Risk Management and Crisis Response Blog

Open banking and cyber risk – balancing customer interests

Sep 21, 2017 3 MIN READ

In August, the Canadian government published a consultation paper as part of its ongoing review of Canada’s financial sector.  The consultation paper touches on a wide range of topics, some of which I will cover in future blog posts in the coming weeks. This blog post covers the government’s interest in exploring open banking.

What is open banking?

Open banking is a framework under which consumers have the right to share their banking information at a financial institution with other financial service providers.   In Canada, financial institutions have a duty of confidentiality to their customers under which they cannot disclose their information except if they have customer consent or under limited circumstances (for example, if required by regulators). In addition, Canadian financial institutions do not allow customers to give access to their bank accounts to others (these restrictions are contained in account agreements; operationally, financial institutions do not offer any technological solutions that would facilitate sharing of customer information other than in the limited context of sending money e-transfers).  These restrictions are generally based on legitimate concerns around the potential for fraud and misuse of sensitive customer information.

What are the potential benefits of open banking? 

The consultation paper notes that open banking holds the potential to make it easier for consumers to interact with financial service providers and increase competition.  Although the consultation paper does not expressly say this, the impetus behind open banking seems to be coming from lobbying efforts by FinTechs, who have an interest in getting access to customers’ banking information that can then be used to offer competitive pricing or other services to the customers. The government intends to study the merits of open banking (and is seeking views from all interested stakeholders) before it makes any adjustments to financial institution regulations to allow open banking.

What are some of the potential risks of open banking? 

Given the recent data breach at Equifax, it is not hard to see why any potential benefits of open banking should be weighed against the potential for data breaches.  The likelihood of data breaches in respect of any set of data generally goes up the more places that data is stored in or made available through. Although the consultation paper does not acknowledge this point in the context of open banking, the paper does note that cyber security is a priority for the financial sector and the government intends to work with Public Safety Canada to assess what legislative and regulatory changes might be needed to achieve its goal to create a new cyber security strategy and make Canada a global leader in the provision and use of technologies to promote safe and secure services.

In summary, it is too early to tell whether, and how, the government would implement open banking.  Regardless of the outcome, the concerns around data security and cyber risk continue to be important issues for all financial institutions and must be top of mind for all regulators when introducing any legislation that allows open banking.