A few years since Open Banking took off in Bahrain, the local community is yet to witness a plethora of use cases built on top of Open Banking capabilities.
Bahrain has been leading the financial services’ transformation in the MENA region, especially when it comes to regulating the participants’ interaction under the Open Banking umbrella. The Bahrain Open Banking Framework adopted back in 2020 was among the
first steps towards encouraging financial institutions to embrace Open Banking and simplifying its adoption.
One may have noticed a rather paced rhythm in implementing the new standards. Despite the regulator’s full support, there are still a few challenges that need to be overcome, including high product development costs, little consumer interest, and the growing
levels of financial literacy.
In this piece, we aim to contribute to financial awareness by shedding some light on the Bahraini Open Banking regulations and providing a new angle to look at the value for the institutions, fintechs and the end consumer.
The Central Bank of Bahrain (CBB) rulebook – the directory of all rules, regulations and guidelines in Bahrain, is divided into a few major volumes that cover bank license types, ancillary service providers (AIS/PIS), and the list goes on.
The Open Banking-related information can be found within 3 main chapters in the CBB rulebook:
Volume 1 - Conventional Banks
Volume 2 - Islamic Banks
Volume 5 - Specialised Licensees.
Conventional banks are defined by the Central Bank of Bahrain (CBB) as those who are licensed and “operate on conventional principles”, also known as regular banks.
Islamic banks operate under Islamic Sharia principles.
In addition, CBB divides the banks' activities into two separate sub-categories:
Each sub-category has its business rules, security processes, etc., well documented in the CBB rulebook.
All things considered, the Open Banking regulation is enforced on retail banks only (further referenced as “conventional retail banks” and “Islamic retail banks”), leaving corporate and/or wholesale use cases uncovered and at the hands of banks and FinTechs
One of the few mentions of eWallets being mandated by CBB to open access to consumers' bank data is found under Volume 5 described as “licensees maintaining customer accounts”.
Further elaboration about them under the CBB rulebook is not clear today, as such, we will elaborate on this topic shortly.
In 2018, with the first launch of the Open Banking regulation in Bahrain, CBB made sure to clarify from day one which type of accounts Conventional and Islamic retail banks must cover:
(b) Current accounts;
(c) Term and call deposits;
(d) Foreign currency accounts;
(e) Unrestricted investment accounts;
(f) Restricted investment accounts;
(g) Mortgage/housing finance products;
(h) Auto loans;
(i) Consumer loans/financing;
(j) Overdrafts (personal);
(k) Credit and charge cards;
(l) Electronic wallets and prepaid cards; and
(m) Other accounts which are accessible to the customer through an e-banking portal or mobile device.
The last-mentioned point leaves space for interpretation and discussions as the industry awaits more data to be opened while aiming towards Open Finance.
Consent lifespan for data access
The clarification of data access consent lifetime came only in July 2021 when CBB released a circular updating piece of the fifth volume. Looking back, that is the time when the European and the UK market participants were actively discussing and advocating
for the extension of consent validity from 90 days to 180 or 365 days (which was later enforced in 2022).
In essence regulated entities (i.e., ancillary providers) in Bahrain can access consumer bank data for “up to 12 months”, thus supplying a better user experience and faster adoption of Open Banking-inspired financial services.
Personal customer data (identifiable data)
The regulation doesn’t add the bits for suiting KYC use cases or anything similar, as “the obligation should not apply to information supporting identity verification assessment; which the licensees should only be obliged to share with the customer directly,
not a data recipient” (GR-6.1.5 from Volume 2 Islamic Banks).
Therefore, it is not clear if ancillary service providers (further AIS/PIS providers) can extract information such as the name, email or address of the account holder (customer).
Transaction history & value-added data
Leaving no room for interpretation as it happened with PSD2 in Europe, CBB requires retail banks to provide 12 months of historical transactions (or 365 days at the time of the data access). Moreover, an addition in April 2019 extended
the value of accessed data through merchant category codes, bank fees and other charges that are considered publicly disclosed information to the consumer.
Like PSD2 in EEA or PSR in the UK, the rails supported by Bahrain banks via Open Banking compliant APIs are the same ones available via their own online interfaces or platforms.
The existing rails allow for regular or instant transfer at low rates (i.e., Fawateer, Fawri) and with Open Banking coming to the table, expanding the payment offering empowers both consumers and businesses to enhance and strengthen the payment experiences
and product variety.
Strong Customer Authentication (SCA)
The applicability of SCA principles in Bahrain has been extended from the European RTS-like “two-out-of-three-factors" principle to an “all-three-factors" principle enforced in Conventional and Islamic retail banks. (see GR-6.3.14 from Volume 1).
Banks, however, can also be exempted from this implementation by the CBB, “provided that the licensee can demonstrate that it has established robust
controls to mitigate the relevant key risks”.
What is next?
Bahrain has been at the forefront of Open Banking developments in MENA as the first country that implemented the necessary rules and technical standards. The local market starts to recognise the benefits the players bring, ultimately benefitting the retail
The industry now expects the next wave of Open Banking updates that will open doors for wholesale and corporate customers to leverage the capabilities of improved digital financial services. We hope these changes will reach the market soon, as the region
eyes the next shift from Open Finance to open data.