Open finance in NZ: Seeking regulation that enables rather than stifles

The conversation around open finance has recently picked up steam in NZ. There are a few ​​reasons for that:

• The Government is developing “Consumer Data Right” (“CDR”) legislation that will provide a purpose-built regulatory framework for open banking, as well as the broader concepts of open finance and open data.
• We’ve started to see a new crop of open finance-enabled products, such as Sugar Wallet, myRent, and PaySauce.
• FintechNZ and Deloitte are engaging with stakeholders as they develop reports to feed into the policy making process. 

We need a regulatory framework that works. This article presents a view on how the NZ fintech community can engage during this critical period.

If you’re new to the topic of open finance, here’s a quick background. 

Let’s dive in.

While we wait for CDR

I think it'll be about 3 years before CDR offers a viable connectivity option for open finance-enabled products. This rough estimate is based on ~one year to enact the primary legislation, ~one year to designate and write rules for the first sector (which I’ve assumed will be banking), and another ~one year for bank compliance deadlines.  

If compliance deadlines are phased in over time like in Australia and the UK, then it may take even longer before important features like write access, joint accounts, and business accounts fall within the scope of CDR.

While we wait for CDR to rollout and mature, there are a few existing options to deliver open finance-enabled products right now:

1. Screenscraping via web apps: This is widely used for home loan applications, one-off online payments, and PFM apps.
2. Reverse engineering APIs: This is how Akahu provides connectivity for enduring access use cases like recurring payments and ongoing data feeds.
3. Contractual access to banks APIs: This could either be pursuant to the Payments NZ standards, or through bespoke contractual arrangements like Xero has with NZ banks. For most fintech products, contractual access pursuant to the Payments NZ standards doesn't make sense yet because the banks are all at differing stages of API-readiness, and even if all banks were ready, the contractual terms can be prohibitive for many use cases. Bespoke contractual access like Xero requires significant time, money, and negotiating power to get up and running, so that isn’t an option for most fintechs.

Some markets like the US already have a thriving open finance ecosystem. 1 in 4 US adults has connected bank accounts via a single intermediary called Plaid, which has opened up new functionality in apps like Venmo, Cash App, Coinbase, and Robinhood. The US is more advanced in open finance uptake than the UK, even without specific regulations or widely adopted standards. So we shouldn’t use NZ’s lack of regulations as an excuse to be behind other countries. 

In my mind, the most important way to bring open finance to life in NZ is through great products like Xero, where bank account connectivity has significantly improved the UX of accounting. 

This may be a controversial point, but I think it’s a wasted effort to try and “educate consumers about open finance” unless that information is relevant to a specific product. Instead, we should build great products, and help consumers to make informed decisions about account connectivity once they’re clear about the specific value they’ll get from that product. 

Here’s my view on the practical things that will help our local fintech market to deliver great products:

1. High quality intermediaries: By "high quality" I mean intermediaries that offer good functionality, reliability, and pricing. This is a self-serving point for Akahu (we’re an intermediary), but I think it's demonstrably true. You see this in markets like the US where intermediaries are the clear enablers of open finance products. You also see this in markets like the UK where account connectivity is regulated and simple - most fintechs still use intermediaries because it doesn't make sense to duplicate that function internally.
2. Standard bilateral (or better, multilateral) agreements with data holders: As mentioned above, for most fintech products, contractual access pursuant to the Payments NZ standards doesn't make sense yet because the banks are all at differing stages of API-readiness. But when they get there, the next question is whether the contractual terms are acceptable. We've hit this problem ourselves where the fees, insurance requirements, security requirements, and allocation of liability can be prohibitive for us and our app customers. Payments NZ is responding to this issue already by revising the standard contractual terms, so we need the voice of the fintech community represented as these revised terms of access are hashed out.
3. Government acknowledgement (and ideally endorsement) of existing connectivity methods: Another self-serving point here. In Australia, the topic of screenscraping and reverse engineered integrations was explicitly discussed in senate hearings as the Australian CDR rules developed. Australian regulators made it clear that there was no intention to restrict or block those existing methods, and that gave fintechs more confidence to get started or keep going, rather than waiting for CDR. I think it would be helpful to get a similar acknowledgement or endorsement in NZ. There are a few key points to support this position:
   
   These methods have operated in NZ for over a decade without evidence of consumer harm.
   
   CCCFA and AML compliance will be easier if we all acknowledge the account connectivity options that are available and widely in use. For example, around 50% of bank home loans are originated via brokers, and most of those applications use screenscraping to collect the data. Consumers should be very clear about how these methods work, and there should be alternative options alongside account connectivity, but these methods should not operate in the shadows.
   
   CDR should be designed so that it's better than existing methods - in terms of reliability, coverage, functionality, cost, speed, and security. If designed and implemented successfully, everyone using existing methods will be incentivised to migrate across to CDR when it's ready. But we’d hold back our local fintech market if we waited until that happens, especially given that other markets like the US are developing fast without purpose-built regulation.