The FSCA has published for comment a Draft Position Paper setting out its policy and proposed approach toward regulating the Open Finance sector
In the wake of the consultation and research paper on regulating Open Finance published in 2020, the Financial Sector Conduct Authority (FSCA) has now published the Open Finance Draft Position Paper (Draft Position Paper). The paper sets out the FSCA’s policy position and proposed approach to regulating Open Finance in South Africa.
The Draft Position Paper defines Open Finance as consent-based financial data sharing and payment initiation to licensed third parties, in a safe and ethical manner. Open Finance poses several opportunities and risks that impact both the participants (ie financial institutions and third-party providers (TPPs)) and consumers, particularly as data and technology continue to transform South Africa’s financial sector.
Opportunities and Risks in Open Finance
Open Finance meets one of the FSCA’s strategic objectives, as it offers an opportunity to advance financial inclusion initiatives and drive competition in the financial sector. The new market participants and enhanced range of products and services introduced by Open Finance will benefit competition and overall customer value.
Many Open Finance offerings leverage customer data to provide innovative and personalized financial services and products, including account integration, financial management, payment initiation, alternative lending and insurance.
Although Open Finance has not resulted in any notable scandals, it still poses significant risks, especially to consumers. Some of the risks include privacy and data breaches, misconduct and fraud arising from data exposure, as well as operational and cybersecurity concerns. The purpose of the Draft Position Paper is therefore to set out how the FSCA proposes to mitigate some of these risks.
Regulatory Proposals
There are six regulatory proposals for Open Finance in the Draft Position Paper.
- A regulated Open Finance Regime
The FSCA recognises the important of regulating Open Finance because of the demographics of South African financial consumers. The lack of digital literacy requires regulatory intervention to ensure consumer outcomes and market trust. The FSCA is exploring the potential for a phased mandatory regulatory regime for Open Finance, in which relevant financial institutions would be required to participate by developing the necessary infrastructure to share data with TPPs with the consent of financial customers. The Draft Position Paper notes that a mandatory regime may be more appropriate in jurisdictions where policies are geared towards promoting financial inclusion or increasing competition in the financial sector. The Draft Position Paper notes that a mandatory regime may be more appropriate in jurisdictions where policies are geared toward promoting financial inclusion or increasing competition in the financial sector.
A mandatory regulatory regime offers several benefits. It drives competitive behaviour and encourages financial institutions to develop Application Programming Interface (API) communication solutions. However, the FSCA acknowledges the necessity of assessing the complexities and costs involved in adopting a mandatory regime.
- Tailored and proportionate regulatory oversight over participants
The FSCA has identified four types of participants that will require regulatory oversight: financial institutions, TPPs, fintechs and other service providers. The level of regulatory oversight over each participant will be proportionate to the risk that it poses to Open Finance.
Currently, TPPs and APIs are not licensed as financial institutions and operate outside the FSCA’s regulatory ambit. The financial institutions already participating in Open Finance are not governed by a regulatory framework.
Some of the oversight mechanisms contemplated include imposing data standards or conduct requirements on financial institutions and introducing licensing requirements on entities that utilise APIs to access customer accounts to provide financial services.
- Informed consent for the use of customer data
Adopting comprehensive consent requirements is integral to Open Finance, as it will prevent the unauthorised collection and use of consumers’ data. The Draft Position Paper sets out proposed principles for obtaining and maintaining customer consent, including that consent to use customer data should be unbundled rather than aggregated with other consent agreements or permissions. Consent must also not be conditional on obtaining other bundled products and services.
The Protection of Personal Information Act, 4 of 2013 already alludes to many of the principles in respect of consent proposed in the Draft Position Paper. The FSCA intends only to strengthen the existing regulatory framework to close any gaps.
- Protecting customers by implementing appropriate risk management and disclosure frameworks
The FSCA supports the adoption of risk management frameworks that will mitigate risks such as fraud and unwanted data breaches, as well as a disclosure framework that addresses the risks emanating from vulnerable customers who lack the necessary data literacy levels to give informed consent.
- Ensuring data protection and data sharing standards
The Open Finance regime covers three types of data: generic services, customer and transactional. The FSCA believes that setting data-sharing standards is important to prevent fragmented specifications and practices in the Open Finance regime.
The FSCA will engage its fellow regulators on proposals relating to data protection and data sharing to ensure regulatory and supervisory alignment.
- Providing complaints and dispute resolution mechanisms
The Draft Position Paper sets out the importance of a statutory complaints framework to mitigate the risks of harm to consumers.
The FSCA acknowledges that financial institutions have existing obligations to manage complaints, which it believes to be sufficiently developed to accommodate an Open Finance regime. It proposes that, depending on the activity, the existing framework would apply. For example, a licensed Financial Services Provider would apply the requirements of the General Code of Conduct for authorised Financial Services Providers and their representatives under the FAIS Act.
Next steps
The FSCA intends to conduct further research to better understand how customers utilise Open Banking offerings in South Africa, as well as the potential role of data portability to promote financial inclusion, among other things.
The Draft Position Paper notes that the FSCA will be collaborating with other financial sector regulators (including the Prudential Authority and the South African Reserve Bank), the Information Regulator and the Intergovernmental Fintech Working Group to establish the Open Finance regulatory framework.
Comments on the Draft Position Paper must be submitted to fintech@fsca.co.za by 15 August 2023. The FSCA will consider the comments received before publishing the final position paper. Once the paper is finalised, the FSCA will implement its regulatory proposals in a phased manner. Webber Wentzel will continue to monitor developments. A copy of the Draft Position Paper is available here