CMA9 banks respond to Open Banking mobile app delays

CMA9 banks respond to Open Banking mobile app delays

In light of the UK’s Competition and Markets Authority scolding five of the CMA9 – Bank of Ireland, Danske Bank, HSBC, Lloyds Banking Group and Santander – for being in breach of Open Banking delivery on mobile apps, Finextra questions the banks on why deadlines were missed.

On 1st April 2019, the CMA issued enforcement Directions to the five banks who had not delivered all aspects of their app-to-app functionality by the deadline set, which the watchdog followed up with specific actions that each institution must take.

Commenting on the Directions, trustee of the Open Banking Implementation Entity (OBIE) Imran Gulamhuseinwala, said: “While we are aware that the Open Banking programme has ambitious and challenging timescales, it is disappointing that some banks have needed more time to deliver some important new Open Banking functionality to their customers.”

Gulamhuseinwala continued: “While it is still early days, overall it is clear that Open Banking is gaining momentum and traction, with innovative new products and services launching which will ultimately help customers move, manage and make more of their money.”

Lloyds Banking Group

In response to being in breach of the Retail Banking Market Investigation Order 2017, a spokesperson from Lloyds Banking Group says to Finextra: “While we have met all of the other requirements, we are sorry for this delay and we are working hard to roll this out in April and May. All of our personal and business customers can continue to use open banking services either using our apps or third-party providers.”

Lloyds Banking Group was one of the only four ready to launch its Open Banking initiative on the due date and - in the same month that the Standard was introduced - made the first successful account information transaction with money management platform Yolt. In addition to this, in February of this year, the bank enabled customers to see their current accounts from other providers from within its app.


A HSBC spokesperson reveals to Finextra that the bank “has embraced Open Banking, both in terms of meeting key regulatory deliverables and also bringing additional benefits to our customers with innovations such as Connected Money, Artha by first direct, and more.

“We remain committed to meeting our obligations under the CMA Order and will implement the outstanding mobile app authentication functionality by September 2019. Our priority is to ensure a smooth introduction of this function and we are making significant IT and infrastructure changes to achieve this.”

HSBC also explain that the latest Directions released by the CMA are not an expression of change in confidence in the bank and they are committed to delivering the functionality by September 2019, as promised. Alongside this, in Q1 the bank added a developer site, additional payment functionality, mandates for SME customers and mobile app authentication for most requirements.

HSBC was one of the five laggards that had not launched their Open Banking initiative by the 13th January 2018 deadline and the bank was given an extra six weeks to remedy this issue. On the one-year anniversary of the start of the UK’s Open Banking experiment, Finextra spoke to HSBC’s digital chief Raman Bhatia, who said that HSBC has had good traction withcustomers.

“For us, it is less about Open Banking per se because Open Banking as a term, as a phenomenon, doesn’t mean much to a customer.”

Danske Bank

Similarly, a representative from Danske Bank also points to preparing its mobile app functionality to be ready by September 2019: “Danske Bank UK was reliant on related IT infrastructure changes being implemented centrally within the Danske Bank Group. For operational reasons, these changes were subject to delay. We are committed to completion by 13th September 2019 and continue to retain a valued close working relationship with the CMA and the Open Banking Implementation trustee.”

Update from Santander on 16 April 2018: “The services required to deliver App-to-App solution are complex and Santander wants to ensure that when we deliver the service to Third Party Providers and customers it has been rigorously tested and a series of controlled steps have been taken to full deployment. The 22 August date has been defined by Santander and we are focused on delivering to this date. We have remained in positive continuing dialogue with the CMA throughout the process.”

At the time of publication, Bank of Ireland did not respond to request for commentary.

In conversation with Finextra, Nationwide - one of the banks who has remained on track for all aspects of delivery against the guidelines mandated by the CMA - head of open banking Matt Cox says that "app-to-app as a means of authentication is intended to be a key component of the experience that makes sharing your data or making a payments with an approved TP a slick and secure experience which in turn, will contribute to increased uptake and use of the services Open Banking provides for consumers. It effectively uses biometrics and a mobile device instead of an Internet Bank log-in process."

He continues: "The scope of delivery is mandated on regulation of the CMA order and in the main also required for PSD2," and goes on to reference the clarifications to the second set of issues raised by its Working Group on APIs under PSD2 by the European Banking Authority. 

"The EBA oversees the regulation set out for the EU-wide PSD2 legislation. These guidelines are intended to support providers in achieving the Regulatory Technical Standards on which it is based. The CMA regulations lead ahead of, and overlap, the PSD regulation. In my view, it’s one of the reasons the UK is comparatively well placed for PSD2 delivery – ultimately they should be complimentary.

"There are a number of areas of technical and legal interpretation detail that will need to be worked through to determine this. Nationwide are fully engaged with the FCA and OBIE to work these details through in order to ensure the best outcomes for its members and consumers as a whole."

Speaking about this delay, Shefali Roy, COO of API provider TrueLayer says that intervention is necessary because the CMA9 banks have had enough time to comply with the standards set.

“There's a growing frustration within the fintech industry at the lack of pressure on banks and the slow pace of change. We've already seen in the past year the vast appetite for Open Banking based apps and services, and the corresponding boom in new startups seeking to build innovative solutions. Not to mention, the plethora of choice of new competitive products and services for consumers.

“To ensure this momentum continues, banks have to play their part. The fact that some of the major banks have already hit their deadlines shows that it is possible, and that these deadlines were reasonable, and achievable.”

Comments: (0)