In this eight-part article series, we explore Canada’s journey to implement an ‘open banking’ system, the first phase of which is set for launch in fall 2023. This is the fifth article in the series.
Open banking is being hailed as the new frontier in financial services, but are Canadians excited about it? Do they even know what open banking is? The answer to both questions is undeniably “no.” To date, open banking has been a behind-the-scenes exercise confined to a small group of representatives from governments and the financial sector, and the narrative has centred on the technology and standards of open banking, NOT the customer experience.
But for open banking to take root in Canada and flourish over the coming years, customers (consumers and small businesses) are obviously a necessary ingredient – even if they will use open banking without actually understanding or realizing it. So how do we get them to care about and use open banking? The answer is simple, give them services that they need and want and ensure they can trust the provider of those services. This is the “trust puzzle!”
In other jurisdictions further along the open banking journey, we’ve seen a few early adopter consumers embrace open banking services, however the vast majority of people tend to wait on the sidelines and take a wait-and-see approach. They are uncertain about new service providers and their security credentials. After all, they know banks are trustworthy data custodians, but how about these new entrants?
As a result, consumers must feel ready to take the leap of faith before using open banking-enabled services. To get a very large group of Canadians comfortable using these new services, which is ultimately the long-term vision, they have to gain that feeling of security and trust. Then we’ll see the adoption. Trust is essential before mass adoption, and mass adoption, along with greater choice in terms of services that are available, is what’s going to drive the success of open banking.
Ultimately, trust in the features, benefits and overall value is what will matter most to customers when open banking launches in Canada. All this suggests that, to achieve consumer acceptance, Canada’s ecosystem of players – government, financial services providers, fintechs and others – will need to put the customer at the heart of open banking, and ensure transparency and control over their data. And to do so, what must these organizations do to win customers and ensure good consumer outcomes within an open banking system?
A solid consent management framework
For customers, trust plays a pivotal role in the choice of their financial institutions, and it will remain a critical factor in the success of open banking. One of the keys to trust is how customers grant and manage consent to use their financial and personal data. This is especially true when it comes to data sharing with other organizations.
Creating a solid consent management framework in Canada will increase customer trust while outlining an organization’s compliance duties. This framework should be based on a clear foundation that includes a simple consent process, easy opt in/out solutions and clarity in the purpose, scope and period of shared data. Important too is the need for ongoing management capabilities that allow real-time updating. All entities with data and customer consent to share have to provide a portal for customers to be able to edit, revoke or re-validate their consent.
Clear, plain language must also be a priority, so customers from all levels of financial literacy, background and vulnerability to fraud can feel safe and clearly understand that they are protected in sharing their data. There should be new, very specific disclosures about how data is being used: “We’re collecting your data so we can analyze it and make you offers.” This information should be upfront, in simple language – not buried in lengthy terms and conditions.
Robust data security
Another key aspect of customer trust is data security. With increased data sharing across a wide spectrum of players, organizations need to be extra vigilant in detecting any fraudulent activity and earning the trust of customers by displaying robust security and risk measures.
There has to be universal agreement among organizations on how to safely and securely exchange data. It’s evident that the government is undergoing a number of reforms when it comes to data security and sharing, such as Bill C-27, in recognition of the significant role of data in today’s economy and making the Canadian customer feel safe in the process.
Financial institutions today use strong identity and verification methods, while abiding by data protection laws and regulations concerned with customer data sharing. Financial institutions, in particular, have to make sure that their platforms are API-ready from a technical point of view, as the sharing of data requires them to make their API platforms available for accreditation and authorised third-party providers.
Furthermore, federal privacy legislation (PIPEDA) requires organizations to implement security measures that are adequate to the sensitivity of the data, including a secure IT infrastructure, incident monitoring and testing, among many other stringent technical measures. While these measures may be common to some of the larger financial institutions, they may not be as easy to implement for smaller financial players.
Strong privacy protection
Closely related to data security and consent is customer privacy. As the Advisory Committee on Open Banking states, “Appropriately addressing privacy issues is foundational to establishing an open banking system that is rooted in consumer trust.”
An appropriate legal framework is key in privacy issues when it comes to sharing data. The Office of the Privacy Commissioner of Canada (“OPC”) has called for privacy reforms to support the adoption of open banking. Recent privacy amendments in Quebec (“Bill 64”) have updated portability rights and compliance responsibilities and added stringent requirements around data breaches, consent and protection, among other changes.
The Canadian financial industry is hopeful these reforms and initiatives will increase customer trust, enabling the market to adopt open banking at a faster rate in the knowledge that personal data in an evolving financial marketplace is protected and secure.
Clear liability management
Another crucial area to address is liability management. Canadians need good mechanisms for recourse and redress in the event that something goes wrong. In a case of financial fraud, for instance, how is liability managed? Which entity in the financial system bears the liability and how is the customer compensated?
A simple way that liability management has been addressed in Canada, so far, is that it “flows with the data” – meaning that it lands with the party where the data was breached. How this works in a highly intricate open banking ecosystem will need to be ironed out and communicated in ways that are simple, clear and efficient for customers. To build and maintain trust, there must be transparency around complaints, compensation and enforcements in the case of fraud.
A robust liability structure to protect customers is highly important in the adoption of open banking and making customers feel secured in sharing their data. With Canada’s federal and provincial structure, the government is trying to align liability management with each of the provinces’ privacy legislation and laws.
There are some key initiatives underway that will prove decisive in gaining customer trust and helping organizations mitigate fraud, like the efforts from Digital ID & Authentication Council of Canada (DIACC) in putting in place a potent Pan-Canadian Trust Framework.
Customer education is crucial
The advantages that open banking can bring to Canadians are many, including variety in offerings, financial inclusion, and greater industry competition. However, the key question remains, “How do we ensure that people are aware of these benefits and feel comfortable using offerings that rely on open banking?” People don’t want to know the boring nuts and bolts behind the system, they just want everyone saying this is safe! And if there is a problem there’s someone to help me. Put simply, if people don’t have the trust, they won’t sign up for the services... and without services with users, open banking will be little more than a technology capability used by industry players only.
It's helpful to look at the UK experience in building a trustworthy open banking ecosystem over the past few years. As an early adopter and trendsetter globally, the UK overcame consumer trust issues through nationwide education and promotion of open banking, including a communications campaign to let consumers know they can safely share their data. They also created a central directory of all companies authorized for open banking and registered with the financial regulator, to make it easy for consumers to check which firms and services are legitimate. The number of active UK open banking users recently surpassed 5 million – only four years after the system was launched.
Similarly in Canada, consumer education will be critical. All system participants have a role to play in communicating the benefits of open banking, the measures in place to protect customers and their data, and the mechanisms for redress and compensation. Customers also need to know how they can validate companies they’re thinking of doing business with, and confirm that a service provider is certified and registered in the official open banking directory. Participants will all need to pass certain thresholds, so Canadians can trust both the service they sign up for and the service provider.
Building trust in the open banking ecosystem
At the end of the day, the average customer doesn’t know or care about APIs, “read or write access” capabilities or open banking standards. People and businesses want help in managing their financial lives – from banking to investments to insurance. They want to know that the services they choose are being offered by organizations that look after their financial information, keep it secure and private and, above all, can be trusted.
All the right pieces of the trust jigsaw need to be in place to drive mass user adoption in Canada and foster a vibrant open banking landscape. The technology and standards behind open banking are essential tangibles, but there’s a lot of intangible trust building that must happen for customers to say, “I’m now ready and willing to participate in this open banking thing.”
How CGI can help
CGI is ready to help you. We work with banks across the globe to build digital business models, develop pragmatic roadmaps that support the execution of strategy, and deliver technology capabilities that drive innovation and growth. If you’d like more information on our work in this area or to discuss how we can support your open banking journey, feel free to contact either David Hooper, Vice-President, Open Banking and Payments Consulting, Franck Descubes, Vice-president, Business consulting, or Aline Tannous, Director, Consulting Expert.
Keeping you informed
Learn more about CGI’s work through our industry insights, news and CSR initiatives.