Open banking in New Zealand - the lay of the land

Humble beginnings

New Zealand doesn’t have open banking regulation (yet). But if you look around, you’ll recognise a number of open banking-esque applications.

Think about a business connecting its bank accounts to Xero to automatically feed in transaction data. Or an Air New Zealand customer paying for flights through POLi to avoid extra credit card fees. Or a couple that connect their bank accounts through bankstatements.co.nz to automatically retrieve statements for a home loan application.

Some of these use cases have existed in NZ for more than a decade. In each case, they require the consumer to connect their relevant accounts, and provide either one-off or enduring consent to the provider so that it can exchange data with the underlying bank.

There’s a better way

This current form of bank connectivity could be improved:

• Cost: It takes significant time and money to build and maintain undocumented integrations with the banks. It would be much cheaper and easier if banks provided fully-functional, documented APIs.
• Authentication: Current integrations require the consumer to provide their login details. Even though these methods have stood the test of time remarkably well, sharing login details with 3rd parties is suboptimal.
• Functionality: Current integrations are limited in terms of data access, so consumers cannot receive the full benefits of open banking.

API Centre: a bank-led approach

Efforts towards open banking in New Zealand have been industry-driven until recently, and were largely prompted in response to political pressure.

In August 2017, the then Minister of Commerce and Consumer Affairs Jacqui Dean wrote to Payments NZ, which is a self-governing industry body owned by the major New Zealand banks. Payments NZ was established to manage payment innovation in New Zealand. Minister Dean’s letter encouraged Payments NZ to advance initiatives that could enable payments innovation, and to offer a platform for viable alternatives to existing payment options in New Zealand.

As part of its response to that letter, Payments NZ started working on API standards that are largely based on the UK open banking standards. This work transitioned to a new organisation called “API Centre”, which is managed by Payments NZ, and is intended to coordinate the development, management, and governance of those standards.

Due to slow progress, political pressure has continued. In December 2019 the then Minister of Commerce and Consumer Affairs Kris Faafoi wrote to New Zealand banks:

• Setting out concerns regarding the pace of progress with the development of industry-driven open banking initiatives.
• Outlining his expectations for future progress.
• Notifying the banking sector that a public discussion document on whether consumer data rights regulation is desirable in New Zealand was expected in 2020.

Regulations are coming

That public discussion document was released by MBIE in August 2020. MBIE’s stated preference is for a “consumer data right” (or “CDR”), which is similar to the regulatory framework that Australia began rolling out in July 2020.

Akahu supports the development of CDR regulation for New Zealand. If designed well, it will be a suitable regulatory framework to give Kiwi consumers control over their data.

But regulations are not the only way

It’s worth noting that a purpose-built regulatory framework is not a prerequisite for a flourishing data economy. For example the US does not have a purpose-built framework, yet it has a range of well-developed intermediaries like Plaid who have aggregated thousands of data integrations and deliver that connectivity as an API service. Household names such as Venmo, TransferWise, Robinhood, and PayPal rely on this type of infrastructure.

However without a specific regulatory framework, a number of issues remain. For example how should risk and liability be allocated between participants? What consumer data should be made available by each data holder? What is an appropriate process to authenticate a consumer and obtain their consent to any data exchange?

What to expect in NZ

This section is opinions rather than facts 😎

In 2021, we expect to see the first bank-led product which is specifically designed and built on top of consumer data portability infrastructure. Which is a convoluted way of saying that the product won’t care who you bank with.

We also expect to see adoption from a range of financial institutions during 2021, initially driven by compliance. The compliance use cases will be driven by changes in the regulatory backdrop, including:

• New CCCFA rules which will codify requirements around verifying income, verifying expenses, and assessing affordability.
• Amendments to the FMCA which will create an obligation to ensure ongoing product suitability over the lifetime of a consumer. This will be a big change for some insurers and lenders that have typically relied on intermediaries for distribution, and have minimal direct contact with consumers (and therefore no visibility of the consumer’s personal circumstances over time).
• AML/CFT obligations (see clauses 14 and 15) to link a customer to their claimed identity when onboarding someone electronically. This obligation is increasingly being scrutinised by sector supervisors.

Once these types of compliance obligations have been met, in part through consumer data portability solutions, we think those financial institutions will start to consider innovative ways to deliver value from that data. They’ll start to see real opportunities alongside compliance costs.

In late 2021 and beyond, we expect to see the start of a new wave of fintech products that rely on consumer data portability infrastructure. Some of these products will be clones from the UK, US, AU, and other countries that have more developed fintech markets. Some will be unique to our people and environment. More crystal ball gazing on this point in a future post!

And finally on regulations, we think it’s likely that NZ will begin implementing a CDR framework in 2-3 years. Based on what we’ve seen in other countries, we expect that it will take a further 2-3 years before the CDR framework matures and starts to deliver better functionality and cost performance than existing methods.

In the interim...

Akahu has been building and maintaining data integrations with NZ banks since 2016. We previously used these integrations exclusively for our internal products, but decided to make our connectivity available to external developers in 2020.

Akahu’s purpose is to empower Kiwis to gracefully manage and derive value from their data. We’ll work with reputable third party developers who deliver on that purpose through their products.

We split our API into four key categories:

• Identity: Verify name, address, and other personal identifiers. Verify that the user is a holder of the account. Verify a user's bank account number.
• Data: Retrieve a user’s account and balance data. Retrieve a user’s unified and enriched transaction data. Retrieve bank statements.
• Insights: Verify income, spending, and employment. Identify transactions of interest. Assess affordability.
• Payments: Enable a user to initiate one-off or recurring payments from connected bank accounts.

Final words

2021 promises to be an inflection point for open banking in NZ, and we can’t wait to work with others who are dreaming and building in this space.

If that’s you, we’d love to hear from you.