Participants in Open Finance must provide information to the FSCA

Posted on

The FSCA has instructed all financial institutions and third-party providers (TPPs) that participate in Open Finance to submit information on their Open Finance-related activities.

Open Finance is the practice of financial institutions sharing their customers’ financial data with third parties for the provision of Open Finance Services by those third parties, and any related activities.

Open Finance Services mean services developed for a financial customer by a third party, using that customer’s financial data, which rely on the provision and movement and/or use of that customer’s data.

Examples of Open Finance are:

  • Account aggregation: A TTP aggregates a customer’s financial data (transactional, credit, investment, mortgage, and savings accounts) into a single location for that customer.
  • Financial management: A TPP aggregates the financial accounts into a single view, as referred to in account aggregation, and enriches the data (the data is processed to achieve segmentation, scoring, and personalisation) to provide guidance and steer customers to better manage their finances. The guidance can take the form of intermediary services and advice.
  • Payment initiation: Authorised TPPs can initiate payments on behalf of account-holders with their explicit consent. An instant electronic funds transfer is a payment method offered by a third party in partnership with e-commerce stores that automates the initiation of payments for consumers to e-commerce stores and provides immediate confirmation of payment to the e-commerce store to enable it to dispatch the goods or services purchased.
  • Alternative lending: A TPP securely connects to one or more financial institutions to retrieve financial data. Once retrieved, the TPP enriches the financial data by, for example, creating credit scores of the customers. This credit scoring is personalised and usable by lenders, brokers, and banks.
  • Open Insurance, which can be defined as accessing and sharing consumers’ insurance services data between insurers, intermediaries, and TPPs to build applications and services.

In July, the FSCA published its Draft Open Finance Position Paper setting out the Authority’s policy position and proposed approach to regulating Open Finance in South Africa. The FSCA invited stakeholders to submit comments on the policy proposals by 15 August.

“As a concurrent process, the FSCA is embarking on an information-gathering exercise to consider the uptake, usage, and practices by financial institutions and TPPs that participate in Open Finance within the South African landscape. Findings from the study will assist in shaping the Final Position Paper on Open Finance and the Conduct Standards to be developed in the future,” the Authority said in a communication published on 9 October.

All financial institutions and TPPs that participate in Open Finance must complete the information request online form on the Authority’s website by 10 November 2023.

Where a financial institution contracts with a third party to provide Open Finance Services to its customers, the financial institution must convey the Information Request to such contractors.

A failure by a financial institution or other supervised entities that participate in Open Finance to provide the specified information by the deadline is an offence under section 267 of the Financial Sector Regulation Act and is liable on conviction to a fine of up to R1 000 for each day during which the offence continues.

For more information about Information Request 2 of 2023 (General), contact the FSCA’s Financial Technology Department at Nolwazi.Hlophe@fsca.co.za.

Opportunities and risks in Open Finance

In a commentary on the Draft Position Paper, Webber Wentzel said Open Finance meets one of the FSCA’s strategic objectives because it offers an opportunity to advance financial inclusion initiatives and drive competition in the financial sector. The new market participants and enhanced range of products and services introduced by Open Finance will advance competition and overall customer value.

“Many Open Finance offerings leverage customer data to provide innovative and personalised financial services and products, including account integration, financial management, payment initiation, alternative lending, and insurance,” the law firm said.

Although Open Finance has not resulted in any notable scandals, it poses significant risks, particularly to consumers. The risks include privacy and data breaches, misconduct and fraud arising from data exposure, and operational and cybersecurity concerns. The purpose of the Draft Position Paper describes how the FSCA proposes to mitigate some of these risks.

Webber Wentzel set out the six regulatory proposals made in the Draft Position Paper as follows:

1. A regulated Open Finance regime

The FSCA recognises the important of regulating Open Finance because of the demographics of South African financial consumers. The lack of digital literacy requires regulatory intervention to ensure consumer outcomes and market trust.

The FSCA is exploring the potential for a phased mandatory regulatory regime for Open Finance, in which relevant financial institutions will be required to participate by developing the necessary infrastructure to share data with TPPs with the consent of financial customers. The Draft Position Paper notes that a mandatory regime may be more appropriate in jurisdictions where policies are geared towards promoting financial inclusion or increasing competition in the financial sector. The Draft Position Paper notes that a mandatory regime may be more appropriate in jurisdictions where policies are geared towards promoting financial inclusion or increasing competition in the financial sector.

A mandatory regulatory regime offers several benefits. It drives competitive behaviour and encourages financial institutions to develop Application Programming Interface (API) communication solutions. However, the FSCA acknowledges the necessity of assessing the complexities and costs involved in adopting a mandatory regime.

2. Tailored and proportionate regulatory oversight

The FSCA has identified four types of participants that will require regulatory oversight: financial institutions, TPPs, fintechs, and other service providers. The level of regulatory oversight over each participant will be proportionate to the risk it poses to Open Finance.

Currently, TPPs and APIs are not licensed as financial institutions and operate outside the FSCA’s regulatory ambit. The financial institutions already participating in Open Finance are not governed by a regulatory framework.

The oversight mechanisms contemplated include imposing data standards or conduct requirements on financial institutions and introducing licensing requirements on entities that use APIs to access customer accounts to provide financial services.

3. Informed consent for the use of customer data

Adopting comprehensive consent requirements is integral to Open Finance because as it will prevent the unauthorised collection and use of consumers’ data. The Draft Position Paper sets out proposed principles for obtaining and maintaining customer consent, including that consent to use customer data should be unbundled rather than aggregated with other consent agreements or permissions. Consent must also not be conditional on obtaining other bundled products and services.

The Protection of Personal Information Act already alludes to many of the principles in respect of consent proposed in the Draft Position Paper. The FSCA intends only to strengthen the existing regulatory framework to close any gaps.

4. Appropriate risk management and disclosure frameworks

The FSCA supports the adoption of risk management frameworks that will mitigate risks such as fraud and unwanted data breaches, as well as a disclosure framework that addresses the risks emanating from vulnerable customers who lack the necessary data literacy levels to provide informed consent.

5. Ensuring data protection and data-sharing standards

The Open Finance regime covers three types of data: generic services, customer, and transactional. The FSCA believes that setting data-sharing standards is important to prevent fragmented specifications and practices in the Open Finance regime.

The FSCA will engage its fellow regulators on proposals relating to data protection and data-sharing to ensure regulatory and supervisory alignment.

6. Providing complaints and dispute-resolution mechanisms

The Draft Position Paper sets out the importance of a statutory complaints framework to mitigate the risks of harm to consumers.

The FSCA acknowledges that financial institutions have existing obligations to manage complaints, which it believes to be sufficiently developed to accommodate an Open Finance regime. It proposes that, depending on the activity, the existing framework would apply. For example, a licensed financial services provider would apply the requirements of the General Code of Conduct.