Open Banking Concept

More documents

Recommendations

Info

Creating an Open Banking Framework for Canada Which types of users are covered (i.e., personal vs. commercial)? For each type of user, there exists a tradeoff between implementation cost and complexity, and value to consumers. Currently, different users are afforded different levels of service: retail (i.e., personal) account holders receive largely off-the-shelf products and services, while large corporate account holders are already provided with some of the benefits that new solutions under Open Banking would support (e.g., personalized cash flow management and advice), and SMEs receive a mix of off-theshelf and easily customized offerings, as befits their position between retail and large corporate customers. Timeline: The framework should be designed to stage out the functions and types of users in scope over time. The introduction of every additional function and/or type of users adds complexity to the framework, both for data generators (in terms of implementation) and for governance (as the number of institutions in scope would increase). As a result, staging the implementation will ensure that the framework is able to evolve safely, without exposing the financial services ecosystem of Canada to undue risk. Who are the participants in the Open Banking system? Who is required to open access to their data? The requirement to open access to data can be institutionbased (i.e., all financial institutions with a certain classification, such as Schedule II and Schedule I banks), or activity-based (i.e., all financial institutions that provide Canadians with the functions discussed on page X). An activity-based approach would ensure that the framework is flexible to adapt to new types of non-traditional institutions that may emerge over time and may foster a more level playing field where all players offering competing products and services are required to make data available regardless of their legal classification. However, it creates a more nebulous governance environment, as lines between institutions in-scope and out of scope blurs (e.g., would PayPal’s online wallet be considered a “deposit account”?). Furthermore, the current financial regulatory systems in Canada are institution-based, meaning activity-based requirements would necessitate either a change in scope or a new regulatory body. What are the allowable types of data recipients? There are two types of data recipients: data consumers and data transporters. Data consumers are end-users of customers’ financial data (e.g., Fintechs and other thirdparty providers) while data transporters are intermediaries that facilitate the flow of data to data customers. The key difference between the two is that the latter does not create value from the storage of data. Data consumers are a prerequisite for Open Banking, bu t data transporters are not necessarily required. They introduce significant risk to the ecosystem by acting as a central source of large volumes of data (where a single breach would result in the potential misuse of many data generators and customers’ data). However, they also provide value to the ecosystem by creating interoperability between financial institutions, as well as across geographies where differing Open Banking systems have already been implemented. Ultimately, the value of Data Transporters is dependent on the level of standardization of the data transfer mechanisms employed by the various data generators in scope. This is explored in greater detail in X. Precondition: Governance of Non-Traditional Payment Service Providers (PSP) Existing payments regulation in Canada is heavily focused on governing systemically important and prominent national payment systems (i.e., LVTS and ACSS); thus, nontraditional PSPs (i.e., Fintechs that manage flows of money outside of the core systems) are not subject to regulatory oversight. There is currently an effort underway - the Retail Payments Oversight Framework (RPOF) - to govern non-traditional PSPs effectively, thereby ensuring the safety and soundness of the Canadian payments ecosystem, fostering efficiency and innovation within payments, and protecting end-user interests (e.g., privacy). 8.
Creating an Open Banking Framework for Canada Open Banking’s accreditation process is likely to involve many of these same players, so it is important that the RPOF and Open Banking regime are co-developed. This would help prevent the creation of conflicting and overlapping legislation and optimize the allocation of resources and responsibilities across regulatory bodies. What data and level of access are data recipients provided? What access rights do data recipients have (e.g., read vs. write)? There are two types of access that data recipients could be granted: Write access: Allows data recipients to make modifications to customers’ financial data held by other institutions; this would enable additional use cases such as payment initiation, account opening/closing, and changes to information (e.g., change of address) performed by the recipient on behalf of the customer .. Read access: Allows data recipients to obtain copies of customers’ financial data; this supports use cases such as data aggregation. .. Write access: Allows data recipients to make modifications to customers’ financial data held by other institutions; this would enable additional use cases such as payment initiation, account opening/ closing, and changes to information (e.g., change of address) performed by the recipient on behalf of the customer. Write access enables many additional use cases, but it would also present several new complexities: on their behalf. This may threaten the safety and soundness of the financial services system and the risk posed by a breach, and would require a longer timeline to implementation to allow data generators sufficient time to build the more complex systems required to allow for third-party write access .. Other concurrent efforts (e.g., Retail Payments Oversight Framework, Payments Modernization) have some overlap with certain write access functions (e.g., payments initiation); the inclusion of such elements in the scope of an Open Banking system would require extra coordination to minimize duplicate and contradictory guidance. Precondition: Canadian Payments Modernization Open Banking is being contemplated at the same time that Payments Canada is leading modernization efforts for Canada’s two primary payments systems, the Large- Value Transfer System (LVTS) and the Automated Clearing Settlement System (ACSS). LVTS will be replaced by Lynx, a high-value payments system that will process payments in real-time with settlement finality. ACSS will be replaced by the Real-Time Rail (RTR) system and the Settlement Optimization Engine (SOE) system. .. Write access introduces a number of security concerns, as data recipients would be able to make changes to customers’ accounts and move money 9.
Page 1 and 2: Creating an Open Banking Framework
Page 22: www.deloitte.ca Deloitte provides a

Open Banking Concept

Create successful ePaper yourself

Delete template?

Save as template?