The Open Banking Reform has been enacted, allowing fintech companies, non-bank credit card companies, and other parties to receive consumer financial data in order to increase competition in the banking and financial markets and to improve customer service.
So what exactly is the Open Banking Reform?
The Financial Information Service Law, 2021 (hereinafter: “Financial Information Service Law”), is based on the principle of openness in the financial services market in Israel, obligating the large financial institutions to share consumer data with third parties. This includes information about the customer’s account balance, commissions and interest paid, account activity, overdraft credit, savings, and securities. Until now, consumer financial information was controlled by the large financial institutions, resulting in the monopolization of information and a barrier to competition in the market. The Financial Information Service Law requires those institutions to use software interfaces that allow the consumer, or anyone authorized by the consumer, to request and receive detailed financial information.
The reform represents a real revolution in the banking, credit, and finance markets. It transforms the world of closed banking, where the financial institution – usually the bank – holds information about the consumer, to a system where the consumer has control over his/her financial information. Until the enactment of the law, most consumers obtained all of their financial services from one financial entity – usually, the bank where they have their accounts – because it was challenging to get a comprehensive overview of their finances when products were purchased from different entities. The goal of the reform is to enable consumers to view in one place, in real-time, a full picture of their financial situation based on information from multiple financial services providers. As such, it will be easier for consumers to purchase financial products from different sources.
At the same time, with the sharing of financial information between different providers comes the risk that sensitive information can be leaked to unwelcome parties. Therefore, along with the principles of information sharing that the reform aims to promote, it establishes rules regarding which entities are entitled to receive the financial information, the requirements for maintaining and managing the information, and consumer protection.
In order for an entity to qualify as a financial information service provider, the law requires it to be licensed for this service. The licensing is regulated by the Israel Securities Authority (ISA). Entities that are already licensed to provide financial services must receive authorization to act as an information service provider from the regulatory authority that granted their license.
With the entry of the law into force, companies are no longer allowed to collect and store online financial information without a license or “continuation of business” approval. For example, they are not allowed to regularly obtain customers’ usernames and passwords and transfer information to them from their accounts without a license.
What does the license or registration allow?
Upon receipt of the license, the licensee – the “service provider” – may receive financial information about customers and make use of it as permitted by law (for collection, consulting, brokerage, and cost comparison).
In order to obtain the license, the applicant is required to meet the conditions set forth in the law (the rules will be refined later on in the procedures published by the Israel Securities Authority and other regulators), including:
- The applicant must be a company.
- Control over the company’s business and its management operate in Israel. Or, if they do not operate in Israel, the company has the ability to comply with all the provisions of the law, and compliance is enforceable.
- The company has the appropriate technological means and knowledge to deliver the financial information services it wishes to provide, including the ability to comply with the provisions of privacy protection, information security, cyber security, and risk management.
- The company presents an affidavit attesting to the fact that it has a business plan as well as the financial means which prove its ability to provide financial information services.
- The company is in compliance with insurance requirements, minimum equity capital, and collateral.
- The company does not have a court-ordered receiver or a liquidation order.
- If there is a controlling shareholder of the company, he/she must meet the conditions for obtaining a controlling shareholder permit.
What information can be accessed according to the law?
The law establishes “information baskets” which specify the financial information that financial entities will be required to make accessible to service providers. These include:
- Bank and checking accounts: balances and transactions in the various customer accounts.
- Credit cards: credit balances, interest, and fees that the customer pays for the credit card.
- Debit cards: details of the customer’s use of the card and fees paid for its use.
- Securities: securities held by the customer, the activities in the securities portfolio, and the fees paid by the customer.
- Savings: savings, interest, and linkages that the customer receives and the fees paid.
Which entities will be required to allow access to the information?
The obligation to allow access to service providers applies only to the information baskets indicated above, and will apply to banks, clearing houses, credit card companies, holders of licenses to provide deposit and credit services, provident funds, and insurance companies.
What other provisions are included in the law?
The law establishes provisions regarding how information is to be saved, the ongoing management of the database, conflict of interest, the contract period, discontinuation of service, disclosure obligations toward the customer, and other consumer provisions.
It is clear that the law, which includes many regulatory emphases, also provides a groundbreaking opportunity for any company interested in providing financial services. It is an opportunity for fintech companies, insurance agencies, credit card providers, and entrepreneurs to gain a real foothold in the market, competing for customers with established institutional corporations.
For more details, please contact Ido Malin, a partner at Gornitzky, or one of our other experts in financial regulation.