Featured Product

    HKMA Outlines Consumer Protection Measures for Open API Framework

    October 29, 2019

    HKMA published a circular to clarify its expectations on the consumer protection measures of authorized institutions in respect of the Open Application Programming Interface (Open API) framework. The Annex to the circular lists sound consumer protection practices for Open API Phase II and beyond. To strike a balance between innovation and consumer protection, HKMA emphasizes that authorized institutions should adopt a risk-based approach and implement the consumer protection measures that are commensurate with the risks involved.

    The circular also clarifies the requirements about engagement of intermediaries by the authorized institutions, as the use of third-party service providers under Open API Framework may constitute the use of intermediaries by authorized institutions. For the avoidance of doubt, Simple Redirection Model is not considered as use of intermediaries by authorized institutions and the authorized institutions should still comply with the HKMA-issued applicable requirements for engagement of intermediaries. Authorized institutions should establish clear liability and settlement arrangement with the partnering third-party service providers for compensating customers’ loss arising from unauthorized transactions, with clear upfront communication to customers. They should also and adhere to the principle that a bank customer should not be responsible for any direct loss suffered by him/her as a result of unauthorized transactions conducted through his/her account attributable to the services offered by the third-party service providers using the Open API of authorized institutions, unless the customer acts fraudulently or with gross negligence.

    Authorized institutions are expected to put in place consumer protection measures when implementing the Open API framework. These institutions are expected to uphold consumer protection principles set out in the Code of Banking Practice and comply with other applicable regulatory requirements; this is expected regardless of the underlying technology adopted for the banking products and services and regardless of whether the authorized institutions provide the products and services themselves or in partnership with the third-party service providers.

    Keywords: Asia Pacific, Hong Kong, Banking, Open API Framework, Fintech, Open API Phase II, HKMA

    Related Articles
    News

    OSFI Discusses Benchmark Rate Transition, Sets Out Work Priorities

    The Office of the Superintendent of Financial Institutions (OSFI) published the strategic plan for 2022-2025 and the departmental plan for 2022-23.

    May 17, 2022 WebPage Regulatory News
    News

    EBA Proposes Standards to Support Secondary NPL Markets

    The European Banking Authority (EBA) is consulting, until August 31, 2022, on the draft implementing technical standards specifying requirements for the information that sellers of non-performing loans (NPLs) shall provide to prospective buyers.

    May 17, 2022 WebPage Regulatory News
    News

    EU Confirms Agreement on Rules on Cybersecurity and Banking Resolution

    The European Council and the Parliament reached an agreement on the revised Directive on security of network and information systems (NIS2 Directive).

    May 13, 2022 WebPage Regulatory News
    News

    EBA Issues Standards for Crowdfunding Service Providers Under ECSPR

    The European Banking Authority (EBA) published the final draft regulatory technical standards specifying information that crowdfunding service providers shall provide to investors on the calculation of credit scores and prices of crowdfunding offers.

    May 13, 2022 WebPage Regulatory News
    News

    EU to Amend Credit Risk Adjustment Rules; ESAs Submit Queries on SFDR

    The European Council published a draft Commission Delegated Regulation to amend the regulatory technical standards on specification of the calculation of specific and general credit risk adjustments.

    May 13, 2022 WebPage Regulatory News
    News

    EU Confirms Agreement on Rules on Cybersecurity and Banking Resolution

    The European Securities and Markets Authority (ESMA) published a paper that examines the systemic risk posed by increasing use of cloud services, along with the potential policy options to mitigate this risk.

    May 12, 2022 WebPage Regulatory News
    News

    MAS Amends Notice 635 and Issues Second Proposal on Green Taxonomy

    The Monetary Authority of Singapore (MAS) published amendments to Notice 635, which sets out requirements that a bank in Singapore has to comply with when granting an unsecured non-card credit facility to individuals.

    May 12, 2022 WebPage Regulatory News
    News

    EC Consults on PSD2 and Open Finance; EU Reaches Agreement on DORA

    The European Commission (EC) published a public consultation on the review of revised payment services directive (PSD2) and open finance.

    May 11, 2022 WebPage Regulatory News
    News

    EC Mandates ESAs to Propose Amendments to SFDR Technical Standards

    The European Commission (EC) has issued two letters mandating the European Supervisory Authorities (ESAs) to jointly propose amendments to the regulatory technical standards under Sustainable Finance Disclosure Regulation or SFDR.

    May 11, 2022 WebPage Regulatory News
    News

    EBA Examines Supervisory Practices, Issues Deposits Reporting Template

    The European Banking Authority (EBA) published its annual report on convergence of supervisory practices for 2021. Additionally, following a request from the European Commission (EC),

    May 11, 2022 WebPage Regulatory News
    RESULTS 1 - 10 OF 8196