Open Forum on Open Banking - Munich, 12 June 2018
←
→
Page content transcription
If your browser does not render page correctly, please read the page content below
Open Forum on Open Banking Munich, 12 June 2018
Russ Waterhouse EVP Product and Strategy, The Clearing House
Strategic Approaches
to Open Banking
Open Forum on
Open Banking
June 12, 2018
TCH and industry stakeholders developed data aggregation best practices aligned
with three core values
Core Values in Data Aggregation
Protecting and enhancing the
Acting in the best interest of Fostering efficiency within the
stability and safety of the financial
customers financial industry
industry
Guidelines and actions are in the Guidelines and actions help foster Guidelines and actions should help
best interest of customers and help a safe and sound financial system all parties interact and share data
them better manage their finances that reduces overall risks and more efficiently, providing value to
whilst protecting their privacy and creates resilience all parties involved
security
Source: TCH Data Aggregation Working Group, A.T. Kearney
TCH CONFIDENTIAL 4
TCH has been leading efforts to address privacy and security concerns created
by data aggregation through the pursuit of several action plans
TCH Data Aggregation Action Plans
Description Focus Area
A Lead Developing an integrated, bank-led
1 Collaborate with FS-ISAC’s Financial Data Exchange
Development of viewpoint on:
Core Principles • Ecosystem collaboration (e.g., FS-
to Guide ISAC, data aggregators,
Industry and 2 Promote the principles playbook and conduct
regulators) industry education
Ecosystem
Activities • Data aggregation principles
• Data sensitivities and use 3 Create a data aggregation model contract
• Technical and security standards
• Model contract
4 Coordinate a consumer education program
• Consumer education
B Develop Creating core industry infrastructure
5
Create a certification vehicle and develop
Industry assets to address the emerging assessments for trusted third parties
Infrastructure critical need to strengthen the safety
and security of consumer data
6 Design a central permissions hub
Source: TCH Data Aggregation Working Group, A.T. Kearney
TCH CONFIDENTIAL 5
Consumers desire ability to control access and have straightforward data privacy expectations
Consumer Research Summary Findings and Preferred Third-Party Controls
Level of concern and discomfort regarding data privacy Preferred third-party controls
and data sharing1 % who selected each option among a targeted
population of FinTech users
56%
…of US banked customers over the 51%
age of 18 are “uncomfortable” with
70% services providers2 sharing their data
w/third parties
…of FinTech users specifically are at
67% least “very concerned” about their
data privacy when using FinTech apps 18%
…to 63% of FinTech users specifically
are “uncomfortable” or “very 4%
44% uncomfortable” sharing most
payment information and financial I would like to I would like to I would like my I am indifferent
control which provide explicit primary financial to the access and
information / history3 of my financial consent to every institution to usage of my data
accounts and third-party that control which
Level of discomfort increases as data sensitivity data types can seeks to access third-parties have
increases (e.g., email vs. biometric data) be accessed by my data access to my data
any third-party
1. Sample size across insights vary by population discussed. (US banked consumers N=2,030, Targeted FinTech users N=1,504)
2. Service providers include retailers, online merchants, mobile wallets, or P2P payment services
3. Financial information and history include credit card number, bank account number, loan information and history
Question: How would you like to be able to control third-party (e.g., non-bank financial applications, companies supporting the non-bank financial applications) access to, and use of, your data?
Please select all that apply
Source: Q1 2018 TCH / A.T. Kearney Payments and FinTech Survey (US banked consumers N=2,030, Targeted FinTech users N=1,504)
6
Consumers desire the control, the transparency, and the ability to actively manage their permissions in a secure way
Potential Consumer Permissions Portal Design
Illustrative
Bank Account Security Dashboard
Data Scope Modification Account Detail Modification
John Doe’s iPhone
App. A App. A
Mac OS X 10_13_3
(bank.com)
Connect Data Connect Account(s)
to App. A to App. A
Jane Doe’s iPhone
By clicking Next, you authorize By clicking Next, you authorize Bank
Bank ABC to grant access to share ABC to grant access to share data with
data with App. A for the functions and/or App. A for the following accounts:
and data: Checking
▾ Personal budgeting Account ending in 7488
▸ Account details Credit card
Linked apps and websites (3 active)
▸ Transactions
Account ending in 0345
▸ Bills Mortgage loan
App. A Remove
▸ Tax preparation
Account ending in 9873
App. B Remove
App. C Remove
Once you select “remove”, your account(s) will
cease to transmit data to that app or website
Source: TCH Data Aggregation Working Group, A.T. Kearney
TCH CONFIDENTIAL 7
Parth Desai Founder and CEO, Pelican
Digital India – an update
Parth Desai
Founder & CEO, Pelican
© Copyright Pelican 2018 | pelican.ai
KEY DRIVERS FOR THE INDIAN DIGITAL ECONOMY
1. SOCIAL
• Subsidies fully not reaching the needy
• Lack of Financial Inclusion (especially poor and rural India)
2. FISCAL
• Reduce usage of Cash based transactions (out of ambit of taxation authorities)
• Reduce avenues for use of black money like gold & properties etc
3. REDUCE COSTS USING TECHNOLOGY
• Leveraging on vast use of mobile phones (Total 730m, smart phones 340m)
• Biometric technologies matured, available for security and KYC
4. BUILD ROBUST BANKING INFRASTRUCTURE
• Several large banks are nationalised with e-systems
• Central Payments Body - NPCI
© Copyright Pelican 2018 | pelican.ai 10OVERVIEW OF GOVT DIGITAL OFFERINGS IN INDIA
2005 2009 2005
2011 2010 2012
2014 2017 2016 2011
2016 2016 2016
© Copyright Pelican 2018 | pelican.ai 11OVERVIEW OF DIGITAL BANKING IN INDIA
© Copyright Pelican 2018 | pelican.ai 12INDIA STACK – OPEN API TO DIGITAL INFRASTRUCTURE
Cashless
Paperless
Presence-less
Governments,
Businesses,
Startups and
Developers
© Copyright Pelican 2018 | pelican.ai 13© Copyright Pelican 2018 | pelican.ai 14
© Copyright Pelican 2018 | pelican.ai 15
© Copyright Pelican 2018 | pelican.ai 16
© Copyright Pelican 2018 | pelican.ai 17
E-KYC
© Copyright Pelican 2018 | pelican.ai 18EVOLUTION OF MAJOR APPS
1. PAYTM
E-Wallet services provides bank to bank transfer
using its UPI services or Paytm Payments Bank Account
requires KYC updation
2. GOOGLE TEZ
Along with mobile wallet features Tez comes with
a special Cash Mode - which lets payment to another Tez user nearby, without having to share
personal details like your bank account or phone number for which Google uses proprietary AQR
(Audio QR) technology.
Also, it is available in multiple Indian languages such as Telugu, Tamil, Marathi, Kannada, Gujarati,
Bengali, and Hindi.
3. WHATSAPP
WhatsApp In-Chat Payment feature – make payments to anyone from their WhatsApp contact list.
users to both send and receive money. The social media messaging application has tied up with
some of the largest banks in the country to make this service available to consumers.
The payment system via UPI method, transfers can be initiated without having to provide bank
account number and IFSC codes.
© Copyright Pelican 2018 | pelican.ai 19PAYTM – E-wallet & Payments Bank Services
© Copyright Pelican 2018 | pelican.ai 20© Copyright Pelican 2018 | pelican.ai 21
TEZ – Launched by technology giant Google
Facility to link several Payments, Funds FT & Ask Money Special Cash Mode
bank accounts
© Copyright Pelican 2018 | pelican.ai 22TEZ – Launched by technology giant Google
Offers & Rewards Multiple Indian languages Tez Shield to detect fraud,
hacking, and verify identity
12.
© Copyright Pelican 2018 | pelican.ai 23WHATSAPP PAYMENTS – WhatsApp In-Chat Payment feature (beta version to select users)
Mobile number Link several
verification bank accounts Set UPI PIN Verifying bank details
12.
© Copyright Pelican 2018 | pelican.ai 24WHATSAPP PAYMENTS – WhatsApp In-Chat Payment feature (beta version to select users)
12.
Send & Receive Money using ‘Attachment’ option in chat
© Copyright Pelican 2018 | pelican.ai 25MAJOR SUCCESS STORY
4. JIO Mobile
New 4G service in 2017 - 100 Million customers onboarded in 170 days! 177 million in 1 year!
Key Achievements:
New Service (initially free), now with low fees - 5¢ per GB
31 PB of data usage per day within 6 months
More than combined usage of all US mobile users, 50% more than China’s mobile users
India in now # 1 in mobile data usage, earlier it was # 159
Revolutionary onboarding experience using e-KYC
‘walk-out-working’ – mobile activation reduced from 48hrs to paperless 5-15 mins
Drastically lowered data rates and mobile calls fees throughout the industry
Proliferation of 4G smartphones – to 400 million – more than in the US
© Copyright Pelican 2018 | pelican.ai 26JioMoney Wallet – Launched by Reliance Jio
12.
Features of JioMoney Wallet
© Copyright Pelican 2018 | pelican.ai 27JioMoney Wallet – Launched by Reliance Jio
JioMoney Scan & Go Host of Offers
A Universe beyond cash Pay faster than cash Exclusive deals & discounts
© Copyright Pelican 2018 | pelican.ai 28INCENTIVES & EFFORTS TO PROMOTE DIGITAL PAYMENT
INCENTIVES
• 10% discounts at fuel purchase, highway tolls, rail tickets and insurance premiums
• No service tax on all digital transaction up to Rs. 2,000
• PSBs advised to reduce PoS rentals to Rs. 100 per month
• Free accident insurance cover of up to Rs. 1 million for online rail tickets
• No transaction fees for payments made through digital means by Central Government
Departments and PSUs
EFFORTS
• 100,000 villages to be provided with at least 2 PoS machines
• Regional Rural Banks & Cooperative Banks to issue 43,2M “Rupay Kisan Cards”
© Copyright Pelican 2018 | pelican.ai 29DATA PROTECTION LAWS INDIA
• Enormous amount of data (personal & demographic) collated by way of AADHAR (fig below)
• Absence of a larger data protection framework
• The IT Act rules only applicable to corporate entities, not to any arm of the government (which stores bulk of
the Aadhar information). Provisions of the Aadhaar Act are not adequate.
• Consumers Awareness
• No rights to a person on the privacy of his data
• Citizens don’t have much recourse, as breach of personal information cannot be grounds for seeking
damage
© Copyright Pelican 2018 | pelican.ai 30DATA PROTECTION LAWS INDIA
Indian Legal Framework :
• Currently, no specific law exists in India on the subject of data protection or on the violation of
the privacy of an individual.
• Right to Privacy to be part of the Indian Constitution as per Supreme Court judgement
• The government has constituted an expert committee under the chairmanship of Justice
(Retired) BN Srikrishna to chart out a data protection framework for India by end of 2018
• Key Principles being considered
Technology agnostic
Holistic application
Informed content
Data minimisation
Controller accountability
Structured enforcement
Deterrent Penalties
© Copyright Pelican 2018 | pelican.ai 31KEY CHALLENGES FACING DIGITAL INDIA
1. CASH HABIT – A large percentage of population still are habituated to use cash
2. COMPLEXITY OF USE – Many digital product complex – elderly and less literate
population
3. LACK OF BENEFITS – Lack of compelling benefits or advantages of using digital payments
4. INCONVENIENT – Perceived inconvenience and prone to errors (high rate of illiteracy)
5. NO INCENTIVES – Lack of incentives to use digital payments especially in rural India
6. SECURITY ISSUES – Lack of robust security features by the regulatory authorities
7. RURAL REACH – Government not effective in ensuring reach into rural areas
8. AADHAAR CONCERN – Use of Aadhaar card in multiple applications (“”Big Brother” issue)
© Copyright Pelican 2018 | pelican.ai 32Thank
You
© Copyright Pelican 2018 | pelican.ai 33James Whittle Director Of International Standards And Services, New Payment System Operator
NPSO Ltd.
PSD2 API interface – what does good look like?
The challenges, timescales and deliverables of the API Evaluation Group
35Did you know? There is an industry group helping to define what a
“good” PSD2 interface should look like
API EG is a market-facing group - the European Commission, European Banking
Authority and European Central Bank participate as active observers
The creation of the group was proposed by the European Commission in November
2017
Core deliverable – published guidance to the market on what ”good looks like” for
PSD2 access via a dedicated interface (PSD2/RTS)
Key objective – dramatically improve market certainty that investment in the
dedicated interface by an ASPSP [bank] will be exempted from providing the
contingency mechanism (fall-back solution)
Key consideration – to be exempted, a dedicated interface must have “been designed
and tested in accordance with Article 30(5) to the satisfaction of the payment
service providers” [RTS article 33 6b]
Access & Innovation
Risk & liability
Legal
Exemption
NPSO Ltd.API EG Mandate
API EG shall
Evaluate standardised API specifications to help ensure compliance with PSD2 and
the RTS and help ensure that the API specifications meet the needs of all market
participants
Make recommendations aimed towards API specifications convergence on a
European level and to help establish harmonised market practices
Provide a broadly supported source of market guidance relevant to market
initiatives and ASPSPs implementing dedicated interfaces. This guidance may also
be of relevance to National Competent Authorities (NCAs) when deciding whether
or not an ASPSP that has chosen to develop a dedicated interface should be
exempt from the requirement to have a fall-back option in place
The API EG as such does not have any decision-making power toward NCAs as it is a
market facing group
NPSO Ltd.Deliverables and timing
1. Define objective API evaluation criteria and guidance, including the scope of
information to be provided, implementation of authentication processes and PSU
consent handling;
2. Evaluate specific market API standardisation initiatives* for conformance with the
evaluation criteria and guidance, and to make recommendations to ensure that API
standardisation initiatives fully meet the needs of all stakeholders
3. Evaluate representative examples of the practical implementation of specific API
standardisation initiatives, i.e. specific APIs;
4. Provide guidance to the market on key performance metrics, such as API security
and performance requirements;
5. Define high level principles and the market approach toward a common testing
framework
API EG commenced its work in January 2018 and is striving to finalise its deliverables
relevant to the evaluation of APIs by June 2018
Please Note: guidance provided by the API EG should also be relevant for ASPSPs that have
implemented APIs not based on standards published by market API standardisation initiatives
*Berlin Group, Open Banking, STET, Polish Bankers Ass. and Slovak Bankers Ass. 38
NPSO Ltd.API EG Team
Group composition
3 ASPSP reps
3 TPP reps
3 PSU reps
1 rep from EMA
1 rep from EPIF
Co-chairs; 1 from ASPSP community and 1
from TPP community
The European Commission, European Banking
Authority, ECB are invited as observers.
Secretariat support provided by the European
Payments Council (EPC)
Work of API EG vis-à-vis the standardisation
initiatives is carried out via technical expert
subgroups, with a ”linking pin” between the
subgroups and API EG
39
NPSO Ltd.Current status
First pass review of API standardisation initiatives
Berlin Group, Open Banking, Polish API initiative, STET, Slovak API initiative
Questions recently asked to API standardisation initiatives on what functionalities they
support
Drafting of guidance ongoing – ”recommended functionalities”
Number of ”hot topics” identified and being discussed – authentication (SCA) guidance
recently finalised and published
Next meeting on June 8th
API EG documents (Terms of Reference, minutes, recommendations etc.) are published
at the website of European Payments Council
(https://www.europeanpaymentscouncil.eu)
40
NPSO Ltd.Etienne Goosse Director General, European Payment Council
Have a good EBAday! For any comments or questions, please contact us at open_banking_forum@abe-eba.eu Open Forum on Open Banking 20th June 2017 42
You can also read
