A government advisory committee investigating ‘open banking’ in Canada is to put security concerns centre stage.
The first phase of a review of ‘open banking’ – the technology permitting bank account holders to share information with third parties through API data feeds – has concluded that “more secure infrastructure” is required to protect people sharing their financial data.
The country’s finance minister Bill Morneau said the Advisory Committee on Open Banking would focus on data security in financial services during the second phase of its research, which will start in the spring.
The committee will ask stakeholders to provide advice on potential solutions and standards to enhance data protection in the financial sector, and will examine topics including governance, consumer control of personal data, security and privacy. It aims to deliver its findings to Morneau’s office later this year. Subject to Morneau’s review of the committee’s findings, the government would “explore potential options for implementation”, a spokesperson told Global Government Forum.
Better protection required
In the first phase of its review, the committee found that although some Canadians are comfortable sharing their financial data with third-party providers, more secure infrastructure enabling the use and movement of financial data would establish “better protection”. As well as bolstering consumer protection standards in the financial sector, infrastructure that better safeguards data would also boost cyber security and help with the implementation of the country’s Digital Charter, the committee said. The Digital Charter was published in May 2019 and sets out 10 principles to steer government policy.
The committee – which prefers to use the term ‘consumer-directed finance’ instead of open banking – also says that “examples of other jurisdictions suggest that a timeframe of one to two years is reasonable” for Canada’s open banking deployment.
However, Canada has yet to decide whether open banking will be driven by regulation. “In our view, the role of government in the development of a framework is to set the guardrails in a manner that protects consumers and participants, while allowing innovation to flourish,” the committee said.
Up to four million Canadians are already using applications that leverage their financial transaction data, most commonly through what the committee describe as a “technological work-around called screen-scraping”: this allows companies other than the consumer’s current bank access to their financial transaction data by logging into digital portals on their behalf. The committee reports that screen-scraping presents “real security and liability challenges” and it will focus on how to deal with it.
‘Robo-advisers’ demanding data
In June 2019, a different committee – Canada’s Standing Senate Committee on Banking, Trade and Commerce – released a report and issued recommendations for the government to protect Canadians’ financial information as it moved towards open banking.
The 42-page report, entitled ‘Open Banking: What It Means For You’, said that “the rapid adoption by Canadian consumers of new banking technologies, such as data aggregation and robo-advisors, has created the need for fintech companies to be able to access data easily and seamlessly”.
The committee laid out a series of recommendations, including the modernisation of the country’s Personal Information Protection and Electronic Documents Act to align it with global privacy standards, and a consumer right to direct that their personal financial information be shared with another organisation.
In respect of screen-scraping, it said: “Given the large and growing number of Canadians that are using screen scraping services, it is clear that customers are either willingly or unknowingly taking on these risks in order to meet their needs for a more personalised, digital banking experience that allows them to better control their financial lives.”
It called for the Financial Consumer Agency of Canada to be made interim oversight body for screen- scraping and open banking, with a mandate to conduct research and public education, and to respond to complaints.
Keeping watch on the UK and Australia
Canadian policymakers are monitoring open banking developments in other countries, with last year’s report referencing the UK and Australian experiences.
In the UK the number of people using open banking technology has reached one million. Meanwhile, the rollout of Australia’s open banking regime was recently postponed for six months over security and privacy concerns.
Morneau announced the creation of the Advisory Committee on Open Banking 18 months ago and a consultation on open banking in January 2019.
Reacting to the Advisory Committee on Open Banking’s first-stage conclusions, trade association the Canadian Bankers Association (CBA) said in a statement: “We’re encouraged to see alignment with stakeholder concerns that have been raised around security and privacy of customer data, which are fundamental to the success of this important initiative.”
The number of bank frauds currently impacting Canadian consumer outside of Open Banking/Consumer-Directed Finance should concern a lot of people. Opening access to banking information with Open Banking/Consumer-Directed Finance seems like an open invitation to come and steal your money.