HKMA Outlines Consumer Protection Measures for Open API Framework
HKMA published a circular to clarify its expectations on the consumer protection measures of authorized institutions in respect of the Open Application Programming Interface (Open API) framework. The Annex to the circular lists sound consumer protection practices for Open API Phase II and beyond. To strike a balance between innovation and consumer protection, HKMA emphasizes that authorized institutions should adopt a risk-based approach and implement the consumer protection measures that are commensurate with the risks involved.
The circular also clarifies the requirements about engagement of intermediaries by the authorized institutions, as the use of third-party service providers under Open API Framework may constitute the use of intermediaries by authorized institutions. For the avoidance of doubt, Simple Redirection Model is not considered as use of intermediaries by authorized institutions and the authorized institutions should still comply with the HKMA-issued applicable requirements for engagement of intermediaries. Authorized institutions should establish clear liability and settlement arrangement with the partnering third-party service providers for compensating customers’ loss arising from unauthorized transactions, with clear upfront communication to customers. They should also and adhere to the principle that a bank customer should not be responsible for any direct loss suffered by him/her as a result of unauthorized transactions conducted through his/her account attributable to the services offered by the third-party service providers using the Open API of authorized institutions, unless the customer acts fraudulently or with gross negligence.
Authorized institutions are expected to put in place consumer protection measures when implementing the Open API framework. These institutions are expected to uphold consumer protection principles set out in the Code of Banking Practice and comply with other applicable regulatory requirements; this is expected regardless of the underlying technology adopted for the banking products and services and regardless of whether the authorized institutions provide the products and services themselves or in partnership with the third-party service providers.
Keywords: Asia Pacific, Hong Kong, Banking, Open API Framework, Fintech, Open API Phase II, HKMA
Previous Article
CBO Releases Financial Stability Report for 2019Related Articles
EBA Finalizes Templates for One-Off Climate Risk Scenario Analysis
The European Banking Authority (EBA) has published the final templates, and the associated guidance, for collecting climate-related data for the one-off Fit-for-55 climate risk scenario analysis.
EBA Mulls Inclusion of Environmental & Social Risks to Pillar 1 Rules
The European Banking Authority (EBA) recently published a report that recommends enhancements to the Pillar 1 framework, under the prudential rules, to capture environmental and social risks.
BCBS Consults on Disclosure of Crypto-Asset Exposures of Banks
As a follow on from its prudential standard on the treatment of crypto-asset exposures, the Basel Committee on Banking Supervision (BCBS) proposed disclosure requirements for crypto-asset exposures of banks.
BCBS and EBA Publish Results of Basel III Monitoring Exercise
The Basel Committee on Banking Supervision (BCBS) and the European Banking Authority (EBA) have published results of the Basel III monitoring exercise.
PRA Updates Timeline for Final Basel III Rules, Issues Other Updates
The Prudential Regulation Authority (PRA) recently issued a few regulatory updates for banks, with the updated Basel implementation timelines being the key among them.
US Treasury Sets Out Principles for Net-Zero Financing
The U.S. Department of the Treasury has recently set out the principles for net-zero financing and investment.
EC Launches Survey on G7 Principles on Generative AI
The European Commission (EC) launched a stakeholder survey on the draft International Guiding Principles for organizations developing advanced artificial intelligence (AI) systems.
ISSB Sustainability Standards Expected to Become Global Baseline
The finalization of the two sustainability disclosure standards—IFRS S1 and IFRS S2—is expected to be a significant step forward in the harmonization of sustainability disclosures worldwide.
IOSCO, BIS, and FSB to Intensify Focus on Decentralized Finance
Decentralized finance (DeFi) is expected to increase in prominence, finding traction in use cases such as lending, trading, and investing, without the intermediation of traditional financial institutions.
BCBS Assesses NSFR and Large Exposures Rules in US
The Basel Committee on Banking Supervision (BCBS) published reports that assessed the overall implementation of the net stable funding ratio (NSFR) and the large exposures rules in the U.S.
