The breadth and complexity of Open Banking systems involve a web of players interconnected by the core need to access data. “Outside the realms of PSD2, GDPR still applies, which defines exactly how responsibilities are assigned to or shared between data controllers and data processors. “PSD2 provides a lawful basis on which TPPs and tech suppliers can come into possession of personal data, which in some cases means they also become data controllers in respect of that same set of data held by financial institutions and will be separately responsible for compliance with GDPR. The burden of proof lies with the TPP to show that it was not responsible.” “Banks are focusing on whether their existing insurance policies actually cover them for cyber risk. Given this reality, FIs spare no expense in carrying out rigorous in-house security processes. Once authorised by regulators, third parties have a right to access data held by FIs. The risks of data breach aren’t just reputational, Khurana expands that “although we haven’t quite seen it in the FS space yet, everyone is quite concerned about the size of the fines which have been dealt out for GDPR breach.” The opt-in opt-out characteristic of Open Banking means that a consumer is entitled to request that their details be forgotten, however, the ability for this to occur naturally means that an institution must have control over that act of ‘forgetting’.
The success of open banking will ultimately depend on the difference it makes to customers. It’s one thing for people to be able to see all of their various account balances in one place. It will take something more to influence customer loyalty. But if banks can build on this facility, they could set themselves apart in the market and develop new revenue streams, by providing richer datasets to third parties which they can charge for. Most financial institutions have settled for a rudimentary pipeline to allow other banks and third parties access to very basic customer account data, which they are duty-bound to do by PSD2 (the Second Payment Services Directive). The danger now is that next movers, including financial services innovators outside Europe, will step into the breach. This is especially true at a stage when third parties are willing to pay for superior functionality and the ability to roll out their own superior experiences.
The Payment Services Directive 2 (PSD2) is the implementation of an EU directive that ensures the further standardization of the payments system in the European Union. The PSD2 Marketplace connects consumers and businesses to relevant PSD2 solutions in the market, and therefore fulfills a matchmaking role.