Open finance: the act of sharing financial data with third party service providers
In 2020, a survey on Open Finance was conducted by the Financial Sector Conduct Authority (“the FSCA”) in South Africa. The purpose of the survey was to gain insight into Open Finance in the local market and to assess the risks and benefits associated with Open Finance. Following the survey, the Consultation and Research Paper on Open Finance was published by the FSCA in December 2020, indicating the FSCA’s preliminary policy position on Open Finance.
We consider Open Finance in South Africa and the potential inclusion of Open Finance regulatory provisions in the Conduct of Financial Institutions Bill (“the COFI Bill”).
What is Open Finance?
When financial consumers enter information onto platforms used by financial service providers, they entrust these providers with vast amounts of personal financial information. Open Finance seeks to leverage off these platforms by encouraging consumers to consent to the use of this data by third party providers. By gaining authorized access to this financial data, licensed third parties can create and offer innovative, personalised products and services to consumers in an ethical and secure way.
Open Finance includes data sharing by insurers, intermediaries, credit providers and investment and pension funds.
Various technologies have been developed to facilitate Open Finance. We briefly consider some of these key enabling technologies:
- Application Programming Interface (API)
At an elementary level, an API is a set of programming code that allows one piece of software to request information from or send information to another piece of software. The code also contains the terms of the data exchange. Using the internet, APIs enable consumers to share data created on the systems of financial service providers with third party providers.
- Screen Scraping
Screen Scraping is a technique whereby a computer program extracts targeted data from human-readable output from another program. This extraction may be without the permission of the data owner and is considered a more basic technique when no other mechanism for data interchange, such as API, is available. An example of screen scraping in action is where insurance companies rely on data taken from open sources for fraud prevention and claims management.
- Machine Learning
Machine learning is the process whereby computer programs improve automatically through experience with limited or no human intervention. Financial services data is an input in the process to improve the program. Mathematical models are built by machine learning programs based on sample financial data. Machine learning is used throughout the insurance value chain, including advising customers, underwriting, processing claims and preventing fraud.
- Cloud Computing
Cloud computing refers to on-demand, outsourced computing services such as servers, storage, software, databases and intelligence. Outsourced infrastructure eliminates administrative and management issues and is reliable and easily accessible. Cloud Computing is considered an enabling technology to build new capabilities and services required to perform Open Finance tasks.
Key Use Cases
In its survey, the FSCA identified several key-use cases, each of them grounded in the principles of Open Finance. Open Finance is expected to offer consumers more effective and efficient processes to carry out underwriting and risk profiling, account aggregation, credit scoring, financial planning and payment methods.
We take a closer look below at the impact that Open Finance has already had on some of these processes:
An innovative online payments company, OZOW iPay, provides consumers with payment services such as instant EFTs and online transactions as an alternative to cards and manual EFT payments. The payment solution allows consumers to make payments from their bank account directly to the retailer, and the retailer and bank are in turn notified of the payment.
- Account Aggregation
Moneyhub, an app launched in 2013, provides financial management solutions to consumers by consolidating a consumer’s financial data such as bank accounts, investments, property and pension accounts and credit information, and displaying it on a single platform.
- Alternative lending
Credit Kudos uses Open Finance data to provide financial institutions with accurate and transparent information of an individual’s creditworthiness. Using APIs, the platform requests consent from a consumer and retrieves the financial data of the consumer in a format appropriate for lenders, brokers and banks to determine the consumer’s credit score.
Underwritten by AXA, Anorak provides professional, personalised advice to consumers on life insurance. Anorak uses API’s to link to banking platforms, e-commerce platforms and investment financial service provider data to perform needs analyses and product comparisons. One of the end results is a personalised recommendation of a life insurance product based on a consumer’s needs.
- Financial Management Tools
22seven is an Old Mutual budgeting and investing app where consumers can link different accounts to understand better their budgeting constraints and make investment decisions. The app integrates over 100 financial institutions on the platform to provide consumers with a single, consolidated view of their financial position.
Open Finance is not without risks. The three main concerns linked to Open Finance relate to data privacy, data misuse and cybersecurity risks.
Additionally, in an environment with a poor record of financial inclusion, low levels of digital literacy and low levels of consumer education, another key concern relates to the adoption of Open Finance by consumers.
The FSCA has proposed five recommendations for Licensing, Supervision and Enforcement procedures to regulate Open Finance and to mitigate some of the risks related to Open Finance. The purpose of the recommendations is to provide a foundation for the introduction of the regulation of Open Finance in the next draft of the COFI Bill.
- Consent and Customer Protection
Informed consent should be obtained from consumers prior to the sharing of data with third party providers. Consumers must be informed of the manner in which the data will be used to serve their needs, and consumers should have means of halting the sharing of their data (“the right to be forgotten”). To achieve informed consent, an informed disclosure framework should be established between the consumer, financial service provider and third party provider. Consumers should also understand how their financial data is being collected, shared and used, and consumer education and digital literacy should be considered throughout the process.
- Dispute Mechanisms
Dispute resolution mechanisms should be available to all stakeholders involved in Open Finance to avoid lengthy, costly disputes. To this end, a complaints management process must be established by financial service providers and third party providers.
Open APIs should be the standard mechanism to enable data sharing for Open Finance. API standards should be set to guarantee efficiency, interoperability and usability for participants, and to reduce market entry barriers.
- Commercial Models
The FSCA recommends that financial service providers share consumers’ financial data with third party providers without charging a fee. Value-added services such as analytics and data insights may be charged for at the discretion of the financial service provider.
- Protection of Data
In order to address the key concerns around data privacy and data misuse without consent, a liability framework should be introduced to hold financial service providers and third party providers accountable. The framework should align with chapter 11 (“Offences, Penalties and Administrative Fines”) of the Protection of Personal Information Act, 4 of 2013 (“POPIA”). Reasonable steps should be taken by financial service providers and third party providers to prevent data breaches and misuse. In addition to the liability framework, a data ethics framework should be introduced to prevent unfair discrimination of consumers through data algorithms. This framework should also align with POPIA.
The recommendations are intended to open the doors to the regulation of Open Finance in the next iteration of the COFI Bill. The FSCA envisages compulsory licensing of third party providers which intend retrieving and using financial data to develop innovative, personalised products and services. Supervision and enforcement measures must be developed and provided for in the COFI Bill to ensure that financial service providers and third party providers comply with the Open Finance regulations.
To this end, during the course of 2021, the FSCA plans to publish a formal position paper and a proposed Open Finance framework to be incorporated into the COFI Bill.