Payments NZ, the bank-owned company that governs New Zealand’s core payment systems, has unveiled dates by when several of its shareholders must be technically and operationally ready to allow their customers to share financial data with third parties.
This comes as Payments NZ publishes its minimum open banking implementation plan. This features requirements and timelines for ANZ, ASB, BNZ, Westpac and Kiwibank to have standardised Application Programming Interfaces (APIs) ready for use by third parties. The five banks represent more than 90% of NZ consumer banking accounts.
Open banking requires banks to share product and customer data with customers and third parties, with the consent of the customer. The idea is that such data sharing should both increase price transparency, and enable comparison services to accurately assess how much a product would cost a consumer based on their behaviour. This could therefore enable the recommendation of the most appropriate products for individual customers.
ANZ, ASB, BNZ, and Westpac must be ready by May 2024 for what's known as the v2.1 Payment Initiation API standard, with the v2.1 Account Information API standard to follow by November 2024. BNZ is already live with the v2.1 Payment Initiation standard. Kiwibank is to be live with both standards by May and November 2026.
Payments NZ says the two v2.1 API standards allow a customer to set up and make electronic payments (payment initiation) and share their banking data (account information) with third party businesses of their choice, with their consent. Payments initiation is available only for transaction accounts. Account information is available for transactional, credit cards, savings, and lending accounts.
APIs work as a secure channel, allowing two different systems, such as a bank and a fintech, to communicate with each other and share information.
Last November Labour's then-Commerce and Consumer Affairs David Clark announced a move towards open banking, saying this would ensure banks must share customer information if they request it, making it easier for New Zealanders to compare mortgage rates, apply for loans and switch banks. But Clark said then that actual implementation of open banking was still two years away.
Clark noted open banking is already required of the Australian parents of NZ's big four banks, and "is a fixture" of the banking system in the United Kingdom being "a common place tool used overseas to increase competition and make it easier for customers to get better deals."
Payments NZ was formed in 2010 by the banking industry with support of the Reserve Bank. It governs NZ’s core payment systems and works with the industry to lead the future direction of payments in NZ. Payments NZ's shareholders/owners are ANZ, Westpac, BNZ, ASB, Kiwibank, TSB, HSBC and Citibank.
While limited open banking is already happening in NZ, Payments NZ says the timeline draws a line in the sand for broad market adoption and coverage.
“Open banking is a powerful tool for enabling economic prosperity and financial wellbeing for consumers in Aotearoa. It enables consumers to have more choice in who they want to share their financial data with and how they want to make payments," says Wiggins.
“It encourages greater competition and customer innovation by allowing consumers to access a wider range of products and services from different providers. Over time, more new players will join the ecosystem and I look forward to seeing innovation thrive as a result.”
30 Comments
Is that the same no you get wen they overcharge you fees or refuse refunds.
https://www.nzherald.co.nz/business/bank-fee-lawsuit-unveiled-1m-kiwis-…
https://www.rnz.co.nz/news/business/452568/anz-asb-face-class-action-ov…
"Hello Sir, this is your Health Insurance company.
Your recent claim was declined on the basis that you've made what we deem excessive McDonalds purchases over the past 2 years, contributing to your ailment. This relates to item 99.4.63c of our exclusions."
"Hang on, there was nothing mentioned in the T&C's when I signed up"
"Refer fine print kindly sir, "subject to change without notice""
"The idea is that such data sharing should both increase price transparency, and enable comparison services to accurately assess how much a product would cost a consumer based on their behaviour. This could therefore enable the recommendation of the most appropriate products for individual customers"
Smells like Social Credit System is cooking.
https://www.rbnz.govt.nz/-/media/project/sites/rbnz/files/consultations…
I've never really understood the promise of 'open banking'. For ex, if I have an ASB bank account and want to start a term deposit with ANZ, I understand that it might be great if I can do with a few clicks sending funds from ASB to ANZ.
But what benefit am I actually getting? The spread has to be significant for me to even bother.
And of course I can't see how this applies to mortgages. It's too convoluted to switch between banks. And even if this were possible, it would all move towards sameness so no actual point.
You can move funds from bank to bank into various "products" with a few clicks now as long as you are a customer of the receiving bank(s). You will still need to go through the process of becoming (anti laundering etc) a customer of any bank under this revised system. There must be Bank advantages I'm not privy too. Advantages when borrowing maybe??
Your bank transaction records are being scraped for any number of applications or purchases.
It's only a matter of time before the PoPo and Te tari taake are in there.... Oh mr JC, you have been taking out $1000 cash every friday evening, we suspect you have been ........................ fill in the gap.
Agreed, seeming like more and more of the so called conspiracy theorists touting 'misinformation' two years ago are more and more on the money as time goes on. I'll keep the cash thanks, lord knows how anyone would be able to manage without the odd cash job here and there across the lifespan.
Yes and I'm sure there will be a line in the T&Cs that approve sharing of data with authorities in perpetuity, along with the big data companies that will target you with just want you need.
Ads start popping up for storage units when your mortgage rates rise again or you move into negative equity?
He was the Minister who pushed through merchant service fee regulation. In its recent interim financial results Westpac disclosed "lower card income of $7 million", which was attributed to a reduction in interchange fees reflecting the government's regulation. That's a win for SMEs and consumers should also benefit.
Seems to me the problem is that the banks terms and conditions all explicitly forbid sharing account login details, so how is a bank supposed to share information with a fintech?
I can only assume that the bank shares every piece of information it has with any other entity you've given consent for, without needing further authentication, so if you buy a McDonalds, that transaction information goes to the other consented entities.
But, for example, if you are sharing all your financial transactions with a third-party, does that third-party have the same duty of care to look after your information as the bank does? Certainly Latitude doesn't seem to.
I haven't looked at this standard specifically, but similar APIs normally allow limiting what can be accessed.
For example when a website or mobile app wants access to your Google account details, it pops up a window saying what it wants access to, e.g. name, email address, photos, etc. Then you can say yes or no depending on whether you think it's appropriate
I looked at the v2.1 Payment Initiation standard and it isn't what I thought, but it is what it claims to be, and it already happens.
For example, if I purchase a new SSD off PBTech, one of the payment options is Online EFTPOS.
If chosen, on checkout it sends a payment request to my banking app on my phone, which I can then authorise. This allows me to purchase goods online without paying a surcharge for a credit/debit card, or breaking the banks terms by using POLi for Online Banking and giving a third-party my login details.
https://www.apicentre.paymentsnz.co.nz/standards/available-standards/pa…
I think the main difference happening next year is the "Enduring Payment Consent", which essentially means I can set up consent for PBTech to process payments without needing to use my app every time.
Dangerous! I love tech shopping... Do they have any sales on at the moment?
However. What I'd really like is to be able to pull my bank transactions into my accounting software without having to first export them as a QIF file, then importing them one account at a time. I wonder if Open Banking will allow that?
I've done a fair bit of work in this space and I can see a lot of fear based on "what-if" and supposition in the comments.
There are some extremely savvy people working behind the scenes to protect you and your rights while ensuring 'big brother', hackers, etc. do not get access to this information when they are not entitled to it. These people will be asking all the difficult questions and unsatisfactory answers will not be accepted.
There are two organizations, however, that already have rights to far more data about you than you probably know, or can even guess. They are IRD and Customs.
Have a read of the standards in this link: https://www.apicentre.paymentsnz.co.nz/standards/implementation/minimum…
edited: I'm old enough to have been involved in architecting and designing internet banking systems. Most of you take that for granted now? Funny how the comments above are all exactly the same on this initiative as they were then. I despair for mankind. (lol)
Of course the same concerns arise with Open Banking as they did with Internet Banking, as not all the holes have been plugged.
There have been plenty of occasions where external actors get access to information they are not entitled to, although I would say that for many of those cases it's actually the end user who is fooled into giving them that access.
Still. No matter how hard you try, Internet Banking (which Open Banking is sitting on top of) cannot be as completely secure as an air-gapped system, and I already know how much information is being passed back and forth between entities, having been involved in that myself. The number of fingers touching your data when you make a bank transfer to an overseas bank is perverse.
It may all be done to ensure you aren't financing terrorism, trying to subvert a sovereign state, hiding proceeds from criminal activity, or avoiding paying your fair share of taxes, but every point of contact is a risk to unauthorised access, or inappropriate access by authorised persons.
But I trust the tech, and I pay attention to how I use Internet Banking, so I'm not really worried.
I'm old enough to have been involved in architecting and designing internet banking systems. Most of you take that for granted now? Funny how the comments above are all exactly the same on this initiative as they were then. I despair for mankind. (lol)
I spent 12 months as a customer trying to find a solution for ASB to be able to deliver an internet banking code without their silly token device. Yes, it took 12 months to get a solution. NZ banks are not as technically savvy as you're suggesting.
I do some work in this space too and I can only say thank goodness the API standards are finally coming. They will improve security immensely compared to current workaround fintechs are having to engage in, precisely because the banks have been dragging their heels relative to what is already standard practice in Aust & UK.
Open APIs typically involve use of a one-time code for authentication, precisely to avoid the necessity for giving in login credentials.
One business I'm involved in will more than halve their transaction costs when the fintech system they are implementing at the moment is fully rolled out. And their customers will benefit by being in control, through the fintech system, compared to the direct debit system they currently use (where you really are giving someone enduring power to access your bank account including, typically, penalty fees for non-payment).
One of the other benefits of fintech systems is they are able to check funds are available in the account before initiating payment once the customer has authorised the transaction, completely eliminating penalty payments for failed payments due to insufficient funds.
Sounds good but
One of the other benefits of fintech systems is they are able to check funds are available in the account before initiating payment once the customer has authorised the transaction, completely eliminating penalty payments for failed payments due to insufficient funds.
This is utter nonsense, there is no need at all for penalty fees, banks just choose to charge them its not a technical limitation of the current system, no more processing is carried out by rejecting the payment.
We welcome your comments below. If you are not already registered, please register to comment.
Remember we welcome robust, respectful and insightful debate. We don't welcome abusive or defamatory comments and will de-register those repeatedly making such comments. Our current comment policy is here.