The conversation on Open Banking in Africa is one that has been a long time coming. While the benefits seem apparent at first glance, there’s a lot at stake for banks, fintechs, governments, and consumers.
Open Banking uses secure application programming interface (API) integration with banking systems and mutually agreed on API taxonomy to let consumers share their banking data with third-party fintech providers for new and innovative financial products and services.
This approach of Open Banking is markedly different from the current African status quo, which favours digital mobile payments modelled on the person-to-person (P2P) three-party payment innovation which was pioneered by Safaricom’s M-Pesa mobile payment.
Nigeria has already shown its desire to pioneer the Open Banking movement into Africa, joining countries like the United Kingdom and the EU. The Central Bank of Nigeria (CBN) made this apparent in its public request for information into the Payment Systems Vision (PSV) 2030, which would define the strategic agenda for the payment system in the next 10 years.
The important thing about a regulatory framework with regards to Open banking is that it establishes rules and principles for data access and sharing to all actors in the banking ecosystem.
Under the framework, the CBN intends to regulate the development of a banking API standard with regards to technical design, information security, operational rules and data processing. The framework also seeks to protect customers with the provision of the consumer protection framework and data privacy laws, particularly the NDPR.
Open banking’s road into Africa has not been without its hiccups, with the biggest one being data privacy. Data privacy is arguably the most important factor for open banking as the ability to securely process data while complying with data privacy and information security standards and laws will encourage customers to accept and drive the adoption of open banking.
It will be prudent for banks to review their data security policies considering the sensitivity of the data they hold. While this is the best practice, sound regulations need to be passed to complement these efforts. Data privacy laws are relatively new in Africa with further guidelines and regulations yet to be rolled out. And except for countries like Nigeria and South Africa where open banking is highly regulated, other central banks are yet to follow suit.
Rwanda
The National Bank of Rwanda (BNR) has acknowledged that fintech and more particularly increasing the available digital customer data can revolutionise financial markets. The growing fintech market in Rwanda already supports the availability of digital customer data that can be mined and analysed to gain a better understanding of customer needs, but the BNR has now also published a regulation to formalise the approach and the publication of standards is imminent.
The BNR has modelled its approach towards open banking on the European Union’s PSD2, which makes provisions for different types of payment providers and facilitates the creation of a regulatory sandbox that would be helpful for simulating and testing new finance products.
Due to the high trust from the Rwandan population in mobile money services, it is critical that the BNR should encourage the participation of telecommunication companies and mobile banking providers in addition to traditional banks.
Kenya
Kenya has also embraced new technologies in banking and payment systems (including mobile money transfers), albeit with no formal legal framework or policy in place, its Central Bank published its 2021-2025 vision and strategy document which sets the agenda for the future of the country’s digital payments ecosystem including the adoption of technologies that enable the delivery of new open banking services.
The document details, “In particular, the main strategic objectives include open infrastructure; consumer protection; financial system regulation and nurturing future development.” The Central Bank Of Kenya (CBK) also mentioned in the document, its reviews on a number of global standards while benchmarking with other countries such as South Africa, The United Kingdom, New Zealand and others that have made progress on their payment infrastructures.
The CBK has also joined hands with the Ministry of Treasury to draft a digital finance policy that seeks to ensure the delivery of financial services to Kenyans through the integration of banking and digital technologies.
South Africa
South Africa’s banking sets a sharp contrast to Kenya’s with their highly regulated financial markets, where financial institutions have to comply with an array of financial, consumer protection and data legislation. However, despite these regulations, fintech companies in South Africa are already implementing Open Banking concepts with corporates that allow controlled access to their clients’ data through APIs.
Outside Africa, Open Banking is driven by a number of factors, regulatory changes being the most powerful force. Customer demand can also be called a driving force, although more education can be done in that aspect. Some have pointed to the European Union (EU) as the “cradle of open banking” because of the Payment Services Directive (PSD2) and the UK’s open banking standard which pioneered it.
In Africa, you might observe a similar approach. Most countries, although yet to implement official open banking legal frameworks, have begun promoting and offering guidelines on the rolling out of these platforms. Kenya’s Central Bank (CBK), for example, has prioritized open infrastructure in its 2021-2025 strategy. The policy paper states, in part that “CBK will facilitate the development of industry-wide standards for open but secure APIs in a way that guarantees access, safety and integrity of data sharing systems.”
These standards will include API specifications for identification, verification, and authentication; customer account information/data access; transaction initiation; and formats and coding languages for APIs. Due to the risk associated with opening up data from financial institutions to third parties, CBK will define clear risk management frameworks and standards, including providing clarity on liability and consumer protection.”
Although the European Union’s PSD2 legislation and the UK Open Banking Standard can be used as a starting point, legislators in African countries must create frameworks that address the needs of their specific markets. This may be time-consuming in the short term, but the long-term benefits of Open Banking justify a careful and thorough approach.
Also, as data sharing forms the foundation of open banking, strong data security standards are critical to its success. Banks play the roles of both data controllers and data processors as they are both holders of customer data and processors through their own sandboxes or APIs.
Open Banking represents a departure from the traditions in emerging markets, where financial inclusion has been focused on the consumer. If properly executed, standardized API access could unlock the dormant potential of Africa’s informal markets.
Open Banking won’t just act as a cash replacement, allowing merchants to accept digital payments. Instead, it acts as a gateway to formal financial products and services. It provides access to formal finance to small or medium enterprises. The more growth these businesses experience, the bigger the target market will be for financial institutions as well.
Building off the principles of Open Banking, four-party digital mobile merchant payments unaffected by the costs, physical limitations, and shallow penetration of legacy cards, could be pivotal in advancing digital banking and financial inclusion on the continent.