The what, why, how and when of the JROC report
Issue 492 | 31 May 2023
The what, why, how and when of the JROC report
At the end of May 2023 the financial regulators in the UK laid out their plans for the future of open banking. The Joint Regulatory Oversight Committee (JROC), co-chaired by the FCA and the Payment Systems Regulator (PSR), say the measures will bring "opportunities for new products and services, allowing consumers and businesses to share data and make payments in more convenient and efficient ways".
The JROC report also sets out its vision for a new entity to replace the Open Banking Implementation Entity in guiding the future roadmap and the principles that will underpin a long-term regulatory framework, which the Government is intending to legislate for.
Only through effective collaboration can we deliver on our ambition and develop open banking in a way that promotes continued innovation and competition, for the benefit of consumers, businesses, and the wider economy.
JROC co-chairs: co-chairs of the committee, PSR’s managing director, Chris Hemsley, and FCA’s executive director, consumers and competition, Sheldon Mills
Comprising of 48 pages the report is clear, concise and (very) ambitious - the payment aficionados amongst us will have already devoured the full report but, for the rest of us, issue 473 of Payments:Unpacked summarised ten key points from the report.
Open Finance Association viewpoint
The Open Finance Association has published their viewpoint on the Joint Regulatory Oversight Committee Report and have allowed us to publish their report here in full.
UK Open Banking is at a turning point
UK open banking is at a turning point. With the publication of this report, Government and Regulators have signalled their intent to ensure the further development of the ecosystem and have provided clear next steps. TPPs, banks and the wider industry must now play their part to move things forwards in these important areas.
OFA Chair Nilixa Devlukia
In April, Andrew Griffiths, EST, announced the publication of the Joint Regulatory Oversight Committee (JROC) report on the future of UK open banking. He said “this will be the year of delivery for the next generation of open banking”
JROC was launched in March 2022 to help the UK transition to the next phase of open banking. It’s made up of the Financial Conduct Authority (FCA), Payment Systems Regulator (PSR), Competition & Markets Authority (CMA) and HM Treasury.
The highly anticipated report sets out a range of recommended actions in six areas:
API performance
Financial crime
Consumer protection
Information flows (between banks and third party providers (TPPs))
Variable recurring payments (VRPs) beyond sweeping
The future of the Open Banking Implementation Entity (OBIE)
In this paper, we (the Open Finance Association) unpack the what, why, how and when of the report and give our view on the recommended actions.
Overall, we welcome the report as a significant step in securing the future of UK open banking and bridging the gap to open finance.
However, fulfilling the recommendations will require extensive work and resources from regulators, industry and from the Open Banking Implementation Entity (OBIE), which is also preoccupied with its own transition to a ‘future entity’ (as we discuss below).
The timelines are also ambitious. It’s been one month since the report was published and certain items are due for completion Q2 2023.
1. API Performance
We urge JROC to publish further information and commit resources to ensure the recommendations are pushed forward.
What?
Application programming interfaces (APIs) are the bedrock of open banking. They enable third party providers to securely connect to banks, so they can access account data and initiate payments on behalf of customers.
JROC is looking at:
How well bank APIs perform
How to better collect API performance data
Why?
When bank APIs become unavailable, this has a big impact on the companies and consumers using open banking to make payments and view account data. This is why performance needs to be carefully monitored.
API performance data is already collected, but not consistently, and not in real time. The nine largest banks have to report one set of data to the OBIE (published here) on a monthly basis. A larger number of banks have to publish data on their websites (eg here) and report to the FCA quarterly.
The time lag with data reporting, and the inconsistency in what is reported, means problems with API performance (such as outages) are not always picked up or acted on effectively. JROC wants to ‘level up’ by collecting the same data from across the ecosystem.
How? When?
JROC has tasked the OBIE with designing a new data collection framework for API availability and performance in Q2 2023.
Regulators will consult on new reporting requirements, if needed in Q2 2024.
What we think
Transparent reporting on performance and use of APIs has been incredibly important for tracking the uptake and health of UK open banking.
Unlike the EU, the UK maintains centralised reporting and publication of API data. This is a key resource for participants.
We agree that there is a need to expand data collection consistently across more banks.
However, JROC’s proposed reporting changes will be time consuming, expensive andduplicative for banks and TPPs.
Aligned with the overall data and technology strategy of the UK regulators, we believe that a technological solution to the data collection, using companies that provide such services is a more appropriate way forward and that this approach will improve the quality, consistency and independence of data, move towards real-time reporting, and reduces costs.
2. Financial Crime
What?
Open banking payments have been developed with security in mind. As a replacement for manual bank transfers, they remove the need to enter payee details, reducing the risk that consumers are tricked into sending money to a fraudster.
In its report, JROC considers:
How to better collect data on financial crime
Banks’ alignment with guidance on transaction limits
Data sharing between banks and TPPs to prevent financial crime
Why?
While trade associations like UK Finance publish fraud data for other payment methods, open banking payments lack a similar reporting system. Collecting and publishing better data will allow for more transparency and understanding of the scale and characteristics of fraud.
Recent increases in financial crime have also led banks to reassess their risk approaches. This can impact how they treat open banking payments —for example, blocking or limiting more payments.
Sharing more data between TPPs and banks will also allow participants to understand the financial crime risks of certain payments, enabling better fraud prevention.
How? When?
Asking the OBIE to design a data collection framework (Q2 2023) and analyse the datacollected (Q3 2023)
Asking banks to assess whether their payment limits are aligned to FCA guidance (Q2 2023)
Asking the OBIE and Pay.UK to progress initiatives to enhance data sharing between banksand TPPs (Q4 2023 - Q2 2024)
Asking the FCA and PSR to consult on data sharing and payment limits (Q2 2024)
What we think
Data is incredibly important when thinking about fraud. We agree with the way data collection is being prioritised by JROC.
Data on fraud impacting open banking payments should be published in a contextualised manner alongside fraud data impacting other types of payment.
Any reporting requirements need to be proportionate. Banks and TPPs already report fraud data, including open banking data to the FCA, and this should be improved rather than duplicated.
Data sharing between TPPs and banks needs to be developed under guidelines to ensure consistent practices and outcomes. For example, consistent understanding of what a certain payment context code or transaction risk indicator means.
We hope better data sharing and transparency will lead banks to reassess payment limits, especially where low payment limits are preventing consumers from being able to use open banking for high value payments.
3. Consumer protection
What?
As open banking develops and new products and services emerge, JROC is assessing whether consumer protections are keeping pace.
JROC is reviewing:
The processes in place to help guide consumers if something goes wrong
Any potential ‘protection gaps’
Dispute processes for both data and payments use cases
Why?
Regulations enabling open banking already ensure a high degree of consumer protection.
However, open banking services have developed rapidly since regulation was introduced in 2017. They are now used to power everything from credit scores to tax payments, and increasingly to make purchases.
The JROC recommendation to look at consumer protections ties in to parallel work by the PSR to unlock account to account payments for retail use to compete with cards. The PSR has highlighted that:
“Retail transactions ... add a number of uncertainties (such as a customer paying a certain time before goods or services are delivered) which the consumer’s account provider needs to be able to assess the risk of. These types of factors place demands on the underlying payment infrastructure.”
The JROC report lines up with this work by noting that, “the FCA and the PSR will assess the alignment between dispute processes in open banking and Faster Payments to decide where additional processes should sit.”
How? When?
JROC is
Asking the OBIE to perform a gap analysis of disputes processes by Q4 2023
Proposing that the FCA and PSR will consult if necessary, on additional dispute process or protection requirements in open banking in
What we think
Ensuring consumer confidence in open banking services is critical and can only be achieved if:
open banking works well and issues are prevented
issues that do occur are addressed effectively and in a timely manner
consumers know what to do and who to speak to if something goes wrong
While increasing user adoption indicates that open banking is working well, we believe work is needed in the following areas:
Keep reading with a 7-day free trial
Subscribe to Payments:Unpacked to keep reading this post and get 7 days of free access to the full post archives.