The Data Foundation You Need for Open Banking Compliance
Companies are doubling down on long-held plans to support strategic programs, such as cloud migration, application upgrades, and AI/ML deployments. But one of the key obstacles in digital transformation is data compliance, especially in regulated industries such as banking.
Open banking is an emerging trend in the financial services industry. It began in the U.K. and the EU as a set of regulations that require open APIs and practices for exchanging financial data across financial services organizations. The drivers include preventing competitive lockout of new and smaller banks and fintech startups—enabling consumers to switch banks—and protecting the privacy of customers.
The first directive came into force on January 13, 2018, when the United Kingdom Competition and Markets Authority (CMA) issued a ruling that required the nine-biggest UK banks—HSBC, Barclays, RBS, Santander, Bank of Ireland, Allied Irish Bank, Danske Bank, Lloyds, and Nationwide—to allow licensed startups direct access to their data down to the level of account transactions.
The EU’s Payment Services Directive (PSD2), implemented in Sept 2018, requires European banks to offer similar capabilities via APIs with a stated mission of leveling the playing field and protecting consumers. This means banks must have the ability to securely share customer financial information with third parties, including others banks and online payment applications (i.e. Square, Mint, Venmo), so they do not have a monopoly on customer data.
In Australia, consumers can now choose to share their banking data with third-party providers following the launch of open banking under the Consumer Data Rights Act, a regulatory requirement overseen by the Australian Competition and Consumer Commission (ACCC).
Additional countries are continuing to roll out regulations, including Nigeria, Germany, and Brazil. While there are currently no such requirements in the U.S. that mandate banks adopt open banking standards, it’s likely to emerge given the anti-monopoly sentiment that is rising.
New privacy laws, such as the California Consumer Privacy Act, require that banks with customers in California balance data protection with data sharing. Consequently, each banking institution will have to establish a robust data management strategy that enables open banking while complying with the evolving privacy landscape.
Consumer data that has to be made available via APIs includes transactions for credit and debit cards, deposit accounts, mortgages, and personal loans. There are key challenges banking organizations need to overcome in order to safely participate in this practice.
- This is an ongoing process, not a one-time event. Regulations continue to change. The EU is on their third revision of the PSD2 requirements.
- Compliance is required throughout these projects. Data will be integrated across multiple systems and APIs, so consistency is required. A complete audit history must demonstrate compliance with the privacy regulations.
- Fast fresh data will be required through the lifecycle of building out the technology to comply with these regulations. This includes development and testing of new APIs and of current and new applications that rely on the inter-bank shared data.
- Accelerate the pace of application development to build and maintain competitive advantage. These regulations will allow new entrants into the market and will include non-traditional players who bring unique customer value and can change rapidly.
Open banking initiatives require banks to open their payments infrastructure and customer data assets to third parties while maintaining security and data compliance. To meet these standards, banks will need an API testing sandbox to model virtual assets and manage risk.
An API-driven platform that combines data delivery and data compliance and works across multi-generational systems—from modern cloud architectures to legacy mainframe apps—can provide the ability to automate, scale, and optimize testing while keeping data in compliance with regulations.
First, teams have the ability to deliver fast parallel data environments for developers and QA teams working on the data sharing APIs and the applications that produce and consume this data. Second, sensitive data can automatically be identified and masked consistently to preserve referential integrity and prove compliance with the relevant regulation. Altogether, an API-driven data platform like Delphix significantly boosts application project velocity, so banking organizations can quickly bring new projects and features that attract customers to market at an accelerated pace.
Read about how nine financial services organizations, are using Delphix to accelerate application modernization, stay in regulatory compliance, and reduce IT costs.