When it comes to open banking, it’s extremely important for all stakeholders in the financial ecosystem to be aware of the regulations that make this innovative financial services framework possible.
There is no doubt that the Central Bank of Bahrain (CBB) has recognized various trends that point in favour of having an open banking framework. Here are just a few of the trends we’ve been witnessing in recent years that have supported the need for an open banking framework:
- Hyper-growth in e-commerce
- Increased adoption of internet payments
- Increasing consumer demand for mobile-based payment solutions
- Developments in the FinTech space
- Increased demand for multiple account providers for a single customer
Previously, we have looked at the benefits of open banking and the pain-points it aims to solve for both consumers and businesses alike. However, how is all this made possible? And what are the stipulations? In this post, we’ll discuss the main points of open banking regulations from the perspective of financial institutions, such as banks and from the perspective of ancillary service providers like Tarabut Gateway. The basis of this post is derived from The CBB’s handbooks on the General requirements Module: Volume 2 and Volume 5 of the Open Banking regulations
Open Banking Regulations for Banks
Based on The CBB’s General Requirements Module: Volume 2, all banks are mandated to supply ancillary service providers “access to customer accounts on an objective, non-discriminatory basis based on consents obtained from the customer” while “ensuring adherence to Law No 30 of 2018, Personal Data Protection Law (PDPL) issued on 12 July 2018.”
Why does this matter?
In a nutshell, when the customer grants consent to the licensed ancillary service provider, banks are required to provide licensees such as Tarabut Gateway with customer data such as spending and transaction history. This data is used so that customized solutions are made possible for consumers moving forward. It’s transparency at its best and creating a financial ecosystem predicated on trust. As we’ve previously discussed, here is just one example of the solutions we can expect to see soon.
It’s important for banks to also gain comfort in knowing that “Value-added Data” are not required to be shared with ancillary service providers. Value-added data refers to any further analysis or insights that may have been generated by the institution on its customers.
Open Banking Regulations for AISPs (Tarabut Gateway)
As an ancillary service provider, Tarabut Gateway falls under the category of Account Information Service Provider (AISP).
In Volume 5 of the CBB’s handbook on Ancillary Service Providers, it states that “Account Information Service Provider(AISP) refers to a person licensed by the CBB to provide account information services using an online portal, mobile or smart phone application, device or other electronic media which a consenting customer can use to obtain aggregate or consolidated information about his account balances with licensed banks, financing companies and other licensees.”
Essentially, AISPs are permitted to obtain customer data that gives them a better understanding of a customer’s relationships with service providers and transaction history. It also allows AISPs to aggregate that data for customers so that they can easily parse through and make sense of their financial information. However, this does not mean that AISPs are allowed to share this information or use it in any other way that breaches data security and confidentiality. We have previously covered why this is helpful in our blog, “What is Open Banking?”.
Why does this matter?
Essentially, AISPs (e.g., Tarabut Gateway) exist to provide transparent and clear information to customers on their financial matters across all their accounts. They also exist so that banks and other institutions are in a better position to offer products and services that truly make a positive impact in the lives of customers.
Rest assured, AISPs and other ancillary service providers are held to the highest security and cybersecurity standards to ensure that the data they have access to remains guarded and secure.