Open Forum on Open Banking - Munich, 12 June 2018

Page created by Elizabeth Bates
 
CONTINUE READING
Open Forum on Open Banking - Munich, 12 June 2018
Open Forum on Open Banking
Munich, 12 June 2018
Open Forum on Open Banking - Munich, 12 June 2018
Russ Waterhouse
EVP Product and Strategy, The Clearing House
Open Forum on Open Banking - Munich, 12 June 2018
Strategic Approaches
     to Open Banking

           Open Forum on
            Open Banking
            June 12, 2018
Open Forum on Open Banking - Munich, 12 June 2018
TCH and industry stakeholders developed data aggregation best practices aligned
with three core values

              Core Values in Data Aggregation

                                                                            Protecting and enhancing the
                    Acting in the best interest of                                                                 Fostering efficiency within the
                                                                         stability and safety of the financial
                              customers                                                                                  financial industry
                                                                                       industry

                Guidelines and actions are in the                        Guidelines and actions help foster      Guidelines and actions should help
               best interest of customers and help                       a safe and sound financial system       all parties interact and share data
               them better manage their finances                           that reduces overall risks and        more efficiently, providing value to
               whilst protecting their privacy and                               creates resilience                       all parties involved
                              security

              Source: TCH Data Aggregation Working Group, A.T. Kearney

                                                                                                                                 TCH CONFIDENTIAL   4
Open Forum on Open Banking - Munich, 12 June 2018
TCH has been leading efforts to address privacy and security concerns created
by data aggregation through the pursuit of several action plans
              TCH Data Aggregation Action Plans

                                               Description                               Focus Area

                A Lead               Developing an integrated, bank-led
                                                                                          1 Collaborate with FS-ISAC’s Financial Data Exchange
                     Development of viewpoint on:
                     Core Principles  • Ecosystem collaboration (e.g., FS-
                     to Guide           ISAC, data aggregators,
                     Industry and                                                         2 Promote the principles playbook and conduct
                                        regulators)                                         industry education
                     Ecosystem
                     Activities       • Data aggregation principles
                                      • Data sensitivities and use                        3 Create a data aggregation model contract
                                                  • Technical and security standards
                                                  • Model contract
                                                                                          4 Coordinate a consumer education program
                                                  • Consumer education

                B Develop                       Creating core industry infrastructure
                                                                                          5
                                                                                              Create a certification vehicle and develop
                     Industry                   assets to address the emerging                assessments for trusted third parties
                     Infrastructure             critical need to strengthen the safety
                                                and security of consumer data
                                                                                          6 Design a central permissions hub

              Source: TCH Data Aggregation Working Group, A.T. Kearney

                                                                                                                             TCH CONFIDENTIAL   5
Open Forum on Open Banking - Munich, 12 June 2018
Consumers desire ability to control access and have straightforward data privacy expectations
               Consumer Research Summary Findings and Preferred Third-Party Controls

               Level of concern and discomfort regarding data privacy                                                    Preferred third-party controls
               and data sharing1                                                                                         % who selected each option among a targeted
                                                                                                                         population of FinTech users
                                                                                                                                    56%
                                  …of US banked customers over the                                                                                          51%
                                  age of 18 are “uncomfortable” with
                   70%            services providers2 sharing their data
                                  w/third parties

                                   …of FinTech users specifically are at
                   67%             least “very concerned” about their
                                   data privacy when using FinTech apps                                                                                                            18%

                                   …to 63% of FinTech users specifically
                                   are “uncomfortable” or “very                                                                                                                                            4%
                   44%             uncomfortable” sharing most
                                   payment information and financial                                                        I would like to          I would like to  I would like my   I am indifferent
                                                                                                                             control which          provide explicit primary financial to the access and
                                   information / history3                                                                   of my financial        consent to every     institution to usage of my data
                                                                                                                             accounts and           third-party that   control which
                    Level of discomfort increases as data sensitivity                                                       data types can          seeks to access third-parties have
                       increases (e.g., email vs. biometric data)                                                           be accessed by              my data      access to my data
                                                                                                                            any third-party
              1. Sample size across insights vary by population discussed. (US banked consumers N=2,030, Targeted FinTech users N=1,504)
              2. Service providers include retailers, online merchants, mobile wallets, or P2P payment services
              3. Financial information and history include credit card number, bank account number, loan information and history
              Question: How would you like to be able to control third-party (e.g., non-bank financial applications, companies supporting the non-bank financial applications) access to, and use of, your data?
              Please select all that apply
              Source: Q1 2018 TCH / A.T. Kearney Payments and FinTech Survey (US banked consumers N=2,030, Targeted FinTech users N=1,504)

                                                                                                                                                                                                                   6
Open Forum on Open Banking - Munich, 12 June 2018
Consumers desire the control, the transparency, and the ability to actively manage their permissions in a secure way
               Potential Consumer Permissions Portal Design
                                                                                                                                                            Illustrative

                        Bank Account Security Dashboard

                                                                         Data Scope Modification                       Account Detail Modification
                           John Doe’s iPhone

                                                                                      App. A                                         App. A
                          Mac OS X 10_13_3
                          (bank.com)
                                                                         Connect Data                                   Connect Account(s)
                                                                         to App. A                                      to App. A
                           Jane Doe’s iPhone
                                                                         By clicking Next, you authorize                By clicking Next, you authorize Bank
                                                                         Bank ABC to grant access to share              ABC to grant access to share data with
                                                                         data with App. A for the functions   and/or    App. A for the following accounts:
                                                                         and data:                                            Checking
                                                                         ▾ Personal budgeting                                  Account ending in 7488
                                                                               ▸      Account details                          Credit card
                   Linked apps and websites (3 active)
                                                                               ▸      Transactions
                                                                                                                        
                                                                                                                        
                                                                                                                                Account ending in 0345
                                                                         ▸    Bills                                           Mortgage loan
                        App. A                    Remove
                                                                         ▸    Tax preparation
                                                                                                                               Account ending in 9873

                        App. B                    Remove

                        App. C                    Remove

                  Once you select “remove”, your account(s) will
                  cease to transmit data to that app or website

              Source: TCH Data Aggregation Working Group, A.T. Kearney

                                                                                                                                           TCH CONFIDENTIAL       7
Open Forum on Open Banking - Munich, 12 June 2018
Parth Desai
Founder and CEO, Pelican
Open Forum on Open Banking - Munich, 12 June 2018
Digital India – an update
Parth Desai
Founder & CEO, Pelican

                         © Copyright Pelican 2018 | pelican.ai
Open Forum on Open Banking - Munich, 12 June 2018
KEY DRIVERS FOR THE INDIAN DIGITAL ECONOMY

       1.   SOCIAL
            • Subsidies fully not reaching the needy
            • Lack of Financial Inclusion (especially poor and rural India)

       2.   FISCAL
            • Reduce usage of Cash based transactions (out of ambit of taxation authorities)
            • Reduce avenues for use of black money like gold & properties etc

       3.   REDUCE COSTS USING TECHNOLOGY
            • Leveraging on vast use of mobile phones (Total 730m, smart phones 340m)
            • Biometric technologies matured, available for security and KYC

       4.   BUILD ROBUST BANKING INFRASTRUCTURE
            • Several large banks are nationalised with e-systems
            • Central Payments Body - NPCI

                                         © Copyright Pelican 2018 | pelican.ai                 10
OVERVIEW OF GOVT DIGITAL OFFERINGS IN INDIA

              2005                  2009                                                     2005

              2011                        2010                                      2012

                       2014                 2017                      2016            2011

                2016                                          2016           2016

                              © Copyright Pelican 2018 | pelican.ai                                 11
OVERVIEW OF DIGITAL BANKING IN INDIA

                            © Copyright Pelican 2018 | pelican.ai   12
INDIA STACK – OPEN API TO DIGITAL INFRASTRUCTURE

                                                                    Cashless

                                                                    Paperless

                                                                    Presence-less

                                                                    Governments,

                                                                    Businesses,

                                                                    Startups and

                                                                    Developers

                           © Copyright Pelican 2018 | pelican.ai                     13
© Copyright Pelican 2018 | pelican.ai   14
© Copyright Pelican 2018 | pelican.ai   15
© Copyright Pelican 2018 | pelican.ai   16
© Copyright Pelican 2018 | pelican.ai   17
E-KYC

        © Copyright Pelican 2018 | pelican.ai   18
EVOLUTION OF MAJOR APPS
       1.   PAYTM
             E-Wallet services provides bank to bank transfer
             using its UPI services or Paytm Payments Bank Account
             requires KYC updation

       2.   GOOGLE TEZ
            Along with mobile wallet features Tez comes with
             a special Cash Mode - which lets payment to another Tez user nearby, without having to share
               personal details like your bank account or phone number for which Google uses proprietary AQR
               (Audio QR) technology.
             Also, it is available in multiple Indian languages such as Telugu, Tamil, Marathi, Kannada, Gujarati,
               Bengali, and Hindi.

       3.   WHATSAPP
             WhatsApp In-Chat Payment feature – make payments to anyone from their WhatsApp contact list.
             users to both send and receive money. The social media messaging application has tied up with
              some of the largest banks in the country to make this service available to consumers.
             The payment system via UPI method, transfers can be initiated without having to provide bank
              account number and IFSC codes.

                                        © Copyright Pelican 2018 | pelican.ai                                         19
PAYTM – E-wallet & Payments Bank Services

                         © Copyright Pelican 2018 | pelican.ai   20
© Copyright Pelican 2018 | pelican.ai   21
TEZ – Launched by technology giant Google

    Facility to link several       Payments, Funds FT & Ask Money       Special Cash Mode
       bank accounts

                                © Copyright Pelican 2018 | pelican.ai                       22
TEZ – Launched by technology giant Google

      Offers & Rewards              Multiple Indian languages             Tez Shield to detect fraud,
                                                                          hacking, and verify identity

12.

                                  © Copyright Pelican 2018 | pelican.ai                             23
WHATSAPP PAYMENTS – WhatsApp In-Chat Payment feature (beta version to select users)

      Mobile number             Link several
      verification             bank accounts                          Set UPI PIN   Verifying bank details
12.

                                  © Copyright Pelican 2018 | pelican.ai                                24
WHATSAPP PAYMENTS – WhatsApp In-Chat Payment feature (beta version to select users)
12.
                     Send & Receive Money using ‘Attachment’ option in chat

                                   © Copyright Pelican 2018 | pelican.ai              25
MAJOR SUCCESS STORY

  4.   JIO Mobile

       New 4G service in 2017 - 100 Million customers onboarded in 170 days!        177 million in 1 year!

       Key Achievements:

                New Service (initially free), now with low fees - 5¢ per GB
                31 PB of data usage per day within 6 months
                More than combined usage of all US mobile users, 50% more than China’s mobile users
                India in now # 1 in mobile data usage, earlier it was # 159
                Revolutionary onboarding experience using e-KYC
                ‘walk-out-working’ – mobile activation reduced from 48hrs to paperless 5-15 mins
                Drastically lowered data rates and mobile calls fees throughout the industry
                Proliferation of 4G smartphones – to 400 million – more than in the US

                                          © Copyright Pelican 2018 | pelican.ai                              26
JioMoney Wallet – Launched by Reliance Jio

  12.
Features of JioMoney Wallet

                                    © Copyright Pelican 2018 | pelican.ai   27
JioMoney Wallet – Launched by Reliance Jio

          JioMoney                                Scan & Go                      Host of Offers
   A Universe beyond cash                    Pay faster than cash         Exclusive deals & discounts

                                  © Copyright Pelican 2018 | pelican.ai                            28
INCENTIVES & EFFORTS TO PROMOTE DIGITAL PAYMENT

      INCENTIVES

         •   10% discounts at fuel purchase, highway tolls, rail tickets and insurance premiums

         •   No service tax on all digital transaction up to Rs. 2,000

         •   PSBs advised to reduce PoS rentals to Rs. 100 per month

         •   Free accident insurance cover of up to Rs. 1 million for online rail tickets

         •   No transaction fees for payments made through digital means by Central Government
             Departments and PSUs

      EFFORTS

         •   100,000 villages to be provided with at least 2 PoS machines

         •   Regional Rural Banks & Cooperative Banks to issue 43,2M “Rupay Kisan Cards”

                                         © Copyright Pelican 2018 | pelican.ai                    29
DATA PROTECTION LAWS INDIA

     • Enormous amount of data (personal & demographic) collated by way of AADHAR (fig below)
     • Absence of a larger data protection framework
         • The IT Act rules only applicable to corporate entities, not to any arm of the government (which stores bulk of
           the Aadhar information). Provisions of the Aadhaar Act are not adequate.
     • Consumers Awareness
         • No rights to a person on the privacy of his data
         • Citizens don’t have much recourse, as breach of personal information cannot be grounds for seeking
           damage

                                         © Copyright Pelican 2018 | pelican.ai                                        30
DATA PROTECTION LAWS INDIA

      Indian Legal Framework :

          • Currently, no specific law exists in India on the subject of data protection or on the violation of
            the privacy of an individual.

          • Right to Privacy to be part of the Indian Constitution as per Supreme Court judgement

          • The government has constituted an expert committee under the chairmanship of Justice
            (Retired) BN Srikrishna to chart out a data protection framework for India by end of 2018

          • Key Principles being considered

                  Technology agnostic
                  Holistic application
                  Informed content
                  Data minimisation
                  Controller accountability
                  Structured enforcement
                  Deterrent Penalties

                                               © Copyright Pelican 2018 | pelican.ai                              31
KEY CHALLENGES FACING DIGITAL INDIA

       1.   CASH HABIT – A large percentage of population still are habituated to use cash

       2.   COMPLEXITY OF USE – Many digital product complex – elderly and less literate
            population

       3.   LACK OF BENEFITS – Lack of compelling benefits or advantages of using digital payments

       4.   INCONVENIENT – Perceived inconvenience and prone to errors (high rate of illiteracy)

       5.   NO INCENTIVES – Lack of incentives to use digital payments especially in rural India

       6.   SECURITY ISSUES – Lack of robust security features by the regulatory authorities

       7.   RURAL REACH – Government not effective in ensuring reach into rural areas

       8.   AADHAAR CONCERN – Use of Aadhaar card in multiple applications (“”Big Brother” issue)

                                       © Copyright Pelican 2018 | pelican.ai                         32
Thank
            You

© Copyright Pelican 2018 | pelican.ai   33
James Whittle
Director Of International Standards And Services, New Payment System
Operator
NPSO Ltd.

PSD2 API interface – what does good look like?

The challenges, timescales and deliverables of the API Evaluation Group

                                                                                35
Did you know? There is an industry group helping to define what a
                     “good” PSD2 interface should look like

 API EG is a market-facing group - the European Commission, European Banking
  Authority and European Central Bank participate as active observers
 The creation of the group was proposed by the European Commission in November
  2017
 Core deliverable – published guidance to the market on what ”good looks like” for
  PSD2 access via a dedicated interface (PSD2/RTS)
 Key objective – dramatically improve market certainty that investment in the
  dedicated interface by an ASPSP [bank] will be exempted from providing the
  contingency mechanism (fall-back solution)
 Key consideration – to be exempted, a dedicated interface must have “been designed
   and tested in accordance with Article 30(5) to the satisfaction of the payment
   service providers” [RTS article 33 6b]

                                                  Access & Innovation
                 Risk & liability

                                      Legal
                                    Exemption

                                                                                    NPSO Ltd.
API EG Mandate

 API EG shall
    Evaluate standardised API specifications to help ensure compliance with PSD2 and
       the RTS and help ensure that the API specifications meet the needs of all market
       participants

     Make recommendations aimed towards API specifications convergence on a
      European level and to help establish harmonised market practices

     Provide a broadly supported source of market guidance relevant to market
      initiatives and ASPSPs implementing dedicated interfaces. This guidance may also
      be of relevance to National Competent Authorities (NCAs) when deciding whether
      or not an ASPSP that has chosen to develop a dedicated interface should be
      exempt from the requirement to have a fall-back option in place

 The API EG as such does not have any decision-making power toward NCAs as it is a
  market facing group

                                                                                          NPSO Ltd.
Deliverables and timing

       1. Define objective API evaluation criteria and guidance, including the scope of
          information to be provided, implementation of authentication processes and PSU
          consent handling;
       2. Evaluate specific market API standardisation initiatives* for conformance with the
          evaluation criteria and guidance, and to make recommendations to ensure that API
          standardisation initiatives fully meet the needs of all stakeholders
       3. Evaluate representative examples of the practical implementation of specific API
          standardisation initiatives, i.e. specific APIs;
       4. Provide guidance to the market on key performance metrics, such as API security
          and performance requirements;
       5. Define high level principles and the market approach toward a common testing
          framework

  API EG commenced its work in January 2018 and is striving to finalise its deliverables
   relevant to the evaluation of APIs by June 2018

 Please Note: guidance provided by the API EG should also be relevant for ASPSPs that have
 implemented APIs not based on standards published by market API standardisation initiatives

*Berlin Group, Open Banking, STET, Polish Bankers Ass. and Slovak Bankers Ass.   38
                                                                                               NPSO Ltd.
API EG Team

 Group composition
     3 ASPSP reps
     3 TPP reps
     3 PSU reps
     1 rep from EMA
     1 rep from EPIF
     Co-chairs; 1 from ASPSP community and 1
      from TPP community

 The European Commission, European Banking
  Authority, ECB are invited as observers.
  Secretariat support provided by the European
  Payments Council (EPC)

 Work of API EG vis-à-vis the standardisation
  initiatives is carried out via technical expert
  subgroups, with a ”linking pin” between the
  subgroups and API EG

                                                        39
                                                                  NPSO Ltd.
Current status

 First pass review of API standardisation initiatives
     Berlin Group, Open Banking, Polish API initiative, STET, Slovak API initiative

 Questions recently asked to API standardisation initiatives on what functionalities they
  support

 Drafting of guidance ongoing – ”recommended functionalities”

 Number of ”hot topics” identified and being discussed – authentication (SCA) guidance
  recently finalised and published

 Next meeting on June 8th

 API EG documents (Terms of Reference, minutes, recommendations etc.) are published
  at the website of European Payments Council
  (https://www.europeanpaymentscouncil.eu)

                                             40
                                                                                             NPSO Ltd.
Etienne Goosse
Director General, European Payment Council
Have a good EBAday!

   For any comments or questions, please contact us at
   open_banking_forum@abe-eba.eu

Open Forum on Open Banking 20th June 2017                42
You can also read