资源描述
UK Finance Open banking futures: blueprint and transition plan 1 OPEN BANKING FUTURES: March 2021 BLUEPRINT AND TRANSITION PLAN In association withUK Finance Open banking futures: blueprint and transition plan 2UK Finance Open banking futures: blueprint and transition plan 3 Contents 2. Foreword 4 3. Executive summary 6 4. Requirements of the ecosystem 8 5. Vision and mission 10 6. Service capabilities the company name will be agreed in the next phase. Vision and mission 1. The Future Entity prioritises end-users outcomes and promises to be at the heart of the Open Data and Payments market. 2. The vision states it will exist to “enable UK consumers, small businesses and corporates to benefit from a highly efficient, safe and reliable Open Data and Payments market, as well as continuing to provide a platform for UK financial institutions to meet their regulatory requirements” . Entity structure 3. A set of around 30 service capabilities will be provided by the Future Entity in order to meet the requirements of the Open Banking ecosystem and help ensure its stability and resilience. 4. A single entity model is proposed for the ongoing delivery of the standards and service capabilities. (To note, this presumes that the monitoring of the CMA9 in relation to the CMA order will be separate and the CMA will consult on the proposal for this element). 5. The service capabilities (in particular the Directory and DMS) need to be reviewed as a part of the transition to confirm whether they are fit for purpose, are compliant with competition law and who should provide them, consulting stakeholders, including regulators. 6. The proposed model allows for specific service capabilities to be provided by the entity or market participants subject to regulatory and competition law compliance, and is justified either on a cost or quality of service basis. Corporate governance 7. The Future Entity is a not for profit private company limited by guarantee, with “members” comprised of various ecosystem regulated participants. 8. The Future Entity will have a board of directors and an executive team the board of directors will be comprised of an independent chair, two independent non-executive directors, one consumer organisation representative and four industry representatives. 9. An Advisory Committee including member representatives, the board of directors and stakeholders (end-user representatives, industry bodies and regulators) will be responsible for advising the board. 10. Governance should be built out as the entity moves towards a steady state. There should be a strong industry presence through the transition phase to ensure the industry is able to have an ongoing influence on the formation of the Future Entity. 11. The Future Entity will deliver change by evolving Open Banking standards and the services it provides. 12. Change requirements will come from participant groups, HM Treasury and regulators, and will go through a rigorous prioritisation and refinement process including to ensure compliance with competition law before being delivered by the Future Entity and adopted by market participants. 3. Executive summaryUK Finance Open banking futures: blueprint and transition plan 7 Commercial and liability model 13. Annual funding requirements should be covered proportionally by member Account Servicing Payment Service Providers (ASPSPs). 14. Future Entity financials should be transparent and upfront, with a business plan and annual budget communicated to members in advance of each financial year. 15. A charge may be paid by Third Party Providers (TPPs) reflecting the additional services they receive from the Future Entity (i.e. services which are over above what they are entitled to by law) this would be subject to prior competition law review (for example, to ensure that any such charge is fair, reasonable and non-discriminatory) and should not serve as an obstacle to TPP participation in the ecosystem, and instead reflects a value for money, voluntary exchange between TPPs and the Future Entity. 16. The Future Entity will take measures to increase fee income and reduce operational costs to minimise any funding gap in subsequent years. The Board of the Future Entity will need to satisfy larger ASPSPs that the operational costs are consistent with their legal obligations and ongoing service requirements. Consideration will be needed as to whether larger ASPSPs require step-in rights to ensure they can meet their obligations under the CMA Order. Transition plan 17. The approach recommended is to maintain the service capabilities of OBIE in Open Banking Limited (OBL) subject to due diligence. 18. The key elements of transition are to complete the governance (appoint board, revise the membership structure and the companys constitution), review whether the service capabilities are fit for purpose, introduce a new funding structure and carve out the monitoring elements. We estimate this process will run until Q1 2022 under the governance of the independent chair. Other considerations 19. There are potential day2 evolutions including the merits of a commercial subsidiary, the development of an Open Futures Board and the transition of Open Banking Payments to a payment arrangement framework. 20. All recommendations, principles and suggestions are subject to formal due diligenceUK Finance Open banking futures: blueprint and transition plan 8 The UK is at the forefront of delivering innovation and change through Open Banking APIs; leading many of the discussions across Europe and worldwide. The UK has an advanced set of Application Programme Interfaces (APIs) with consistency across standards, enabling API usage to double every five months. 1 1. OBIE figures This progress is in part due to the regulatory foresight from the CMA Order, the effectiveness of the Open Banking Implementation Entity (OBIE) and investment from market participants. There is a desire for this work to continue with an active and passionate industry of more than 700 market participants. These include: end users (both consumer and business) who continue to need the free flow of data and payment enablement in an open, transparent environment to help them better manage their finances; third-party providers (TPPs) such as Payment Initiation Service Providers (PISPs), Account Information Service Providers and Card Based Payment Instrument Issuers (CBPIIs) as well as Aggregators and Technical Service Providers (TSPs) who have businesses centred around secure and efficient access to customer data; industry service providers who supply to the Open Banking ecosystem (for example, the multiple identity organisations) who wish to ensure the market is competitive and their provision is seen on an equal footing; account providers who need to meet their regulatory requirements and wish to support their customers regulators and other industries are now looking at the significant infrastructure built by the OBIE and how this might be used to support other initiatives. Each party has different requirements from the Future Entity and work has been completed through bilateral discussions, workshops and document reviews to consider both the regulated/mandated requirements and those of the industry. The focus of the work is to build a view of the day 1 model, however where future requirements were provided these have also been captured. Figure 1 outlines the hierarchy of requirements for the Future Entity. 4. Requirements of the ecosystem Figure 1. Hierarchy of requirements for the Future Entity x.x.x 2 1 Ongoing Maintenance 2 CMA Order Residual Requirements 3 PSD2 4 Market Led Stability and resilience of Open Banking infrastructure for end- users to ensure integrity of the solution Ongoing compliance with the CMA Order including the maintenance of a Directory, Dispute Management etc. Broader PSD2 / PSR requirements outsourced by the wider industry to the future entity Business Case driven enhancements to Open Banking infrastructure beyond CMA or PSD2 requirements 4 Market Led 3 PSD2 2 CMA Order 1 Ongoing Maintenance x.x.x 2 1 Ongoing Maintenance 2 CMA Order Residual Requirements 3 PSD2 4 Market Led Stability and resilience of Open Banking infrastructure for end- users to ensure integrity of the solution Ongoing compliance with the CMA Order including the maintenance of a Directory, Dispute Management etc. Broader PSD2 / PSR requirements outsourced by the wider industry to the future entity Business Case driven enhancements to Open Banking infrastructure beyond CMA or PSD2 requirements 4 Market Led 3 PSD2 2 CMA Order 1 Ongoing MaintenanceUK Finance Open banking futures: blueprint and transition plan 9 1. CMA Order requirements Since the set-up of the OBIE this fast-moving industry has undergone a series of critical changes in 2021 the specifications for the final CMA roadmap (CMA Order Roadmap May 2020) will be delivered. The completion of this roadmap would bring to a close the requirement for: an Implementation Trustee funding beyond monitoring (provided residual requirements are achieved) an implementation entity a roadmap of items for development and implementation However, upon completion of the CMA roadmap there would remain, in our view and to be confirmed by the CMA a series of residual requirements including: Articles 10.1 and 10.2 provision of widely available standards, data format, governance arrangements and customer redress mechanisms (10.2.5) and whitelisting (10.2.3c). In our view this would include maintenance of the standards e.g. to take account of revisions to FAPI (Financial-grade API) Article 12.1 provision of read only data and product information N.B. it is assumed that the areas outlined in articles such as 12.3 (accuracy of information), 12.4 (product to include PCA, BCA, SME lending), 13 (release of Service Quality Indicators) and 14 (release of PCA and BCA transaction data sets) would still stand. 2. PSD2 requirements On a similar basis PSD2 (as transposed into UK legislation in the Payment Services Regulations 2017 (PSRs 2017) and the UK Technical standards on strong customer authentication and common and secure methods of communication (UK RTS) has a series of requirements that services provided by the Future Entity will need to be compliant with. Detailed traceability has been completed against PSD2 to identify the key requirements that are relevant to the services to be provided by the Future Entity. For example, the requirement on TPPs to identify themselves to ASPSPs under the UK RTS. The entity will also need to comply with other legal requirements, e.g. relating to data privacy, anti-money laundering and GDPR. In addition, moving forward, if the Future Entity is providing a directory service at a commercial level and if ASPSPs are relying on the Future Entity to perform checks on NCA registers, this may potentially be outsourcing from the ASPSP community and therefore subject to EBA guidelines on outsourcing. 3. Industry requirements Since inception, OBIE has been asked to support a wider range of needs than those required in the original CMA order. Participants in the ecosystem have a series of well- defined additional Industry requirements: The entity will look to accommodate where feasible a reasonable set of future requirements from the ecosystem: x.x.x 3 End Users AIS and PIS TPPs ASPSPs Industry Bodies complete as a part of the design work to ensure there are no regret moves, for example if the funding model were predicated on fees from the directory but provision of the directory changed this might impact the funding model, to views that these should be reviewed in the fullness of time. Our recommendation is that this should be completed within six months of a new Chair being appointed, since the appointment of the Chair provides appropriate governance for these decisions and would sit in the Day 0 transition period as outlined in the transition plan section of this report. We would also recommend that a review of the directory is prioritised given the substantial cost of this service, the tie in to the commercial model and the complexity this presents with the unique position in the UK given the EU use of eIDAS certificates and the number of competitive suppliers for elements of the directory in the UK. Given the sensitivity and importance of the service reviews, the board will need to consult widely with members, stakeholders (including regulators) and the Advisory Committee to ensure its decisions command supportUK Finance Open banking futures: blueprint and transition plan 15 6.2 Entity structure Through industry discussions three broad models for the overall structure of the entity were proposed: Model 1: A core entity with separate monitoring this entity would both provide and procure services on behalf of the ecosystem. Model 2: A three entity model a core operational entity, separate monitoring and a separate OB Futures Board bringing independence to the thinking around longer term priorities for the ecosystem. The core entity would both provide and procure services on behalf of the ecosystem. Model 3: A market led model whereby the role of the entity is to bring about market forces both through outsourcing the majority of market functions and by leaving the strategic capabilities such as policy reviews and the strategic outcomes for the market to wider associations. Irrespective of model, it is believed that a not for profit construct is the right one to maintain a focus on the end user and a reflection that the public nature of the standards is for the public interest as compared to a commercial construct. We believe there is industry consensus on a day 1 position model 1 above, this brings: Ease of transition from the current OBIE Simplicity of governance - a single board and single set of central services The control and communication the board will require, with oversight of both what needs to be delivered and the operational delivery The combined provision of services and the ability to procure services in the market which provides a low risk operational model for the ecosystem Figure 5. Day 1 proposed structure for the Future Entity based on industry feedback Under this model the Future Entity would provide some services in house, others via a contract to the Entity and others via market service provider fulfilment. Please note the boxes showing market service providers are illustrative, there is no suggestion these particular services should be provided externally; a service review needs completing to determine this New API Standard Setting Developer Zone Policy and Efficacy (inc. horizon scanning) Supplier Procurement Participant Groups Technical design considerations Industry Adoption MI Board Forward Looking Services Sandbox Capability Implementation e.g. managed roll out Central Functions (legal, HR, procurement etc) Service Helpdesk Directory certificate issuance (onboarding) Dispute Management Service Maintain ecosyste
展开阅读全文