On 19 November 2019, the Basel Committee on Banking Supervision (BCBS) published its report on open banking and its implications for banks and banking supervision. The report builds on the BCBS’ previous findings on open banking and application programming interfaces (APIs) in its 2018 report (“Sound practices on the implications of FinTech developments for banks and bank supervisors”). We highlight findings from the report from a data protection perspective below.
The report (including the 2018 report) recognises that technological advances and customers’ need for greater access to information and services have transformed traditional banking, and potentially opened a divide between incumbent banks, and specialised FinTech firms and new intermediaries.
Data sharing in third party arrangements has been increasingly prevalent due to the diversity of services that open banking brings: financial management tools, seamless payment transmissions between banks, vertically integrated financial services – the list goes on. The BCBS has focused on ‘customer-permissioned data sharing’, where customers grant permission to third party firms to access their data through the customers’ banks. These third party firms would collect such data through data aggregators – which may employ various techniques, such as screen scraping or reverse engineering, to access and store customer credentials.Continue Reading Open banking: the Basel Committee on Banking Supervision has its say