UK Open Banking: Open Banking Limited publishes two data collection frameworks

For more on the JROC’s April 2023 recommendations – including the other two key themes that OBL has been asked to lead and coordinate on - take a look at this Engage article: ‘Open Banking: JROC recommendations on next phase aim to keep UK ahead of the pack’.

Key takeaways

Data collection framework for API availability and performance

• The ‘Data collection framework for API availability and performance’ (API Framework) and accompanying templates (one for Third Party Providers (TPPs) and one for Account Servicing Payment Service Providers (ASPSPs)) are aimed at ensuring the Open Banking ecosystem benefits from high-performing APIs with as little downtime as possible. This in turn will enable Open Banking services to scale and grow by giving consumers and businesses the benefit of high-performing, reliable services that enhance user experience and continue to build trust in the ecosystem.
• The overriding principle is to treat all ASPSPs (ie both non-CMA9 ASPSPs as well as the CMA9) alike and require the same level of availability and performance from all, aiming to bring all ASPSPs in line with the most highly available and best performing ASPSPs.
• The idea is that by collecting, collating, and publishing performance and availability data under the API Framework, OBL will gain insight into how often outages occur, allowing it to investigate whether further clarification or changes to the API standards are needed in order to improve the ecosystem.
• OBL recommends the design of ‘challenging and dynamic’ performance and availability benchmarks that reflect the requirements of the full range of data sharing and payments use cases in the market. As data is collected and – hopefully – performance and availability improve over time, these benchmarks should be revisited by OBL (or the Future Open Banking Entity once established).
• The focus of the reporting is the performance and availability of ASPSP APIs, i.e. for TPPs they will provide data about ASPSP APIs, not their own APIs. The framework uses a four-phased approach to the delivery of the required data metrics over time, based on the depth and complexity of the requirement. This is in recognition of the fact that these are new data collection requirements for non-CMA9 ASPSPs and all TPPs.

Framework for data collection on financial crime

• The ‘Framework for data collection on financial crime’ (Financial Crime Framework) is aimed at enhancing financial crime reporting to increase understanding of the level of fraud occurring within the Open Banking channel. This is key to enable the ecosystem to scale and evolve safely. OBL and stakeholders agree that a secondary objective should be to develop the Framework so that it has the potential to provide timely intelligence on emerging fraud threats.
• The initial Financial Crime Framework supports the gathering of data relevant to payment fraud, to be provided exclusively by sending PSPs to avoid data duplication and reconciliation challenges. Consideration by OBL of aggregation of data relating to broader financial crime will follow at a later date.
• The Financial Crime Framework builds on existing reporting requirements to collect data on the total Open Banking payments by volume and value and the total Open Banking fraud volume and value on a monthly basis. OBL will provide a six-monthly report to the JROC.

What do firms need to be thinking about?

• Both Frameworks have been developed in collaboration with a range of stakeholders via expert advisory groups and other industry engagement. ASPSPs and TPPs should be familiarising themselves with the Frameworks (and the API Framework reporting templates) and preparing for more interaction with OBL on outstanding issues – see further ‘What’s next?’ below.
• Non-CMA9 ASPSPs and all TPPs will need to adjust to what for them will be new data collection requirements under the API Framework. The CMA9 will not be required to complete the new template as they are already providing the more detailed information under their current reporting requirements.
• The JROC is actively encouraging firms to participate by submitting their data, as the success of the project depends on OBL receiving high quality data from a wide range of firms.

What’s next?

• The Appendix to the API Framework sets out the expected delivery timelines for both OBL/JROC activity and participant (ASPSP and TPP) activity in accordance with the four-phased approach to the delivery of the required data metrics. According to the Framework:

  • ‘Phase 0’ -  As the OBL had to send its analysis to the FCA and PSR by the end of Q3 2023 this phase is reliant on existing data under REP020 submissions / quarterly reporting of daily statistics from all ASPSPs alongside the CMA9 MI provided to OBL under the CMA Order, and any MI produced by TPPs internally that they were willing to share..

  • Phase 1, the minimum requirement framework (using the templates published alongside the Framework), has an implementation date of

January 2024.

• • Phase 2 submissions, requiring additional detail (again using the published templates), has an implementation date of H1 2024.

  • The implementation date for Phase 3, which will involve adding success outcomes, TPP metrics and data requirements arising from other workstreams, has yet to be agreed.

• Feedback from 10 ASPSPs, accounting for over 85% of Faster Payments Scheme payments, indicates that they are likely to provide the required data under the Financial Crime Framework from the start of Q4 2023. This would enable OBL to produce an initial report by the end of 2023/January 2024. OBL also states that most firms indicate that they will be able to provide historical data for the 18-month period to end June 2023, which will enhance the ability to see trend data from the outset.

• Once the Financial Crime Framework is approved by JROC, OBL intends to discuss residual issues such as final reporting definitions, reporting mechanisms, data sharing agreements (which may replicate agreements in place for other data collection initiatives) and timelines for data provision bilaterally and collectively with the relevant firms. This will enable OBL to finalise first indications of when data will be available. OBL (or the Future Entity) will continue to convene additional workshops with firms to ensure collective understanding of what is requested and provide useful FAQs to ensure data is produced in a standardised way.

• The submissions received under the Frameworks will be shared with the PSR and the FCA as JROC co-chairs. The findings will support the JROC’s policy thinking, including any potential changes to reporting requirements and, if necessary, further consultations.

If you would like to discuss this development or anything else related to the JROC’s recommendations for the next phase of UK Open Banking, please get in touch with one of the people listed above or your usual Hogan Lovells contact.

Authored by Julie Patient, Virginia Montgomery.