ETPPA publishes its “Open Finance Manifesto”, advocates a simple framework based 5 core principles
The European Third Party Providers Association (ETPPA) launched its Open Finance Manifesto, on March 15th, in Brussels and in the presence of the European Commission’s Directorate General for Financial Stability, Financial Services and Capital Markets Union.
The manifesto starts with the concept of “opening up”. The authors explain that “payments was the first area to be opened up with PSD2 in Europe, followed by similar developments around the world. Then comes Open Banking (opening up also non-payment accounts), Open Finance (including all financial services) towards the goal of OpenX where all services in all industries are being opened up”.
Moreover, they highlight that, of course, it has to be done in a secure way that respects the privacy of the data owner and further rights of all: “the success of the open economy relies on strong consumer trust and consumer demand for innovative financial services”.
Therefore, and to make the development of the upcoming Open Finance Framework a success, ETPPA advocates for a simple framework that focuses on five core principles. Also, the following stipulations could, according to the experts, build the basis of an efficient framework (and even be applicable and extended to Open Data more generally):
- Data owners (both natural persons and legal entities) shall get free access to their data at any time, i.e. data holders must provide an online or mobile customer interface for that purpose
- Data owners shall be allowed to automate that access by using software or TPP services
This manifesto is the result of extensive consultation with industry experts, distinguished members of academia and ETPPA’s members.
#1 Proportionate horizontal regulation
ETPPA proposes a principle-based framework focusing on real security issues and only mandating data holders and TPPs to adhere to suitable security standards and use qualified eIDAS certificates for identification and to interact with each other.
Players that are not licensed to date could still be able to enter, following a suitable registration procedure adapted to such activities. ETPPA therefore does not recommend making Open Finance a licensable activity, as it “would significantly reduce its potential for innovation and competition”.
Back to security principle, the association advocates the extension of some of the PSD security principles, such as the need for an initial Strong Customer Authentication (SCA) for granting account access to TPPs, as well as eIDAS-based identification of such TPPs acting on behalf of customers.
“Any heavy regulation or licensing requirements would act as a disproportionate barrier to innovation”
#2 Customer centricity
As highlighted by the ETPPA, the Open Finance Framework should rather be customer centric than lead by the industry, and therefore “allow consumers and business to use their data as they see fit to access a broader range of products and services”.
In this respect, the OFF should be based on the fact that data – whether it is supplied by, or created on behalf of financial services customers – is fully controlled and accessible by those customers. At all times.
Also, it advocates that GDPR principles, such as requiring a lawful ground for data processing, must be extended to non-personal data. Finally, ETPPA is in favor of the EU and/or National Competent Authorities (NCA) intervening if data holders (banks, insurance companies, etc.) were to discourage the use of TPPs.
#3 Technology neutral
As written in the manifesto, “any non-neutrality will lead to innovation restrictions and given the accelerating speed of technology advancements, which regulatory review cycles cannot keep pace with, this could have disastrous consequences”.
The authors recommend staying as technology neutral as possible, as it would make sure that companies are not falling behind the rest of the world: for instance, it could be pretty restrictive to map certain services to backend APIs as they might only be consumable via the provided customer interfaces.
Moreover, OFF also must guarantee the continuation of existing Open Finance services by existing TPPs: “these should set the minimum standard”. In other words, the upcoming framework should not create new barriers or unreasonable detriments for TPPs already providing services.
#4 APIs first, but not APIs only
One of the core principles of PSD2 was that of non-discrimination: “if the customer can access data and/or initiate payments in an online channel when interacting directly with the bank, he should be able to do the same when interacting with a TPP”. The experts go on: “from a technology perspective, the closer the channel provided by the data holder to the TPP is to the channel provided by the data holder directly to the customer, the better”.
Today, most financial service providers also have internal application programming interfaces (APIs) to have their own services delivered and notably when their mobile app interacts with their core banking platform. In this respect, the basis for the best interface to communicate with TPPs would be similar to the one banks use when communicating with mobile apps.
#5 Level playing field between Open Finance & Open Data
Looking at the future, the authors of the manifesto highlight that “Open Finance (data beyond payment accounts, meaning insurance, pension, etc.) and Open Data (transport, utilities, health and more) should follow the same principles”.
They also shared their definition of “observed data”: it is data which, a) has been provided by the data subject either directly or by virtue of the use of the service or the device, b) any data derived from that, and c) any data voluntarily disclosed by the data holder.
Observed that would therefore encompass:
- Any data related to an individual customer (either consumer of business),
- Any data generated by services pertaining to the customer, for instance data derived from transaction or interactions
- Any other miscellaneous data available through the customer interface, e.g., interest dates.
Source: ETPPA