HKMA Outlines Consumer Protection Measures for Open API Framework
HKMA published a circular to clarify its expectations on the consumer protection measures of authorized institutions in respect of the Open Application Programming Interface (Open API) framework. The Annex to the circular lists sound consumer protection practices for Open API Phase II and beyond. To strike a balance between innovation and consumer protection, HKMA emphasizes that authorized institutions should adopt a risk-based approach and implement the consumer protection measures that are commensurate with the risks involved.
The circular also clarifies the requirements about engagement of intermediaries by the authorized institutions, as the use of third-party service providers under Open API Framework may constitute the use of intermediaries by authorized institutions. For the avoidance of doubt, Simple Redirection Model is not considered as use of intermediaries by authorized institutions and the authorized institutions should still comply with the HKMA-issued applicable requirements for engagement of intermediaries. Authorized institutions should establish clear liability and settlement arrangement with the partnering third-party service providers for compensating customers’ loss arising from unauthorized transactions, with clear upfront communication to customers. They should also and adhere to the principle that a bank customer should not be responsible for any direct loss suffered by him/her as a result of unauthorized transactions conducted through his/her account attributable to the services offered by the third-party service providers using the Open API of authorized institutions, unless the customer acts fraudulently or with gross negligence.
Authorized institutions are expected to put in place consumer protection measures when implementing the Open API framework. These institutions are expected to uphold consumer protection principles set out in the Code of Banking Practice and comply with other applicable regulatory requirements; this is expected regardless of the underlying technology adopted for the banking products and services and regardless of whether the authorized institutions provide the products and services themselves or in partnership with the third-party service providers.
Keywords: Asia Pacific, Hong Kong, Banking, Open API Framework, Fintech, Open API Phase II, HKMA
Previous Article
EBA Identifies Issues in Cross-Border Banking and Payment ServicesRelated Articles
EBA Issues Erratum for Phase 2 Package of Reporting Framework 3.0
EBA published an erratum for the technical package on phase 2 of the reporting framework 3.0.
EBA Updates Lists of Entities for Use in Capital Calculations under SA
EBA published an erratum for the technical package on phase 2 of the reporting framework 3.0.
MAS Amends Notice on Related Party Transactions of Banks
MAS amended Notice 643A that addresses requirements for banks to prepare statements of exposures and credit facilities to related concerns or parties.
ECB Amends Guideline on Euro Short-Term Rate
ECB has published, in the Official Journal of the European Union, the Guideline 2021/565 on the euro short-term rate (€STR) and this guideline amends the previous ECB Guideline 2019/1265.
EBA Consults on Standards Related to FRTB-SA
EBA launched a consultation on the draft regulatory technical standards on the list of countries with an advanced economy for calculating the equity risk under the alternative standardized approach (FRTB-SA).
PRA Proposes Rules Related to IRB Approach for Credit Risk
PRA is proposing, via CP7/21, the approach to implementing new requirements related to the specification of the nature, severity, and duration of an economic downturn in the internal ratings-based (IRB) approach to credit risk.
BoE Outlines Regulatory Treatment of Recovery Loan Scheme of UK
The UK government launched the Recovery Loan Scheme (RLS) as part of its continued COVID-19 support for UK businesses, as announced by HM Treasury on March 03, 2021.
FSB Addresses G20 on COVID Measures, TBTF Reforms, and Climate Risks
FSB published a letter, from its Chair Randal K. Quarles, to the G20 Finance Ministers and Central Bank Governors, ahead of their virtual meeting on April 07, 2021.
OSFI Unwinds Temporary Increase to Covered Bond Limit for Banks
OSFI issued a letter to the deposit-taking institutions issuing covered bonds and announced the unwinding of the temporary increase to the covered bond limit for deposit-taking institutions, effective immediately.
EU Amends CRR and Securitization Regulation in Response to Pandemic
To support recovery from the COVID-19 crisis, EU has published two regulations to amend the securitization framework, as set out in the Securitization Regulation (2017/2402) and the Capital Requirements Regulation or CRR (575/2013).