments and penetration testing.

Access control & Privilege Management

Further, financial institutions should adopt rigorous access controls and privilege management to ensure that only authorised people have access to personal data. Depending on one’s position and responsibilities inside an organisation, one may grant varying degrees of access. There will be less opportunity for theft or fraud with consumer data if banks follow the concept of least privilege.

Keep Tabs on Updates and Patches

Finally, banks should make maintaining their API systems with the latest updates and patches a top priority. This includes upgrading software on a regular basis and implementing security patches as soon as they are issued by vendors. If banks don’t keep up with upgrades, they risk having their application programming interfaces (APIs) hacked.

Regulatory Compliance Considerations

Data privacy and protection is an important aspect of regulatory compliance related to open banking API. Since APIs allow banks and third-party providers to exchange consumer information, keeping that information safe and in compliance with privacy laws is more important.

Financial institutions and their contracted service providers must take extreme precautions to guard against hacking, data breaches, and other forms of cybercrime. To further ensure consumer privacy and secure the necessary permission for data sharing, they must adhere to legislation such as the General Data Protection Regulation (GDPR).

Here are a few of the most frequent regulatory requirements that financial sector providers may encounter.

Basel II

Basel II is a set of international regulations that mandates the assessment and reduction of the operational risk losses of financial data by financial institutions. It specifically addresses issues with inadequate data security and system failures brought on by incorrect configuration or low expectations for system requirements. This makes it a useful reference for any system that has to start working with financial data.

PSD2

PSD2 is the European Union’s updated Payment Services Directive, written by the European Commission to standardise the industry across the European Union and the European Economic Area.

The regulations are meant to safeguard consumers and lay out clear parameters for how payment processors and banks should operate.

URSIT

A US government standard, the FFIEC Uniform Rating System for Information Technology (URSIT) evaluates an organization’s Auditing, Management, Development, Acquisition, Support, and Delivery procedures.

As a framework for establishing a procedure to detect security issues, URSIT is an invaluable resource.

The Gramm-Leach-Blilely Act

It is a federal law in the United States that mandates the protection of customers’ financial and personal data. The Federal Trade Commission’s Data Safeguards Rule, which mandates a comprehensive evaluation of a company’s security measures, has its origins in this law.

PCI-DSS

PCI-DSS is a regulatory standard that mandates vulnerability scanning and source code review to guarantee that payment card industry data and procedures meet the stringent security protocols required by providers and payment providers.

Many businesses operating online, especially those whose services include handling customer payments, consider PCI-DSS mandatory.

Any API that plans to accept card payments should be highly familiar with PCI-DSS because of the stringent standards it sets.

Sarbanes-Oxley

It mandates a reporting structure for internal controls to ensure that sensitive financial information is monitored and protected. It requires a thorough assessment of IT assets, software, and solutions for their resilience against data breaches and exposures and involves severe audit mechanisms for internal controls.

This is just a portion of the most prevalent and high-level regulatory standards. Regulations can be stiffer in certain parts of the world, and there can be even more noticeable differences amongst segments of an industry.

Yet, having a strong knowledge of these underlying frameworks for regulation could potentially guide in learning about open banking.

Tavas- Open Banking Product Suite

Macro Global’s Tavas is a comprehensive Open Banking solution that aims to revolutionize digital payments while ensuring compliance with the PSD2 regulations, including the UK Open Banking Specification, which allows banks to be exempt from contingency mechanisms for their dedicated API interface.

This open banking solution is highly secure and safe, utilizing a cloud-based SaaS platform to enable secure engagement with third-party providers.

With cutting-edge technology, including state-of-the-art Open Banking APIs, Tavas offers services such as Account Information, Payment Initiation, and Confirmation of Funds. And Tavas provides customizable Open APIs, allowing banks to manage their business processes effectively.

Additionally, their web-based administration portal provides valuable insights and management capabilities for TPP (third party providers) Onboarding, Transaction Status, and Consent management.

Tavas also offers a robust data flow and enhanced security features for the deployment of open APIs. With a focus on customer-centricity, it offers a range of compelling use cases that go beyond monetization, allowing banks to transform their portfolio and business model.

Remarkable & Competitive Features of Tavas

Establishes trust with banks and TPPs (third party providers)
Ensures compliance with Open Banking (PSD2) regulations
Provides secure and strong customer authentication
Customizable API Framework
Monitors and implements changes in the regulatory environment
Offers safe and intuitive end-user experience
Builds trust and loyalty in payment services
Provides a self-service developer portal with a sandbox environment for testing and integration
Offers a suite of pre-built APIs ready for implementation
Secured against database breaches, DDoS attacks, and man-in-the-middle attacks

As Open Banking continues to redefine the financial services landscape, Macro Global’s Tavas remains at the forefront of empowering financial institutions with its innovative API strategies to stay agile, competitive, and customer centric.

Tavas is a trusted ally for banking institutions looking to thrive in the digital age and unlock the full potential of Open Banking.

Final Thoughts

Banks may stay competitive in the face of a trend towards open banking practises with the support of an efficient API strategy. Since banks are using open banking APIs, they must provide customers with safe and reliable experiences. Customers’ personal data must be kept secure while meeting all applicable regulations.

Consumers benefit from the options provided by market-driven strategies, which also foster innovation and healthy competition. However, banks and third-party providers benefit from the transparency and efficiency provided by standardised frameworks.

Thus, financial institutions and banks who want to embrace open banking must have a well-executed API strategy. As the landscape of open banking continues to transform, it will be ever more vital for financial institutions to monitor developments across the sector and adjust their API strategy accordingly if they hope to maintain a competitive edge.

Try Macro Global’s

Tavas - Open Banking Product Suite and Solutions

Guide to FSCS Single Customer View – Key best practices that every FIs should follow

20 March 2023by salesdesk@macroglobal.co.ukFSCS Single Customer View - Macro Global Regulatory Technology

The US Department of the Treasury, the Federal Reserve Board (FRB), and the Federal Deposit Insurance Corporation (FDIC) announced steps to protect all deposits under an emergency lending programme and for the FDIC to finish the resolutions for Silicon Valley Bank (SVB) and Signature Bank. The US government is now taking steps to keep the banking system strong. US Federal Reserve will further investigate and write a report on the failure of SVB from a regulatory perspective.

Even though bank failures are rare, recent events at SVB, Signature Bank, and Silvergate Bank are likely to put pressure on banks to look at and improve their corporate governance and risk measuring and monitoring systems, as well as test their capital levels, complexity, and business models under stress. It’s a reminder of how important it is for the bank to have a good risk management programme to keep its operations safe and sound.

Since this is the scenario in the US, Financial Conduct Authority (FCA) in the UK is expected to give a full report and analysis of why the banks failed. As a result, changes to regulations are likely, and bank management needs to ask the right questions to be ready.

The Financial Services Compensation Scheme (FSCS) in the UK provides protection and compensation to customers of financial services firms. FSCS compensates the eligible customers within 7 days of failure. To do this, a standardised Single Customer View (SCV) should be in place which supports resolution options, such as a transfer of deposits or a bail-in, as well as a payout. You can find the SCV requirements for deposit takers regarding in the Depositor Protection Part of the Prudential Regulation Authority (PRA) Rulebook. You can also find the PRA’s expectations for deposit takers here.

Moreover, FSCS updated its “Single Customer View (SCV) Guide” which aims to provide a detailed overview of the Single Customer View (SCV) initiative, covering a range of topics to improve the data quality and governance keeping in mind the deposit takers, insolvency practitioners, SCV system auditors and SCV system vendors.

Good Data ensures Better Compliance. First and foremost, business and product development competencies are the foundation of successful competition in today’s market, and effective development necessitates fundamentally enhanced methods for organising the development process. Financial institutions are ramping up their capabilities, products, and services to be more competitive with their peers. It involves an increase in risk as well. Investments in governance, risk management, and compliance should be taken in parallel to their upgrading to avoid paying big to fail.

MG with its 20+ years of RegTech industry and being a leader in delivering regulatory products for banks and FIs, we list out the best practices that every FIs should follow to stay up to date with their data and daily operations to comply with FSCS requirements. Read on!

Stay up-to-date on FSCS regulations and requirements: The FSCS provides guidelines and rules for firms to follow to be eligible for protection and compensation. FIs need to stay informed about any changes or updates to these regulations.
FIs have to maintain status codes at the CBS level to identify the reporting eligibility of the customers. FI has to update the customers on at regular basis and update status codes for the customer/account where required.
At regular intervals, FI must review the customer and accounts details and update the customer details if the data does not comply with FSCS requirements. It is recommended the FI can have an auditing platform that should audit the generated SCV/Exclusion and report any issue in the files. So, FIs can make use of the exception report and make necessary corrections at the data level or file level.
If the customer details are unable to meet the FSCS requirement and FIs not able to correct the details then they have to allocate a separate status code for the particular issue and report the customer in the NFFSTP category.
To categorise and report the customer details based on the status codes in SCV/Exclusion, the FIs have to have an SCV system that must have the capability to generate the SCV, Exclusion and ineligible report based on the customer/account status codes. Also, it must have the capability to generate the report within 24 hours.
At regular intervals, FIs must conduct internal/external auditing to ensure that the SCV system satisfies the PRA-DP 11.1 and 11.2 and that PRA SCV and marking requirements are met.
FIs have to maintain a risk register to record the issues that arise during the SCV report generation process.
FI should communicate to the customer during the onboarding process about the eligibility of the customer for the protection provided by the FSCS.
The FIs must, at least annually, take reasonable steps to confirm that a depositor that it has classified as a micro, small and medium-sized enterprise continues to be a micro, small and medium-sized enterprise using the exchange rate prevailing on the 3 July immediately preceding the date on which any confirmation is undertaken.
At regular intervals, FIs have to reconcile the balance reported in the SCV file with the balance in their GL report generated in the CBS and ensure the accounts balance is tallied.
FIs have to keep the following SCV documents up-to-date.
- a. SCV Effectiveness document
- b. Account Status Codes
- c. Product Codes
- d. SCV Policy Statement
- e. AML and CTF Manual
- f. SCV System procedure document
- g. SCV System process flow document
- h. SCV System Diagram
- i. Risk Registry
It is recommended by FSCS to implement PGP encryption for encrypting the generated SCV files to prevent any manual corrections/tampering with the SCV files.

Banks must reconcile and fix existing data gaps and take the right stepsto make sure that accurate and complete records are kept at the time a newclient is added or an account is opened. Also, it might be important to make aneffort to learn more about the concentrations of current deposits in order toreduce liquidity risk and allow accounts to be spread out.

Regulators are more stringent to cope with the advancements in the BFSI sector. The goalpost is changing every day, and banks should prepare themselves for the increasing regulatory demands. Adopting a single customer view is all about making the most of an organization’s most valuable assets, which are its customers. In short, implementing a solution for the single customer view is a journey, not a one-time project. Putting it to use in your business is an ongoing process that takes time and effort. The journey starts with good data and accurate information about customers, and then everything else builds on that.

With our constant pursuit to bring newer tools and innovations, Macro Global is on the quest for more solutions and services that bring revolution in fintech. To partner with Macro Global, and to leverage more benefits, please reach out to salesdesk@macroglobal.co.uk or call us at +44 (0)204 574 2433.

FAQs

What are all the processes involved in auditing the generated SCV report?

Data Mining, Cleansing, Enrichment, and Reconciliation: Uses AI-based algorithms to identify inaccurate customer and account holder information, account segregations, data duplication, and more.

Full Audit History and Comparison: Maintain a full audit history and facility to compare previous ones to track metrics for data remediation.

Internal/External Auditing: Conduct regular internal/external auditing to ensure that the SCV system satisfies the PRA-DP 11.1 and 11.2 requirements are met.

Risk Register Maintenance: Maintain a risk register to record the issues that arise during the SCV report generation process.

Security and Compliance Check: Continuously ascertain compliance with ISO standards and FSCS regulatory requirements.

Audit and Screening: Implement a process for auditing and screening to ensure more accurate and trustworthy customer information.

Communicate and Engage: Develop channels for communicating and engaging with stakeholders during the audit process.

These steps are essential for ensuring the accuracy, completeness, and consistency of the SCV report and maintaining regulatory compliance.

What are the third-party integrations used for data validation?

The third-party integrations used for data validation in the generated Single Customer View (SCV) report include trusted databases maintained by independent organisations such as FCA DB, Royal Mail DB through API, Companies House, Charities Register, BFPO Address, OFAC Sanction customer check, and other databases.

How are the data sources integrated for SCV report generation?

Aggregates data from various channels for diverse customer interactions, transactions, behaviors, and preferences.

SCV Forza, an automated platform, integrates data sources seamlessly.

Leverages AI-based fuzzy logic and multi-level data validation to prevent data duplication and ensure consistency.

Facilitates account segregation management, linking related accounts and datasets.

Enables generation of accurate SCV reports meeting FSCS compliance requirements.

What are all the data privacy and compliance standards followed by the SCV regulatory reporting tool?

The SCV regulatory reporting tool follows several data privacy and compliance standards to ensure a high level of data security and regulatory adherence. Here are the standards followed:

ISO Standards

FSCS Regulatory Requirements

Strong Customer Authentication

IP Restrictions for Admin Portal

Microsoft Enterprise Grade Security

Secure Data Capture

Stringent Data Retention Policies

Malware Protection

Robust 256-bits Encryption

Periodic VAPT (Vulnerability Assessment and Penetration Testing)

3D Secure Authentication

Firewall Protection

How data is managed in the FSCS SCV Enterprise suite?

The SCV Enterprise Suite offers a fully automated data aggregation process, ensuring accurate and reliable data management.

Uses AI-based fuzzy logic to prevent data duplication and generates accurate SCV reports for FSCS submission.

Ensures data privacy and compliance by complying with ISO standards and FSCS regulatory requirements.

Maintains a full audit history, allowing users to compare previous audits and track metrics for data remediation.

AI-based algorithms identify potential issues, such as inaccurate customer and account holder information.

Regular compliance checks ensure data reliability.

The platform uses robust data security measures, including 256-bit encryption, malware protection, strict data retention policies, and firewall protection.

These measures safeguard stored data from unauthorised access and ensure its integrity.

SCV Alliance
FSCS SCV Audit Platform

SCV Forza
FSCS SCV Automation Platform

Provide utmost accuracy and Complete Peace of mind

We will be able to help you in whatever the stage of your regulatory reporting programs

Request for Demo

Top 14 Common FATCA/ CRS Reporting Issues & Solutions

16 March 2023by salesdesk@macroglobal.co.ukCRS Stride

Meeting the constantly evolving regulatory requirements of the tax authorities presents a significant problem for financial institutions. The need for tax returns has surged among many banks’ clientele who have assets everywhere. The number of transactions is rising, new guidance is being released often, and it is getting harder to comply with standards, which further adds to the difficulty of the situation.

Here are MG’s view on the most common reporting standard errors identified by STEP that occur during the CRS reporting process. Let's deep dive into each of them.

The financial institution (FI) must re-register, and it is unable to access previous returns on the portal since its login information has changed due to employee turnover. Login information for the Automatic Exchange of Information (AEOI) portal should be kept private and shared only with those who require it. The financial institution should ensure that there is a reliable method of maintaining access to its portal. A phoney email account could be a good alternative if the FI has robust security and data protection safeguards in place.
The FI has the wrong idea of what an undocumented account is. HMRC has told FIs that they are wrongly reporting accounts as “undocumented” when an account holder has not filled out a self-certification that was asked of them. This has caused a lot of accounts to be reported with the wrong country code for GB residents. This is only applicable to Pre-Existing Individual accounts and not applicable to entities and New Individual accounts.Undocumented lower-value accounts only exist if all three of the following criteria are met:
- The Financial Institution’s only signals from their electronic record search are a “hold mail” instruction or an “in-care-of” address in a CRS Reportable Jurisdiction.
- There is no other address or indicia of residency for the Account Holder.
- The financial institution has, in the sequence that best suits the situation:
  - attempted to get a self-certification or other documented evidence from the Account Holder to demonstrate the jurisdiction of tax residence of the Account Holder but was unsuccessful in doing so; or
  - conducted a paper record search for indicia but no indicia were located.
A high-value undocumented account only exists when all three of the following conditions are satisfied:
- Only a “hold mail” instruction or an “in-care-of” address in a CRS Reportable Jurisdiction are the only signs that the Financial Institution has from their paper record search and electronic record search.
- There is no additional address or indication of residency for the Account Holder.
- To determine the Account Holder’s jurisdiction of tax residence, the Financial Institution has attempted to get a self-certification or other documentary evidence from the Account Holder but has been unsuccessful.
Evaluating and reporting unauthorised accounts – In these situations, the Financial Institution must treat the Account Holder as an undocumented account and report it as such to HMRC using the country code GB. The Financial Institution must perform the enhanced evaluation for high-value individual accounts every year until the account stops being undocumented in cases where it has recognised and reported an account as undocumented.Our CRS Stride reports all the undocumented accounts in the audit report for screening. The banks have to review the undocumented accounts before submitting the CRS data to HMRC.
The FIs submit using the XML schema. The submission is turned down because MessageRef, FIReturnRef, and AccountRef were used in the wrong way.HMRC published Schema and supporting documents for software developers who use the AEOI service. The schema guidance tells you everything you need to know about how to use references. You can find it here.Our CRS Stride populates the XML schema which contains the above-said parameters.
The FI reports accounts for which the account holder does not live in a jurisdiction are subject to reporting.It is not appropriate to report people who do not reside in a reportable jurisdiction. Some jurisdictions that have signed up for CRS are not yet prepared to receive exchanges, while some of those that have signed up are not reciprocal. It is important to note that the reportable jurisdictions are updated frequently, and the notification will be given by HMRC. Refer to IEIM402340.Our CRS FATCA tax consultants follow the HMRC updates on the jurisdictions and add or remove the jurisdiction in the CRS Stride solution for effective CRS/FATCA reporting.
Although the resident country code is not the US, the FI reports accounts as NPFFIs.Concerning years up to 2016, the phrase “non-participating foreign financial institution” (NPFFI) solely applies to FATCA and is not relevant to CRS. The resident country code, if applicable, should be US.Our CRS Stride can identify and segregate the NPFFIs in the exclusive audit reports we generate.
The FI reports accounts that are not reportable because they are excluded, such as registered pension plans.IEIM 401720 provides a detailed definition of undesignated and designated accounts.Undesignated accounts: When a financial account (owned by a non-financial intermediary, such as a solicitor) is a pooled account that holds the funds of underlying clients of the non-financial intermediary and does not meet the requirements of IEIM401860, where:
- If the non-financial intermediary is the only person listed or identified on the financial account with the financial institution, and
- If the non-financial intermediary is not required to disclose or pass on their underlying client or clients’ information to the financial institution to comply with AML/KYC requirements or other regulatory requirements, then, provided both of these conditions are met, the financial institution is only required to carry out the due diligence procedures concerning the financial account.
Designated Accounts: A designated client account is a financial institution-held account run by a non-financial intermediary where the financial institution can identify or list the underlying client or clients of the intermediary. The Financial Institution must submit the pertinent account information when the underlying client is recognised as a Reportable Person [see IEIM403440].
The FI reports non-individuals who should not be reported.Governmental organisations, international organisations, central banks, and financial institutions are not reportable account holders under CRS, nor are firms with regularly traded stock and similar entities. Article 1 (gg) of the UK-US Intergovernmental Agreement contains a list of exceptions to the phrase “specified US person” as used in FATCA (IGA).
The FI submitted the CRS XML which does not adhere to XML schema definitions (XSD) published by HMRC.An XML schema definition (XSD) is a framework document that defines the rules and constraints for XML documents. The generated CRS XML must fully adhere to the rules of the XSD document published by the HMRC.
The Entity’s account holder type is set as Reportable Entity with Controlling Person, but controlling person(s) is not provided in the XML.If the account holder type is set as “Reportable Entity with Controlling Person” then at least one controlling person must be provided for the entity.
The entity must be reportable even though the entity’s jurisdiction is not reportable and any one of the controlling persons is in reportable jurisdictions.As per the HMRC guidelines, if any one of the controlling person’s jurisdictions is reportable and belongs to the particular entity, then entity details are also reportable.
TIN (Tax Identification Number) is not provided for the US customer.As per the HMRC guidelines, the TIN for US Tax residence is mandatory. If the customer does not provide the TIN, then the default TIN value of nine-zero must be populated. If possible FIs can populate the TIN values provided in the link instead if nine-zero.
Void Submission File generation to delete the submitted CRS file from the HMRC portal.If FIs identified an issue in the previously submitted CRS file, then void submission XML file needs to be generated which should adhere to XML Schema and Specification given by HMRC.
Only financial institutions are permitted to use the AEOI enquiry helpline.HMRC requires that you refrain from providing your account holders with information about the AEOI enquiry lines. This overwhelms its AEOI filing crew and makes it unable to help FIs with their reporting requirements.
The FI waits until the last minute to file.When submissions are made far in advance of the deadline of May 31, every year, FIs have more opportunity to address any unforeseen problems, such as missing data or incorrect XML structure, which could result in the application being denied.

Click here to learn how MG’s “CRS Stride” can satisfy your need for an optimal CRS solution. Our product and services cover all aspects of your CRS reporting obligation, but you can cancel at any time.

TRY MACRO GLOBAL’S

CRS Stride - HMRC CRS & FATCA Reporting Solution

Request for Free Demo

A look at how SME banks are adapting to the Common Reporting Standard Shifts

17 February 2023by salesdesk@macroglobal.co.ukCRS Stride

When it comes to data management in HMRC CRS reporting processes, SME banks faces number of compliance hurdles. To be fully compliant with HMRC, AEOI/OECD standards, banks must also ensure they have adequate controls and data management in place.

There is a level of basic information required of customers that can easily be obtained in the onboarding process are required for the CRS reporting. Our blog “Key Practical Aspects of OECD Common Reporting Standard (CRS)” explains the data requirements for the CRS reporting, OECD standards and its implications to the financial institutions.

Many SME banks offer a range of products and services, making it more challenging to determine which accounts should be subject to CRS reporting. All financial accounts which meet specific criteria must be reported in line with CRS. In addition, Banks must also report any account held by a company or trust under CRS guidelines. This means that the new rules could impact a wide range of financial products – from savings accounts to investment funds.

SME banks in particular typically have fewer compliance resources available to devote to implementation, and they may also struggle to identify all their customers who meet the reporting criteria. Banks started educating their staff on how to accurately confirm and report on a client’s identity and entity information.

The problem for growing SME-facing financial institutions is how to do these at scale with complete accuracy. As banks scale their products and services, they are continuously changing their procedures and systems to comply with CRS, requiring a data-led approach to make reporting easier. Proper systems and procedures should be put in place to identify and report any such activity and verify the identity of their clients.

Banks must take a holistic approach to CRS compliance and seek expert solutions to avoid rising compliance costs and significant fines. While training for bank staff is essential, an automated software solution will ensure smooth and compliant implementation of CRS reporting. Implementing CRS reporting software rather than relying on compliance staff to manually onboard customers is becoming increasingly essential.

CRS compliance and the impact on the client experience

The implementation of CRS will significantly impact the relationship between banks and their clients. Banks must take the necessary steps to ensure compliance but without creating a lengthy, manual customer experience.

The simple solution is automation. Capturing structured data in the onboarding journey and automatically storing data in line with HMRC CRS reporting requirements can significantly reduce onboarding time and in-life review processes. With CRS Stride banks are able to save up to 85% of their typical processing time.

Compliance can be a complex process, and banks must communicate openly with their clients about what is required of them. Embedding an end-to-end reporting solution in the customer journey will reduce duplication of entry for clients while ensuring data integrity and automated reporting workflows for compliance teams.

Key considerations by SMEs in implementing a best practice approach to CRS Compliance

There are several key considerations when implementing a best practice approach to CRS compliance. Firstly, SME banks should seek expert help to get up to speed with the new rules. If they are to build an in-house solution, it must be constantly managed to keep in line with changing regulatory requirements and to ensure controls hold up to audit standards.

Secondly, comprehensive data analysis is essential to identify all customers who meet the reporting criteria. Financial institutions must accurately report this data to HMRC. Banks must put in place systems and procedures to ensure compliance with CRS on an ongoing basis. Without an automated CRS reporting solution, this will rely heavily on training staff and manual review of potential suspicious activity.

Implementing a best practice approach to CRS compliance can be a challenge for SME banks. However, it is essential to avoid any penalties or reputational damage. By implementing expert solutions to provide comprehensive data analysis and put robust systems and procedures in place, SME banks can ensure compliance with new and changing regulations.

Final thoughts

Complying with CRS reporting standards is a complex challenge for SME banks. Obtaining the relevant data can be straightforward on a smaller scale, but manual compliance comes at the cost of longer processing times and a poor customer experience. As banks look to scale, data management should be integral to any strategic decision making. Software solutions are critical to accurate reporting and allow much greater flexibility as they grow their products, services and markets.

SME banks that take this best practice approach to CRS compliance can reap several benefits, including a reduced risk of penalties, improved reputation and a smoother relationship with HMRC.

Variable Recurring Payments (VRPs) & Sweeping in Open Banking: Everything We Need to Know

15 February 2023by salesdesk@macroglobal.co.ukOpen Banking Product Suite and Solutions | Tavas

VRPs (Variable Recurring Payments) are the most significant improvement in open banking to date. VRP addresses one of the industry’s most pressing issues: the requirement for consent via Strong Customer Authentication (SCA) for every transaction. VRP effectively authorised authentication to a third-party provider (TPPs), which then enabled trusted beneficiaries to pay with a single click.

VRPs will be easier and faster to set up than existing payment methods (Direct Debit, CPA), allowing consumers to manage payments more easily and integrating payments into a broader range of customer journeys.

As a result, VRPs are on track to become yet another example of the growing trend of “embedded finance,” as well as the overall transformation of open banking into open finance.

VRP has so far only been mandated for Sweeping use cases, which are transactions between two accounts with the same name. Notably, in developing VRP for the Sweeping use case, banks have built the infrastructure needed to support first-party-to-third-party transactions.

Customers will be able to use VRP for anything from subscriptions to in-app payments, as well as general e-commerce. Card-on-file will be replaced by account-on-file. Direct debits that are outdated and have a problematic operating interface may be phased out.

How do VRPs function?

Variable Recurring Payments require these three parameters to create a long-life consent token.

1. Maximum number of transactions in each period (for example, a month),

2.Maximum value of any single transaction,

3.Total aggregate value of all transactions in that period

For example, if your maximum transaction value of any single transaction is GBP300 and assume it never exceeds GBP300 per transaction. If you make such transactions 5 times, the total amount would be GBP1500 which is the maximum number of transactions and total aggregate value for the month. And if transactions stay within these parameters, SCA is not needed.

How do the customers receive help from VRP? 

VRP enables faster and more secure payments. Moreover, customers will never be asked to update their credit or debit card information again.  Bank accounts do not expire, while credit cards do. VRPs also provide customers with greater convenience, control, and security. While open payments are still in their early stage, there is strong adoption and growth. The benefits offered by VRP supplies will only speed up this process.

What does VRP mean for retailers?

VRP has massive benefits for merchants, including real-time settlements, lower costs, the getting rid of card fraud, lower customer churn, and no chargebacks.

VRP enables the opportunity to monetise Open Banking

VRP is the first opportunity for banks to monetize their open banking investment and contribute to the ecosystem’s balance. This has a hugely positive effect.

Open banking eases a handshake between banks (ASPSPs (Account Servicing Payment Service Provider)) and TPPs. As a result, these industry players must continue to collaborate on initiatives that expand the functionality set of open banking and the opportunities it provides.

VRP is one such collaboration model, and it stands for a significant opportunity to bring a fairer distribution of value across the ecosystem. This new collaboration between FinTech and banks will level the playing field as we collaborate to fulfil the full promise of real-time payments everywhere.

VRP works by securely connecting authorised PISPs (Payment Initiation Service Providers) to customers’ bank accounts, allowing them to make payments on their behalf. VRPs supply several advantages over Direct Debit and card CPA to both small businesses making payments and receiving payments.

VRP and Sweeping

Sweeping is the automatic transfer of funds between a customer’s accounts, such as transferring excess funds to another savings account or using them to repay a loan or overdraft account. VRPs are an innovative method of making ongoing payments.

The CMA9 will first make these VRP APIs (Application Programming Interfaces) available for “sweeping.” This is the transfer of funds from one PSU (payment service users) account to another. This can be used to automate a fixed amount to be transferred to a savings or investment account each month, or to sweep funds between current accounts to allow a customer to receive help from new account features, rates, or fees without switching current accounts.

One of the core priorities of the open banking agenda is user experience, and both regulators and industry will be monitoring the situation as the use of VRPs for sweeping are started rolling out in the coming months.

Real-world business advantages of VRPs for sweeping

The OBIE found potential benefits for both consumers and SMEs by combining VRPs and sweeping. These are some examples:

Saving money

You should be aware that, £100 billion is locked up in the UK’s business current accounts, earning little interest. However, while many businesses have a lot of cash, they do not have the time or interest to do anything with it.

A mandate can be set with a savings company to oversee a business’s current account. When the balance exceeds a certain threshold, the money could be transferred to a business savings account. Money could be swept back every time a balance falls below a certain threshold.

Overdraft protection

Sweeping has the potential to create a type of unbundled overdraft to increase competition in the business’s current account market.

International payment cost savings

According to a 2016 report, banks generate approximately £4 billion in excess profit when small businesses do not make cross-border payments. Sweeping VRPs could be used to remove the friction from using an alternative payment company or foreign exchange business.

Manage tax efficiently

As HMRC incorporates Open banking enables technology to support real-time secure payments. With VRP and sweeping, SMEs can manage their taxes well and make payments automatically without any fail once the invoice is generated or sent to SMEs.

New Subscription Economy Options

The subscription economy is expanding, with many SMEs taking part. VRPs offer a payment system that incorporates the low cost of Direct Debit with the speed and flexibility of cards, potentially creating a strong alternative in this growing market.

VRPs and the OBIE Roadmap

If you think about the next steps for VRPs, you should consider the Open Banking Implementation Entity’s (OBIE) Roadmap, which was developed in collaboration with the CMA that supplies a framework for Open Banking implementation. This Open Banking roadmap outlines several measures, including the development of technical standards for VRPs that are compliant with PSD2 (Payment Service Directive 2), the UK Payment Services Regulations 2017, and the GDPR.

Even though OBIE developed technical standards for VRPs, the CMA9 banks are not mandated to implement VRPs for all use cases. But CMA has ordered the CMA9 to implement VRPs as the mechanism for implementing sweeping. The use and implementation of the VRP standards are optional and at the discretion of the CMA9 firms for use cases unrelated to sweeping.

The CMA had originally planned to implement VRPs for sweeping by January 31, 2022. However, in response to OBIE recommendations, the CMA has allowed the CMA9 to extend the deadline. TPPs must then complete testing of the VRP standard in a live, controlled environment by July 2022, “so the firms are ready to advance general availability of the standard.”

Potential Use cases of VRP and Sweeping

Sweeping is one of the potential use cases for VRPs, which could be applied to a wide range of recurring payments and as an alternative to traditional fixed-period direct debit or card-on-file payments.

The OBIE’s Proposition Paper, published in November 2020, describes several use cases for VRPs, including:

a) Automated payments for electricity bills.

b) Linking a bank account to a social networking site app for in-app payment authentication.

c) Setting a six-month payment limit for a new subscription.

d) Automated payments for ride-hailing fees.

e) One-time payment setup for an online marketplace’s one-click payments.

f) Using a third-party smart saving app to transfer money from a bank account to a savings account on a flexible/variable basis.

g) Utilising a third-party service that supervises bank accounts and retains a threshold balance or assisting in avoiding overdraft fees by transferring funds between accounts as needed.

h) Obtaining short-term credit to avoid overdraft fees, then automating credit repayments to reduce overdraft charges and borrowing costs.

Concluding thoughts

Our analysis clearly showed that there is an appetite for VRP technology, and SMEs are eager to take advantage of this capability. VRPs help SMEs to mitigate overdue payments, and remove challenges, and pain points associated with other payment methods such as Direct Debit and CPA. The key to adoption will be in ensuring time and cost barriers are overcome to ensure SMEs get to the start line.

Macro Global’s Open Banking (PSD2) solution, Tavas enables banks to create a connected experience while also allowing them to adapt to emerging opportunities to position themselves in the new era of consumer-centric banking. Tavas – Open Banking Product Suite & Solutions instils innovation in banks by redefining account and payment aggregation via a game-changing Open Banking API Framework that addresses all compliance requirements while providing a best-in-class user experience.

Discover more about our best-in-class Open Banking solution.

Try Macro Global’s

Tavas - Open Banking Product Suite and Solutions