It is a brave new world for the sharing of data, as different jurisdictions develop standards and legislation for Open APIs and open data.
In September last year, Bank Negara Malaysia (BNM) released an exposure draft entitled Publishing Open Data using Open API.
This year, they have encouraged industry to read and adapt the principles published in the policy documents related to Open Banking.
Similarly, leading up to the holidays in Australia, the Australian Competition and Consumer Commission (ACCC) released their own paper on the rules framework for Consumer Data Rights and responded to some of industry’s concerns.
The banking industry will be the first to be affected by the open application platform interface (API), with the open banking regime to take effect on 1 July.
Much has been made about the open banking regime levelling the playing field in banking and the financial industry because of the high barriers to entry in Australia.
The Australian model closely follows the initiative set up in the UK by the Competition and Markets Authority on the behalf of the UK Government.
The BNM in Malaysia seems to be more focused on a system beneficial to consumers and the banking industry.
In the exposure draft released on the first day of the new year, the authors write that, “The bank recognizes the benefits of open API standardisation initiatives to the industry at large, including improving third party experience in accessing Open APIs published by different providers. This would encourage greater usage and offerings of innovative solutions by third parties, which results in efficiency gains to both customers and businesses alike.”
The draft mentions other initiatives related to open APIs and worked to establish an Open API working group last year called the Open API implementation Group.
Apart from the basic definitions of the API framework and what it can mean for businesses, the paper also discusses the serious considerations around questions of governance and security.
Under the section of the paper looking at what it calls the ‘phased approach to open APIs’ the authors write, “In particular, careful consideration is necessary in developing the appropriate security controls and governance measures over greater data access and portability, which are part of the tenets of Open Banking.”
In separate policy document where the Malaysian bank responded to industry questions, they were asked a few questions around third party governance and the registration around the centralised third-party registration process.
The Bank’s response is that, “A bilateral registration process is viewed as the most efficient manner to encourage financial institutions’ adoption of Open Data APIs. However, financial institutions may collaborate and agree on a common baseline to be adopted across the industry. The Bank may consider a more stringent third-party governance process in the future, as the industry progresses to publish more sensitive Open APIs.”