JROC provides strategic clarity in Open Banking Roadmap

by Peter Harmston, Head of Payments Consulting at KPMG in the UK discusses the five priority areas for Open Banking over the next two years.

Share this post

Yesterday, the Joint Regulatory Oversight Committee (JROC) delivered its Roadmap for the future of open banking in the UK.

Why this is important

This is a key development for open banking in the UK, in setting the vision for the next stage of the journey. Whilst the UK pioneered open banking and is regarded as the global leader in this field, the industry is at an inflection point. Volumes and use cases are growing, however enduring gaps around API availability and performance, misalignment of commercial incentives, consumer protections and the role of open data remain, thus restricting the ability for true acceleration. This Roadmap sets out the broad industry parameters for next few years, with the opportunity for banks, retailers and third-party providers to innovate within.

Key Points from the report

To date, implementation of Open Banking has been constrained by operating within the sole remit of the Competition and Markets Authority (CMA) Order. The Roadmap seeks to address these hurdles by restructuring the Open Banking Implementation Entity (OBIE) to encompass both Order and non-Order activities. An interim entity will evolve to be a central, standard setting body, broadening its remit and membership base beyond the original CMA order, increase central collection, sharing and monitoring of data on topics that benefit the industry as a whole (e.g., fraud and security, API availability) and facilitate industry collaboration on future developments for commercial models and consumer protections.

In establishing this Roadmap, the JROC has set out clear priorities for the UK market – offering more products and services, enabling open banking to scale, maintaining infrastructure that is reliable, resilient and secure, and implementing a model that is economically fair and self-sustaining.

To achieve these objectives, JROC has set out five themes to be progressed over the next two years:

  1. Levelling up availability and performance, through central collection, sharing and monitoring of data on API availability and performance.
  2. Mitigating the risks of financial crime, through central deployment of fraud and risk tools, support of higher value transactions, and greater collection, sharing and monitoring of fraud data.
  3. Ensuring effective consumer protection if something goes wrong, whereby the existing liabilities can be applied through an agreed dispute resolution process.
  4. Improving information flows to TPPs and end users, specifically to ensure consistent standards for error messaging and payment statuses.
  5. Promoting additional products and services, using non-sweeping variable recurring payments (VRP) as a pilot. The Financial Conduct Authority (FCA), Payment Systems Regulator (PSR) and interim entity will support industry collaboration to build the foundation of a sustainable economic model. Focus areas will include new use cases beyond sweeping, principles for a multi-lateral premium economic model, consumer research and testing.

There are 29 specific actions underneath these five pillars, with input and collaboration required across the industry to achieve this.

As immediate priorities, there is an urgent need for the regulators to act in mitigating authorised push payments fraud, and mandate data collection for fraud purposes. This framework for data sharing should be designed with rising APP rates front of mind, but also consider broader financial crime areas. We are already seeing a rise in payment initiation volumes, and the ramp up of resilience, performance and security levels across the industry will be particularly important as volume growth shifts from account information to payment initiation use cases.

What was missing?

This Roadmap represents great progress from the regulators; however, a huge amount of work remains to bring this vision to life. There remains no formal regulatory impetus for banks to take proactive action in progressing this Roadmap, and the onus will fall to the interim entity to corral and facilitate collaboration across the industry – which is no easy feat. Hopefully, the carrot of commercialising APIs will be enough of an incentive for banks to embrace open banking.

Many stakeholders across the industry would have been expecting this Roadmap to go further in specifying the details around commercial API frameworks and the broader participation in membership, governance and funding of the central implementation entity. JROC also leaves open the question of universal standards within a consumer protection framework. Whilst there is consensus on the need to ensure that customers are protected and able to obtain redress if something goes wrong, there are extremely divergent views across the industry as to the scope and coverage of said framework. Consultative work will continue in this area, with the OBIE committed to conduct a gap analysis of dispute processes by the end of this year.

The Roadmap also remains specific to open banking, with little direction on the evolution to open finance, open data and digital ID. As additional data capabilities around open finance, ‘consent as a service’ and identity attributes emerge, there could be a role for a central trust framework entity within the ecosystem. However, this is a divisive topic, and there is a difficult balance between enabling the industry to drive innovation and setting the direction for priority use cases that are recognised as universally beneficial. We expect the government development of the long-term regulatory framework will promote an all-encompassing oversight mechanism for these adjacent topics over time.

Next steps

These open banking capabilities have the potential to revolutionise financial services and should be a strategic imperative for you as you look to grow into an ‘open data’ future. The publication of this Roadmap delivers clarity on the regulatory direction and provides an opportunity for you to reset your strategy. A greater separation will now occur between firms who are looking to simply comply with open banking standards and defend their existing market share, against those who are investing in innovation and growth. We can support you with this mindset shift, to not only manage the practical implementations required from this Roadmap, but to deliver on its potential as a key revenue driver in your business. Get in touch to understand more.

Article by KPMG

More To Explore


Merchant Community Membership

Are you a member of The Payments Association?

Member benefits include free tickets, discounts to more tickets, elevated brand visibility and more. Sign in to book tickets and find out more.


Log in to access complimentary passes or discounts and access exclusive content as part of your membership. An auto-login link will be sent directly to your email.

Having trouble signing?

We use an auto-login link to ensure optimum security for your members hub. Simply enter your professional work e-mail address into the input area and you’ll receive a link to directly access your account.

First things first

Have you set up your Member account yet? If not, click here to do so.

Still not receiving your auto-login link?

Instead of using passwords, we e-mail you a link to log in to the site. This allows us to automatically verify you and apply member benefits based on your e-mail domain name.

Please click the button below which relates to the issue you’re having.

I didn't receive an e-mail

Tip: Check your spam

Sometimes our e-mails end up in spam. Make sure to check your spam folder for e-mails from The Payments Association

Tip: Check “other” tabs

Most modern e-mail clients now separate e-mails into different tabs. For example, Outlook has an “Other” tab, and Gmail has tabs for different types of e-mails, such as promotional.

Tip: Click the link within 60 minutes

For security reasons the link will expire after 60 minutes. Try submitting the login form again and wait a few seconds for the e-mail to arrive.

Tip: Only click once

The link will only work one time – once it’s been clicked, the link won’t log you in again. Instead, you’ll need to go back to the login screen and generate a new link.

Tip: Delete old login e-mails

Make sure you’re clicking the link on the most recent e-mail that’s been sent to you. We recommend deleting the e-mail once you’ve clicked the link.

Tip: Check your security policies

Some security systems will automatically click on links in e-mails to check for phishing, malware, viruses and other malicious threats. If these have been clicked, it won’t work when you try to click on the link.

Need to change your e-mail address?

For security reasons, e-mail address changes can only be complete by your Member Engagement Manager. Please contact the team directly for further help.

Still got a question?