The key to Open Finance: earning and leveraging Trust in an open world – Part I
Tech innovation and regulation – and obviously Open Finance – are disrupting the financial services industry. With legacy institutions still owning the trust of consumers, how can Fintechs and other new entrants convince consumers and partners to pick and use their services? At LUXHUB, we’ve been advocating collaborative innovation since our very inception, as well as the notion of trust. It is key for Open Finance to skyrocket and enable legacy and new players to provide unique and secure experiences to their end customers.
Trust in the Open Finance & digital age
As defined in the renowned Merriam-Webster dictionary, trust is all about “assured reliance on the character, ability, strength, or truth of someone or something”. Ever since the creation of financial and banking services, whenever that was – 2000 BCE or in the Middle-Age –, trust has been a key enabler of such monetary exchanges and successful business relationships.
In the digital age, with the growing number of cyberattacks on the one hand, and the entry of new players that provide banking-like services, this notion is more important than ever. And in a world that pushes and promotes more openness – Open Banking, Open Finance, Open Innovation, or simply “Open X” – several questions are instantly raised when eyeing a new relation with a financial institution: what about the security of your systems? How to make sure that your organization is respecting all security industry standards? Etc.
The European commission defines Open Finance as “third-party service providers’ access to (business and consumer) customer data held by financial sector intermediaries and other data holders for the purposes of providing a wide range of financial and information services”. With data being at the center of the concept, it makes sense to include the concept of trust, especially for companies outside of the highly regulated finance environment and willing to convince new customers to use their innovative services.
Protecting consumers and companies…
Open Finance therefore means dealing with sensitive financial data – IBAN, bank account number, etc. – but also with data used beyond the scope of PSD2. For instance, those could consist in insurance policies, utilities bills, taxes, pension funds, and many others. If customers are willing to allow the transfer of such data to benefit from innovative and user-friendly solutions, cyber attackers are also on the look up and are launching sophisticated attacks.
Proof is that many robust industry experts and solid companies have reported important security breaches that can lead to dramatic costs for both the corporation and its customers.
For instance, a stock exchange had to shut down operations in 2020 following an extended DDoS (distributed denial of service) attack on a network provider. A mortgage lender was hit by cybercriminals which resulted in a data breach and an unauthorized party accessing its server and stealing private data pertaining to 15,000+ customers. Earlier this year, a major cryptocurrency player suffered a cyber attack that led to unauthorized withdrawals of bitcoin and Ether worth more than tens of millions of dollars and affected almost 500 user accounts.
…in the era of Open X
These attacks that occur all over the world and impact financial institutions over all 5 continents are one of the main focus areas of governments and institutions. In Europe, the European commission has been active in this domain for years: PSD2 was created in order to create a competitive payment ecosystem in Europe but also to better protect consumers. GDPR goes in the same direction, putting citizens and their privacy at the very center. The eIDAS (electronic Identification, Authentication and Trust Services) regulation also aims at increasing the level of security of transactions for businesses and offers many other benefits.
Discussions around a PSD3 regulation have already started, with the European Commission launching consultations and asking for feedback from players in order to potentially re-work and adjust the directive to better suit the needs of companies and their end-users. This means additional regulation to adapt to, but also more opportunities for players active in the financial services industry and even outside, with companies starting to integrate finance-like services within their apps and websites.
Other geographies are also surfing the Open Banking/Finance wave, expressed in different ways. Different policies/initiatives have emerged over the years, sometimes led by:
- direct regulatory requirements (such a PSD2 in Europe, the Open Banking Implementation Entity or OBIE in the UK, Australia with its Consumer Data Right, etc.),
- market coordination (an organic approach in Japan, with local banks and Fintechs experimenting with APIs to build partnerships and a robust ecosystem),
- guidance (the Monetary Authority of Singapore and its financial industry API register which serves as the initial landing site for Open APIs available in Singapore),
- and also by the industry itself (New Zealand and also Switzerland, with the Open Wealth initiative).
Moreover, local regulators are enforcing additional rules and legislations to ensure the protection of consumers and data protection, as well as smoother and more innovative services. In Luxembourg, the CSSF (standing for Commission de Surveillance du Secteur Financier) published Circular 20/747, which imposes an API approach concerning the Central Electronic Data Retrieval System. As explained by the local regulator, “obligated entities shall put at the disposal of the CSSF a data file every calendar day to which the CSSF will have access. In order to identify towards the CSSF and make the data file available, these entities must implement an API”.