The United Kingdom has quickly become a poster child for open banking success following Brexit, and that has a lot to do with how the UK government, the tech sector, and the financial markets worked together to go beyond Europe’s Second Payment Services Directive (PSD2).
However, open banking still has a long way to go in terms of advancing financial literacy, expanding trust, and increasing engagement between consumers and financial institutions.
A belated overhaul of UK data protection laws could propel our open banking industry to new heights.
The Impact of GDPR
The General Data Protection Regulation (GDPR) was adopted by the UK on the brink of Brexit in April 2016 and came into force in May 2018. Since then, its impact has been clear – from high-profile fines against some of the largest companies in the world to heightened consumer awareness of the importance of protecting data and the responsibilities of data processing companies.
Critics of GDPR, led by several Prime Ministers over the past five years, have consistently argued that the GDPR requirements are overly stringent and force excessive amounts of documentation on organizations, shackling businesses with unnecessary red tape.
A New Data Rights Regime
Under Boris Johnson’s premiership, the government looked to introduce the Data Reform Bill, a new set of data protection requirements to replace GDPR and give organizations more flexibility around how they manage data risks. But the proposed legislation was paused during the market turmoil that followed the ‘Mini Budget’.
Now, Prime Minister Rishi Sunak has an opportunity to breathe new life into open banking by creating a business and consumer-friendly data rights regime that will help create a new pro-growth and trusted UK data protection framework based on common sense. A long opponent of retaining GDPR, PM Sunak has frequently voiced his commitment to growing the UK tech sector, cutting red tape, and supporting investment.
Open Banking and Privacy: A Harmonious Relationship
On the surface, it might look as though open banking and privacy are on a collision course, since the former’s definition is to provide third-party access to our financial data through APIs. But take a deeper look and it quickly becomes clear that open banking and data protection legislation have similar objectives – giving users and businesses greater control over their data.
The key word is consent. While GDPR aims to minimize all data sharing and protect consumers’ privacy at all costs, open banking is built upon the idea that financial institutions can enable third parties, generally fintechs, to instantly access consumers’ account information and offer new financial services as long as prior customer consent has been given.
It is easy to see the potential benefits of open banking: improved experiences for customers, new income streams for companies, and a sustainable service model for underserved markets. It is also easy to see how this triple-win sits at the heart of what Brexit stands for, the pro-growth British society it is rooted in, and the agile and dynamic tech ecosystem it represents.
Taking Back Control of Regulation
The business of regulating is a challenging job, and achieving regulatory excellence even more so. But given the present crossroads we find ourselves in, the stakes of getting it right are very high.
We need to work out what we need from a data regime framework over the next 10 or 20 years if the UK and London are to remain leading centers of finance and open banking.
It means our regulators will need to be more forward-thinking and really get to grips with data and the technology side of financial services more broadly, as well as being more pragmatic.