In response to the FSCA’s press release on Open Finance
Over the past 12 years, South Africa has been embracing data portability through solutions and services provided by Banks and FinTechs for both consumers and SMEs. This has typically been supported by third party data aggregation platforms like Yodlee and Stitch, with large Financial Institutions like Nedbank (MyFinancialLife) and Liberty (OneView) leading the way initially. FinTechs like 22Seven and Sage have also delivered services successfully, along with other companies in the credit and PFM spaces.
These services have been delivered without incident using screen scraping as the prime method of data capture. However, now it’s time to take the next steps by moving on to introducing direct data feeds with the financial institutions in the form of APIs, in much the same way as the UK and Europe have been doing with Open Banking (PSD2). This is why it is great to see this consultation being driven by the FSCA.
Implementing Open Finance in South Africa involves a comprehensive approach that requires coordination between various stakeholders, including financial institutions, regulators, technology providers, and consumers. Here is an overview of the key steps involved in implementing Open Finance based on Circit’s experience as a regulated entity across multiple countries:
1. Regulatory Framework: The first step is to establish a robust regulatory framework that promotes Open Finance and protects consumer interests. Regulators need to work closely with industry participants to develop guidelines and standards that govern data sharing, security, privacy, and liability.
2. Consent and Data Access: The financial institutions should implement mechanisms to obtain customer consent for data sharing, providing a unified approach. This can be done through secure and user-friendly channels, such as mobile apps or online portals. Clear processes and standards should be in place to enable third-party providers (TPPs) to access customer data securely and with proper consent.
3. Security and Authentication: To ensure data security, strong authentication protocols and encryption standards should be implemented. This helps protect customer information during data transfers between different entities involved in Open Banking. Regulatory guidelines should provide clarity on the minimum-security requirements for all parties involved.
4. API Development: Financial institutions should develop and provide Application Programming Interfaces (APIs) that allow authorised TPPs to access customer data securely. APIs should be well-documented, standardised, and follow best practices to ensure interoperability and smooth integration with third-party applications.
5. Data Privacy and Protection: Robust data privacy measures are crucial to build trust among customers. Financial institutions must comply with data protection regulations, implement data anonymisation techniques where appropriate, and ensure that customer data is accessed and used only for authorised purposes. As highlighted in the FSCA’s Draft Proposal, the majority of this is covered with the POPI legislation.
6. Testing and Certification: Before granting access to TPPs, a thorough testing and certification process should be in place to validate the security and functionality of their applications. This helps ensure that TPPs meet the necessary standards and safeguards customer data.
7. End User Education: Educating users about the benefits of Open Finance is essential. Financial institutions and regulators should collaborate to create awareness campaigns, provide clear information on data sharing practices, and highlight the importance of responsible data management.
8. Monitoring and Compliance: Ongoing monitoring and compliance efforts are necessary to ensure adherence to regulatory guidelines and standards. Regular audits, assessments, and reporting mechanisms should be established to identify and address any potential issues or breaches.
9. Collaboration and Innovation: Open Finance presents opportunities for collaboration between traditional financial institutions and fintech start-ups. Encouraging innovation and fostering partnerships can lead to the development of new and improved financial products and services for the benefit of consumers and businesses.
10. Review and Adaptation: Open Finance is an evolving field, and regular reviews of the regulatory framework and implementation processes are necessary. Stakeholders should actively monitor the impact of Open Finance and make necessary adjustments to address emerging challenges or take advantage of new opportunities.
Implementing Open Finance in South Africa requires a well-coordinated effort involving regulators, financial institutions, technology providers, and consumers/businesses. By establishing clear guidelines, ensuring data security and privacy, and promoting collaboration, South Africa can unlock the potential of Open Finance to drive innovation, competition, and financial inclusion in the country's financial sector.
Circit:a real-life example of Open Finance benefiting financial institutions, auditors and businesses:
Circit is an audit evidence collection platform for firms to verify the world's assets at source. We help teams save time - on processes, tracking request statuses and collaboration with evidence providers. Firms using Circit deliver higher quality audits by elevating the client experience and streamlining direct from source collection.
The audit process can benefit hugely from Open Finance: it creates significant improvements for auditors and clients and is considered a game changer by many. In the light of the FSCA Paper, we at Circit wanted to highlight some of the benefits of Open Finance to the audit industry specifically.
Example: Bank statements are a key piece of any audit, and Wirecard filing for insolvency after revelations that €1.9 billion was missing, is a prominent example of what happens when testing in this area is weak.
Open Finance allows auditors to obtain their clients’ bank statements directly from the bank, digitally. This provides auditors with third party evidence in a format that can be analysed instantly by algorithms, while being confident the data is from the true source of data.
Learn more about Open Finance and Circit here.