Open Banking to Open Finance – Exploring the benefits, risks & opportunities
Open Banking becomes an older topic for now as Europe has been talking about it for the past two years. Open Finance is currently a hot topic in the financial industry, but what exactly is Open Finance?
“Open Finance” refers to any Open Banking activity that extends beyond the regulatory scope of PSD2’s Access to Account provisions. As a result, data sharing and payment initiation via APIs that extend further into payment accounts, payment services, and payment service providers defined by PSD2 (Payment Service Directive 2) come under the scope of Open Finance.
Regulatory interventions set up the groundwork for Open Banking. Because of this, the Open Banking market is evolving, and new products and services are being introduced as customer adoption of these new payment methods are increasing. Open Banking facilitates the sharing access of customer financial data more securely to make life easier. The Open Banking capabilities developed by firms ranging from incumbent to challenger banks and FinTech firms have proven to be effective in delivering consumer and market utility. The distributed technology has laid the groundwork for Open Finance to expand for even greater customer benefit.
Open finance extends beyond the data and services provided by the banks to encompass customers’ entire financial footprint. A trusted third party could access financial data related to pensions, taxes, and insurance with consent from the customers. This paves the way for more tailored consumer services, including payments and other financial products.
Third-party providers can use open application programming interfaces (APIs) to build applications and services that add value to consumers, by providing exclusive data-driven insights, streamlining the user experience, or simplifying payments.
How Open Finance differs from Open Banking?
Till now, the distinctions between Open Banking and Open Finance are not clear. However, we can identify some differences based on what is happening around the world, whether through regulatory actions or market-driven initiatives:
- API Providers (ASPSPs): In Open Banking, banks and other financial institutions are considered as the API providers. In Open Finance, other account holders such as insurance companies, pension funds, and wealth managers, can provide Open Finance APIs.
- API Clients (TPPs): Open Finance APIs can address a variety of ‘clients,’ including TPPs regulated by a National Competent Authority (NCA) under PSD2 and organisations that are not regulated by an NCA.
- Security: NCA-issued authorisation numbers, PSD2 eIDAS certificates, and/or scheme lists may or may not be used for Open Finance client identification.
- Contracts: Commercial contracts between the API Provider and the API Client may be needed for Open Finance APIs.
The Regulatory Framework for Open Finance
The European Commission issued some correspondence on the EU (European Union) Retail Payments Strategy in September 2020. It established several objectives for the EU’s Digital Finance Strategy. One of them was to promote data-driven innovation, specifically improved data access and data sharing within the financial sector. The Commission also acknowledges the need for an Open Finance Framework by 2024 and plans to propose one in mid-2022.
There is a contradiction in defining Open Finance as the non-regulated, value-added space because services introduced today as Open Finance will no longer be Open Finance if they are regulated later. That could be a problem at some point of time.
Open Finance access is allowed, provided that only the data owner or a third party authorised by the owner has access to the data. Furthermore, due to the risks and sensitivity of financial data, there must be certain level of control over data access, which can be carried out through customer consent, contractual agreements, qualified certificates, or other means. Open Finance is an ethical process because it is transparent and effective for all parties involved.
Account Servicing Payment Services Providers (ASPSPs or banks) and Third-Party Providers (TPPs) or regulated entities are not the only ones who can take part in Open Finance. It applies to financial institutions (e.g., banks, financing companies, insurance companies), as well as merchants, utility companies, corporates, Small and Medium-sized Enterprises (SMEs), and individuals.
Advantages of Open Finance
Regulators and industry stakeholders acknowledge the importance of Open Finance and outline some of its expected benefits:
- Improves user experience by supplying customised products and services.
- Enables wiser financial decisions and improved financial management.
- Improves efficiency and productivity for big corporates and small and medium-sized businesses.
- Increase competition among financial service providers, fostering innovation, new service development, and increased demand.
What is the future of Open Finance?
Open Finance is the logical next step in applying the Open Banking concept to a much broader range of financial products and services, including insurance, pensions and even in other domains such as healthcare and more. The opportunity to improve savers’ overall financial well-being is enormous. However, much work is still to be done to get it off the ground, beginning with regulations, standardisation of the technology, and the development of new use cases to show the benefits it can provide.
We are excited to see what the future holds for Open Finance in general, as well as the innovations it may bring to the pensions industry to improve consumers’ insights, decision-making, and financial well-being.
From Open Banking to Open Finance and then to Open Data – New gateways
Open Finance is not the end, it is the beginning of financial industry evolution. It brings us closer to Open Data and a data-driven world in which all the industrial ecosystems are interconnected.
As a result, industries must embrace and incorporate Open Finance into their culture. Open Finance is pushing the industries into new innovative water, and those who swim in it will be better positioned to succeed in the upcoming Open Data reality.
Open Data services facilitate the customers to access and share their financial data with the approved third-party providers (TPPs), fostering the innovation of ground-breaking products and services that aid customers in better engaging with their finances, making empowered decisions, and accessing tailored products and services. Open Data is being utilised in the Account verification process, Credit checks and other PFM platforms.
- Improved financial decision-making.
- Increased access to advice and guidance.
- Better borrowing decisions.
- Enhanced user experiences.
- Increased financial awareness.
What are the potential implications of Open Finance?
This would be the debating question in the market currently. Open Finance could reduce costs and increase benefits for customers. A low barrier to entry, achieved through the low-cost reuse of existing capabilities, will secure the ability to bring solutions to market for consumers more quickly.
Open Finance has the potential to reduce fraud, improve financial well-being, expand credit availability, supply more payment options, and enable reusable digital identities. Each of these outcomes stands for a significant undertaking.
The challenge for future work is to identify the priorities where success is more likely to describe collaborative action from the industry players, government, customers, and regulatory bodies. It enables open access to data to identify the possibilities and opportunities around open finance and to set a mandate on what could be done.
By focusing on customer outcomes, we are also in the best position to directly address the issues that most trouble individuals and businesses, and which Open Finance has the potential to resolve.
Conclusion
The industry is already moving forward with several initiatives aimed at achieving the results as part of the evolution of open finance. The emphasis will be on integrating and putting into practice the various initiatives, such as enhanced fraud data sharing initiatives and access to all the available data sources. In other areas, business is showing thought leadership on how Open Finance could encourage entrepreneurial behaviour, for instance, by removing obstacles to the formation and operation of SMEs.
Open Banking: AISP, PISP & ASPSP Explained
Open Banking has been driving a spectacular impact on the financial world since January 2018, disrupting everything from payment solutions and budgeting tools to lending applications and credit analyses.
But what exactly do Open Banking providers do? Regulated providers construct and maintain the digital pipes that enable banks to securely request data and payments.
Open Banking is currently being used by individuals, lenders, and financial institutions to substitute the legacy manual and increasingly complex processes. The ability to collect and view insights derived directly from bank transaction data in real-time is extremely powerful, but it can be overwhelming for businesses that have never worked with this data before. Understanding how the technology works and what technology companies are doing with it can help you come up with new uses for it.
Open Banking relies on third-party providers (TPPs) who can provide two core Open Banking services through two separate FCA authorizations:
- Account Information Service Provider (AISP): a person who is authorised to retrieve account information from banks and financial institutions.
- Payment Initiation Service Provider (PISP): a person or entity who is authorised to initiate payments into or out of a user’s account.
Companies that want to be regulated as an AISP or PISP must go through a rigorous application process with the FCA. Some Open Banking providers can be regulated as both an AISP and a PISP, but many only have one.
AISPs and PISPs manage client consent required for Open Banking data access. This implies that each AISP and PISP explicitly state to the end-user what data will be handled, for how long, and with whom it will be shared. This digital consent journey also serves as the foundation for GDPR information processing for AISPs and PISPs.
Account Information Service Providers (AISPs) explained
An AISP is a company that has been granted permission to access an individual’s or SME’s financial institution account data. The UK’s nine largest banks are required by law to comply with the AISPs’ requests. The framework and technical specifications of Open Banking allow for the retrieval of years of transaction history in seconds.
What are AISPs capable of?Being an authorised AISP means that a company can request permission to connect to a bank account and use the information from that bank account to provide a service.
Some AISPs do not have permission to access the bank account information as they are granted “read-only” permission. They can look but not touch, which means they can’t move a customer’s money.
AISP-related services and tools include price comparison, money management tools, faster and more accurate access to financial products, and speeding up manual processes such as applying for a mortgage or a loan, among others.
Examples of AISP applications include:
- Money management tools: some AISPs collect financial data and disseminate it in a way that allows people to easily understand their financial situation, create a budget, and track spending. These new personal finance tools combine data from multiple bank accounts so that users can see their entire spending history in one place.
- Loan applications: Some AISPs, such as Credit Kudos, use this same capability to allow customers to share financial information securely and quickly with a lender or broker. Lenders also use account information-derived data and metrics to improve credit and affordability decisions. This procedure expedites traditional underwriting by eliminating the need for lenders to manually compile and verify bank statements. Better insights benefit the lenders and can provide a better customer experience to the borrower.
Payment Initiation Service Providers (PISPs) explained
PISPs are authorised to make payments on behalf of customers rather than just viewing account data. PISPs accomplish this by initiating direct transfers to or from the payer’s bank account using the bank’s tools.
What are PISPs capable of?Businesses that are authorised PISPs may request permission to connect to a bank account and initiate payments from the customer’s bank account.
There are a variety of reasons why you might want a business to initiate payments for you. For example, an app that helps you handle money in your multiple savings and current accounts to ensure you never go overdrawn and don’t have to pay potentially substantial overdraft fees. This type of capability is possible in retail, where you allow a company that you shop with frequently online to connect to your bank, so you get fast checkout and don’t have to re-enter card details for every transfer of funds.
Examples of PISP applications include:- Financial management tools: A few new money management and savings apps transfer a small proportion of someone’s balance each week to a savings account according to a predetermined process. Open Banking has also facilitated new tools that automatically transfer money between accounts on behalf of customers to avoid overdraft fees.
- Business solutions: New tools integrate with back-office systems, allowing businesses to securely manage payments and collections, make real-time bank transfers, and gain greater payment visibility.
Account Servicing Payment Service Providers (ASPSP) explained
Account Servicing Payment Service Providers provide and manage payment accounts for payment service users (PSUs). ASPSPs have typically been banks and similar financial institutions including building societies, and payment companies.
The number of banks and building societies providing open banking services is increasing. Only the UK’s nine largest banks and building societies are required to make your data available through open banking now. Smaller banks and building societies also can participate in open banking.
ASPSPs release Read/Write APIs as part of Open Banking. These allow consumers to share their account transaction data with third-party providers, who can then initiate payments on their behalf. PSD2 requires all ASPSPs in Europe to participate in open banking and provide data access.
How do open banking and screen scraping compare?
Screen scraping (also known as credential sharing) is an old technique for gaining access to a customer’s bank account to retrieve transaction data. Screen scraping works as stated below:
The customer provides their login information to a third-party provider (TPP). The TPP uses these details to log in to the customer’s bank account. The TPP then copies or “scrapes” the customer’s bank data for use outside of the customer’s banking app.
Before open banking, the only way for apps to access customers’ bank accounts was through screen scraping. Online accounting software packages made extensive use of it. Open banking, on the other hand, is a more secure method because it does not require the customer’s credentials and is thus much more secure.
eIDAS certificate
Electronic signatures can have the same legal validity as handwritten signatures under a 2016 EU regulation. However, such signatures must meet the requirements of eIDAS (electronic Identification, Authentication, and Trust Services). eIDAS certificates enable ASPSPs such as banks in European open banking to identify and authorise API connections from Third Party Providers such as PISPs and AISPs. This is critical in preventing unauthorised access to bank accounts. Since Brexit, only UK-authorized Third-Party Providers can use eIDAS certificates.
Open Banking API providers and their requirements
There is no ‘official’ API for Open Banking. Instead, banks and Technical Service Providers provide their APIs that must adhere to the Open Banking Standard specifications released by Open Banking Implementation Entity (OBIE) which is an official organisation that supervises the Open Banking implementation in the UK. The Open Data API Specification governs how banks develop access endpoints for Third Party Providers (TPPs). It defines how TPPs can use a bank’s Read/Write API. You can find the list of Open banking API specifications on the OBIE website.
Read/Write API specifications
The Read/Write API specification is the primary API specification that governs how third-party providers should connect to banks. It enables Third Party Providers (TPPs) to obtain access to bank accounts for both read and write purposes, for example, fetching account balances and transaction details to make authorised payments. Through the Dynamic Client Registration process, banks allow the Third-Party Providers to enrol automatically without the need to authenticate each one manually. API performance, uptime, and reliability are critical for open banking. Since there is no single official open banking API and each bank develops APIs on its own as per OBIE specifications, the performance of the API of each bank may differ.
Macro Global’s Tavas Open Banking Product Suite and Solutions offers a bundle of solutions to any ASPSPs to extend beyond the scope of monetisation tore-engineer the bank’s portfolio and business model.
- Identity and Access Management
- Developer Portal and Sandbox Environment
- Financial Grade Open Banking APIs
- Strong Customer Authentication
- Administration Portal
- Modified Customer Interface- Fallback Arrangement
- App2App Authentication
- Regulatory Reporting
To learn more about how Macro Global can assist you in monitoring, managing, and mitigating the aforementioned challenges, please visit Tavas – Open Banking Product Suite and Solutions.
FATCA: Objective, Impacts & Challenges in Financial Institutions
In 2010, the Foreign Account Tax Compliance Act (FATCA) is introduced in the United States to ensure that citizens fully disclose their worldwide income to the Internal Revenue Service (IRS). Foreign Account Tax Compliance Act (FATCA) is a piece of US legislation aimed at preventing and detecting offshore tax evasion by US citizens (US citizens, US tax residents or US legal entities). FATCA became effective on July 1, 2014.
Foreign governments across the world have agreed to comply with the regulations and have signed FATCA into local law by establishing bilateral agreements known as Inter-Governmental Agreements with the US (IGA).
What is the objective of FATCA?
FATCA was enacted to impose a reporting burden on monetary payers to protect the US tax base. It enables the Internal Revenue Service (IRS) to view information about offshore accounts held directly or indirectly by US citizens in cases where tax evasion is suspected.
Foreign financial institutions (FFIs) must identify their financial account holders and then report to the IRS the details of reportable US account holders and their accounts. This is typically done indirectly through the FFI’s local tax authority such as HMRC (for the UK), and it is dependent on the IGA in place.
The IRS compares FFI data to what private individuals and legal entities report on their tax returns. Before FATCA, the IRS could not make this comparison and had to rely on taxpayers to be forthcoming.
UK-US intergovernmental agreement (IGA)
The important point is that the legislation is now part of UK law because of the UK-US intergovernmental agreement (IGA) and the regulations issued under section 222 of the Finance Act 2013. Default has financial and reputational ramifications.
All UK entities are subject to UK rules, and solicitors may be asked for their clients’ FATCA status when dealing with other institutions such as banks and stockbrokers, in addition to the standard AML and client identification procedures.
Every year, financial institutions must evaluate their accounts and report certain account holders to HM Revenue and Customs (HMRC). This includes data required to be sent to the United States under the Foreign Account Tax Compliance Act (FATCA).
Who are the reportable persons under FATCA?
The legislation requires Financial Institutions (FIs) (banks, stockbrokers, and other financial intermediaries, including most Trusts) to notify the IRS through HMRC when any amounts are paid to or for a US person, irrespective of where the payment is made. Furthermore, the IRS must be confident that the FI has adequate systems in place to identify and record US Persons. The FI will be in default if there is a failure to report or any other non-compliance with the FATCA regime.
Individuals who are US citizens, US tax residents, or US legal entities are FATCA reportable persons.
- Private individuals born in one of the states of the United States, the District of Columbia, Puerto Rico, Guam, the Northern Mariana Islands (born on or after November 4, 1986), or the Virgin Islands.
- Foreign-born children under the age of 18, residing in the United States with their birth or adoptive parents, at least one of whom is a US citizen by birth or naturalisation.
- Individuals who have been granted citizenship by the US Citizenship and Immigration Services (USCIS) (naturalised US citizens).
US residents such as Citizens of the United States of America, Green Card holders. Persons who spend a significant amount of time in the United States, regardless of citizenship, or those who choose to be treated as a US resident for a portion of the year.
US legal entities include US domestic corporations, companies, partnerships, and trusts that are organised under US law. The federal government of the United States, as well as its agencies and states.
What financial institutions should do for FATCA reporting?
Customer Identification: According to this IGA agreement, Financial Institutions are responsible for identifying and reporting Financial Accounts held by Specified US Persons. Customer Identification can be done in three ways:
- Indicia search – The Financial Institution can identify Reportable Accounts by searching for US indicia by referring to documentation or information held or collected in connection with the maintenance or opening of an account; this may include information held for the purposes of complying with UK AML/KYC rules.
- Self-certification – obtained from an account holder or Controlling Person.
- Publicly available information (for entities only) – Using publicly available information, a Financial Institution may be able to determine the FATCA status of an entity account holder.
Reporting: According to HMRC guidelines, banks must report all financial account information held explicitly or implicitly by US reportable customers to HMRC. The information will then be forwarded to the US Internal Revenue Service by HMRC.
Withholding: FATCA requires Foreign Financial Institutions (FFIs) outside the United States (US) to provide information about their US customers to the Internal Revenue Service (IRS). Anyone who fails to comply is subject to a 30% withholding tax.
Key Challenges faced by financial institutions in FATCA reporting
Need for detailed guidance on Self-certification forms
Self-certification is likely to be the preferable option for most financial services firms, which will shift as much of the compliance burden as possible to clients. Clients will seek advice from the financial institutions with which they do business. However, the lack of detailed guidance and the absence of case law means that financial institutions will be hesitant to provide advice for fear of being sued and facing non-compliance issues.
Adherence to OECD guidelines
FATCA and UK tax obligations are already difficult. The OECD’s Common Reporting Standards add to the confusion. The OECD standards are merely guidelines for the 40+ countries that have agreed to them. Each country will be free to implement these standards in the way that best suits them. This could lead to inconsistencies and place a significant burden on businesses. FATCA forms are already lengthy and complicated. Customers are requested to fill out forms for other jurisdictions. It will be tedious for the financial institutions to ensure complete compliance with multiple jurisdictional and disparate requirements.
Lengthy & Tedious Client onboarding process
Banks must educate their customers about the importance of adhering to compliance requirements while onboarding them. Financial services firms’ due diligence requirements with respect to compliance obligations also result in significantly longer onboarding times. Hence banks should implement a digital customer onboarding process. Digital Customer Onboarding improves the customer experience and makes the process smoother or even effortless.
Need for Centralised Data sourceTo have a single view of their customer across all parts of the business, financial institutions will need a centralised customer database and some data processing capability. To pull this data from disparate systems, new technology such as FSCS SCV Enterprise Solution Suite will be required.
Lack of Ongoing Compliance Process
Foreign financial institutions must identify where their customers’ income is earned and sourced. This exercise is carried out every quarter. Financial institutions also have to identify any incoming funds that may be subjected to withholding tax, in which case, systems will need to calculate the appropriate tax to be withheld. Robust processes are to be established to fulfil the above said regulatory obligations and to ensure a higher degree of compliance.
Shortage of Compliance Knowledge
Generally, there is a lack of understanding of the full scope of FATCA requirements and implications at all levels of the organisation. For the reasons stated above, front office staff of the banks should be more cautious in giving advice to their customers. Senior executives must be aware of the implications for them. Specialised training programs should be given to front office staff to de-risk non-compliance. Customers must also be made aware of the FATCA compliance requirements. It must also be refined on a regular basis to ensure it remains effective.
Need for well-structured Documentation & Data
Every stage of client onboarding and ongoing client interaction must be diligently documented to ensure a comprehensive audit trail and proof in the event of regulatory scrutiny. Additional circumstantial data and documentation will need to be collected and stored so that evidence can be framed under the circumstances at the time of audit investigation or regulatory scrutiny drills.
Documentation is one of the most significant challenges for most financial services organisations, necessitating a comprehensive change programme to ensure that everyone in the organisation understands the importance of documentation and does it consistently. Major banks are using our Aira – Enterprise Document & Workflow Management System, which enhances the productivity and efficiency of their business operations to the next level of profitable growth.
Oversight & Senior Management Assurance
The Board members will be held individually and collectively liable for any FATCA compliance violations. They will require regular assurance that everything is in order. This will necessitate new governance and oversight processes, as well as an efficient and timely process for escalation of any regulatory violation. The Board will have to rely heavily on their senior directors to ensure compliance. Many boards will be sceptical and will require formal attestations from business leaders.
Who Is Responsible for FATCA Compliance?
Even though it appears to be a simple enough task, where do FATCA and other tax reporting compliance fit into the organisation? The larger multinational financial institutions appear to be struggling to answer these questions. Does FATCA come under the scope of the KYC team, the Tax Team, or Risk and Compliance? Is it a centralised team or a hub-and-spoke structure? The requirement for a single view of the client precludes a purely federated model in which individual businesses are responsible for their own FATCA compliance. What should the governance process look like once a stakeholder is identified? Should the firm have its FATCA/Tax Reporting monitoring role? Is it required to Outsource, Build or Buy an effective FATCA reporting software to seamlessly achieve the expected CRS Compliance mandated by HMRC with critical strategic crossroads?
With decades of technical experience and subject matter expertise in the regulatory space, Macro Global provides financial institutions with the assurance that their CRS reporting activities are handled by a cutting-edge CRS & FATCA Reporting Solution. We have a sophisticated audit tool that will pinpoint all the shortcomings in the CRS data automatically based on the predefined rules rather than manually going one by one. This would save us considerable time and redundancy on either side.
Automate your HMRC CRS & FATCA reporting obligations with ease, Utmost accuracy and stress free.
CRS Stride - AEOI / HMRC CRS & FATCA Reporting Solution
Early Adopters and Late Followers – Lessons learnt from their CRS Reporting experience
Early adopters of the Common Reporting Standard (CRS) are evidence that the implementation of CRS compliance comes with challenges. Adopting CRS compliance is time-consuming as a lot of preparatory work is to be done. Financial institutions should adhere to local regulations when classifying and reporting reportable accounts.
Challenges faced by Early Adopters of CRS/FATCA Reporting
Misinterpretation of FATCA & CRS
FATCA and CRS are still being misunderstood and interpreted as two separate pieces of legislation, according to CRS early adopters. Many institutions claim they are FATCA compliant, so they don’t need to be compliant with CRS or they have the same information. These two schemes differ significantly.
Although there are common themes between CRS and FATCA, it is vital to understand that they are not the same, and each has its own set of penalties and requirements. CRS jurisdictions may have their country-specific reporting styles and gateways, whereas FATCA is only for US citizens, whereas CRS is much broad in scope and based on residency.
Late adopters should plan ahead of time to ensure that staff who are already comfortable with FATCA can learn the new CRS requirements. Depending on the circumstances, Financial institutions and entities may be required to file both FATCA and CRS reports in each jurisdiction. In the nutshell, more tasks are to be done for CRS reporting compared to FATCA reporting.
CRS reporting is pretended to be a more complex and unsolidified reporting proposition than FATCA because of the increased volume of reportable accounts to the broader range of tax authorities involved and the limited time to implement the regulatory changes. Thus the challenge to keep up with its requirements is that much greater.
Penalties for non-compliance
Penalties for non-compliance may vary for each jurisdiction. Non-compliance can spoil a company’s reputation and cause customers to lose trust. Global exchange and access to information raise the reputational risks of companies and financial institutions failing to comply, as information become public way quicker than ever before spread globally from day one.
Banks in multiple geo-locations
Early adopters of CRS learned that there is a degree of nuance in which organisations are obligated to report. The massive magnitude of the CRS adds complexity for banking institutions that operates from multiple geo-locations whose clients are spread all over the world.
Exploring multiple tax jurisdictions, handling massively more data reporting volumes than FATCA, and adhering to a relatively high number of data validation rules are just a few of these barriers.
Siloed data are the slippery side of compliance
The legacy reporting systems that support the compliance team in regulatory reporting preparation by pulling data from multiple sources to cobble together an excel report that is prone to errors, omissions, and duplication are the bank’s business challenge. Even though the systems are designed for operational drives and objectives, the data contained within the core system in some shape or form that does not fully comply with regulatory reporting with significant data silos.
The reality is that organisations are frequently confronted with multiple systems that do not communicate with one another, as well as multiple data feeds in various formats, resulting in duplication issues. The massive volume of unstructured data presents a new challenge for compliance teams, as it is difficult to derive accurate data and perform data unification with multiple records for the same person.
With increasing pressure from regulators to achieve high-quality standards and a plethora of emerging regulations in both the prudential risk and business conduct arenas, the financial institutions aspired to streamline the existing regulatory reporting process, which was not standardised, and improve the data quality.
Absence of Solid Data Governance Framework
As organisations have customer data distributed across systems, with multiple database technologies, and different and inconsistent formats, financial institutions have been fighting the battle of poorly integrated customer data.
Various implementation approaches to ensure data consistency across platforms in the past have ranged from enforcing strict policies and the approaches have all failed in the face of increasingly distributed information, inadequate middleware infrastructure, and increased operational costs.
Key takeaways for the Late adopters from the Early adopters
Financial institutions are finding it difficult to manage the existing slew of new and impending rules and regulations, forcing them to develop a more consistent and comprehensive view of all the entities with which they do business. Banks should operate with the intense knowledge that more changes are inevitable and that the timeframe for implementing their own CRS reporting functionalities is now extremely short.
Data integrity has often been a daunting task because organisations can’t analyze until they’ve done the integration, and they can’t do the integration until they’ve done the cleansing, deduping, matching, and enriching. The accuracy of matching customer accounts must be significantly improved, and this process can be hampered if the base name and address data are of poor quality.
As a result, a thorough data cleansing and enrichment process are required in advance. The desire to maintain consistent and high-quality data was a top priority for every financial institution, and it was viewed as a competitive advantage. The use of automated validation routines is one approach to achieving the framework that they should be able to see a cohesive, accurate record of the customer’s details across systems.
The first step for entities looking to implement smooth and efficient classification and reporting is to contact a service provider and discuss applicable requirements. Each entity will have distinct requirements.
There will be difficulties, so stay informed…
Today’s critical business development issue is strategic in both the short and long term, and it must be resolved in accordance with the organization’s strategy. They are usually intertwined with an organisational structure or a business process. The current and future tightness that exists between the tactical and planned approaches should not be a source of concern for business. Both must be represented in a strategic plan while remaining realistic in addressing the business’s immediate needs.
A good strategic plan forces everyone out of their comfort zones, methodically challenges their assumptions, and employs an unbiased approach to find the best strategy that supports the organization’s mission and objectives, as well as desired outcomes and metrics for measuring the goals. In most cases and key challenges, identifying and concentrating on business development issues is the best course of action.
Observing the difficulties that SME banks face in re-engineering their operational processes and keeping up with the trends in the regulatory landscape expansion, Macro Global saw an opportunity to provide a compliance platform to assist SME banks in processing reporting requirements with greater agility.
CRS Stride addresses the challenges of efficient regulatory change compliance management through intuitive integration of impacted controls and processes mandated for CRS reporting. Our cloud-based solution is intended to meet CRS compliance obligations in the most cost-effective manner possible, thereby reducing operational impediments. CRS Stride simplifies and lowers the cost of compliance by automating the reporting process and effectively managing data issues via our optimised business rule engine. Data issues are thrown back for easy correction after being validated against the HMRC reporting criteria.
CRS Stride consolidates, validates, and enriches data in real-time, improving data integrity and reporting accuracy. Our solution enables financial institutions to easily unlock value and manage regulatory compliance, allowing them to focus on their core business rather than going around in circles.
If you require advice from our expert team, who understands your industry better than our competitors? If you’re curious about how we transformed businesses by leveraging our unrivalled industry and domain expertise, read on.
Automate your HMRC CRS & FATCA reporting obligations with ease, Utmost accuracy and stress free.
CRS Stride - AEOI / HMRC CRS & FATCA Reporting Solution
Key Practical Aspects of OECD Common Reporting Standard (CRS)
The Common Reporting Standard (CRS), developed in response to a G20 request and approved by the Organization for Economic Cooperation and Development (OECD) Council on 15 July 2014 as a global standard for the Automatic Exchange Of Information (AEOI), requires jurisdictions to obtain information from their financial institutions and exchange that information automatically with other jurisdictions on an annual basis.
The Standard is made up of four major components:
- A model Competent Authority Agreement (CAA) establishes the international legal framework for the automatic exchange of CRS information
- The Common Reporting Standard (CRS)
- Commentaries on the CAA and CRS
- The User Guide for the CRS XML Schema
It applies to all countries that have signed on to the CRS and incorporated it into their domestic legislation. Over a hundred countries have signed on so far, and the list is still growing. As of October 2021, over 4500 bilateral exchange relationships had been activated concerning more than 110 CRS-committed jurisdictions, The list of countries participating in the CRS is available at http://www.oecd.org/tax/automatic-exchange/commitment-and-monitoring-process.
The OECD lists forty-plus “developing” countries that have not yet signed on to CRS. With 196 sovereign countries and non-sovereign territories (such as Anguilla or the Cayman Islands), there are a few jurisdictions that aren’t on either list.
CRS requires Financial Institutions (FIs) located in a CRS-compliant country to identify non-resident clients and report them to their local tax administrations in a CRS-compliant country.
It specifies that financial institutions must report the various types of accounts and taxpayers covered, and the common due diligence procedures that financial institutions must follow. Financial institutions will be required to provide HMRC with information on anyone who owns foreign investments and appears to be a UK resident, such as by having a UK postal address. Certain clients will be required to be notified by financial institutions and certain relevant persons, including professional businesses providing tax advice.
The implementation of automatic information exchange is based on the following actions:
- Account-holders who must declare their tax residence to determine whether or not they are considered “non-residents” via self-certification in the following cases:
- for any new account or subscription of CRS-eligible products for an existing client, provided that this client does not already have a valid self-certification
- for any change in circumstances that has a tax impact.
- Financial institutions that must report annually to their local tax authority on “non-resident” clients’ account balances and financial income paid to them during the year
- The tax authorities of the participating countries should share this information with the tax authorities of the account holders who are the subject of this declaration for tax purposes.
Account holders who didn’t provide the CRS-required information will be reported “undocumented” by their regional tax authorities and will face legal consequences as per local law.
The Common Reporting Standard (CRS) and its Implications for the Financial Services Industry
Financial Institutions must report their income and expenditures to their jurisdiction’s governing body under the CRS, but there are some exceptions. Financial Institutions are defined by the CRS as:
- Custodial Institutions
- Banks
- Asset/Wealth Managers
- Investment Trades
- Investment Entities
- Depository Institutions
What are the challenges faced by the financial institutions in CRS reporting?
Achieving the regulatory compliance mandate is time-dependent and involves operational risk due to manual data scrubbing. Manual validation causes are results in error-prone and require additional investigation from the Regulator prompting questions and enquiries over the operational efficiency of the business and the data which lead to reputational risk.
Further, as the new compliance processes require more granularity around the reportable data, FIs with their legacy operational approach find it hard to produce data that is fully compliant with HMRC FATCA & CRS reporting guidelines.
Identification and Classification of the Reportable Accounts
The existing customer onboarding process involves manual interaction and the data received from the customer during this onboarding process may not be adequate to identify and classify the CRS reportable accounts. Hence the banks and financial institutions must perform exhaustive data cleaning processes to make their customer data fully compliant with HMRC CRS guidelines, which is a time-consuming and tedious process.
Impact on Data Quality due Data Silos
Data quality is one of the main challenges in any regulatory reporting as the legacy technologies or the manual operational approach results in data inaccuracies, data gaps, inconsistent taxonomies & consolidation of entities that affects the accuracy of the CRS reporting and increase the operational risk. Multiple systems are to be integrated to collate and aggregate the data that is required for CRS reporting which is a challenging and complex task considering the IT architecture and the scalability of the financial institutions. Implementing a solid FATCA/CRS solution can save your life.
Compliant to HMRC CRS Reporting Schema
Reportable banks and financial institutions must have improved systems in place to monitor and assess capital-market transactions for potential withholding and reporting. This demands the deployment of a relevant reporting schema to capture additional data, which is a difficult task that requires a comprehensive understanding of CRS & FATCA requirements and the related taxonomy.
Inadequate operational efficiency
Typically, data is distributed across variety of products and geographical data sources. It is critical to synchronise data from various departments to make the necessary decisions concerning account holders. Only a few institutions accomplish error-free reporting by adopting effective FATCA/CRS solutions that address the issue.
Short deadlines and a lack of trained resources
FATCA/CRS regulatory reporting is a comprehensive regulation. Because of the critical tasks and strict deadlines for report submission, employees of reportable institutions may not have complete knowledge of these ever-changing regulations. As a result, banks and financial institutions may seek an external solution to assist in interpreting the regulation and identifying its impact on the business process to file the report on time and without error.
New Amendments in CRS
In 2017, the OECD published a new guidance called “Mandatory Disclosure Rules” for Combating CRS Avoidance Arrangements and Offshore Procedures. It considered,
- Will the additional reporting obligations reduce cross-border tax evasion?
- Preserving the protections offered by legal professional privilege while shifting the reporting obligation to the taxpayer in cases where arrangements are covered by privilege.
Following this, the OECD issued new Model disclosure rules in March 2018, requiring intermediaries such as lawyers, accountants, financial advisors, banks, and other service providers to notify tax authorities of any schemes they put in place for their clients (as promoters or service providers) to avoid reporting under the CRS or to conceal beneficial owners of offshore entities or trusts.
CRS Regulatory Reporting Requirements
From 2017 onwards, Crown Dependencies and Overseas Territories started reporting to their tax authorities.
In the UK, HMRC oversees CRS implementation within each reporting FI located in a country that has recently signed or is planning to sign the CRS soon.
To promote tax transparency, HMRC commits to fulfilling all its CRS obligations following the principles outlined in its Tax Code of Conduct. Below is the key information which should be shared with HRMC:
- Personal identification information, such as name, address, and date of birth;
- Bank account numbers
- End-of-financial-year balances and valuations
- Interest earned
- Earnings from asset sales
The information on remittance basis users will be included in the reports, which is likely to be of particular interest to HMRC.
Individuals with assets in other countries should ensure that their affairs are compliant; if they are, they will have peace of mind. In any case, making a prompted disclosure is preferable to awaiting an HMRC challenge.
Banks are not required to notify their clients that their information may or may not be disclosed to tax authorities in other CRS member countries.
What are major shifts to look out for?
“Tax authorities now have a new and very powerful tool to track and combat tax evasion with the CRS.”
The success of the CRS is determined by how strictly the FIs implement the CRS procedures to procure the correct data which is compliant with OECD guidelines. Its impact will be felt over time once respective governments generate more revenue and tax collection. At the same time, multinational corporations are taking advantage of the CRS to improve their business models and data quality and analytics capabilities.
Internal Procedures and Procedures – Because CRS aims to achieve global tax compliance, it will have an impact on due diligence processes as well as product and entity classification. It will also have an impact on data collection, data quality assessment, and exchange readiness, as well as the implementation of specific reporting procedures. Each jurisdiction will be closely scrutinised to ensure compliance with the law.
Embracing new technologies – Financial institutions are working hard to improve their existing data capture, KYC validation, and due diligence checks while onboarding customers by leveraging innovative technologies such as Artificial Intelligence, Behavioural Biometrics, and Machine Learning.
Digital Customer Onboarding – Banks adopt to Digital customer onboarding process. By aggregating the customers’ data and making the process smoother or even effortless, Digital Customer Onboarding improves the customer experience with intuitive navigation. Digital customer onboarding platforms like Pera provides dependable online identification services that assist banks in quickly verifying customer data and thus expediting customer access to banking products and services.
Privacy – CRS requirements must be included in financial institutions’ data protection terms to explain why CRS collects client data.
Final Thoughts
When tax evasion was discovered by authorities in the past, many authorities lacked the resources to prosecute offenders. Today, however, technology is easing the resource burden by allowing governments to more easily review CRS data provided by foreign counterparts and match it to taxpayers in their own countries.
Financial Institutions are proactive and think and act holistically about tax, onboarding, data, and using technology to automate manual processes are at an advantage. More accurate data and information technologies will help governments pinpoint and reduce tax evasion more effectively.
With end-to-end automation features, our cutting-edge CRS & FATCA reporting solution “CRS Stride” provides an outstanding reporting platform that reduces the Common Reporting Standard reporting headaches for any SME banks or financial institutions.
If you would like to find out more about our CRS Stride and try our product for free with no obligations, click here.
References:
https://www.oecd.org/tax/automatic-exchange/common-reporting-standard/
https://www.societegenerale.com/en/societe-generale-group/ethics-and-compliance/common-reporting-standard-csr
More with us
Try Macro Global's
CRS Stride - HMRC CRS & FATCA Reporting Solution
FACTA/CRS Self Certification – What financial institutions should know?
While opening an account with the bank or during the CRS reporting cycle, banks may send a declaration form something in the name of “Tax Residency Self-Certification Declaration form” or “CRS Entity Self-certification form”. This form is being sent to account holders to certify about themselves to identify their tax resident countries and other related information. This form generally contains the Account Holder’s (i) name, (ii) residence address, (iii) jurisdiction(s) of residence for tax purposes, (iv) tax identifying number for each Reportable Jurisdiction, and (v) date of birth.
Financial institutions are directed to collect and report certain information from their account holders (individual or entities) to the tax authorities. This information will help the financial institutions to classify the reportable accounts whether the account holder needs to be reported under CRS or FATCA.
As per HMRC guidelines, any individual who opens an account must provide a self-certification establishing where the individual is tax resident. If the self-certification demonstrates that the Account Holder is a tax resident of a Reportable Jurisdiction, the Reporting Financial Institution must treat the account as a Reportable Account.
For tax residents outside the UK, HMRC will ask the financial institutions to share this self-certification information along with the account details. This information will be shared with respective tax authorities outside the UK by HMRC.
It is the responsibility of the account holder to ensure that the personal information shared by them is correct and up to date. By completing this form, the account holders ensure that they shared accurate and up-to-date information about their tax residency. Unless there is a change in circumstances that impacts the tax resident status or any information submitted in the form becomes erroneous, the CRS form will remain valid. If any of the personal details change, the account holder must notify the financial institutions within 30 days of any change in circumstances that affects their tax residency status or causes the information held to become inaccurate, and the account holder must provide an updated self-certification and declaration within 90 days of such a change.
Participating jurisdictions are expected to provide information to help taxpayers determine their tax residence(s). After obtaining a self-certification, the Reporting Financial Institution must confirm its reasonableness based on the information obtained in connection with the account opening, including any documentation collected according to AML/KYC procedures (the reasonableness test).
If a Reporting Financial Institution does not know or has reason to believe that a self-certification is incorrect or unreliable, it is considered to have confirmed its reasonableness. When a self-certification fails the reasonableness test, the Reporting Financial Institution is required to obtain either a valid self-certification or a reasonable explanation and documentation, as appropriate, supporting the reasonableness of the self-certification.
The Reporting Financial Institutions will always be held accountable for their reporting and due diligence obligations, including confidentiality and data protection obligations.
Each jurisdiction may permit Reporting Financial Institutions to use service providers to meet their reporting and due diligence requirements. Macro Global is one of such technical service providers in the RegTech & FinTech space delivering the best-in-class products to the financial industries. Macro Global has been consistently recognised for its exceptional outcomes and services around Regulatory Reporting for the past 20 years. Macro Global’s CRS Stride, FATCA & Common Reporting Standard solution features a centralised, fully automated Self-Certification module which includes the entire process cycle of classification, customer communication, correction, and consolidation for CRS and FATCA reporting.
CRS Stride generates a filled-in self-certification declaration form in PDF format from the CRS input data as per the HMRC CRS reporting guidelines. Banks can send the filled-in self-certification form to the account holder’s email inbox from the CRS Stride portal itself in just a single click. The account holders have to send the duly signed-in self-certification form back to the bank. This process is made simple as account holders are no longer needed to reach out bank’s customer service for additional information.
MG’s approach in implementing the CRS FATCA reporting solution is crafted to achieve maximum operational efficacy by easing the data management process to ensure data integrity and CRS report accuracy.
In-built Data Correction feature in the CRS Stride reporting solution enables to rectify inaccuracies and redundancies in source data to append/enrich for more complete and accurate reporting on our platform.
Our Tax Experts will do Assurance validation, providing peace of mind that the data is in a good shape with high accuracy and compliance before submitting to HMRC.
CRS Stride – FATCA & CRS Reporting software is available to you from the moment an amendment is published by HMRC to implement control mechanisms and audit-proofing.
Looking for a fully automated CRS FATCA reporting solution? Try CRS Stride today and see how it can power up your CRS FATCA Reporting program!
More with us
Try Macro Global's
CRS Stride - HMRC CRS & FATCA Reporting Solution
Automatic exchange of information (AEOI) for Tax Transparency
Over the years, offshore banking has been considered as the safest method of evading local taxes. Thanks to globalisation and the seamless connectivity between financial institutions, regulatory bodies and other governing authorities, offshore banking have become more transparent, allowing AEOI regimes to gain control over their taxable finances held in offshore banks.
AEOI promotes the exchange of information on income-generating assets between tax authorities in jurisdictions where those assets may be subject to a tax claim.
The key goal of implementing the AEOI regulations is to improve tax compliance around the world and to avoid tax evasions.
What are the Global Standards on Automatic Exchange of Information?
The Common Reporting Standard (CRS) and Foreign Account Tax Compliance Act (FATCA), are the global standards for Automatic Exchange of Information (AEOI) on bank accounts across reporting jurisdictions to prevent offshore tax evasion, is one such globalisation initiative.
To maintain the integrity of their taxation systems, the reporting jurisdictions exchange AEOI reports once a year “automatically”. Banks and other financial institutions are required to communicate information on non-resident customers’ financial accounts with the tax authorities in their countries of business.
These regulations are intended to ensure that taxpayers correctly disclose all income and assets held in offshore accounts on their tax returns. They enable tax authorities to identify individuals who do not correctly disclose all income by comparing information shared by tax authorities to tax returns. Non-disclosure of this nature is referred to as (offshore) tax evasion.
Foreign Account Tax Compliance Act (FATCA)
The Foreign Account Tax Compliance Act (FATCA) is a part of US legislation aimed at preventing and detecting offshore tax evasion by US citizens (US citizens, US tax residents or US legal entities). FATCA went into effect on July 1, 2014.
Foreign governments around the world have agreed to comply with the legislation and have signed FATCA into local law by implementing bilateral agreements called Inter-Governmental Agreements with the United States (IGA).
FATCA makes it easier for the financial institutions in participating nations to exchange information about US citizens. This scheme has been adopted by all major jurisdictions in some form or another. Financial institutions outside of the United States are required to provide the local tax authority with information on each account owned by a US citizen, including the greatest balance on the account in each year and the income and gains earned by the account.
Common Reporting Standard (CRS)
CRS was created to increase global transparency in tax matters. It requires financial institutions (FIs) to identify accounts held directly or indirectly by individuals who are not tax residents in the country where their account is opened.
If the FI is in a CRS Participating Jurisdiction and the person opening the account is a tax resident of another CRS Participating Jurisdiction, the FI will report the account details to their local tax authority.
What is the difference between CRS & FATCA?
FATCA requires financial institutions to identify and report offshore accounts held directly or indirectly by reportable US citizens. CRS involves over 100 countries that require information on their tax citizens to be collected and reported.
The other significant difference between the two is the choosing of a reportable private individual. CRS investigates tax residency, which is generally established by a person’s permanent residence, whereas FATCA investigates tax residency and citizenship, which includes those who do not reside in the United States.
What Financial Institutions should do to comply with FATCA & CRS compliance?
FATCA & CRS compliance regulations insist the global financial institutions to identify customers who have accounts, directly or indirectly, in countries where they are not tax residents. Customers are asked to complete a document known as a ‘self-certificate’ by financial institutions.
Financial institutions are required to submit certain information provided by account holders to their local tax authority, which will forward it to the tax authority of the nation where any reportable persons associated with the account are designated as tax residents.
MG’s approach in implementing CRS & FATCA Reporting solution
MG has been consistently recognised for its exceptional outcomes and services around Regulatory Reporting for the past 20 years. MG’s approach in implementing a common reporting standard solution is meant to maximise operational efficacy by simplifying the process of combining, validating, and enriching data to ensure data integrity and CRS report correctness. We start from Gap analysis, provide advice on implementing the strong data governance framework to rectify all the data related issues and make the data fully compliant with AEOI guidelines.
Pls refer to our CRS Stride – AEOI / HMRC CRS & FATCA Reporting Solution landing page to know more about our product capabilities.
More with us
Try Macro Global's
CRS Stride - HMRC CRS & FATCA Reporting Solution
Open Banking: Pushing the banks into new innovative water post COVID-19
The importance of digitalization for banks and financial institutions cannot be overstated. Even before COVID-19, when customer contacts could take place in branch offices and in-person settings, the sector was wrestling with the necessity to fulfill the digital expectations of a changing market. The events of 2020, as well as our reliance on digital interactions and banking self-service, have only served to highlight the need and necessity for banks to become more digital.
Consumers aren’t the only ones who stand to benefit. The shift towards Open Banking has resulted in the emergence of hundreds of new fintech platforms and solutions that are pushing the boundaries of innovation and economic development in their countries. Together, they are forming a new ecosystem for small, medium, and big enterprises that can gain directly from connecting to financial institutions via APIs, or harness the ecosystem between banks, fintech, and consumers to adapt their commercial services to their clients.
As banks map their path to digitization, open banking is developing as a competency that institutions will need to tackle to remain competitive and keep up with an increasingly digital economy.
As a result, there has been a surge in consumer-facing finance innovation using the mandatory API standard. The use of third-party fintech apps for personal money management exploded during COVID-19 in the UK, where open banking has taken off the fastest, with 20% of all UK people utilising FinTech platforms.
According to the same poll, the use of Fintech platforms among young individuals increased to 50% during the pandemic. In the United States, Visa and Mastercard are working quickly to integrate FinTechs onto their platforms to enable open banking and build a network-agnostic payment technology system.
More broadly, open banking will make it easier for retail and business clients to choose from a broader range of goods and services, as well as consolidate ties to adjacent accounts and programmes. This connectivity has the potential to significantly benefit bank clients by allowing them to more easily share information with financial advisors, accelerate loans, decrease costs, and secure data transfer.
Banks who do not embrace open banking, in our opinion, will not only limit their ability to connect with clients in meaningful ways but will also limit their opportunity to remain at the forefront of innovation. Instead of being caught off guard by UK legislation or losing a competitive position in an emerging market, banks should begin planning their strategy and investing in the infrastructure required to fully exploit open banking.
To discover more on how Macro Global can help you to monitor, manage and mitigate the above challenges, please reach us out on salesdesk@macroglobal.co.uk (or) +44 0204 574 2433.
Leveraging the Open Banking as a Strategic Plan for Banks
“Adapting open banking Not only from a compliance perspective, leveraging the OB as a strategic plan for banks for their growth.”
Open banking has significantly grown over the years in the financial services sector due to the dynamics of financial technology. With the integration of customer banking information and application programming interfaces, a bionetwork is created that is conducive to generating effective business processes for the growth of these entities, which includes efficiency in transactional processing systems.
The Transactional processing system is not limited to monetary transactions, but on a broader spectrum, it entails a system of collection, storage, modification, and retrieval of data transactions of a given entity. This in entirety signifies a strategic roadmap for growth in the banking sector as it leverages the data for further complex financial modeling for banking growth in a number of ways. This notwithstanding, open banking ensures sound compliance with regard to technological regulations within this dynamic space.
To drive this point home, I bring into perspective TAVAS, a Payment Service Directive 2 (PSD2) solution, which is an open banking product suite that has made a significant impact on the strategic planning for banking growth in a myriad of ways.
To begin with, TAVAS has integrated customizable application programming interfaces that have been effective in fostering customer service experience and engagement. A good online customer experience may improve the entire customer journey and is a critical differentiator for practically any organization. This can only be done by third-party companies who assist merchants in realizing their full potential.
Centralization of services is another key contribution of TAVAS to open banking. This has come about in a number of facets, the key being seamless onboarding that is so streamlined for online service sign ups, coupled with cutting-edge technology that facilitates efficient account information services, payment initiation services, and confirmation of fund services. These pretty much enhance robust customer centricity.
TAVAS has firmly taken into account the aspect of regulation technology on open banking, as RegTech is what seems to seal financial technology. This has been done by taking into account the security of the online platforms as a means of curbing potential threats from such aspects as cybercrimes and other unauthorized access to these effective platforms. These products and suits are highly secure and safe with full compliance with regulatory technical standards. Secure access to these application programming interfaces gives customers confidence in operating these systems.
RegTech and fintech are ideal ways to leverage open banking for strategic growth in this technologically dynamic era.
To discover more on how Macro Global can help you to monitor, manage and mitigate the above challenges, please reach us out on salesdesk@macroglobal.co.uk (or) +44 0204 574 2433.
Explained: What is Open Banking and PSD2?
What is Open Banking?
Open Banking, a concept of democratising the customer data fastened with the banks, stimulates an increased competition within the financial services market by bringing more innovation to the quality of the products and services delivered to the customers. Open Banking requires the banks to expose their data in a secure, standardised format, allowing information to be exchanged more freely online between authorised organisations.
This data comprises some simple facts, such as branch locations and specific details about banking products. It enables the customers to easily discover banks that provide disabled access, or to compare the features of various personal and corporate accounts to get the best price. The more significant release concerns the data contained in transactions. Banks have a definitive record of everything we spend, lend, and borrow. Open Banking allows this valuable information to be shared with third companies, who can then utilise it to develop new products.
How does Open Banking work?
Open banking can help businesses accept online payments from customers, speed up new customer onboarding, and provide value-added services to customers. Open Banking enables users to grant secure access to their bank account so that their financial information such as earnings and expenses can be used to provide them with value added services such as budgeting advice or recommendations for other financial products, they may be eligible for. It can help the customers to manage their money in a variety of ways and make secure payments more easily than traditional online banking. Also, it brings new business opportunities to the banks and create a healthy competition in the marketplace in delivering the better customer experience. Open banking can help businesses cut costs, reduce risk, and improve the customer experience. Currently more than 3 million people started using open banking apps and we expect an exponential growth in the usage of open banking by 2023.
Adapting open banking Not only from a compliance perspective, leveraging the OB as a strategic plan for banks for their growth
The Open banking wave provides a new revenue opportunity by creating improved experiences, frictionless banking journeys and customised services that help them to stay ahead of the competition by opening up the shutters for collaboration with innovative fintech firms.
Banks unlock the promise of open banking by revisiting their existing customer authentication and consent management mechanism enabling the safe and secure exchange of data and services for customers. Banks adopting open banking can monetise their infrastructure by exposing different APIs to a wider range of fintech and other financial institutions that will be mutually benefitted from connecting these APIs for building their service offerings.
What is PSD2 in Open Banking?
Open banking differs by country, but in general, it entails banks or financial institutions revealing their financial data to third-party providers via open Application Programming Interfaces (APIs). The scope and format of that data vary and are frequently determined by a country’s specific regulations and implementation standards. In the United Kingdom, open banking began in 2018 with regulations allowing nine of the country’s major banks to implement standards for enabling secure access to customer data. This was accompanied by EU Regulations (PSD2) requiring all banking institutions and payment service providers (PSPs) to grant authorised service providers access to their customers’ financial data with their customers’ consent.
Through Open Data APIs, banks grant access to their financial data available in the UK in a secure, standardised manner. This makes it easier for businesses to use data to create consumer-friendly services. Third Party Providers (TPPs) are companies that use open banking data and should be controlled by the Financial Conduct Authority in the United Kingdom (FCA).
PSD2 (Payment Services Directive Two) is European Union legislation that came into force in January 2016, with a deadline of January 2018 for its incorporation into national legislation. PSD2 is governed by the Financial Conduct Authority (FCA) in the United Kingdom.
PSD2 is designed to make open banking possible and secure by:
- Using multi-factor authentication, we can enforce greater security standards for online transactions (MFA).
- Making it mandatory for banks and other financial institutions to allow account holders to offer third-party applications access to their account and payment data.
PSD2 is a statutory necessity for all payment service providers (PSP) in Europe. It requires banks and all payment providers to open up their data to third-party providers if an account holder consents. It also mandates banks to utilise strong customer authentication (SCA) to improve payment security and reduce fraud.
Open Banking is also a component of the second Payment Services Directive (PSD2). Sometimes these two are confused: Open Banking is essentially the UK version of PSD2. The distinction is that, whereas PSD2 mandates banks to make their data available to third parties, Open Banking requires them to do so in a standard way.
Integrate with TPPs to deliver customer-centric services in the competitive world
Open Banking provides the customers with more ways of managing their money, lending, and making payments. It has also created a plethora of chances for financial innovation.
Open Banking has obliged banks to give customers more control over their financial data by letting them connect their data to other regulated providers, such as a third-party financial management application that can display their transaction data and balances in one location.
Accessing customer bank accounts through a single integrated platform along with open APIs play a vital role within the banking ecosystem interfacing between the banks, third-party providers (TPPs) and payment service users (PSUs). Customers with their consent can leverage the benefits of open banking by securely exposing their data to any of the trusted third-party providers to avail of bespoke financial products and services.
By adopting Open Banking, the TPPs (e.g., Account and Payment Aggregators) offer predominant customer-centric services with enhanced agility accelerated upon obtaining the user’s consent to access their bank accounts.
Benefits of Open Banking for consumers
Open Banking simplifies the consumer’s life by consolidating all their financial information into a single app, allowing them to manage their finances more easily. This may assist consumers in budgeting more effectively and saving money. For example, such apps may help them see their overall financial picture and identify areas where they are overpaying for a utility bill, credit card, or overdraft.
Open Banking enables secure faster payments in the most convenient way. Open banking payments are faster than traditional online payments, especially on mobile. It doesn’t require any credit card details and no need to log in to bank account. Consumers can simply choose the bank from the list shown on the screen and make the payment securely after fingerprint or face ID verification. This can be done in few seconds and the receiver gets the money immediately. It’s as simple as using a contactless credit card in person, and it’s protected by bank-grade security.
Through Third Party Providers apps, consumers can generate their financial statements for rental agreements, mortgages, loans, and investments. Regulated companies can use open banking with consumer’s consent to get an overview of their income and expenses, for example, to make a quick decision on loan or rental application. Also, it is not required to upload or print any bank statements as the consumers can directly give access to certain services to the financial institutions through the apps more quickly you can sign up for certain services and apps more quickly.
Benefits of Open Banking for Businesses
Open Banking facilitates online accounting by providing safe and secure access to the financial records. It can even assist in classifying business expenses for tax and accounting purposes.
It can make it easier to obtain capital. Potential lenders can use open banking with the consent to gain an overview of the business finances to make a quick decision on loan application.
Open Banking enables online payments at low transaction fees and reduce fraudulent transactions and increase the conversions. Any business that transacts online can use open banking can accept instant bank payments without the use of card networks.
It can assist you in accelerating customer onboarding. If you need to collect financial information from your customers at signup, such as proof of income or bank account ownership for a payment, open banking can assist you in doing so in a secure, automated manner.
Macro Global offers 40+ compelling use cases for businesses around open banking. Pls reach out to us to explore more.
Open Banking APIs Endpoints
Open Banking relies extensively on the use of Application Programming Interfaces (API) to securely share customer data among banks, as well as allow third-party providers (TPPs, e.g, Account and Payment Aggregators) to access the bank’s technology environment to build innovative applications and services.
Banks expose the Account Information Services (AIS) and Payment Information Services (PIS) through various API endpoints.
Account Information Services (AIS) through which the bank account-related information of the user such as account holder name, account type, account balance, account statement, etc. are displayed within the TPP application.
Payment Initiation Services (PIS) through which the users can initiate a payment to the different beneficiaries from their multiple bank accounts through the TPP’s application without accessing their dedicated online banking applications.
Some of the AIS & PIS data endpoints are set to be mandatory in the Open Banking Framework (example: accounts, balances, transactions) which means these data should be exposed by banks through specific API endpoints.
There are some data endpoints (example: supplementary account info, offers, events subscription) which are optional hence banks can decide whether to expose or hide these data. Optional APIs can be integrated subject to the bank’s requirements.
Conditional APIs are the data endpoints that should be exposed if the banks have certain services available in their net banking environment. (example: beneficiary data, future payments, standing orders). These data endpoints are exposed only if the bank offers these services.
Note these mandatory, conditional & optional APIs for all the TPPs vary for each country subject to their local Open Banking Framework and regulations.
Adoption of Open Banking in the UK and Europe
The efficacy of Open Banking has always been dependent on the large financial services providers, who ultimately control the data. It was dependent on them allowing third-party providers to use their Open APIs, as well as assisting in the promotion of the new options and benefits to consumers. Is this what happened?
It appears so, despite lethargic beginnings marked by a lack of customer awareness and traditional institutions that were hesitant to get the system up and running. And, with the collapse of conventional banks and the advent of challenger banks that have organically connected with fintech, Open Banking has been a stimulus for the expansion of fintech in Europe.
Open Banking in the global perspective
Open banking has already emerged in various countries having different regulations but open banking as a concept goes well beyond the regulatory environment and is applicable globally to uplift the existing landscape of the financial industry.
Countries like UAE, Saudi Arabia and Qatar are driven by the market where the third-party providers and banks are allowed to develop their API platforms as they are conscious of the strategic importance of Open Banking to attract new customers and to gain a competitive advantage.
Countries like the UK, Bahrain, Egypt and Kuwait are driven by the regional regulations where the APIs are developed as per the government specifications and sharing of data between entities is controlled & monitored by the government. These regulator-driven countries should perceive open banking as a chance to promote innovation in their financial services rather than a compliance burden as it embraces a more inclusive financial culture and brings all categories of individuals and businesses into an ecosystem where they can further integrate and flourish as a broader economy.
Is Open Banking safe?
Security is the most important concern in Open Banking for all the parties involved. Would it render banking data exposed to attack? Can consumers put their trust in new fintech providers?
So far, no PSD2-related cyber incidents have occurred, however, the Financial Conduct Authority is probing opaque marketing and data used by some digital companies, particularly considering GDPR, which went into effect this year.
Open banking has lowered the risk to customer data by reducing the popularity of scraping, the original method used by many fintech businesses to acquire users’ account information. In addition, AISPs and PISPs must be registered, licenced, insured, and controlled under PSD2.
The ultimate responsibility is on third-party providers (TPPs) to protect their infrastructure from cyber-attacks, while banks are concerned with limiting fraud risk because they are the first party accountable for unauthorised financial transactions from a customer’s bank account. Therefore, banks should invest in a diverse set of analytical technologies to validate authorized customers and spot threats.
Insurance security also has been improved, as PSD2 regulations mandate PISPs and AISPs to have a specified type and degree of technology-based professional indemnity and cyber insurance. One of the reasons this is critical for fintech is that if a third-party provider is breached, it is required to repair the situation and restore any money to the customer via their bank within 72 hours. This can be covered by PSD2 insurance.
To discover more on how Macro Global can help you to monitor, manage and mitigate the above challenges, please visit Tavas – Open Banking Product Suite and Solutions.
