Skip to main content

POST 21st century anti-trust is about opening up not breaking up

Thanks to PSD2 (and the Competition and Markets Authority) we now have open banking. Third parties can have access to bank customer data — with customer consent, obviously — and there’s nothing that banks do about it. Who will benefit from this? We have long advised our clients that the competition to incumbent financial services providers will not be fintechs. I wrote back in 2016 that the major beneficiaries of the regulators pressure to open up the banks will be the internet giants who already have the customer relationships. Of course, when I said it, no-one listened. But when the woman at the top of Europe’s second biggest bank weighed in, people began to sit up and pay attention: Ana Botín, executive chairman of Santander, told the Financial Times that the EU’s Second Payments Services Directive “needs to be reviewed for the digital age. The theory is good but it needs to be fair — at the moment it’s not symmetrical.”

Now, Ms. Botin is not the only one who thinks this asymmetry may not deliver the best outcomes. Deutsche Bank Research recently published a report that went into detail about the dynamics of the new marketplace. They say unequivocally that 

Competition will hence be distorted. With the entry into force of all accompanying guidelines and the regulatory technical standards, banks will be subject to the operationalised PSD 2, obliging them to provide customer data to all licensed competitors, in digital form and free-of-charge. BigTechs, on the other hand, have to observe the GDPR only and will de facto retain economic sovereignty over the personal data of their customers.

This reinforces Ana’s (and my) point that by creating asymmetry, regulators may well have created the conditions to replace an uncompetitive oligarchy (as they see it) of banks with an uncontrollable oligarchy of internet giants. An Accenture report on the topic from last year noted (accurately, in my opinion) that “trusted social media companies (Facebook, Twitter, LinkedIn) and tech companies (Google, Apple) will capture a significant slice of the [AISP/PISP] market".

This is not, as I noted in that 2016 piece, hypothetical. I gave the example of UK insurer Admiral, which created a scheme to allow people with limited credit histories access to insurance products using social media data. The idea was that if people were willing to grant Admiral access to this data they could perform a form of social identification and verification with an element of personality checking to identify people with traits conducive to good driving. It didn’t last. Facebook blocked Admiral from getting access to the data. 

In her FT piece, Ms. Botin suggested that organisations holding the accounts of more than (for example) 50,000 people ought to be subject to some regulation to give API access to the consumer data and it seems to me that this might kill two birds with one stone: it would make it easier for competitors to the internet giants to emerge and might lead to a creative rebalancing of the relationship between the financial sector and the internet sector.

This points us towards a regulatory response to the need to create a level playing field: let us put in place a set of reciprocal rights and responsibilities. My old friend Simon Lelieveldt, who I always listen to on these matters, also suggests this as the way forward. He says that if the European Commission wants a “balanced” market with effective competition then it should "redress the design errors in the PSD-2 and allow banks to ask fees and allow them reciprocal access to the customer data". I think this gives us a sensible outline manifesto for the next generation of PSD2/GDPR and such like: open, transparent and non-discriminatory pricing for API access to customer data (with the customer’s consent) irrespective of the nature of the organisation: bank, media, telecoms whatever.

Opening Up

Having discussed this idea with a few people, I’ve begun to think that is a more important, and far more wide-ranging, approach to competition in the new economy than I had originally thought. This thinking goes back to when I had the honour of chairing Scott Galloway, author of “The Four” (a book about the power of Google, Apple, Facebook and Amazon), at the KnowID conference in Washington. Scott is  Scott makes a convincing case for government regulation of these global businesses. 

Two and The Four With Scott Galloway at KnowID

Just as the government had to step in with anti-trust acts of the early 20th century in recognition of the fascist nature of monopoly capitalism, so Scott argues that they will have to step in a century on and, again, not to subvert capitalism but to save it. His argument centres on the breaking up of the internet giants, but I wonder if the issue of APIs might provide an alternative and eminently practical way forward? I am not the only person who thinks so.

"That could happen to Google or Facebook. At some point regulations could come out to make the data a shared resource that all companies could use… They might not go completely out of business, but might not be in the same pole position as they are today."

From "Apple, Google, Facebook, Amazon, Microsoft: Which Tech Giant Will Fall First?".

In the new economy, where data is the new oil and personal data is the new toxic waste, access to data is the resource that falls prey to monopoly. It is hard for a competitor social network to compete with Facebook because Facebook already has all my pictures. Sure, I can export my Facebook data and then set about re-uploading it somewhere else, but that’s a pretty significant barrier to competition, even though it’s my data.

Comments

Popular posts from this blog

There is no excuse for not taking cards

So we went to the pub. For lunch. Seven of us. Say £20 per head. £100+ quid. Say £50 quid gross for the pub. Colleague goes to order food and drinks and pay at the bar. Apologetic barmaid comes over to explain that their “card machine” is down, so she can only accept cash. Under normal circumstances I would have simply walked out, feeling it wholly inappropriate to reward such a poorly managed establishment and, as a functioning actor in a capitalist economy, done my duty to depress their lunchtime takings. Here’s what we wanted to say: This is absurd. This is 2016 not 1916. Your card machine is down? Well, so what! Are you seriously telling me that mein host has no mobile phone number capable of registering for PingIt or PayM? That none of the staff or the pub itself have a PayPal account that I can send the money to? That neither the owners nor managers not contingency planners thought to tuck an iZettle behind the bar to use when the clunky and expensive GPRS terminal fails for o...

Financial Cryptography: Corda Day - a new force

Forum friend Ian Grigg, who I always take very seriously indeed on any such topic, wrote about Corda on his blog and concluded with a powerful statement. Bitcoin told the users it wanted an unstoppable currency - sure, works for a small group but not for the mass market. Ethereum told their users they need an unstoppable machine - which worked how spectacularly with the DAO? Not. What. We. Wanted. Corda is the only game in town because it's the only one that asked the users. It's that simple. From Financial Cryptography: Corda Day - a new force xxx It seems to me, however, what Ian is pointing to as the greatest strength of their approach is also the greatest weakness. A staple feature of unimaginative management consultants presentations about innovation is some variation on the statement by Henry Ford that if you had asked users what they wanted, they would have asked for faster horses coupled with some variation on the statement by Steve jobs that it was pointless ask...

We could fix mobile security, you know. We don't, but we could

Earlier in the week I blogged about mobile banking security , and I said that in design terms it is best to assume that the internet is in the hands of your enemies. In case you think I was exaggerating… The thieves also provided “free” wireless connections in public places to secretly mine users’ personal information. From Gone in minutes: Chinese cybertheft gangs mine smartphones for bank card data | South China Morning Post Personally, I always use an SSL VPN when connected by wifi (even at home!) but I doubt that most people would ever go to this trouble or take the time to configure a VPN and such like. Anyway, the point is that the internet isn’t secure. And actually SMS isn’t much better, which is why it shouldn’t really be used for securing anything as important as home banking. The report also described how gangs stole mobile security codes – which banks automatically send to card holders’ registered mobile phones to verify online transactions – by using either a Trojan...