Page 46 - Banking Finance September 2021
P. 46

ARTICLE

         financial information in the AA ecosystem, a set of core
         technical specifications have been framed by Reserve Bank
         Information Technology  Private Limited (ReBIT), a Wholly
         owned subsidiary of the Reserve Bank for adoption by all
         regulated entities, acting either as Financial Information
         Providers (FIP) or Financial Information Users (FIU) in
         November 2019.

         In order to protect critical financial information of users and
         to enforce a mechanism for obtaining proper consent from
         customers, the consent of the customer to be obtained by
         the Account Aggregator shall be standardized electronic
         consent format as prescribed under regulations. The AA is  Y Financial privacy and data security : In open banking
         required to inform the customer of all necessary attributes  frameworks, risks associated with the loss or theft of
         to be contained in the consent format and the rights of the  personal data on account of poor security, data
         customer to file complaints. The customers are also provided  protection violations, money laundering and terrorist
         a functionality to revoke consent post which a fresh consent
                                                                 financing concerns cannot be ruled out. Therefore large
         would have to be obtained. Explicit onus has also been  scale adoption of open banking frameworks should
         placed on Financial Information Provider (FIP) to verify -
                                                                 ideally be preceded by strong data protection and
         validity of the consent, specified date and use of it and the
                                                                 privacy laws. Such laws should anchor the ownership
         credentials of the AA.
                                                                 rights and ensure control and consent-based ose of the
                                                                 data. They should also establish the boundaries of rights
         Different jurisdictions have taken a different approach on  and obligations of third-party use, down-streaming of
         the issue of Open Banking. While some have adopted a    data to fourth parties and reselling it. India has already
         prescriptive approach, requiring banks to share customer-  embarked upon the same and The Personal Data
         permissioned data and requiring third party users to register  Protection Bill, 2019 has already been introduced. The
         with regulatory authorities, others have taken a facilitative  Bill seeks to provide for protection of personal data of
         approach by issuing guidance and recommended standards,
                                                                 individuals and establishes Data Protection Authority for
         and releasing open API standards and technical          the same.
         specifications. Some jurisdictions also appear to be following
         a market-driven approach, currently having no explicit rules  Y Customer liability : In absence of explicit arrangements
         or guidance.                                            for redressal of customer grievances and limiting their
                                                                 liability in case of erroneous or fraudulent activity, the
         The AA is a regulatory initiative in India under a hybrid  acceptability of open banking frameworks may remain
         model which is a combination of perspective & facilitative  limited. Therefore, the jurisdictions should look to
         approaches and is in its early stages of development. One  address customer liability for third party access of data
         of the key things to look out for is whether the market forces  through customer protection are indemnity laws.
         will drive the adoption of this initiative or further regulatory  Reserve Bank has issued Charter of Customer Rights in
         nudge will be required. The pace of adoption will also  December 2014, which lists 'right to privacy' along with
         depend on the strength of the community to come together  'right to grievance redress and compensation' among
         and continue to drive the technical specifications standards  others. the right to privacy requires that customer's
         and scalability potential.                              personal information should be kept confidential unless
                                                                 they have offered specific consent the financial services
         Risk Associated with Open Banking                       provider or such information is required to be provided
                                                                 under the law or it is provided for a mandated business
         Open banking may offer benefits in the form of convenient
         access to financial data and services to consumers and  purposes.
         streamlining some costs for financial institutions. However,  Y Cyber security and Operational Risks: Use of open
         it also potentially poses significant risks and concerns around:  banking architecture, which is premised on the


            46 | 2021 | SEPTEMBER                                                          | BANKING FINANCE
   41   42   43   44   45   46   47   48   49   50   51