BIS Report explains the importance and requirements of open finance

Members of BIS (Bank for International Settlements) at the newly formed Consultative Group for Innovation and Digital Economy (CGIDE) published a white paper in December 2020 titled “Enabling Open Finance Through APIs”. The white paper explores the technical issues surrounding the development of an identification and authentication API that could be used to implement privately and publicly administered open and scalable finance solutions. The paper also touches upon the Account Aggregator System and Sahamati as one example of open finance implementation across the world.  The rest of the article quotes and builds upon excerpts of the white paper.

1. Importance of Open finance for the development of the financial system

Open finance can benefit the participants in the financial system in different ways: 

1. Incumbent financial institutions can expand their reach to new users by using alternative sources of data to assess the feasibility of providing banking services and credit to customers. 
2. Partnership with financial institutions may help non-financial institutions in attracting more users to their platforms
3. Finally, end-users can benefit from the expanded services and a better customer experience, thereby leading to increased financial inclusion and financial wellness. 

2. Design of an open finance ecosystem 

The design of an open finance ecosystem depends on the architecture of the identification and authentication APIs that underlie it. The participants in the ecosystem could be connected in one of the two ways 

1. Centralized connections in which all participants connect to a central entity that defines the governing standards. This makes the system less complex, creates parity in the entry requirements for all participants, and ensures that no single actor has a dominant position to impose conditions or place demands on the ecosystem. However, a unique point of failure may make centralized connections more prone to a higher risk of suspension, standardization in operations may hinder innovation, and it may be difficult to reach a consensus on who the central authority would be. 
2. Multi-lateral connections have multiple connections among the ecosystem participants. This multiplicity of connections helps address the limitations of centralized connections by providing resilience to service suspensions and the flexibility in entry and operations requirements helps promote innovation. However, the absence of a central authority may disproportionately benefit certain actors with higher market power and the multilateral nature of connections may make the system more complex. 

3. Open Finance Implementation Schemes in different countries 

Different countries have used different API architectures to implement open finance models 

1. India’s Account Aggregator (AA) Framework: An AA is a non-bank financial institution licensed & regulated by the Reserve Bank of India (RBI) that manages consent for financial data-sharing and allows data to be shared through open and standardized APIs defined by the ReBIT.
2. India’s UPI: This initiative allows account holders in India to send and receive money instantly through third parties using mobile devices without providing bank account details. 
3. UK’s Open banking: Defines a set of API technical specifications using which nine leading banks in the UK can securely provide open banking. 
4. Singapore’s FPDS: This initiative defines a consent mechanism for the sharing of data using SingPass, the single sign-on service already used by all residents of Singapore. With the consent of customers, their financial information can then be shared by financial institutions with other entities in the ecosystem. 
5. Brazil’s Open banking initiative: Brazil’s open banking initiative is currently under development. The main goals of this API scheme are to foster competition, efficiency, and data security, and to strike the right balance between incumbents and new players
6. Europe’s revised Payment Service Directive (PSD2): This regulation acknowledges new players remotely accessing customers’ payment accounts to make payments on their behalf and to give them an overview of their various payment accounts. 

4. The role of identification and authentication

Remote and secure identification and authentication of users is the main requirement for interaction between parties in an open finance ecosystem.  An open and standardized scheme of APIs, together with a clear set of rules, can align the incentives of the interacting parties so that each entity benefits from their remote relationship. The proposal by CGIDE outlines five requirements from a framework to facilitate the secure and interoperable provision of financial services through third parties

1. Ensure interoperability, so that it is possible to enjoy economies of scale and exploit network externalities.
2. Promote the necessary conditions for fair competition between financial service providers in cooperation with third parties, ensuring a level playing field for all market entrants.
3. Ensure that user information is transmitted, processed, and managed securely
4. Be as scalable and general as possible, so that it caters for both currently foreseeable services as well as future innovation.
5. Foster the integration of third parties into the open finance ecosystem (subject to the required level of security). 

5. Details of the API Scheme 

The report suggests an API scheme based on mobile devices to support the remote, secure and efficient identification and authentication of users of financial institutions. The API scheme is based on the establishment of a central validator (CV) that allows the creation of secure relationships between financial institutions and third parties, without the need for them to come into direct contact with each other. This is accomplished by establishing secure connections between the CV and third parties on the one hand, and between the financial institutions and the CV on the other. Further details about the technical requirements of the API scheme and the technical requirements for the third parties interested in participating in the API scheme can be found in the BIS report. 

6. Conclusion

An open finance ecosystem can benefit financial system participants and increase financial inclusion by creating an environment in which different players can come together to provide consumers with better financial products and services. Understanding how to build remote and secure identification and authentication mechanisms is essential to implementing such scalable open finance solutions by both public and private entities.