Consultation outcome

The future oversight of the CMA’s open banking remedies

Updated 25 March 2022

Introduction

In January 2020 the Open Banking Implementation Trustee (the Trustee) sent the CMA his proposal for a revised Agreed Timetable and Project Plan (the Roadmap) which he said would “successfully deliver against the implementation requirements of the Retail Banking Market Investigation Order 2017 (the Order) as they relate to Open Banking. [footnote 1] An amended version of these proposals, adjusted to reflect the impact of the coronavirus (COVID-19) pandemic on the delivery timetable, was adopted by the CMA in May 2020. Although some of the dates have moved back since then, the implementation requirements of the Order will be delivered by the end of 2021.

The purpose of this document is to seek stakeholder views on what arrangements it would be appropriate to put in place to ensure the effective oversight and governance of the CMA’s open banking remedies following the delivery of the implementation requirements of the Order and how we should manage the transition process towards this new governance model.

Design considerations for the future oversight of the open banking remedies

Previous references to the future governance of the ecosystem

Neither the CMA’s Market Investigation Report nor the Order set out explicitly what arrangements should be put in place following implementation of the Order. However, paragraph 17 of Part A of Schedule 1 of the Explanatory Note to the Order anticipates the “need to ensure that open banking standards and governance processes are maintained beyond the implementation of the last stage of the CMA remedies in January 2018 [footnote 2] and are consistent with the adoption of open API standards in other sectors of the financial services market, for example mortgages.” Paragraph 39 further states that “once the Read-only Data Standard and Read/Write Data Standard are adopted there may be merit in either (i) expanding the scope of the Implementation Entity or (ii) creating a new industry body, or working with an existing one, to oversee the structure and development of APIs.” This section of the Explanatory Note concludes “Ultimately the CMA, while wishing to ensure the remedy remains effective, would welcome these bodies and the industry taking ownership of these issues and it may be appropriate at that stage to agree different arrangements (for example with different funding and governance structures) or it might be appropriate for the CMA to review whether parts of the Order should be amended or can be revoked because they have been superseded by longer-term arrangements.”

The Trustee, when submitting his final Roadmap proposals, similarly noted that “Once the implementation requirements of the CMA Order are met, certain arrangements will be required to ensure the ongoing requirements of the CMA Order continue to be met. It is clear to me, however, that for the Open Banking ecosystem to evolve and flourish some kind of industry-supported successor organisation to the Open Banking Implementation Entity (OBIE) will be required.” [footnote 3]

The key requirements for future arrangements

We set out below our view of the principal features that the arrangements for the future oversight of open banking should exhibit. We invite views on these and then set out some specific questions, including those arising from the detailed proposals that we have received from UK Finance. [footnote 4]

Open banking now has around 3 million users. [footnote 5] Perhaps as many as half [footnote 6] the UK’s SMEs now use tools employing open banking functionality and this level of adoption is likely to be reinforced as HMRC begins using open banking for tax payments. [footnote 7] The largest UK banks - who were compelled to adopt the open banking API standards - have gone beyond their narrow legal obligations, creating services using open banking functionality and which compete with, for example, services offered by non-bank personal financial management app providers. [footnote 8]

Most banks and building societies providing current accounts who were not obliged to do so have also adopted the CMA standards. Hundreds of open banking apps are now available to help consumers and small businesses save time and money, including apps serving the needs of consumers who need extra support because of their particular circumstances or personal vulnerability. Around 450 firms are in the pipeline to join the open banking ecosystem. [footnote 9]

On this basis we conclude that open banking has made a good start and that it retains the potential, in line with the CMA’s aspirations in 2016 to “transform financial services.” [footnote 10]

However, although the core elements of open banking are now in place, and the open banking ecosystem has developed a powerful forward momentum, it is not inevitable that it will continue on the same trajectory. While the largest banks have shown signs of embracing open banking, they may also have an incentive to slow the further development of the open banking ecosystem, where this conflicts with their own commercial objectives.

Accordingly, while we welcome proposals from the financial services industry to take on the governance of open banking and acknowledge the considerable thought and resources that UK Finance has put into developing its proposals, we must ensure that future arrangements for the governance of open banking results in a framework that is:

  • independently-led and accountable
  • adequately resourced to perform the functions required
  • dedicated to serving the interests of consumers and SMEs
  • sustainable and adaptable to future needs of the ecosystem

Before approving any future governance arrangements, we will evaluate the UK Finance proposals, and any other proposals that parties wish to put to us, against these 4 criteria.

Additionally, we need to decide what arrangements should be put in place to monitor the compliance of the CMA 9 with the obligations of the Order (principally Articles 12 to 14) that will continue after the end of the implementation phase.

The UK Finance proposals

Over the last 12 months, UK Finance has undertaken a substantial amount of work in developing proposals for the future oversight of the open banking ecosystem, including engaging external consultants and hosting events to capture the views of stakeholders, including in particular third party providers of open banking services (TPPs), SME and consumer representatives. We and other regulators and Government Departments have engaged with this process.

The UK Finance proposals start by defining the requirements of the new arrangements as follows:

“The Open Banking operating model should evolve to support the service requirements of a) the CMA9 and the obligations of the CMA Order b) the needs of the PSD2 community and c) extension to future changes such as Open Finance and Smart Data d) the development of the EU SEPA API Access scheme and e) the call from HM Treasury in the Payments Landscape Review to develop the potential of open banking payments.” [footnote 11]

These proposals are therefore intended to create an organisation (the “Future Entity”) which, while it would continue to perform the functions that the OBIE has to date, such as updating standards and maintaining the Directory, would not be predominantly focussed on the compliance requirements of the CMA9 or even just open banking. It is intended to serve the needs of the significantly larger number of financial institutions subject to the Payment Services Regulations 2017 (the PSR), [footnote 12] including those that have adopted the open banking standards voluntarily in order to comply with the PSR, and to be flexible enough to accommodate changes arising both from the FCA’s Open Finance initiative and the New Payments Architecture. [footnote 13] It is designed to respond to requests from “participant groups”, for example for the Future Entity to develop standards for commercial APIs which are outside the remit of the OBIE. [footnote 14]

The Future Entity would be a not-for-profit private company limited by guarantee, which means the company will have a group of members (rather than shareholders). UK Finance envisages that all regulated ecosystem participants are likely to become members. [footnote 15] No income, profits or capital value will be distributed to the members as profits generated will instead be re-invested to promote the objectives of the company.

The benefits of membership are said to include:

  • gaining access to service capabilities
  • members will be eligible to join the Advisory Committee to provide guidance to the board
  • members will be able to bring forward requirements to enhance and evolve the standards and services
  • members will hold weighted voting rights and a role in the nomination and appointment of members of the Board [footnote 16]

As we discuss below, it is proposed that the Future Entity would have a board whose composition is shown below. The Board would comprise 3 independent directors, including the chair, a consumer representative, 2 TPP representatives, and 2 ASPSP [footnote 17] representatives (for example 1 representing a large ASPSP and 1 a small ASPSP). The Future Entity’s CEO will be a board member and have a vote.

Figure 1 – The proposed board composition of the Future Entity

""

For a description of what this chart shows, see the chart descriptions section

Source: Open Banking Futures

The proposed board’s responsibilities relative to other participants, for example the membership, are set out below.

Figure 2 - The board’s proposed powers

""

For a description of what this chart shows, see the chart descriptions section

Source: Open Banking Futures

UK Finance summarises its proposal for the Future Entity as follows:

Vision & Mission

  1. The Future Entity prioritises end-users outcomes and promises to be at the heart of the Open Data and Payments market
  2. The vision states it will exist to “Enable UK consumers, small businesses and corporates to benefit from a highly efficient, safe and reliable Open Data and Payments market, as well as continuing to provide a platform for UK financial institutions to meet their regulatory requirements

Entity Structure

  1. A set of around 30 Service Capabilities will be provided by the Future Entity in order to meet the requirements of the Open Banking Ecosystem and help ensure its stability and resilience
  2. A single entity model is proposed for the ongoing delivery of the standards and service capabilities. (To note, this presumes that the monitoring of the CMA9 in relation to the CMA order will be separate and the CMA will consult on the proposal for this element)
  3. The service capabilities (in particular the Directory and DMS) need to be reviewed as a part of the transition to confirm whether they are fit for purpose, are compliant with competition law and who should provide them, consulting stakeholders, including regulators
  4. The proposed model allows for specific Service Capabilities to be provided by the entity or market participants subject to regulatory and competition law compliance, and is justified either on a cost or quality of service basis

Corporate Governance

  1. The Future Entity is a not for profit private company limited by guarantee, with “Members” comprised of various ecosystem regulated participants
  2. The Future Entity will have a board of directors and an executive team – the board of directors will be comprised of an independent chair, two independent non-executive directors, one consumer organization representative and four industry representatives
  3. An Advisory Committee including Member representatives, the board of directors and stakeholders (end-user representatives, industry bodies and regulators) will be responsible for advising the board
  4. Governance should be built out as the entity moves towards a ‘steady state’. There should be a strong industry presence through the transition phase to ensure the industry is able to have an ongoing influence on the formation of the Future Entity
  5. The Future Entity will deliver change by evolving Open Banking standards and services it provides
  6. Change requirements will come from Participant Groups, HM Treasury and regulators, and will go through a rigorous prioritisation and refinement process including to ensure compliance with competition law before being delivered by the Future Entity and adopted by market participants

Commercial and Liability Model

  1. Annual Funding Requirements should be covered proportionally by Member Account Servicing Payment Service Providers (ASPSPs)
  2. Future Entity financials should be transparent and upfront, with a business plan and annual budget communicated to members in advance of each Financial Year
  3. A charge may be made for Third Party Providers (TPPs) reflecting the additional services they receive from the Future Entity (i.e. services which are over above what they are entitled to by law) – this would be subject to prior competition law review (for example, to ensure that any such charge is fair, reasonable and non-discriminatory) and should not serve as an obstacle to TPP participation in the ecosystem, and instead reflects a value for money, voluntary exchange between TPPs and the Future Entity
  4. The Future Entity will take measures to increase Fee Income and reduce operational costs to minimise the funding gap in subsequent years. The Board of the Future Entity will need to satisfy larger ASPSPs that the operational costs are consistent with their legal obligations and ongoing service requirements. Consideration will be needed as to whether larger ASPSPs require step in rights to ensure they can meet their obligations under the CMA Order

Transition Plan

  1. The approach recommended is to maintain the residual elements of OBIE in Open Banking Limited (OBL)
  2. The key elements of transition are to complete the governance (appoint board, revise the membership structure and the company’s constitution), review whether the service capabilities are fit for purpose, introduce a new funding structure and carve out the monitoring elements. We estimate this process will run until Q1 2022 under the governance of the Independent Chair

Other Considerations

  1. There are potential day 2 evolutions including the merits of a commercial subsidiary, the development of an Open Futures Board and the transition of Open Banking Payments to a Payment Arrangement framework
  2. All recommendations, principles and suggestions are subject to formal due diligence

We set out in paragraph 10 the 4 criteria that will form the basis of our assessment of proposals for the future governance of the open banking ecosystem. We now invite responses to questions under those headings.

Independent and accountable leadership

As noted above, the Future Entity Board would comprise an independent Chair, 2 independent NEDs, 1 consumer, 2 TPP and 2 ASPSP representatives. The bulk of the funding, at least initially, would come from the CMA9.

The Chair of the Future Entity Board would occupy a crucial position in the organisational structure and governance process. He or she will, according to these proposals, in addition to chairing the Board, play an important role in appointing the independent NEDs and will manage the CEO.

We would expect the Chair to provide both independent and vigorous leadership of the whole ecosystem through the next stage of open banking, which we see not as a period of quiet consolidation but as one of development and growth built on the foundations laid in the last 4 years. The Chair of the Future Entity Board would need the expertise, experience and energy to lead the open banking ecosystem through this next phase.

We invite views on the following questions relating to the leadership of the Future Entity:

a) It is envisaged by UK Finance that the Members of the Future Entity would appoint the Chair with “votes weighted by participant type.” This process is not explained in detail and we will seek further clarity from UK Finance. However, it may give rise to a risk that a particular stakeholder group (eg the largest banks) would have an inappropriate degree of influence over the appointment. What process and criteria should be used to identify suitable candidates for the Chair? Who would be responsible for doing this, who should be kept informed and whose approval should be sought for decisions at this stage? Should the Members alone approve and appoint the Chair or should the CMA’s approval be required, as was the case in the appointment of the Trustee?

b) Does the proposed composition of the Future Entity Board constitute independent leadership? On its face, the composition of the board would suggest a balance of perspectives will be represented. However, should the CMA seek further information or assurances before concluding that the proposals will result in an independently led organisation?

c) To whom should the board be accountable. Should their accountability extend beyond the membership of the Future Entity? Are there transparency or reporting requirements that it would be appropriate to impose on the Entity’s Board similar to those imposed on the OBIE?

d) Does the initial funding model envisaged risk undermining the Future Entity’s ability to act independently because of the potential tension between the interests of the CMA9 (who will be providing all of the funding initially) and the objectives of the independent Chair? Can the CMA be confident that the Future Entity governance structure (including an independent Chair, NEDs and the Advisory Committee) will be sufficient to resist pressures that may arise as a consequence? And if we cannot be confident what steps should be taken to mitigate this risk?

e) Do UK Finance’s proposals for the Future Entity raise any other concerns regarding its leadership and governance model? Are there any other alternative approaches which would be more suitable to address these types of issues?

Adequately resourced to perform the functions required

The continuing obligations of the CMA9, for example the maintenance of the open banking standards, are specified in articles 12 to 14 of the Order and the successor organisation to the OBIE will have to continue to enable the CMA9 to comply with these requirements. We (and they) will need to be confident that the proposed entity will be capable of supporting all of these.

We reproduce below UK Finance’s visual representation of the possible evolution of the Future Entity’s funding.

Figure 3 – The proposed funding model

""

For a description of what this chart shows, see the chart descriptions section

Source: Open Banking Futures

The scenario illustrated above assumes that the cost of the Future Entity in 2022 could be lower than the cost of the OBIE in 2021 and lower still in 2023.

We invite views on the following questions:

a) In overall terms, is the framework proposed by UK Finance capable of performing the functions necessary to ensure the effectiveness of the CMA’s open banking remedies going forward? Are there alternative approaches that the CMA should consider?

b) Does the proposed funding model give enough confidence about the resourcing of the Future Entity? In particular:

  • What evidence is there that external revenue is now, or will become, available to the Entity through the tendering of relevant projects?
  • Given that the anticipated external revenues may or not materialise in 2022 or be maintained after that date, how can the CMA and other stakeholders be confident that the budget of the Future Entity will be adequate to deliver the residual requirements of the Order?
  • How should the Future Entity set priorities in the face of a potentially reducing budget and competing requests for investment in future developments, including from the Participant Groups? [footnote 18]

c) The proposed funding model does not anticipate significant funding from the TPP community in the short term. Is this reasonable? Should more financial support be sought from firms acting as TPPs, some of which are quite large businesses and others, for example retailers, who are likely to benefit from the adoption of existing (rather than yet to be developed) open banking payment services in particular?

d) The OBIE has performed functions and supplied services which while not stipulated in the Order have, in the opinion of many parties, proved fundamental to maintaining a well-functioning ecosystem. These include, for example, the onboarding services that OBIE provides to help TPPs interface with ASPSPs. Can the CMA and other stakeholders be confident that these will be maintained?

e) Do UK Finance’s proposals for the Future Entity raise any other concerns regarding its proposed resourcing? Are there any other alternative approaches which would be more suitable to address these types of issues?

Representation of consumers and SMEs

When designing the open banking remedy, the CMA endeavoured to make the customer the central focus of the open banking ecosystem. The mission statement of the proposed Future Entity focuses on the consumer interest and the proposed arrangements include a consumer representative on its Board and an Advisory Committee with consumer representation intended to inform the Board’s decisions.

We would welcome views on the following issues relating to customer representation:

a) Will the proposed arrangements ensure effective representation of consumer and SME interests? Would any alternative arrangements be more suitable?

b) Can the interests of consumer and SMEs be adequately represented by the same board member, say with support from the advisory committee?

c) What process and criteria should be used to select the consumer representatives on the Board and Advisory Committee? Should there, for example, be a specific reference to the needs of vulnerable or less well-off consumers?

Sustainability / adaptability

The OBIE was created as a special purpose vehicle to undertake a particular set of tasks over a finite period (initially anticipated to be less than 2 years). [footnote 19] The Future Entity is expected to last far longer than the OBIE and its design would need to take account of possible changes in its environment and the requirements placed upon it if it was to fulfil this expectation. In this context, we note that the proposed arrangements envisage a 3-year financial commitment from the CMA9 after which they would be able to withdraw their membership.

In considering the sustainability and adaptability of the proposed arrangements, we invite views on the following:

a) Is the assumed ability of one or more of the CMA9 to withdraw from the Future Entity a cause for concern in terms of the sustainability of these arrangements? Would the CMA9 not have to retain membership in order to comply with certain requirements of the Order, for example to maintain the network that supports the directory requirement in the Order? Would, in any case, the benefits of membership to CMA9 members be expected to outweigh the (minimal) cost savings from withdrawing (which we would expect to be limited)? Would, nonetheless, a longer membership commitment from the CMA9 (for example, 5 years) provide greater security for the Future Entity?

b) Would the membership / proposed funding model allow non-CMA9 account providers who had adopted the open banking standards, to “free ride”: enjoy the benefits generated by the entity without making an appropriate contribution ? If so, and were it deemed necessary, how could this be avoided?

c) Could or should the Future Entity, as UK Finance has suggested, be a suitable vehicle for the implementation of other “open” projects such as the FCA’s Open Finance initiative and the BEIS Smart Data project? The Open Finance and Smart Data initiatives are not, as yet, fully defined. How, therefore might the Future Entity be designed so as to accommodate their requirements?

d) It could be argued that the maintenance and development of payment initiation standards should be dealt with separately from account information and as a scheme. What should be the relationship between the new arrangements and the oversight of payment systems more generally?

e) Do UK Finance’s proposals for the Future Entity raise any other concerns regarding the sustainability of the proposed approach? Are there any other alternative approaches which would be more suitable to address these types of issues?

Monitoring Arrangements

Current position

The Trustee has established a dedicated monitoring function within his Office. We considered this preferable to including it within the OBIE since siting it directly under the Trustee would provide a greater assurance of independence which we felt particularly important given its enforcement role. On the basis of the same reasoning we considered it would be inappropriate to place the responsibility for monitoring the ecosystem with the OBIE’s successor body. Monitoring was therefore out of scope of the UK Finance project.

The Trustee’s monitoring function collects and reviews data indicating whether the CMA9’s performance, for example API availability, or the standards they have adopted, say on security, conform with the open banking standard. The function currently requires 2 full-time members of staff and relies on the support of other OBIE staff and outsourced services, as outlined below.

The objective of the monitoring function is to enable the Trustee to provide assurance to the CMA that the CMA9 are individually complying with the Order and that the open banking ecosystem in aggregate is operating as envisaged by the CMA.

The monitoring function’s oversight of the CMA9 is centred around regular (at least monthly), formal bilateral meetings with each of the CMA9. The agendas are set by the Trustee’s monitoring function and focus on a number of items that are aligned to 3 broad themes:

  1. performance
  2. conformance
  3. enforcement

Performance

The OBIE receives data from the CMA9 which is collated, cleaned and challenged by OBIE staff, before being passed to the monitoring function which reviews and assesses the performance data against the benchmark performance thresholds including, where required, challenging specific aspects during bilateral meetings. It reports performance to the Trustee and other key stakeholders, in aggregate and on a brand-by-brand basis. [footnote 20] This includes data on the availability of the open banking APIs, response times and volumes of successful API calls relevant to the obligations of Articles 12.1, 13.1 and 14.1 of the Order which require the CMA9 to make product and transaction data “continuously available”. The monitoring function is dependent on colleagues across OBIE, specifically the Standards and MI teams, to help design data requirements and to process the incoming data submissions.

This data is supplemented by additional items obtained using a third-party monitoring tool provided under contract and at an additional cost (currently Yapily). This provides a “next day” view of the CMA9’s response times, availability and error rates and allows monitoring the function to challenge the CMA9 robustly and in a timely manner should the data suggest any emerging performance issues.

In addition to the review of quantitative data feeds, the function also considers more qualitative feedback collated from a number of sources, for example TPPs. The team hosts regular (monthly) forums for the most active TPPs where these providers can share their views on individual CMA9 ASPSPs and raise any specific concerns or issues. This feedback loop is supplemented through the OBIE’s Insights, Experience and Support (IES) team’s relationship with smaller and/or less mature entities in the ecosystem allowing tickets and issues to be escalated to the monitoring function, as well as the analysis of Open Banking Service Desk tickets that is currently outsourced to a third-party provider (CGI).

Compliance with technical standards of the Order

To comply with the Order, the CMA9 must be able to show that they are in conformance with the standards that comprise open banking. The remit of the monitoring function includes the coordination of CMA9 activity; the reporting of the conformance status of each CMA9 ASPSP to the Trustee and to the Implementation Entity Steering Group on a monthly basis; and holding the CMA9 to account for maintaining conformance with the open banking standard. The standard has 5 key elements:

  1. API standards. Assessing functional conformance to the Open Banking API specifications is undertaken by OBIE’s Standards team. The CMA9 banks are required to conform each time the specifications are updated. OBIE uses a conformance tool, which generates a pass/fail result and issues a certificate once the tool specifies a ‘Pass’. Certificates arepublished on the open banking website.

  2. Security profile. The CMA9 banks are required to conform with the latest FAPI security profile and the assessment of this is undertaken by the Open ID Foundation (OIDF) although technical support is often provided to the ASPSPs by the OBIE’s Standards team. Certificates are issued by OIDF) who use a conformance tool to generate pass/fail results. OIDF’s certificates are published here (see the table titled “Certified Financial-grade API (FAPI) OpenID Providers”).

  3. Customer Experience Guidelines (CEG). A manual assessment of open banking journeys is undertaken by the monitoring function. The CEG is typically updated each time a new version of the API specifications is published with reviews performed to ensure that any new requirements have been met. The assessment is made using a CEG checklist which the banks are asked to self-attest and then the monitoring function validates the provided attestation.

  4. Operational Guidelines. OBIE does not currently assess conformance, publish certificates, or report to the Steering Group in this instance, however, there is a checklist which banks may use to self-assess. Within the Operational Guidelines are the benchmarks by which CMA9 ASPSP’s performance is measured against and the monitoring function’s role in respect of assessing performance is described below.

  5. Open Data Standards. Periodic evaluation of Open Data “Quality” and remediation status is currently undertaken by OBIE’s IES team. Conformance against this Standard is not currently reported to the Steering Group.

Enforcement

Ultimately, should any of the CMA9 fail to meet any of the requirements under the Order the monitoring function’s role is to recommend to the Trustee and/or to the CMA that Trustee or CMA Directions may be required to be issued. These Directions often mandate a detailed delivery schedule that outlines their plan to improve performance (Performance Improvement Plan/PIP). Alternatively, they may require the ASPSP to resolve a delivery deficit in order to maintain conformance with the open banking standards. The monitoring function is also involved in the drafting of these Directions and the administration of any requirements due. This administration may involve selecting external accountants to undertake specialist reviews of the CMA9, setting and approving the scope of remediation activity, reviewing formal written reports, and formally tracking and holding the CMA9 ASPSPs to account on delivering action plans.

Future monitoring arrangements - design considerations

The monitoring function

We noted earlier that the current monitoring function is sited in the Office of the Trustee rather than the OBIE and that this was seen as a means of emphasising its independence and impartiality, particularly since it was also able to support enforcement action by the Trustee himself.

We have assumed that, on the same basis, it would not be appropriate to site the compliance monitoring function inside the successor to the OBIE, though we note that in the assumed absence of an Implementation Trustee, all enforcement action would rest with the CMA and that this distinction may no longer be as relevant.

The data that is currently reviewed by the monitoring function supports 2 tasks that it will be essential to maintain going forward: a) monitoring individual CMA9 compliance and b) assessing how well the ecosystem is working overall in delivering customer outcomes.

CMA9 compliance monitoring

The Order does not provide an exhaustive list of compliance criteria. However, OBIE/the Trustee have operationalised the general requirements of the Order into detailed standards and specifications, as described above. In such cases monitoring is relatively straightforward [in theory]: actual performance is compared with the standard, sometimes using data provided by the CMA9 in other cases using data supplied by third parties.

That said, based on experience to date, there is likely to be a continuing need for the future monitoring function to challenge data provided by ASPSPs and to seek additional data, particularly if there is a dispute between one of the CMA9 and a TPP. Compliance monitoring is therefore not a passive role and this needs to be reflected in the nature and quantity of resources available to whatever entity acquires the compliance monitoring responsibility.

Ecosystem monitoring

The data currently provided by the CMA9, in aggregate, has facilitated the assessment by the Trustee of the overall performance of the ecosystem and he has therefore been able to report to the CMA where he judges that a standard needs to be developed. For example, the Trustee reported to us in September 2019 that the volume of payment initiation transactions was very low compared with account information sharing and that this indicated that the functionality delivered by the standard was inadequate for merchants or PISPs, in particular because of the absence of reverse payment functionality. As a consequence, refund functionality was incorporated into the roadmap.

It may be desirable to build in an equivalent process going forward such that whichever entity is performing the monitoring function is required and empowered to identify issues arising that may need to be addressed.

Questions for consultation

Views are invited on any aspect of monitoring but in particular:

  1. Our working assumption is that it would not be appropriate for an industry-led body – such as the Future Entity - to have responsibility for compliance monitoring of the conduct of some of its members. However, we envisage that whatever entity does undertake compliance monitoring will rely in part at least on data provided by the successor body to OBIE which it may also use for its own purposes. Is this reasonable? Could, with appropriate governance, the proposed Future Entity be given the responsibility for monitoring the compliance of the CMA9 with the Order?

  2. We have identified ecosystem monitoring as an important function that may, for example, indicate the need for product or other developments. Would this role fit best with the entity charged with compliance monitoring or conversely, would this role fit better with the successor body to OBIE?

  3. The CMA commonly appoints an independent professional services firm as a Monitoring Trustee to monitor compliance with remedies imposed after Market Investigations or Merger Inquiries. Would this be appropriate in this instance and if so, which types of firms or other bodies could be considered? Would it be practicable to find a firm that was not conflicted?

  4. ASPSPs may challenge suggestions that they are non-compliant and, currently, the Trustee’s monitoring function makes an initial assessment which may be subsequently passed to the CMA. Should the new monitoring entity perform this initial screening, or should this reside with the CMA’s enforcement function? We envisage the former but invite views, including to the contrary.

  5. Is it necessary to continue monitoring activities at all since the FCA is already responsible for ensuring compliance with the (similar) requirements of the PSR including by the CMA9? To what extent would the FCA’s current monitoring activities be an effective substitute for the activities of the Trustee’s monitoring function?

  6. Are there any other issues regarding monitoring and compliance which the CMA should be aware of?

Transitional arrangements – design considerations

Decisions relating to the design of a transition process from one set of arrangements to another will be influenced by what those future arrangements are. Since those future arrangements will be subject to the outcome of this consultation, we cannot, yet, fully specify the transition process. There are, however, some considerations that are likely to apply in many or all scenarios.

Since the open banking ecosystem is “live” there is a risk that the ongoing support services provided by the OBIE currently could by interrupted or disrupted by the transition process. Further, the longer the transition period, the greater the risk of such disruption, but this in itself is likely to be dependent on some factors outside of our control. We have noted, for example, that were the proposed UK Finance model or one similar to it to be adopted the role of the Chair of the Board would be crucial. How long it would take to identify and appoint a person of the necessary calibre is not clear but could several months from start to finish.

Additionally, there are risks associated with too rapid a transition. If the transition process began before all items of the Roadmap had been delivered some or all of them could either be delayed or left unfinished. We have asked the Trustee to prepare a detailed progress report on implementation to help us quantify this particular risk.

Finally, we need to consider, if the successor body is to have a wider remit, say including the development of APIs for other “open” initiatives, some relaxation of the current restrictions on undertaking such projects would be desirable to smooth the transition process.

We therefore invite responses to the following questions:

  • What measures should the CMA adopt to mitigate the risk that the OBIE’s ongoing services will be interrupted or disrupted during a transition process?

  • How should the ecosystem’s performance be monitored during a transition process? Should, for example the Trustee’s current monitoring function be maintained during a transition process and if so where would it be appropriate to site it?

  • Who should be held accountable for managing the transition process and what incentives should be put in place to reinforce their obligations to ensure continuity?

  • What steps should the CMA take to mitigate the risk that any remaining deliverables from the Roadmap are left incomplete? For example, should the CMA refuse to permit the commencement of the transition process before all of the elements of the implementation are in place? If not, what assurances should it seek and what safeguards would need to be put in place to eliminate the risk that the final elements of implementation would be unreasonably delayed or left uncompleted?

  • Once the final remit of any new organisation to succeed the OBIE is agreed, for example its ability to undertake development work that is currently beyond its scope, would it be desirable to reflect this during the transition period?

  • Are there any other issues regarding transition arrangements which the CMA should be aware of?

Next steps

Consultation process

We are publishing this consultation on the CMA webpages and drawing it to the attention of a range of stakeholders to invite comments. We would welcome your views on the specific questions we have posed and on any other matters relating to the future oversight of open banking.

How to respond

We encourage you to respond to the consultation in writing, preferably by email using the contact details provided below.

When responding to this consultation, please state whether you are responding as an individual or are representing the views of a group or organisation. If the latter, please make clear who you are representing and their role or interest.

In pursuance of our policy of openness and transparency, we will publish a non-confidential version of responses on our webpages. If your response contains any information that you regard as sensitive and that you would not wish to be published, please provide a non-confidential version for publication on our webpages which omits that material and which explains why you regard it as sensitive at the same time.

Duration

The consultation will run from 5 March until 5.00pm on 29 March. Responses should be sent to:

Email: [email protected]

Due to the ongoing coronavirus (COVID-19) situation, we are not able to accept delivery of any documents or correspondence by post or courier to any of our offices.

Chart descriptions

Figure 1 – The proposed board composition of the Future Entity

A chart indicating the proposed composition of the board which comprises: 7 non-executive directors (NEDs) including 2 with for example a merchant or international perspective, 1 representing end-users, 2 from the TPP community (1 AISP and 1 PISP) plus 2 from account providers/banks (for example 1 large and 1 small). It shows the Chief Executive as an executive director but does not specify which if any of the executive team will have a seat or a vote on the board.

Figure 2 – The board’s proposed powers

A chart indicating the powers of the board, the advisory committee and the membership. The Board will need to approve the Chief Executive’s proposed strategy and the financial forecast for the upcoming year. The membership will need to approve the re-appointment of the Chair and a merger of the company with another though the board will only need to inform the membership of the strategy and the financial forecast. The advisory committee must be consulted on the financial forecast, strategy and a decision to merge the company with another.

Figure 3 – The proposed funding model

A chart providing an illustration of the future funding of the organisation in the period 2021 to 2023. It shows a reduction in the cost of the Future Entity to below that of the OBIE in 2022 and then a further fall in 2023. It shows the ASPSP funding requirement falling as fee income from TPPs increases and as other revenue streams emerge in 2023.

  1. Letter from the Trustee to the CMA dated 3 February 2020

  2. The original date scheduled, subsequently extended as a result of changes to the Roadmap proposed by the Trustee and approved by the CMA. 

  3. Letter from the Trustee to the CMA dated 3 February 2020

  4. Open Banking Futures: Blueprint and Transition Plan, UK Finance in Association with Baringa, March 2021. 

  5. Open Banking, Annual Report, 2021

  6. See Open Banking/Ipsos MORI survey, December 2020

  7. See the tender offered by HMRC which was awarded in February 2021

  8. See for example this recent announcement by Lloyds Bank

  9. Open Banking, Annual Report, 2021

  10. Making Banks Work Harder for You, p 6. 

  11. Open banking futures: blueprint and transition plan UK Finance in association with Baringa Partners LLP March 2021. 

  12. The Payment Services Regulations 2017 implement the EU’s second Payment Services Directive or PSD2. They require all payment services providers to enable data sharing by customers but, unlike the Order which applies just to the CMA9, do not stipulate the use of common and open API standards. As noted above, most banks and building societies providing current accounts have adopted the open banking standards in order to comply with the Regulations. 

  13. For an explanation of the New Payments Architecture project see the Pay.UK website

  14. A commercial or “premium” API is one that a bank or building society would make available to TPPs on a commercial basis. 

  15. Open Banking Futures, p 17. 

  16. Open Banking Futures, p17 to 18. 

  17. ASPSPs are Account Servicing Payment Service Providers who provide and maintain a payment account for a payer as defined by the Payment Services Regulations 2017. 

  18. Paragraph 10.12 of the proposal summary says “Change requirements will come from Participant Groups, HM Treasury and regulators, and will go through a rigorous prioritisation and refinement process including to ensure compliance with competition law before being delivered by the Future Entity and adopted by market participants.” 

  19. The OBIE was formed in late 2016 and, as we noted earlier, the Explanatory Note to the Order envisaged implementation completing in January 2018. 

  20. Performance data is posted on the Implementation Entity’s website