The Hong Kong Monetary Authority, in an attempt to speed up the adoption of open-banking business models, has convened a grouping of 28 banks to pilot use cases.
These banks operate under the HKMA’s Interbank Account Data Sharing Initiative (IADS), which the authority’s Fintech Facilitation Office announced in August.
Open banking is the sharing of customer data between banks and third parties such as fintech companies, using APIs for real-time communication, based on customer consent.
In most markets where open banking exists, it is intended to enable fintechs to develop services by leveraging the customer’s data held by banks. The IADS suggests Hong Kong intends to start its regime without fintech participation.
Slow build
This was not the original plan. The HKMA announced its Open API Framework in 2018, which laid out a four-phased schedule for banks to ready APIs sharing account data, product specs, customer onboarding, and transacting payments (within Hong Kong’s real-time mobile payments system).
By now banks should have all built their APIs. But the HKMA never created a standard for those APIs, the quality of the data, or protocols for customer consent and connecting to other players. Nor did the HKMA set out eligibility criteria for third parties such as fintechs.
Banks have been slow to embrace open APIs as a result. Their legal and compliance teams are reluctant to share customer data with fintechs or other third parties they don’t understand: banks realize that any data breach or other mishap will leave them on liable.
Meanwhile, the lack of standards means every single connection is bespoke, each integration a negotiation.
Just us banks
The HKMA’s answer to this logjam is IADS. Within this initiative, it wants to see banks pilot account aggregation and loan assessments. The Authority expects to see the first pilots for SME users this year, soon followed by pilots for retail customers.
Banks are more comfortable sharing their customer’s data with another bank. At least they know they share a common regulator and operate under the same rules and within a similar culture. Although API standards vary among them, the differences are not dramatic – whereas there could be very different specs if dealing with a fintech.
IADS is not a silver bullet. The issue of consent management for SMEs remains difficult for banks to figure out: authorizing data can get complicated when it involves multiple proprietors with different bank accounts.
While the IADS scheme is likely to get banks launching pilots, the use cases are going to remain tepid if they are just bank-to-bank. Ongoing tangles over consent management may also restrict data sharing to a subset of SMEs.
The HKMA doesn’t intend to lock out fintechs: it will want to see open banking extend to third parties, and IADS is just to get the ball rolling.
But banks are also less likely to allocate budget and resources to projects in which they don’t have a lot of confidence. If the use cases are too niche or lack a ‘wow’ factor, banks may drag their heels on expanding operations to include fintechs.
The HKMA, in its attempt to speed up the adoption of open banking in Hong Kong, may find it is actually slowing things down.