Open Banking, fintech and the Brexit hokey cokey

London is, arguably, the most important global hub for financial services. As a result, the consequences of the Brexit vote, the ensuing uncertainty and the eventual transitional and regulatory framework applying to UK financial services and how it will continue to access overseas markets has been subject to huge speculation.

Much of the debate has focused on banks retaining access to EU markets through passporting. This has prompted questions about whether and to what extent institutions will relocate, with various other centres – from Dublin to Paris to Frankfurt – keen to show their credentials. Less consideration has been given to the impact of Brexit on the fintech sector. 

Before the Brexit vote, London was also leading the way in fintech. PSD2 and Open Banking were on the horizon. In October 2015, the European Parliament adopted the revised Payment Services Directive (PSD2)*, with effective implementation set for January 2018. In May 2016, the month before the referendum, the UK's Competition and Markets Authority (CMA) published its provisional decision on remedies as part of its retail banking market investigation (HM Treasury having already underlined its desire for an open standard for data sharing to increase competition in UK retail banking).    

The CMA's intervention led to the CMA's Retail Banking Market Investigation Order 2017 – the basis for Open Banking on a domestic level – where it is anticipated that banks will compete with non-banks for a wide range of services, including payment initiation, account information and account payments.  

These initiatives (alongside other challenges around, for example, the ring-fencing of retail and investment banking operations) signalled significant disruption for the banking sector, but important opportunities for fintech companies. London was, in any event, well positioned as a centre to foster associated investment and growth.

Brexit represents a significant challenge to London's ambitions in the financial services and fintech space. While banks are having to grapple with a rapidly changing, more diverse and competitive landscape in financial services, as well as the prospect of reduced market share and increased scrutiny, they are also having to prepare for Brexit and thereafter against a backdrop of significant political and regulatory uncertainty. 

As regards fintechs themselves, alongside PSD2, Open Banking continues to create major opportunities in the UK for data-driven innovation, as well as the development of the technology needed to minimise increasing risks in respect of data loss, privacy breaches, fraud and cyber security. That said, in terms of the impact of Brexit, one possible consequence – as a result of the uncertainty it brings – is that fintech players may defer investment until the regulatory landscape is clearer or have less appetite to establish themselves in or invest in the UK.

Across the Channel, momentum is building, and – despite something of a head-start with Open Banking – the UK cannot afford to concede this advantage. According to the European Commission's Fintech Action Plan published on 8 March 2018, "Fintech sits at the crossroads of financial services and the digital single market."

The action plan is only a precursor to developing a firmer regulatory network. That said, alongside PSD2, this statement (and other initiatives such as the EU Fintech Lab) underlines the EU's focus on ensuring that Europe’s regulatory frameworks allow firms operating within the single market to benefit from financial innovation, providing their customers with relevant and accessible products while preserving the integrity of the financial system within a harmonised body of rules. 

The action plan establishes a point of reference for national authorities to assess access to markets, barriers to entry, impediments to growth and innovation issues (such as crypto-assets and underlying blockchain technology). These issues will need to be resolved to support banking markets and drive consumer benefits across the EU. 

If one accepts that cross-border regulatory harmonisation is important to the positive development of fintech markets – as it influences how fintechs can interact with customers and banks and how relevant data and associated infrastructure are used – one question is the extent to which these initiatives, if progressed without UK participation post-Brexit, will marginalise the UK's position. This is also relevant because 64% of fintech respondents to a recent EY survey (UK Fintech Census 2017) ranked Europe as a highly important region for expansion, as against 42% for North America (the next most important region). 

On the one hand, one might argue that PSD2, as well as applying across the EEA, also applies (unlike its predecessor) to certain interactions between EEA and non-EEA entities in respect of payment services.** It follows that the practical risk of future regulatory divergence (particularly from a market currently within PSD2's remit, such as the UK) may be remote. In other words, whatever Brexit arrangement is reached, there will be a requirement for UK based participants to develop their propositions against a PSD2 backdrop. 

Regulatory alignment is only one consideration; in the above-mentioned EY survey, it ranked (with Brexit/passporting) significantly behind 'Attracting...suitable talent', 'Customer adoption' and 'Building partnerships with established players' in order of priority. 

A more basic consideration for fintechs may be to preserve access to the funding necessary to bring innovation to market and commercialise it (although there may be a link between the two in terms of funder or investor confidence). 

UK fintechs have been relatively bullish about their prospects for future growth, with 33% of (239 non-listed) firms predicting an IPO in the next five years according to the EY survey. On 7 February 2018, the Financial Times reported that investment in UK fintechs had more than doubled in 2017 as against the previous year, bucking global trends and suggesting that the potentially adverse consequences of Brexit had been overplayed, at least for fintechs. 

This suggests that the UK – perhaps as a result of its sophisticated banking system or moving early on Open Banking – is reasonably well-positioned to weather Brexit. It is also worth noting that the regulator's mandate includes the promotion of innovation and competition, as well as fundamental requirements around financial stability and consumer protection. That said, while London should remain an appealing base, like any other business, the sooner fintechs and banks know what the regulatory environment will be, the earlier they can prepare and expand. 

It is not controversial to say that any uncertainty that may prompt these players to delay significant investments into certain technologies until after the regulatory and political landscape becomes clearer is unwelcome. This is not good for banks, other fintechs also looking to enhance banking and payment operations or customers.

More generally, banks' role in Open Banking is not confined to opening up their data to third parties. As well as developing more sophisticated APIs to offer enriched data that can be commercialised (on top of any mandatory requirements), banks have the opportunity (drawing from experience in corporate services) to become (or partner with) fintechs, thus providing the customer with an interface for their other banks (competition law permitting) and payment services. Indeed, banks have a competitive advantage in this respect, taking into account their existing customer relationships, awareness and trust.  

Open Banking goes beyond the scope of the CMA Order or PDS2. Those involved in formulating the standards and governance models put in motion by these initiatives will expand their scope to offer propositions on a wider scale over time. There is obvious benefit to designing Open Banking standards in the UK, which satisfy not only the scope of the CMA Order and PSD2 but are also sufficiently aligned (albeit adaptable) to meet the requirements of future EU regulatory developments post-Brexit and the wider financial services ecosystem in the long term. 

While the CMA Order applies to nine UK banks, the same principles are becoming increasingly relevant to all. Some, like Starling Bank, are seizing the initiative. They are going beyond making data available to third parties; they are creating their own virtual marketplaces where approved partners can showcase their services and acquire customers, and where customers can monitor and manage their money accordingly.   

What happens next on Brexit is difficult to predict with any certainty; however, as the enormity of the challenge comes into sharper focus, some form of mutual recognition and high levels of regulatory alignment become increasingly probable. Banks are already taking pre-emptive steps to hedge the risk of any outcome, and fintechs are probably agile enough to adapt their propositions accordingly.  

For UK fintechs, one of the more acute problems will be to continue to attract talent, which is in short supply globally. From a European perspective at least, Brexit undermines their ability to do this. However, this and other challenges are surmountable and ultimately within the UK's control. It follows that while Brexit represents a number of immediate challenges for financial services and fintech companies, continued growth in the longer-term is realistic.

*PSD2 is intended to provide an integrated, secure and efficient market for payment services within the single market. It also introduces disruption to the established market landscape by requiring banks to open up access to customer account data to third parties (fintechs, bigtechs and even the banks themselves as they evolve) – with customer consent – to enable those players to offer customers enhanced services. These services may include multi-account aggregation and analysis (to help customers keep track of and manage budgets) as well as payment initiation services (through which customers can pay companies direct from their bank accounts rather than using a debit or credit card through a third party such as Visa or Mastercard), making banking and payment activities increasingly convenient. Such services are facilitated by application programme interfaces (APIs), which are standards allowing the development of software and other tools by third parties that interact with the bank's systems and data. PSD2 – the original proposal for which was published in July 2013 – is the legislative imperative that underpins Open Banking (albeit its requirements are more wide ranging than the CMA Order, and its implementation has been more difficult and lengthy).

**This may be because PSD2 (as well as now covering all currencies) extends to 'one leg out' scenarios where, for example, although a non-EEA based card issuing payment service provider (PSP) would not normally be subject to PSD2, where it transacts with an EEA-based acquiring PSP (acting for the merchant) it may have to comply with PSD2 in some respects, such as on information and transparency in respect of that part of the transaction carried out within the single market.

This article first appeared in the July/August 2018 issue of Butterworths Journal of International Banking and Financial Law

This publication is intended for general guidance and represents our understanding of the relevant law and practice as at August 2018. Specific advice should be sought for specific cases. For more information see our terms & conditions.

Date published

13 August 2018


View all