Open Banking - ForgeRock’s insights on the UK’s Experience

The Final Report of the Review into Open Banking in Australia, released by the Australian Government on 9 February, recommends that the UK Open Banking framework should be the starting point for Australia’s data transfer mechanism.  

For this reason, we invited ForgeRock—provider of the Reference Bank Application for UK Opening Banking—to share insights on the UK experience at a special member event held on 28 March. More than 80 attendees participated (in-person and by Skype) in the interactive session led by ForgeRock’s Allan Foster VP Global Partner Success, and Nick Caley, VP Financials and Regulatory Industry.

We’ve captured some key themes from the session below. If you’d like more details, please get in touch.

“Open Banking is about a market force - it’s about a demand”

ForgeRock describes Open Banking as a response to market demand for convenience and access, which is already leading many consumers to share their data with third-parties. Open Banking provides a safe and secure way of managing this access. Stakeholders from across the UK payments landscape collaborated to define detailed functional and technical specifications.

"It wouldn’t be consent if it couldn’t be revoked"

Managing consent is a critical part of Open Banking. The UK’s consent and authorisation model gives customers control over sharing their data, and data can only be shared with third parties that have been security evaluated and accredited. The customer decides which third-parties get access, what information they can access and the duration of the access.  Consent is played back to the customer in the form of an authorisation. The customer can revoke consent at any time through their bank.

“Managing customer identity…. is ‘super critical’ to success” 

ForgeRock pointed to managing customer identity, and being able to associate multiple digital identities with a single customer, as being critical to the success of Open Banking.

What were the three key challenges around implementation in the UK?  

Responding to this question from the floor, ForgeRock identified these as:

  1. Short timeframes: The UK had an accelerated timeframe - a year ahead of Europe. The Final Report of the Competition and Markets Authority mandated that open banking was released in August 2016, with an implementation date of January 2018.
  2. Reaching agreement on the approach:  Establishing alignment among stakeholders from across the ecosystem was challenging, but crucial to the success of the project. 
  3. Recognising liability and managing consent: How do banks ‘open up’ after being responsible for protecting consumer data for so long? The UK’s customer-centric model, and ‘fit for purpose’ standards are key to empowering customers and building trust. 

What happens next in Australia?

The Final Report of the Review into Open Banking in Australia recommended an ambitious timeframe for Australia - 12 months from the date of the Government’s final decision. Treasury has consulted on the Report’s recommendations and is now considering the responses. Treasury has also held Open Banking standards workshops to explore initial questions.

The Final Report also recommended that Open Banking be the first implementation of the Consumer Data Right (CDR) proposed in the earlier Productivity Commission inquiry, Data Availability and Use. After banking, the CDR will be rolled out to other sectors of the economy such as energy and telecommunications.