Canada’s Open Banking Journey: Interview with Huw Davies, Chief Commercial Officer OZONE API (UK)
Originally published at https://ncfacanada.org on October 5, 2022.
Open banking is a huge opportunity for banks. But banks need to approach it with the right mindset. It is not a compliance project, it is a business model transformation — Huw Davies, Chief Commercial Officer OZONE API (UK)
Mahi Sall: Please tell us a bit about yourself and OZONE API.
Huw Davies: I am Huw Davies and I have over 24 years experience in payments and financial services, delivering transformational go to market strategies at both major corporations and startups. I have recently led the ecosystem growth at OBIE i.e. UK’s Open Banking Implementation Entity, driving adoption and usage. Prior to this I have undertaken executive roles at Token (CCO), HSBC (Global Head of Payments), MasterCard (Head of Emerging Payments) and Barclays. I also sit on the Advisory Board for the Emerging Payments Association.
Ozone API are the pioneers of open banking with the founding team having led the development of the UK open banking standard. The Ozone API platform now helps many banks around the world to deliver their high performing, standards based open APIs to help them adapt to and thrive in this new world. We also work with regulators and central banks around the world to shape open banking standards and deliver the technical foundations for a thriving open banking ecosystem.
- CEO, Chris Michael, led the development of the UK open banking standard, chairing both the OBIE’s API Forum and Technical Design Authority.
- Freddi Gyra, CTO, has been the lead architect of the UK open banking standard, and deputy chair of the OBIE’s Technical Design Authority; and
- Huw Davies, Chief Commercial Officer, led the ecosystem growth at OBIE, driving adoption and usage.
We founded Ozone as we saw how difficult, expensive and time consuming banks were finding it to deliver high quality, standards based open APIs.
The Ozone API platform is used by over 50 banks around the world to deliver high performing open banking and open finance APIs. We provide the technology to deliver compliant open APIs and go way beyond compliance, making it easy to monetize open finance globally. We understand standards better than anyone else and we support all global standards and are actively involved in developing the next generation of open banking standards.
Mahi Sall: Common Rules represent a key component of Open Banking System Design, with the premise that they create a level playing field which eliminates the need for bilateral arrangements between Open Banking participants.
Speak about situations that would call for bilateral arrangements in an open banking environment that thrives on common rules.
Huw Davies: The common rules should help establish trust and the operating foundations of the ecosystem. For example,
- Who is allowed to participate and what minimum criteria must they meet in order to participate (for example the authorisation requirements for TPPs)
- What are the roles within the ecosystem, for example
- Account / data provider
- Third party (there could be different terms and combinations), for example:
+ Account information service provider (movement of money and not just access to information is key to effective financial management)
+ Credit provider
+ Payment initiation service provider
+ Digital identity service provider
- Technical service provider — a technical enabler (for example providing connectivity to banks along with data enrichment & categorisation and enabling tools) who is not playing a regulated role.
- How is trust established — this is designed within the standards and helps determine the technical requirements for establishing trust between participants, for example digital certificate requirements and access to authorisation status (through a list or directory)
- What are the regulations, more specifically
- What is mandatory (and must it be free or can it be charged for by account providers)
- What is not mandatory but is envisaged and even encouraged in the rules framework and standards
- What happens when something goes wrong?
- Who does the customer go to for redress
- How do the parties work together to resolve
- What standards and service levels are expected
- Who is liable for any loss (this will differ based on the scenario)
These are just some of the areas of consideration. The common framework could go beyond regulatory minimums to create a framework for a more commercial ecosystem. As we look around the globe there are different models.
In the UK the “common rules” were broadly captured within PSD2 and the CMA Order. This created a framework for the regulatory minimums. Outside of this however, bilaterals are being created between banks and TPPs.
The first real example of this is to access Variable Recurring Payments functionality (essentially a long lived payment consent which could enable many recurring and embedded payment use cases). Whilst the technical standards provide the capability, the regulatory framework stops short. As such banks and TPPs are developing bilaterals covering areas such as:
- Commercial terms (e.g. cost per payment initiation)
- Liability (who takes liability for disputed payments in different scenarios)
- Typical partnership framework clauses
The market recognises the complexity of a web of bilaterals between account providers and TPPs and in both the UK and Europe there are initiatives to create a common framework / ruleset / template agreement for commercial use cases.
Beyond payments this could also include areas such as:
- Identity attributes
- Account origination and service requests
- Enriched data
In other markets open banking may be underpinned by commercial frameworks. We are expecting a number of markets (e.g. Mexico, Colombia and others) to allow and enable commercial relationships between account providers and TPPs.
We are working with regulators in other markets on frameworks that go beyond just minimum mandatory requirements to enable a broad range of use cases and ensure balanced incentives to motivate account providers to implement open banking well.
Space should always be left for innovation between parties, so bilateral agreements can be a good thing. For capabilities to be adopted at scale and without unnecessary barriers to entry for smaller players however, common standards and common rulesets will be important.
Mahi Sall: Another key component of Open Banking System Design is the Accreditation Process. Canada’s Advisory Committee on Open Banking recommended to exempt federally regulated banks from the accreditation process, and similar consideration for provincially regulated financial institutions to be discussed.
What major frustration points relative to the accreditation process can be anticipated and how to address them?
Huw Davies: In the UK many TPPs have been frustrated at the time taken to get through the accreditation process. There have been particular issues with resourcing at the FCA which have impacted the authorisation timescales.
In many markets existing regulated roles (e.g. bank, payment institution, credit provider) may already provide sufficient confidence to automatically qualify for a role (e.g. as an account information or payment initiation service provider).
In Brazil the market still does not have a third party accreditation process. It is only existing banks and payment institutions that can leverage open banking access. This will act as a significant handbrake on innovation and frustration for third parties.
In Saudi Arabia as an alternative model the regulator started engaging with third parties very early to provide an innovation environment which sits alongside and as part of the accreditation process.
Mahi Sall: The third key component of Open Banking System Design are Technical Specifications & Standards with two approaches currently dominating the landscape: single standard approach (e.g. UK, Australia) and multiple standards (e.g. US, EU). Canada’s Advisory Committee left both approaches open for exploration.
Can you speak to the advantages and shortcomings of these approaches?
Huw Davies: We are passionate advocates of a standards based approach and believe that the evidence is clear for markets to adopt a common standard and ensure a conformance certification regime.
In the UK the largest 9 banks are required to follow a common standard and go through conformance certification. The adoption and uptake in the UK has been significantly greater than mainland Europe where there is no common standard. Whilst many banks use the Berlin Group Standard it is more loosely defined and has no conformance certification process. As such there is significant inconsistency amongst implementations.
The key evidence is in the faster growth and adoption in the UK versus Europe. Around half of all European TPPs are in the UK despite the collective size of the European opportunity being much greater. In Europe there is still a significant reliance on screen scraping and credential sharing by the major TPPs such as Tink. There are also many reports outlining the challenges connecting to European bank APIs as well as performance issues.
Fundamentally though the key evidence point is end customer adoption. Uptake and usage is growing exponentially in the UK with the OBIE outlining 6m regular users, consistently over 1bn API calls per month and exponential growth in payment volumes.
Brazil has also recently followed this path with a common market standard and a much stricter requirement for banks / account providers to go through regular conformance certification. In Brazil we have seen the adoption curve racing ahead of the UK despite the fact that presently only banks can operate as TPPs (there is no TPP authorisation path yet).
We are working with a number of regulators around the world who recognise that a standards based approach is a far more certain route to create an effective ecosystem.
In fact the initial implementation in Bahrain did not mandate any standards and in 2020 the regulation was updated to mandate a common market standard.
In the Kingdom of Saudi Arabia the central bank (SAMA) is also following a similar path of building on global standards and ensuring a conformance regime.
Mahi Sall: In the early days of Open Banking some European banks provided in addition to APIs a Modified Customer Interface (MCI) as alternative means for third party providers (TPPs) to get access to customer data. Would you foresee the need for Canadian banks to deploy fallback options to existing APIs?
Huw Davies: If open banking is implemented well there should be no need for an MCI as a fallback mechanism. They serve no useful purpose other than to tick a regulatory requirement and a model based on customers sharing their bank login credentials with a third party is exceptionally hard to justify.
Mahi Sall: What are some of the lessons you’ve learned in terms of Open Banking test designs and implementation.
Huw Davies: In the UK and Europe TPP accreditation did not rely on any technical testing. The process was based more upon due diligence, risk assessment and fit with the regulatory requirements.
We would argue that too strictly defining a test regime (beyond fit with regulatory requirements) may hinder innovation.
However an important part of the process for a TPP to get live is to have a technical test environment to build on. A market sandbox and reference implementation of a standard provides TPPs with a model bank to build to and to test their propositions.
This can be invaluable in enabling TPPs to build and test (and potentially evidence) their propositions in advance of banks being ready with their own APIs. It also allows propositions to be built without needing access to real accounts and production data.
Furthermore the sandbox and reference implementation is a valuable tool for enabling TPPs to build to and understand new versions of standards in advance of them being implemented by banks.
We provide the sandbox and model bank in a number of markets and it has been invaluable to the ecosystem as well as providing a platform upon which to develop the conformance test suite.
In Saudi Arabia the central bank is using the sandbox / model bank as part of the TPP accreditation process.
Mahi Sall: As in other jurisdictions, financial inclusion is high on Canada’s Open Banking agenda. Please share examples where Open Banking failed to deliver on this metric. What are some of the key lessons learned that Canada could benefit from?
Huw Davies: Open banking should be a powerful enabler for financial inclusion and help reduce the barriers to access in the financial services market.
It is still relatively early days in the development of open banking around the world so there are no significant bodies of evidence on this topic, however there are a number of clear and obvious use cases.
In a number of markets open banking is powering a new approach to risk decisioning which reduces the reliance purely on traditional credit scores (which require a customer to already have credit relationships). By accessing account transaction history lenders can undertake better income verification and gain far greater insight into affordability based on a customer’s real cash flow. For both consumers and businesses this means lenders can make better decisions, resulting in lower costs and less bad debt, which means greater access to credit for customers traditionally on, or outside the margin. As a very simple example, regular payment of rent or bills can be a powerful predictor of payment behavior.
In addition there are many examples of propositions aimed at helping those in financial distress. Using access to account information applications can help customers more effectively manage their finances, budget and reduce debt. A number of innovation challenges were run in the UK by Nesta and the OBIE also highlighted a range of propositions designed to help distressed customers take more control over their finances.
Mahi Sall: Chief among the factors affecting the take-off of Open Banking is low adoption by consumers. What could Canada do differently than other jurisdictions in order to pre-empt this risk?
Huw Davies: Arguably open banking has become the de facto way of doing things in the UK for some use cases. For example how companies connect their bank accounts to cloud accounting platforms. Here there was no particular challenge with adoption as open banking is more efficient and effective than any other option. So adoption was easy. A point to note though is that the 90 day reauthentication rule in PSD2 created a significant challenge for users and third parties (the result of regulation trying to define the technical solution rather than the desired outcome).
There are also many use cases where it is increasingly becoming a common way of doing things without significant challenge. For example the use of open banking in credit application processes to remove the need for customers to provide lots of information (copy statements, overview of incomings/outgoings etc) and to enable better income verification and affordability assessment.
There are however some areas where adoption is still at the early stages. Payments is a clear example. In the UK payments are growing exponentially but there are a number of factors impacting the uptake, for example:
- The initial regulation and therefore implementations only focused on single immediate payments, resulting in a much more limited range of addressable use cases (variable recurring payments have since been built into the standards and are starting to be implemented)
- Whilst it is based on the faster payments rail, the TPPs do not get sufficient transparency around payment status meaning lack of certainty about payment (until the payment lands in an account)
- The tools to enable and manage refunds were limited
- The regulation only considers certain payment dispute types and therefore there is a gap across some of the more typically merchant disputes
- The adoption of new payments technologies by payment service providers and then merchants typically takes multiple years, particularly in a market where card payments dominate
But with all of that said there is significant momentum building and a number of very successful use cases. The UK tax authority implemented open banking payments and it has been a significant success ( here).
Trust and familiarity can be significant considerations for consumers with the adoption of new capabilities such as open banking. Some key considerations are:
- Consistent user experience — can and should be embedded in the user experience standards
- Familiarity — could be achieved through big trusted brands adopting or through industry wide promotion (for example of a trust mark)
- Simple and understandable recourse should something go wrong
Canada should build on global learnings. Some key aspects include:
- Defining clear outcomes at the outset (ahead of detailed regulations)
- Ensuring common standards (technical and user experience) with a regime of conformance certification to ensure consistent experience for users
- Clear operating rules for customer recourse and liability
- Ensuring balanced incentives for the ecosystem (including banks) to ensure high quality implementations
Mahi Sall: Drawing upon your observations, what are some of the quick wins in terms of Open Banking use cases that banks and fintechs should prioritize rolling out?
Huw Davies: We have developed a framework of the most immediate and / or impactful use cases and how they relate to standard and regulatory requirements. The use cases that are most prevalent in market like the UK include:
- Personal financial management — helping customers see a more complete picture of their finances in order to help them budget, save, reduce debts etc.
- Business financial management and integration to accounting platforms
- Improved credit decisioning — leveraging account information to make better credit decisions and have a more granular understanding of income and affordability
Mahi Sall: What role does talent play in developing a thriving Open Banking system?
Huw Davies: It could be argued that talent helps drive a thriving open banking ecosystem, but equally it could be argued that open banking attracts talent and investment.
Either way we have seen significant explosions of innovation where open banking has been implemented well. The number of innovative firms and propositions in the UK and the flow of venture capital investment into the market is clear evidence of this.
One thing that has helped is creating an environment to encourage innovation. Hackathons and competitions in the run up and at the early stages of implementation can drive significant engagement and accelerate progress. In the UK Nesta ran a number of challenges to reward innovative companies and propositions.
Mahi Sall: Talk about Open Banking limitations and the most common misconceptions people have about it?
Huw Davies: No market has yet delivered the perfect implementation of open banking and therefore there are shortfalls or learnings in every market. These can and do limit both the long term potential and the short term uptake.
Whilst not intending to be comprehensive this can include:
- Scope — limiting the initiative to only certain account types (e.g. the payment account definition in PSD2) limits the potential benefit. Limited open banking can create significant value and benefit, but a complete open finance scope will deliver significantly more opportunity and value. As a user only being able to see and manage a part view of my financial portfolio is obviously limiting
- Poor / inconsistent implementation — lack of clear standards and a focus on consistent implementation will limit the opportunity. In Europe we have seen significant time and investment in just connecting to banks which slows and reduces the actual real innovation
- Limited functionality — as outlined with payments above, a limit to functionality will limit the potential use cases and value that can be unlocked
- Insufficient incentive — there needs to be balanced incentives for banks / account providers as well as third parties. Without balanced commercial incentives there is no reason for banks to do it well. That has slowed progress and reduced the level of innovation in markets where the framework did not easily enable balanced incentives.
A nuanced consideration is around establishing customer understanding and trust. Open banking is an underlying infrastructure and technical enabler, so customers do not need to be educated on what it is and how it works. That is particularly difficult due to the breadth of use cases that can be enabled. However, a key enabler will be consistent user experience and establishing trust in a context specific way.
Mahi Sall: What does Open Banking mean to banks and fintechs, and how does it affect the relationship between the two?
Huw Davies: Whilst in markets like the UK there were fears of disintermediation of banks, the reality is that banks are some of the greatest users of open banking and it has led to unprecedented levels of partnerships between banks and fintechs.
For fintechs access to accounts enables them to deliver better propositions for their end customers. This is well documented and needs little explanation.
What we’ve also seen is many fintechs and third parties recognising the opportunity to partner with banks and help them innovate. A number of fintechs who saw themselves as bank challengers prior to open banking then switched their business models to become platform enablers for banks. For example providing white labeled PFM capability that banks could take to market.
The less well defined narrative is what does open banking mean to banks (beyond a regulation which must be complied with). I am a great believer that open banking is a huge opportunity for banks. By exposing services and capabilities via APIs banks can
- Reach customers that they could never reach through their existing brands and channels
- Embed their products and services at the point their customers need them
- Significantly accelerate innovation and the development of partnerships
- Create new revenue streams
But to achieve this banks need to approach it with the right mind set. It is not a compliance project, it is a business model transformation.
Mahi Sall: How could banks and TPPs best prepare for Open Banking and extract the most value out of it?
Huw Davies: We believe the best route to prepare the market is by allowing banks and TPPs to get their hands dirty and really test and understand open banking. Through the delivery of a sandbox environment and the tools and events like hackathons to really understand the technical implementation of open banking all participants can be more ready and ready to move faster.
Mahi Sall: Given the very tight schedule of Canada’s Open Banking roadmap, where do you think the balance must be struck to meet deadlines without significant trade-offs?
Huw Davies: Phasing will be key to ensure a successful outcome. We strongly believe that an implementation can be far more effective if time is spent up front considering
- What are the desired outcomes
- What are some of the key use cases to deliver against these outcomes
This approach can then ensure the initial frameworks and standards are focused on enabling these key use cases and not on solving all potential future considerations.
Mahi Sall: In order to ensure compatibility and interoperability at regional/international level, what must be thought of and accounted for at this early stage of open banking in Canada?
Huw Davies: Standards are key to interoperability. Whilst each market will have some local considerations, building on global standards and best practice (for example leveraging global security protocols such as the FAPI standards) is the most secure route to ensuring interoperability.
# # #
Links you may be interested in:
Mahi Sall is an Ambassador of the National Crowdfunding & Fintech Association of Canada “NCFA”, and an Expert on Fintech-Bank Partnerships. He is based in Berlin, Germany.