In the letter, Faafoi made it clear he is running out of patience with the glacial pace of progress banks are making with opening up access to their customers’ data. To quote MBIE’s summary, the Minister’s letter:

– set out concerns regarding the pace and scope of progress with the development of industry-led Open Banking initiatives,

– outlined his expectations for future progress, and

– notified industry about the commencement of work to determine whether a regulatory regime establishing a Consumer Data Right is desirable.

If you’re a banker or a fintech geek, this is big news. If you’re not, let’s take a step back.

‘Open Banking’ is a financial services term which means banks share customers’ data with authorised third-parties who are developing new apps and services. When using these apps, customers link their bank accounts using a secure API connection, and their data seamlessly flows into the apps.

So you’ll be able to do things like see all your different bank accounts in one place, or make payments direct from the app, or anything else an enterprising app developer comes up with. Ideally, the outcome is better customer experiences, because it will be so much easier for an ecosystem of app developers to create new and innovative ways for you to manage your money.

The Consumer Data Right (CDR) mentioned in the letter is a way of making Open Banking happen, by law. Put simply, the CDR means banks, power companies, telcos or anyone else holding customer data has to give those customers access to that data, so they can share it with the apps they choose to use. So, if the government followed through with a CDR in New Zealand, it would have huge implications for our fintech industry, the banks and their customers.

The key principle here, and one which Pocketful very much supports, is that you own your own data. Your bank account, your power bill , your health records: you should be able to use that data any way you like, with any app you like, because it’s yours. No question.

Unlike Australia and the UK, where open banking has been introduced via government regulation, in New Zealand the banks themselves are in charge. So, when the Minister said he is looking into the desirability of establishing a Consumer Data Right in New Zealand, he’s saying he’s looking at the possibility of regulating the banks so they have to open up data access.

That’s why it’s such a big deal.

Back in June 2018, the Minister made a speech at the biennial conference organised by Payments New Zealand, the bank-run governance organisation that effectively runs the payments system in New Zealand. Payments New Zealand (ie the banks) is also responsible for developing the rules around Open Banking, and has set up the API Centre which is in charge of developing standards for the industry and other Open Banking initiatives.

In his speech, Faafoi made clear the importance of Open Banking to New Zealand fintech sector, and to ordinary Kiwis:

Globally, there is an increased demand for access to banking data, and there is the potential for significant benefits from allowing a wider range of access to that data.

Benefits could exist in areas such as budgeting, banking competition, aggregating financial information, and, of course, payments.

He went on to issue a gentle warning, that unless the banks step up and open up, the government may take a more active role.

So far, government has mostly stood on the side-lines as an enthusiastic supporter of payment systems innovation. In the future, we will be testing whether there is more of a role for government in facilitating some form of Open Banking.

But the role we play is, in part, up to you. I encourage you to all be proactive. Speed is of the essence. I do not want to see New Zealand left behind in respect of the outcomes that Open Banking could deliver in terms of economic development and benefits for consumers.

Minister Faafoi addressing the Payments New Zealand Conference in 2018

Fast-forward to last Christmas, and it’s clear the Minister is losing patience. In his open letter, he doesn’t pull punches.

My primary concern is that the pace of progress will be too slow for the ecosystem to flourish and may cause considerable cost and barriers for third parties. This in turn restricts the development of the market as a whole and the delivery of products and services to end customers.

While I am in no doubt that staff in each bank have a passion for open banking and the potential associated with it, the current rate of progress appears to be both uncertain and slow.

I am concerned that this is a result of API Centre initiatives not being given sufficient priority by management. In addition to my own concerns, l have heard numerous concerns from third parties in relation to banks‘ timeframes for implementation of APl standards.

At this early stage of the development of an open banking ecosystem, success depends heavily on API Providers committing fully to delivering the necessary infrastructure and processes. The critical deliverables are the implementation of API standards, and the processes and policies for partnering with third parties through bilateral arrangements. If these key elements are not delivered efficiently, the whole ecosystem is constrained and put at risk.

To be fair to the banks, there has been some progress made, albeit, as the Minister puts it, in an ‘inefficient and fragmented’ way. Some of the banks have draft contracts in place that are being circulated for feedback from fintechs, but for this thing to work, we need all of the banks on board, at the same time, in a consistent way.

Meanwhile, the API Centre is a busy place: they have written Version 1.0 of the Open Banking standards, with Version 2.0 coming soon. They’ve set up working groups, and an API sandbox, and API trials are underway with some of the big players. But outside the working group meetings, with a few exceptions, there doesn’t seem to be any visible progress being made with fintechs, let alone customers.

It’s not all the banks’ fault. The big four Aussie banks are currently working their way through another set of regulatory work with Banking Standard 11 (BS11), which requires all of the banks to have their core IT infrastructure located in New Zealand. I spoke to a senior executive at one of the big four who told me that meeting the BS11 standard is collectively costing them a cool $2 billion, and severely stretching every available IT resource. Another told me his own bank was employing 300 additional IT staff to meet BS11, so perhaps it’s understandable that work on Open Banking has been delayed.

Having said that, we’re talking about four businesses that sent more than $5.7 billion in profit last year to their head offices in Australia. So paying for a few extra IT staff to vet and manage API access for local fintechs shouldn’t be too much of drama. Local banks aren’t off the hook either: Kiwibank, for example, has no BS11 headaches, yet still seems to have no Open Banking API’s to speak of, which is a continual head-scratcher to us and other fintechs.

So what happens next? Right now, fintechs are using scraping services to pull customer data from banks onto their platforms. This is nothing new: Xero was built on scraping their small business customers’ bank data (with their permission, of course) until they got direct access to some of the banks. Now fintechs like Jude are doing the same. When we need bank feeds for Pocketful, we’ll likely do it too, because there probably won’t be any other option.

This isn’t ideal. Scraping data works fine, but it’s no substitute for direct, secure, integrated, customer controlled access via API. With scraping, the user experience is degraded, data isn’t delivered in real time and strictly speaking, it breaks the banks’ own T’s and C’s . And what about security? In the current data-sharing landscrape, customers sign into apps and enter their bank details to grant access to their data. What happens to that data when the app is hacked, or sold to a dodgy operator? Under an API arrangement, at least the banks, and their customers, have the ability to ensure minimum security standards are met via an access agreement.

Reading further into the Minister’s letter, the future is looking clearer. He sets out exactly what he wants to see happen next:

To me, success over the short term would be to see all API Providers in market having implemented:

– Version 2.0 of the API standards (or any further updates),

– bilateral arrangements with third parties agreed on reasonable terms and within reasonable timeframes and

– a range of products or services in market delivering value safely and securely for consumers.

And, if that (exceedingly reasonable, in my view) wishlist isn’t delivered on, regulation may follow.

To further support consumers’ control over their own data and the development of New Zealand’s data economy generally, I have also directed my officials to provide me with advice on a possible Consumer Data Right in New Zealand. I expect to release a discussion document seeking public feedback on the issue in the first half of 2020.

At this stage, it is my intention that this work would only establish a legislative framework for the sharing of consumer data in particular designated sectors and would not necessarily be implemented unless necessary and appropriate. This would give industry further opportunity to continue to make progress and find its own solutions to the types of issues l have outlined above.

So, either the banks embrace Open Banking (and fast) or the government will enact a legislative framework to help hurry things along. Either way, your data is going to be set free, and that’s a great Christmas present for us all.