HKMA published a circular to clarify its expectations on the consumer protection measures of authorized institutions in respect of the Open Application Programming Interface (Open API) framework. The Annex to the circular lists sound consumer protection practices for Open API Phase II and beyond. To strike a balance between innovation and consumer protection, HKMA emphasizes that authorized institutions should adopt a risk-based approach and implement the consumer protection measures that are commensurate with the risks involved.
The circular also clarifies the requirements about engagement of intermediaries by the authorized institutions, as the use of third-party service providers under Open API Framework may constitute the use of intermediaries by authorized institutions. For the avoidance of doubt, Simple Redirection Model is not considered as use of intermediaries by authorized institutions and the authorized institutions should still comply with the HKMA-issued applicable requirements for engagement of intermediaries. Authorized institutions should establish clear liability and settlement arrangement with the partnering third-party service providers for compensating customers’ loss arising from unauthorized transactions, with clear upfront communication to customers. They should also and adhere to the principle that a bank customer should not be responsible for any direct loss suffered by him/her as a result of unauthorized transactions conducted through his/her account attributable to the services offered by the third-party service providers using the Open API of authorized institutions, unless the customer acts fraudulently or with gross negligence.
Authorized institutions are expected to put in place consumer protection measures when implementing the Open API framework. These institutions are expected to uphold consumer protection principles set out in the Code of Banking Practice and comply with other applicable regulatory requirements; this is expected regardless of the underlying technology adopted for the banking products and services and regardless of whether the authorized institutions provide the products and services themselves or in partnership with the third-party service providers.
Keywords: Asia Pacific, Hong Kong, Banking, Open API Framework, Fintech, Open API Phase II, HKMA
Previous ArticleEBA Identifies Issues in Cross-Border Banking and Payment Services
The Office of the Superintendent of Financial Institutions (OSFI) published the strategic plan for 2022-2025 and the departmental plan for 2022-23.
The European Banking Authority (EBA) is consulting, until August 31, 2022, on the draft implementing technical standards specifying requirements for the information that sellers of non-performing loans (NPLs) shall provide to prospective buyers.
The European Council and the Parliament reached an agreement on the revised Directive on security of network and information systems (NIS2 Directive).
The European Banking Authority (EBA) published the final draft regulatory technical standards specifying information that crowdfunding service providers shall provide to investors on the calculation of credit scores and prices of crowdfunding offers.
The European Council published a draft Commission Delegated Regulation to amend the regulatory technical standards on specification of the calculation of specific and general credit risk adjustments.
The European Securities and Markets Authority (ESMA) published a paper that examines the systemic risk posed by increasing use of cloud services, along with the potential policy options to mitigate this risk.
The Monetary Authority of Singapore (MAS) published amendments to Notice 635, which sets out requirements that a bank in Singapore has to comply with when granting an unsecured non-card credit facility to individuals.
The European Commission (EC) published a public consultation on the review of revised payment services directive (PSD2) and open finance.
The European Commission (EC) has issued two letters mandating the European Supervisory Authorities (ESAs) to jointly propose amendments to the regulatory technical standards under Sustainable Finance Disclosure Regulation or SFDR.
The European Banking Authority (EBA) published its annual report on convergence of supervisory practices for 2021. Additionally, following a request from the European Commission (EC),