Is Open Banking legal?

The first time you encounter open banking, it may seem too good to be true. Open banking refers to the process of securely sharing a user’s financial data between the user’s bank and a verified entity (like a company) all with the user’s consent. It's important to note that no one but the user has access to that data -- companies are just able to view it in order to get a better understanding of the customer's financial health. Read more on the benefits of open banking for users, companies and others here.

So, say you just went to apply for a loan and were prompted to log in to your bank account to share your financial history quickly and easily with the potential lender. Or say a friend told you they were able to make a purchase without using their card – just a quick account-to-account transaction between their account and the account of the seller. 

It seems almost too simple, doesn’t it? The more wary user may even be wondering if open banking is legal. 

Well, there’s good news on all fronts: yes, it is very simple. And yes, it is very legal. Not only is open banking legal, but it’s highly regulated. 

Let’s take a look at how….

‍

PSD2 paves the way 

Open banking got its start in Europe with the passing of legislation meant to open up Europe’s payment systems. The most recent iteration of that legislation is PSD2, which came into effect in 2018 and has paved the way for all the developments in open banking since. 

PSD2 strengthened and regulated open banking across Europe, ensuring that entities using open banking technology were following a strict set of data safety and protection protocols.

This includes ensuring that banks and Third Party Providers meet security requirements like Strong Customer Authentication (SCA). It also increases consumer protection and strengthens user rights – importantly, PSD2 says that data sharing can only happen with the customer’s consent – and protects against fraud.

‍

Entities must register 

Under open banking laws in Europe, any entity involved in open banking must register with the proper regulatory authorities. There is one main body, the European Banking Authority, which oversees open banking across the continent and ensures that all verified entities are following proper PSD2 protocols and regulations. 

On top of that, individual countries also have their own regulatory bodies, which work with the EBA to ensure individual entities are following open banking regulations. In Poland, for instance, this body is known as KNF, in Lithuania, it is the BOL. Read more in our glossary of terms here. 

All of these entities are searchable on the EBA’s website, meaning that if a user has even a shred of doubt about open banking, they can ensure that all the entities they’re considering working with (banks and Third Party Providers) are verified to offer open banking services. 

‍

Constant improvement

Authorities involved in regulating open banking, as well as open banking experts are constantly looking at ways to make open banking even safer and more secure. The latest consideration came last year, when European authorities took comment from experts on the ways PSD2 could be improved on. They are currently considering a new iteration of the legislation, which could be PSD3, and experts say it could include even more consumer protection and safety protocols. 

‍

What about outside Europe?

Europe is the global leader in the world of open banking, so it makes sense that it would be the most developed in terms of regulations. However, other continents and countries are not far behind. Australia, Brazil, Mexico and Singapore are just some examples of countries that have either outlined guidelines for open banking or have actually put regulations regarding open banking in place. (Read more about countries outside of Europe and where they stand on open banking here)

‍

For more updates and analysis on open banking, follow Kontomatik on LinkedIn

‍