Open banking in Canada: Everything you need to know

Open Banking

Innovation has been on the rise throughout the financial industry recently. Both fintech startups and major banks are evaluating the financial services industry to identify opportunities for improvement.

One major hurdle has significantly hindered potential innovations — the necessary privacy and protection of banking data. So how can a startup offer a unique service leveraging your bank data when you have to trust them with your banking login?

Fortunately, a new solution has emerged: open banking. 

The open banking API is a method of securely sharing banking data between trusted parties without requiring the user to provide login credentials. This innovation gives consumers greater control over the security and control of their sensitive information.

Open banking is currently preparing for implementation in Canada. Meetings were held throughout 2022 to determine liability, accreditation, security, and privacy. Outcomes from those meetings are publicly available while Canada moves towards full deployment.

We’re firm believers that open banking lays the foundation for a new wave of powerful innovations for the benefit of consumers and businesses. So keep reading to learn everything you need to know about open banking in Canada.

What is Open Banking?

Open banking provides a framework and API for sharing personal financial information with third-party organizations. These third parties are typically fintech startups or other financial services providers that would otherwise require your login information to obtain your information.

For example, a mobile application that helps consumers manage their monthly expenses and work towards long-term savings goals can use open banking to request the necessary information. Apps like this exist but require you to provide login credentials to your bank.

Open banking allows these same financial management applications to provide the same services without asking consumers to log in to their bank accounts. Instead, the open banking API will securely request this information from the consumer’s bank account in the background.

The technology that makes open banking possible is already developed, but you can see how implementing the API can be a challenge. For example, consumer data must remain secure, all current regulations must be considered, and an accreditation process must be implemented to determine which startups can use open banking. 

Canada is still moving towards deploying open banking. So let’s look at another country where the API is already in motion to see how it works in practice.

Open Banking in the United Kingdom

Open banking is already deployed in the UK and rapidly growing in usage and utility. The Open Banking Implementation Entity (OBIE) initially oversaw the deployment of the API and now continually provides updates and guidance. 

A recent OBIE report discovered that over 6 million individuals and businesses throughout the UK regularly use open banking services. Another report focusing on the open banking API found that it is consistently above 99% throughout the UK, indicating the success of implementation and availability.

In a statement accompanying its latest report, Charlotte Crosswell, OBIE chair said, “I am really pleased to see continued growth of open banking products across consumers and SMEs (Small and Mid-size Enterprises). From allowing people to get their mortgage approved more quickly to paying HMRC (HM Revenue & Customs), utility bills or charitable donations, the products available continue to grow and are becoming more visible.” 

Looking to the United Kingdom gives insights into how open banking may impact Canada. But will Canada also see quick adoption and an entirely new wave of innovative financial services?

How Does Open Banking Work in Practice?

What does all this mean for consumers and businesses? Let’s briefly discuss how a consumer might use open banking when setting up a new app. The typical process will look something like this:

  1. Find an app that helps you shop around for mortgages
  2. The app prompts you to link your bank account
  3. You authorize your bank to share financial data with the application (via the open banking API)
  4. Your username and password are not required at any point
  5. Financial data is shared securely between the bank and the application 

This example focuses on the consumer, but a similar utility can also apply in B2B relationships to streamline sharing of sensitive information. 

Additionally, open banking allows startups, such as the mortgage comparison app in our example, to more easily acquire new customers since less trust is required to start using their services. As a result, open banking in Canada will likely allow for new innovation and growth throughout the financial services industry.

Why Do We Need Open Banking?

Open banking is a reaction to security concerns over the current methods for allowing an organization to access sensitive banking information.

Every example we’ve provided already exists but uses a process called ‘screen scraping’ to request, store, and use login credentials. It allows startups to build their applications but also creates a variety of security concerns. 

Screen Scraping vs Open Banking

You may have used a screen scraping application to connect your bank to a specific financial service or even another bank account. This process asks for your login credentials and continually uses them to obtain necessary information related to the service.

The significant risks with the screen scraping process are:

  • Directly malicious applications that only exist to acquire login credentials
  • Data breaches targeting financial startups that may not have the proper security in place
  • Malicious internal use by individual employees, even if the overall application is legitimate
  • Allows for phishing attacks that mislead users into believing they’re interacting with a reputable screen scraping service

To make matters worse, for many of the above risks, it’s unclear exactly who is liable for stolen login credentials and how they’re used. 

Open banking entirely avoids screen scraping and the above risks. We can even consider it part of the evolving Identity and Access Management landscape as it further protects customer identities.

However, there are still security concerns involved with open banking, which is why Canada and other countries are approaching implementation slowly. Nevertheless, Canada is developing a robust framework for open banking and who is eligible to use it.

What Will Open Banking Do?

Open banking has the potential to improve many vital aspects of the financial services industry. So what does a future with open banking look like? Let’s explore some of the promises of open banking that have given it so much momentum from both the private and public sectors.

Enhanced Data Protection

Data protection is arguably one of the most critical topics throughout any industry. The past few years have seen a dramatic rise in cyber-attacks and data breaches, prompting world governments and organizations to respond. These responses include growing interest in zero trust architecture to new regulations globally.

Open banking’s core mission is to provide better data protection for both consumers and businesses. We’ve explored how the API removes the need for sharing login credentials, but it also establishes a secure standard for transmitting sensitive information.

Legacy screen scraping practices transmit your encrypted login credentials and retrieve banking information but without a firmly established framework that allows for potential vulnerabilities. Additionally, data may arrive incorrectly formatted without a framework and be entirely unusable.

Open banking protects your login credentials and establishes a strict framework for securely transmitting and receiving information. Once deployed, consumers will have more confidence in the security of their banking data, and financial services will minimize risks.

Give Consumers More Control

Consumers will have more control over their login credentials and how their data is used. Every new app must have the consumer’s explicit authorization to request and use their data. This new level of control allows banking consumers to always know who has their data and how they’re using it.

The Canadian open banking framework is still being created and formalized. Yet, it will undoubtedly detail how a company obtains consent and the level of transparency that must be provided afterwards. Additionally, if someone decides to stop using a specific application, there will likely be a detailed process for revoking consent.

More Choices for Specialized Service

Similar to the above, consumers will have more control over their choices for specific services. As a result, more options will undoubtedly emerge, and a consumer won’t have to trust a new application nearly as much to start using.

Instead of trusting a new app with login credentials and data usage, a consumer will immediately know that the app is open banking accredited. From there, they only need to provide consent, and then they’re ready to use the new app.

On the other side of the transaction, new startups offering specialized services will be able to more easily acquire new customers since they won’t need the level of trust necessary for handling login information. Instead, being accredited to use open banking indicates they’re trustworthy and the startup is ready to grow.

Encourages Innovation and Competition

The financial industry has consistently benefited from more competition and innovation. Open banking removes many of the barriers to launching a new fintech product. Startups with a unique idea will have a ready-made path to accreditation.

Additionally, open banking encourages sharing of information. As a result, we may see entirely new financial services emerge that use the wealth of readily available information that gives consumers even more control over their finances.

Smaller banks will also be more able to compete with the Big Four by having greater access to banking data. More competition means more options for consumers, and open banking is an important step.

When Will Open Banking be Available in Canada?

There currently isn’t a set deployment date for open banking in Canada. However, the process of moving toward deployment is in Phase 3, a strong indication that open banking will be available sooner rather than later. 

Let’s briefly go over the three phases to understand what’s been accomplished and what’s still ahead of us:

  • Phase 1: The initial phase spanned from 2018 to 2020. Upon completion, a detailed proposal was released calling for the financial industry and government to collaborate to develop a framework to implement open banking in Canada.
  • Phase 2: The next phase began in 2020 and reached its conclusion in 2021. The Financial Consumer Agency of Canada (FCAC) provided recommendations for implementing secure open banking to the Minister of Finance.
  • Phase 3: In March 2022, Abraham Tachjian was appointed lead to fully develop an open banking framework in Canada. Tachjian will consult with consumer representatives, regulators, and figures within the financial industry to design and implement the open banking framework.

So while we don’t have an exact date, the push for open banking in Canada is nearing its conclusion, and we’re hopeful for full implementation in the near future. You can review the Government of Canada’s open banking implementation site for additional information.

What Does the Future Hold for Open Banking in Canada?

Open banking is on the horizon, and a specific framework is still being developed. Yet, we know the framework will include an accreditation process to authorize specific organizations to use the open banking API.

The accreditation process will thoroughly evaluate applicants’ cybersecurity posture and data protection. Strong Identity and Access Management technologies and policies are the foundation for solid security. Are you leveraging the latest technologies to secure access to sensitive information?

Get the latest insights into open banking, IAM, and related  technology trends curated by Indigo Consulting’s team of IAM experts. Understanding the role IAM plays will better prepare your company for open banking.

Interested in learning more about Agile Development for IAM Solutions? Download our eBook today!