From: Jeremy M. Kronick
To: Canada's Financial Regulators and Policymakers
Date: June 7, 2018
Re: Open Banking: Here’s Why Its Time Has Come
Senators, insurers and banks are embroiled in a dustup over giving more power to banks to sell customer data to third parties. Even the privacy commissioner weighed in with concerns about the proposed changes to the Bank Act in the government’s omnibus budget bill.
Unfortunately, lost in the squabbling is the importance of developing a broad strategy for “open banking” in Canada’s financial services sector. Determining how to reconcile the benefits of more competition and technology-driven innovation in the use of customer data with concerns over privacy and security will be critical for industry, government and the consumer. An open banking strategy, which will allow customers to authorize the sharing of their financial data from multiple sources with third parties, is an essential foundation for the future.
Within the Bank Act portion of the behemoth budget bill is the removal of a requirement that the Minister of Finance approve the engagement of financial institutions in “collecting, manipulating, and transmitting information.” Those in opposition argue that banks, without authorization, would then be able to sell our data to unregulated companies, who are more susceptible to cyberattacks that could put Canadians at risk.
The problem for the naysayers is that the sharing of financial data with third parties is coming to Canada, and indeed is already occurring – though in a limited setting largely controlled by the banks. It is coming because sharing data has attractive benefits for consumers. For example, a third-party provider can aggregate customer spending data, sift the information and identify user cost savings.
These types of benefits explain the motivation behind open banking, which was recently introduced in the UK and EU. As a result of these developments abroad, the Canadian government announced in this year’s budget that it would review the merits of open banking.
In broad terms, open banking requires large financial institutions – with customer approval – to share banking data between two unaffiliated parties through application programming interfaces. The big idea is that by making it easier for consumers to share their financial data will spur the types of tailored products and services that create a more innovative and competitive financial services sector.
Another nice feature of open banking – and one that should placate those like the insurers concerned over the language in the budget bill – is that third-party providers are regulated and must receive approval from the regulatory authorities.
So what’s the big concern? It boils down to privacy and security. Data could end up in the hands of smaller companies that have spent less on data protection than the big banks. That is a fair point, but much has been – and continues to be – done in the world of identification and data storage to weaken this argument.
For example, countries such as Australia, and Estonia, are pioneering digital identification. While the model can vary, one digital identification setup could involve a verified, portable ID, controlled entirely by the individual, with that person choosing which parts of their identity to give out. Access by companies would then be limited to that information, and only within the time window they have granted. Verification and data storage is done through the blockchain making it difficult and costly to hack.
The rise of technological innovation does not always align with customer privacy and security concerns. Compound that with fears about how companies use personal data, and squaring the circle can seem daunting. However, promising advances exist in the form of open banking and digital ID. Given movements on these fronts in other countries, it is time for Canada to join others at the forefront of innovation.
Jeremy M. Kronick is Associate Director of Research at the C.D. Howe Institute.
To send a comment or leave feedback, click here.
The views expressed here are those of the author. The C.D. Howe Institute does not take corporate positions on policy matters.