Open banking is getting closer: What you need to know - Diana Clement

Kiwis making payments to legitimate businesses using popular services such as POLi or Windcave may be inadvertently breaching their banks’ terms and conditions. Photo / 123RF

Diana Clement is a freelance journalist who has written a column for the Herald since 2004. Before that, she was personal finance editor for the Sunday Business (now The Business) newspaper in London.

OPINION

New Zealand is inching closer to open banking. However, bank customers in particular need to educate themselves about what this means.

Every day, large numbers of Kiwis make payments to legitimate businesses such as Air New Zealand or Jetstar using popular services such as POLi or Windcave. Or people connect to their banks using third-party software such as budgeting apps.

When they do so, they may inadvertently breach their banks’ terms and conditions [Ts and Cs]. The issue is that services offered by third-party payment and finance apps use what’s commonly called screen scraping, where the customer logs in to their bank accounts remotely via an app or payment screen.

This often happens when buying goods and services online that use applications such as the ones above as well as Account2Account, Illion, CreditSense or financial apps, which connect through back-end providers such as Akahu. Thanks to banks dragging the chain on open banking, these services are forced to operate in a twilight world currently using technology that allegedly breaches the banks’ Ts and Cs.

The risk is that customers lose money through an unrelated incident, but the bank says: “Sorry customer, you once bought a flight online, and we the bank are absolved from any responsibility for your completely unrelated loss.” Banks, like insurers, often decline first, then only ask questions when forced to.

That’s unlikely to fly with the Banking Ombudsman if customers have the wherewithal to complain.

One of the ironies of the situation New Zealand customers are in is that the banks work in the background with the applications mentioned above whose services technically breach their Ts and Cs. POLi’s Jeff Skidmore says the situation is “a nonsense”.

“The banks collaborate with us to ensure continuity of the POLi service when they change their systems. Yet at the same time, when asked, claim customers are breaching their Ts and Cs by using POLi. Additionally, our own legal advice throws considerable doubt on whether customers are in fact in breach.”

Akahu co-founder Josh Daniell says that from a consumer’s perspective, the bank’s obligations are grey.

“If the bank causes a consumer loss, then we expect the bank will still have full obligations to the consumer, even if the consumer has shared account access with a third-party service,” he says. The bank would not be liable where the customer’s actions had caused or contributed to the loss.

Plenty of New Zealanders have no idea they’re using screen-scraping services. For example, it’s not uncommon for borrowers to be asked to enter banking credentials and upload bank statements for loan applications via websites such as Illion’s BankStatements.co.nz.

The progress of banks moving to open banking, which overcomes this problem, has been glacial, although the Customer and Product Data Bill introduced to Parliament this year will force their hand. The new law will require banks and other entities to share customer data with third-party service providers such as the ones mentioned in this article.

The four main banks have until the end of November to offer APIs (application programming interfaces) allowing third-party developers to access financial data in traditional banking systems. Kiwibank will follow in 2026. Even so, this may not be the end of screen scraping if the functionality of the APIs is limited, or as Skidmore points out, the banks could charge so much to use their APIs, that it would be cost-prohibitive for services such as POLi.

The case of Akahu is interesting. It is a much-needed service that connects a range of apps to a long list of providers such as the big four banks, Sharesies, some KiwiSaver providers, and even the Inland Revenue Department. Akahu is part-funded by Westpac, which in turn tells customers the service breaches its Ts and Cs. Daniell says Akahu launched because it expected open banking sooner. When the banks deliver purpose-built APIs that can match existing functionality, Akahu will migrate its traffic to them.

The other irony is that even the banks use forms of screen scraping in their supply chains. Home buyers, applying for mortgages via brokers, often do so with screen scraping services.

In the UK and the European Union, it’s long been compulsory for banks to provide open APIs. Where the banks’ APIs aren’t up to speed the regulators have mandated that the banks must allow access by other means, such as screen scraping.