/regulation & compliance

News and resources on regulation, compliance, legal and governance issues for banks and fintechs.
FCA to define new rules about data ethics in evolution of Open Banking

FCA to define new rules about data ethics in evolution of Open Banking

The UK's Financial Conduct Authority is to use its legislative powers to steer the evolution of Open banking to a broader model of Open Finance.

Open Finance refers to the extension of Open Banking-like data sharing to a wider range of financial products, such as savings, investments, pensions and insurance.

The FCA published a Call for Input in December 2019 on the shift to Open Finance, which could potentially offer significant benefits to consumers, including increased competition, improved advice and improved access to a wider and more innovative range of financial products and services.

The regulator believes it would also create or increase risks and raise new questions around data ethics and digital identity.

"Appropriate regulation will be essential to managing those risks and giving consumers the confidence to use Open Finance services," states the body.

Feedback from 169 market participants indicates that Open Finance could be a significant undertaking for firms given the change in operating environment as a result of Covid-19 and its ongoing impact.

There is a degree of consensus around the key building blocks needed, including a legislative and regulatory framework, common standards and an implementation entity. The aim would be to give consumers and business greater control of the data which they choose to share with third party providers.

The FCA believes there is a strong incentive for firms, TPPs and their representatives to work together on common standards that could support Open Finance. As a first step, the watchdog is encouraging industry to identify a minimal set of data that could be shared on a ‘read’ API basis.

This would help inform assumptions on the feasibility, scope and cost of future legislation.

"We will continue to work with the Government to support the design of future Smart Data legislation and support industry-led efforts to develop common standards and roadmaps to Open Finance," states the FCA. "We will also continue to encourage Open Finance and digital identity propositions to apply for our sandbox and direct support."

Comments: (4)

Andrew Smith
Andrew Smith - RTGS & ClearBank - London 29 March, 2021, 09:102 likes 2 likes

We need to be thinking Open Finance for sure, but the control must be via the consumer, they must be at the centre of everything. That means you dont give an access token to a business, no rather you should be holding those tokens and pulling that data in to be shared, not direct sharing.

We also need to kill off this concept of direct APIs, rather we need to be moving to a pub/sub event pattern model.


Kill APIs if we want Open Finance – FinTechAndrew – The blog (wordpress.com)


Howard Elsey
Howard Elsey - E-Pay Logistics Ltd - Cambridge 29 March, 2021, 12:371 like 1 like

Agree Andrew Smith - consumer at the centre, consumer control and pull data from the data controller aka the consumer. 

Julian Wilson
Julian Wilson - FreedomPay - London 30 March, 2021, 00:03Be the first to give this comment the thumbs up 0 likes

I also agree with Andrew Smith when he suggests that to meet the goals of Open Finance, we need to 'kill off the concept of direct APIs.'

For hundreds of years one of the pillars of trust between a bank and its clients has been/continues to be that only the bank and its clients can see the transaction history.  An Open Banking data API threatens to break this trust. It places a huge burdeen of responsibility on the business acting as data controller for such sensitive data, and requires a leap of faith for the consumer.

To solve this problem at Ecospend, we have built a mechanism for individuals to assert anything which can be evidenced from a Bank Statement, without revelaing any personally identifiable information.  In technical terms this is a zero Knowledge Proof based self sovereign data assertion and verification service.  

It obviates the need for APIs for the business and mitigates most of the GDPR obligations for the relying party [business].


Whereas this is still early days, we are ready to participate in trials with Banks or Large corporations who would like to run some tests.

Ketharaman Swaminathan
Ketharaman Swaminathan - GTM360 Marketing Solutions - Pune 30 March, 2021, 14:16Be the first to give this comment the thumbs up 0 likes

"Since Open Banking didn't exactly set the world on fire, let's try Open Finance." Well played.