Description
The Ministry of Finance issued in November 2021 a draft Decree regulating and promoting open banking in Colombia. It is expected to be enacted in the first quarter of 2022.
Under a traditional model, consumers' transactional and financial information is known, processed, and stored exclusively by the financial institution with whom the consumer has contracted. However, under the open banking model, consumers authorise that such information may be consulted and used by third parties outside the financial institution, for them to develop and offer new products and services that meet their needs. For this purpose, the financial institution opens its system in such a way that authorised third parties, either other financial institutions or non-financial, can access the information of financial consumers. This process is carried out through platforms known as Application Programming Interfaces.
Once enacted, the Decreee will allow the Colombian Financial Superintendence to have over oversight of the system, such as where commercial banks, to commercialise the use, storage and circulation of financial data complying with personal data protection regulation. The entities may also offer products and services of third parties when related to their authorised operations. Prior compliance with duties related to information that protects the financial consumer.
The Decree entails the possibility for third parties to provide Account Information Services and Payment Initiation Services through Application Programming Interfaces. Providers of these services must comply with obligations such as duty of information and data protection.
Impact
Open banking in Colombia will promote competition among suppliers of products and services. This is reflected in the fact that financial consumers will be offered products and services that are practically tailored to their needs. This, for example, can reduce product approval procedures, reduce delivery times and, broadly speaking, improve the financial consumer's experience.
However, being built on a technological base and allowing interconnection and interoperability between several financial institutions, open banking assumes a level of systemic risk.
The fact that a possible cyber-attack could permeate several or all the system's institutions could destabilise the system and drastically reduce the trust that financial consumers have in it.
From the financial consumer's perspective, there are two main risks. On the one hand, that their data may be used inappropriately - for which, as the Financial Regulation Unit pointed out, a sufficiently robust legal framework for the protection of information is required. On the other hand, it is not adequately protected against fraud and cyber-attacks.
Moreover, the Decree, when issued, will allow third parties, to provide Account Information Services and Payment Initiation Services through Application Programming Interfaces, which is a clear regulatory recognition of the current situation of the Colombian financial industry and its key players.
Draft decree published here.
Social Media cookies collect information about you sharing information from our website via social media tools, or analytics to understand your browsing between social media tools or our Social Media campaigns and our own websites. We do this to optimise the mix of channels to provide you with our content. Details concerning the tools in use are in our privacy policy.