What can Canadian policy makers focus on to successfully enable open banking?
1. Clearly define roles in the open banking system
More accessible data, participants, and risks bring expanded requirements. Looking to other countries’ experiences can help Canada address requirements for anything from maintaining consumer privacy to ensuring a level playfield between incumbents and new entrants. The UK, Australia and others can all offer food for policy development thought.
2. Prescribe open access to data
Striking the right balance between enabling data sharing and maintaining consumer privacy is huge. Canada should consider updating the Personal Information Protection and Electronic Documents Act (PIPEDA) to bring it closer to standards already in effect in Europe and elsewhere. Refreshing it with a focus on data portability, the right to erasure, and default opt-in language matters.
3. Create trust in the ecosystem by authorizing third-party providers
An open banking ecosystem means sensitive data will extend beyond financial institutions – driving the need for greater trust. The way Canada validates parties in other jurisdictions will be fundamental to fostering that trust. That could mean a bank-specific model, where third-party providers register with each financial institution on an individual basis. Or, a centralized model, where third-party providers register with the authorities once and gain access to banks’ APIs without contractual agreements. Both models bring unique pros and cons. Canada could choose a step approach culminating in a centralized third-party provider validation mechanism, possibly improving speed to market, and making for a more competitive landscape at the same time.
4. Manage consent and authorization between consumers, third parties and financial institutions
Consumer consent should be transparent, temporal and purpose-driven. Consent and authorization management models are typically bank-specific. To work effectively, the concept of real-time updating needs to apply to the consent management piece. That’s because the faster consent withdrawal reaches a bank, the faster a bank can protect funds for a consumer who has withdrawn before a third-party delivers a service. That might throw a wrench in some third-party providers’ aim for seamless service. But it also mitigates direct debt fraud, and it’s prescribed in other jurisdictions like the UK.
5. Educate consumers and provide mechanisms for dispute resolution
Consumers need coherent, simple messaging to truly understand what open banking means, and in turn, open themselves up to its possibilities. In EY’s UK Open Banking FinTech Snapshot, consumer education was named the top area where more could be done to help open banking succeed. Canada will need streamlined procedures to resolve potential disputes, including between financial institutions and third parties when there’s a disagreement over responsibility for an unauthorized transaction or data exchange. The industry needs to speak the same language around open banking. That means having specific provisions in place for dispute resolution, and settling liabilities.