Banking and big data

Big data is changing the competitive landscape of the banking industry. Banks are using new technologies (blockchain, artificial intelligence) and exploit large databases to offer new services to their clients. New players (FinTechs, Big Techs) are also able to offer banking services online (electronic payments, loans, financial advice….). What will be the impact of big data on the banking industry? Is there a need to update competition laws and banking regulations? The first article offers a synthesis of the various issues related to big data in banking and introduces the papers of the authors who contributed to this special issue.


Marianne Verdier
Professor of Economics, CRED (TEPP), Chaire Finance Digitale, Université Paris II Panthéon-Assas

1. Over the recent years, the deployment of information technologies has caused a deep transformation of the banking industry. The intensive use of large volumes of data and cloud computing has modified the storage of and access to banking data. New technologies such as artificial intelligence or the blockchain have also the potential to add value to banking services and revolutionize the use of data. They enable innovative ways of structuring and sharing information between participants to the financial system. Ultimately, they may reduce the cost of accessing financial information and generate efficiency gains for the banking sector.

2. Big data and information technologies have a deep impact on competition in the banking sector. Several new players have entered the market: FinTech start-ups, such as lending platforms, payment services initiators, aggregators, robo-advisors, digital currency operators, and Big Tech companies, such as Amazon, Facebook, Google or Alibaba. These entrants often offer their services online through platforms and may use different business models (e.g., generate revenues from advertising, use complex price discrimination strategies). This raises unprecedented issues for competition authorities and regulators. To what extent can big data confer market power? Should incumbent banks be able or mandated to share their data with new market entrants? How to establish a level playing field between incumbents and entrants? Is there a need to update competition laws to address the concerns raised by digital business models and privacy protection rules? How can competition authorities and regulators cooperate to design a coherent framework? Is there a need for new competition law enforcement mechanisms? Will efficiency gains generated by big data be passed through to consumers? What is the impact of big data on financial stability?

3. Innovations related to big data impact all the services offered by banks in retail markets: payments, loans, financial advice, insurance or registration of transactions. The use of new data sources such as market data or satellite imagery may also impact wholesale markets and insurance services. Big data may transform all stages of financial transactions from data collection to data transmission, data storage and data sharing. There are numerous examples of cases in which big data adds value at the pre-transaction stage. Banks and new entrants are able to screen borrowers differently thanks to the use of alternative data sources combined with artificial intelligence such as machine learning techniques. They may authenticate better their customers and fight fraud before payments transactions are processed thanks to algorithmic techniques applied to large databases. Banks may also design innovative personalized recommendation systems for their customers. At the post-transaction stage, big data could generate efficiency gains in audit activities. Incumbent banks may decide to share their data (on current accounts, on payments transactions) with new entrants that offer innovative services, such as online lending or aggregation of financial information.

4. Banks benefit from an informational advantage over FinTech start-ups and new entrants, thanks in particular to their proprietary databases on their clients. Combined with other sources of market power, the increased use of big data could become a driver of concentration in the banking sector. First, banks have built long-term relationships with their clients (in lending, in current account management), which generate high switching costs. Second, banks benefit from scope economies by offering different types of services to the same clients. In particular, it is not clear whether entry in the banking sector can be profitable if all services are unbundled. Moreover, in some countries, regulatory barriers may prevent non-bank operators from offering the whole range of banking services (e.g., current account management or lending activities). Third, banks take advantage of the positive externalities associated to their branch network. Even if the use of mobile banking and Internet services has increased rapidly, consumer confidence is still enhanced by the possibility of face-to-face interactions with bank officers. For all these reasons, the use of big data may not reduce banks’ market power. It may even increase the value for banks of merging some activities with competitors. Either by raising the efficiency gains associated to the use of algorithmic techniques, or by reducing the investment costs in new information systems. However, Big Tech companies may also enjoy the use of alternative data sources, such as social network data. In this context, competition authorities and regulators need to address several issues. A key question is whether consumer data should be shared between banks and new entrants. Are financial intermediaries the owners of the data they are using? Is financial data a source of market power? And if so, how to measure it?

5. In the article entitled “Data and competitive dynamics in UK financial services,” Mills and Falconi review the initiatives of the Competition and Markets Authority (CMA) and the Financial Conduct Authority (FCA) in the United Kingdom. The authors explain how the CMA took different measures to improve competition in retail banking. One of the key steps is Open Banking. The purpose of this regulation is to enable consumers to be the owners of their financial data and to use it to find the best offer for their financial needs. Such an initiative enables consumers to share their personal financial data with trusted third-party providers (TPPs) and to compare the offers of financial service providers using their historical data. Nine UK providers of current accounts have been mandated to open access to their data to TPPs through the use of common and open APIs (application programming interfaces). They also describe the specific issues related to the insurance market and the wholesale financial markets.

6. In the article entitled “Move quickly and don’t break things: The introduction of Open Banking in the UK,” Land and Roberts from the CMA in the UK explain the difficulties raised by the implementation of the Open Banking initiative. This article focuses more specifically on the enforcement and the design of the regulation. In particular, seven banks out of nine failed to meet the timetable imposed by the CMA. A specific entity has been created to discuss the standards of interconnection and the resolution of disputes. The CMA did not impose any fine, but prevented a bank from launching its own open banking product until it opened its services to TPPs. Open Banking regulations have been adopted in several other countries (e.g., Australia, Mexico…).

7. In the article entitled “Fintech and access to data,” Vandenborre, Levi and Janssens review the various regulations in Europe and competition policy initiatives. In particular, in Europe, the Payment Services Directive 2 (2018) enables new regulated market entrants to compete in the payment services sector, and access a customer’s bank account information with his consent. It is interesting to note that no such initiative exists in the United States. The article mentions a study requested by the European Parliament ECON committee, showing that traditional competition policy tools cannot be easily applied to FinTech entry. For instance, datasets cannot be qualified as essential facilities, generating the possibility of access regulation. In the recent competition policy cases that are reviewed in the article, datasets have been very rarely defined as an important competitive asset that should be taken into account either for the definition of the relevant market or for the qualification of abuses of dominant positions. The authors mention a set of key questions that should be addressed to assess whether data is a source of market power.

8. In the article entitled “No Barbarians at the Gate? The relatively slow progress of Big Techs in EU and US retail banking,” Padilla and Trento compare the slow progress of Big Techs in the European Union and in the United States to their rapid development in Asia, especially in China. They find that the adoption of Big Tech banking in China can be explained by regulatory differences, the maturity of the banking market in China, socio-demographic differences, and different co-opetition strategies. Therefore, the competitive landscape is very different in Western countries and in Asia.

Data and competitive dynamics in UK financial services

Sheldon Mills
Director, Competition and Economics Division, FCA, London
Fabio Falconi
Technical Specialist, Competition and Economics Division, FCA, London

I. Introduction

1. (Big) data [1] has assumed a central role in a number of sectors, including financial services. A central reason for this is the trend amongst companies to increasingly access/collect/process vast amounts of data so they can understand market conditions and customers’ habits/preferences and tailor their offers accordingly.

2. The collection and use of data can have positive or negative effects on competition. On the one hand, the ability to extract considerable value from a sizeable data set brings about efficiencies for companies who engage in data-driven innovation. In particular, they are generally (5 to 10%) more productive, [2] can better improve the quality of their offering and exploit new business opportunities, potentially via more target-oriented business models, than companies that do not use data. [3] Those efficiencies are likely to be passed on to consumers, which benefits the economy as a whole in terms of cheaper, better, and possibly more suitable/relevant products.

3. On the other hand, data is a dynamic and competitively strategic area which has been recently identified as “a driver of concentration and barrier to competition in digital markets.” [4] Increasingly using data to obtain a competitive edge, a few companies have already emerged as clear leaders, if not dominant, in some sectors (e.g., digital platforms). The accumulation of data can thus act as a barrier to entry or expansion for those new entrants or smaller competitors that are unable to harness similarly rich sets of data to effectively compete.

4. The growing collection and use of data brings about challenges for competition law enforcement. It is crucial that the competition assessment duly considers how (particularly in certain sectors) data may significantly affect competitive dynamics. For instance:

  •  in a merger control context, this may mean considering, from a jurisdictional perspective (as certain EU jurisdictions have recently done) [5] whether merger control thresholds are fit for purpose to catch potential “killer acquisitions.” [6] From a substantive perspective, it may mean considering how privacy issues may act as a relevant parameter of competition or may make certain theories of harm more or less plausible (depending on, say, the merged entity’s ability to integrate and extract value from different data sets). In this respect, economic consultancy Lear has recently published a report commissioned by the UK Competition & Markets Authority (CMA) on ex post assessment of merger control decisions in digital markets. To duly assess mergers in this sector, the report recommends a proper focus on the multi-sided nature of platforms (in particular, on the non-user side and on online advertising dynamics), network effects, acquirer’s monetisation strategy (to determine mergers’ rationale) and future market developments in a time frame longer than two years; [7]
  •  in an antitrust context, it may mean considering whether the data barrier to entry (mentioned above) is significant enough for: (i) the relevant firm to be considered as dominant because of its ability to act independently of competitors and customers, a position it may owe to its owned data set; or (ii) competitors to be active in any neighbouring/downstream markets (so that access to such data sets may indeed be needed to preserve competition in such markets).

5. Competition authorities throughout the EU are taking a keen interest in the topic:

  • The CMA was one of the first competition authorities to consider the competitive implications of “the commercial use of consumer data.” In a call for information report of June 2015, the CMA helpfully identified several market indicators [8] that suggest a greater likelihood of competition concerns stemming from the collection and use of consumer dat a.
  •  In May 2016, the German and French competition authorities jointly published a report which provides insights into the possible role of data in competitive analysis and, in particular, on how data can amount to market power. [9]
  •  In June 2018, the Italian competition authority, together with the Privacy Authority and the Communications Authority, published the interim report [10] of their Big Data sector enquiry suggesting a possible shift in policy approach, designed to take into account big data ecosystem characteristics.
  • In 2018 the CMA set up a new data unit to deliver an effective data and digital insight strategy.
  •  In February 2019, the German competition authority prohibited Facebook from making the use of the social network in Germany conditional on a user’s acceptance of certain data policies. [11] Facebook has been found to abuse its dominant position in the German market by collecting user data from third-party sources, allocating them to the relevant users’ Facebook accounts, and using them for numerous data processing purposes. In what might be considered as a relatively unusual decision, the German competition authority considered inappropriate (data related) contractual terms and conditions to be exploitative abuse to the detriment of its users. [12]

6. This short contribution aims to provide some thoughts on how data has been thought to affect competitive dynamics in UK financial services markets as identified in CMA and FCA work.

II. Data in retail banking/payments

7. The Open Banking initiative—which consists of banks opening up their customer transaction data to third parties—is understandably expected to affect competitive dynamics in retail banking and payments. This is because competitors’ access to customer transaction data may enable them to transfer money and to improve risk and credit scoring as well as quality levels (via, e.g., more tailored products).

8. The CMA has, relatively recently, considered access to data in the form of personal and business current accounts (PCAs/BCAs) information as an essential element to stimulate competition in the UK retail banking sector, which has long been characterised by high concentration, [13] low customer engagement, barriers to searching and switching and incumbency advantages. [14]

9. In August 2016, the CMA published the final report of its retail banking market investigation, proposing 17 measures to remedy the adverse effects on UK retail banking competition. The measure with the “greatest potential to transform competition in retail banking markets [15] was thought to be the “Open Banking standard” cross-cutting foundation measure [16]—built on open banking initiatives being developed at EU level (with the second Payment Services Directive (PSD2)) [17] and at UK level. [18] In February 2017, the CMA required nine banks in the UK [19] to adopt and maintain common API standards to provide access to PCA/BCA data to other providers. [20] These may be price comparison websites (PCWs) or the new categories of (regulated) intermediaries being introduced with PSD2: account information service providers (AISPs) and payment initiation service providers (PISPs). [21]

10. APIs are the technical means by which customer transaction data is accessed/shared. [22] From a competition perspective, it is important that APIs are standardised, or at least interoperable, so that AISPs and PISPs can develop services without having to adapt them to different banks’ APIs, which may well be costly, complex and time-consuming. Although PSD2, [23] unlike in the UK, did not mandate standard APIs, the Commission and the Parliament [24] have encouraged the development of open standards, while a number of standard setting initiatives are also emerging in continental Europe. [25]

11. AISPs collect, aggregate and make available PCAs and BCAs information, generally enabling customers to have a consolidated view of their finances, to set budgets and to look for better deals. They could increase customers’ engagement with their finances and prompt them to search for, and switch to, better deals for, say, a credit card, a mortgage or a savings account.

12. PISPs can initiate payment orders from PCAs that their customers hold at other banks (at the request of their customers, without their banks’ prior agreement and without coming into possession of the money). [26] PISPs are meant to improve money management and could lead to disintermediation in the payments sector. One example of this may be merchants expanding their online offerings to tap into the APIs to move traffic away from traditional cards and to bypass merchant acquirers. [27]

13. In the retail banking investigation final report, the CMA noted that data sharing in banking and payment systems may lead to product unbundling (overdrafts from PCA), erode incumbency advantages in SMEs lending (due to access to customers’ past transactions) or “overcom[e] customer inertia by (…) automatically transferring” funds to new products. [28]

14. Access to PCAs/BCAs data is subject to the customer’s consent. This is obviously justified, but may constitute one of the biggest challenges for the open banking initiative. Customers may either not engage with the new services (a likely prospect given the customer inertia that characterises retail financial services) or may decide not to adopt them on the basis of privacy/security concerns (potentially fearing their data are not as safe with PISPs/AISPs as they are with their banks).

15. The FCA expects banks to assist customers in protecting themselves from fraud and to engage them on PSD2/open banking matters (as they may well be an important source of information in relation to these new services). [29] In particular, banks should treat all AISPs and PISPs objectively and fairly and refrain from dissuading customers from using them. FCA steers may assist customers to better understand the potential advantages and risks associated with the Open Banking initiative, so they can proceed on an informed basis.

16. It is too early to comment on the success/uptake of Open Banking and PSD2 implementation at a UK level. At EU and UK levels, an important milestone is 14 September 2019, when the (updated) regulatory technical standards on customer authentication and communication security requirements, released by the European Banking Authority to strengthen fraud protection, are introduced.

17. Until then, the early signs look promising, at least in terms of the number of firms engaging with the initiative. At its one-year anniversary (9 January 2019) 33 banks and 67 AISPs and PISPs (17 of which already operational/with a client base) were involved. [30] Nonetheless, it is natural for this initiative to develop slowly, depending on factors such as the added value/quality of new or improved products/services being developed, customers’ reactions and banks’ responses, [31] including compliance with the 2017 CMA Retail Banking Market Investigation Order (which might not be straightforward as on 1 April 2019 the CMA has issued directions to five banks to ensure compliance). [32]

18. In December 2018, the FCA published its final report on the Strategic Review of Retail Banking Business Models. In relation to customer data, the FCA noted that “banks have historically been custodians of customer data but have not fully exploited this resource. With the advent of fintech and PSD2/Open Banking banks are under pressure to innovate quickly to avoid losing customer relationships. Many banks are partnering with fintech companies to facilitate this. [33]

19. In the report, the FCA explores the different scenarios that may arise in retail banking in the next five or so years and their implications for banks’ business models and consumers. In particular:

  •  banks might become similar to “utilities” if the degree of disintermediation is significant enough for PCAs to lose their “anchor role” (banks use PCAs as anchors through which other financial services are cross-sold). This may happen if AISPs and PISPs are successful and it may well lead to lower prices on card-based payments, improved money management services and cheaper foreign exchange payments;
  • banks might lose market share if consumers use AISPs/PISPs to switch to another PCA, savings or lending product. This might mean that consumers (particularly overdraft users) are better off as they can more easily switch PCAs and benefit from higher quality or lower prices;
  •  large platform providers could enter retail banking markets [34] and take advantage of “new payments business models bypassing costly card-based payments option”; [35] and
  •  banks could adapt their business models and invest in/partner with AISPs/PISPs or develop in-house technology to offer aggregation/platform services to win the “battle for the customer relationship.” Some banks are competing with AISPs by offering account information services, while others could be prompted to replace the “free if in credit” model and to implement cost-cutting measures such as (further) branch closures.

20. It remains to be seen whether any meaningful disruption will take place in retail banking and payments. It seems plausible that some pro-competitive developments will materialise, but it is unclear which (combination of) scenarios will prevail. [36]

21. The FCA’s 2019/20 business plan states its intention to “review the effectiveness of Open Banking while also leading the broader public debate on Open Finance, including seeking out opportunities to use this infrastructure to foster competition in the savings sector.” [37] To this end, the FCA is planning to host a cross sector industry event this year to raise awareness of data aggregation initiatives and to publish a Call for Input to shape the development of Open Finance. The FCA has also recently launched a Credit Information Market Study, [38] which can be considered as part of the Open Finance initiative as it will consider the business models of credit referencing agencies and how data and technology are changing the way credit decisions are made.

III. Data in insurance

22. Insurers compete to accurately predict/assess/price different risks through finding and analysing data. The type of data they have available can be either generated in-house, bought from third parties or shared with competitors.

23. Proprietary data, such as historical claims data, is critical when writing a new business line because it helps price risks accurately. Another type of in-house data used by some firms, which is powerful when considering risk, is proprietary consumer data from another part of a firm’s business. The larger the data set, the more likely that the relevant insurer has a competitive advantage which may translate into market power. [39]

24. Alongside customer data, insurers use a wide range of external data to price risks. This is sourced from third parties such as brokers, who gather market data as part of their intermediary role. Those brokers with critical mass have a larger volume and variety of data than insurers and have been able to combine their expertise, infrastructure and data capabilities to develop data analytics and other services targeted at insurers. [40] Access to third-party data should not be an issue from a competition perspective unless the relevant third party is, for instance, vertically integrated and potentially dominant in a data set. This would provide it with the ability and incentive to discriminate in favour of its underwriting arm downstream.

25. Certain types of information sharing between insurers have long been subject to block exemption regulations [41] because of their pro-competitive implications, possibly leading to more accurate (and possibly lower) pricing and market entry. The more comprehensive the statistical data, the more reliable the assessment of the risk and accurate the pricing, to the benefit of smaller insurers and potential entrants. In the absence of regulation, competitors are expected to self-assess (with the assistance of the Horizontal Cooperation Guidelines) whether the information sharing is lawful from a competition law perspective.

26. The Commission has an ongoing investigation concerning data in commercial motor insurance in Ireland. [42] In particular, the Commission is investigating whether conditions of access to Insurance Ireland’s InsuranceLink data pooling system may restrict competition. InsuranceLink is a database which compiles members’ insurance claims. These are contributed by members on an ongoing basis and make valuable historical claims data available to members. The Commission acknowledged the pro-competitive implications of data pooling (i.e., more suitable products and competitive prices), but is concerned that companies seeking access to the database could be put at a competitive disadvantage vis-à-vis members which already have access.

27. In its Big Data Call for Input [43] the FCA found that big data in insurance changes the extent of risk segmentation, which may lead to improved outcomes for some consumers but could result in higher risk consumers being unable to obtain insurance. At the time, the risks were not material enough to conduct any further work, but the FCA committed to engage with government if concerns around the exclusion of higher-risk customers were to develop because of the increasing use of big data. In a speech, FCA CEO Andrew Bailey [44] gave the example of big data enabling insurers to differentiate pricing between customers who are identified as being more prone to switch or those who are more inert (with the latter subsiding the former). He commented that the FCA should not permit this sort of behaviour. Similar remarks have been made by the FCA’s chairman, Charles Randell. [45]

28. In October 2018, the FCA launched a market study on pricing practices in general insurance, which will explore how firms treat different groups of consumers and what impact this has on pricing. This will involve understanding the basis on which firms price discriminate and how this relates to questions of fairness. [46]

29. In a Joint Committee Final Report on Big Data in March 2018, ESMA, EBA and EIOPA (ESAs) noted that “the granular segmentations of consumers enabled by Big Data have a number of impacts on aspects such as marketing campaigns, pricing practices, contextual offers (e.g. cross-selling), individualised products and services, credit and risk scoring / segmentation and fraud prevention.” [47] While many respondents to the consultation raised concerns around the consequences of increasing customer segmentation, in terms of pricing practices, the ESAs noted that “there is limited evidence of such risks materialising.” [48]

30. In its Call for Input, the FCA noted that big data does not appear to raise or create barriers to entry [49] and is being used across the product cycle [50] in motor and home insurance. It recognised that this produces a number of consumer benefits (e.g., reducing form-filling, streamlining sales and claims processes) and efficiencies for firms (cost savings through better fraud detection and marketing and tailoring of existing products or offering new products to manage risk).

31. The FCA also promotes innovation in financial services through the Innovate division, which has been growing significantly since its inception in October 2014. One of Innovate’s most well-known initiatives is the Sandbox, which enables firms to test their products/services in a controlled environment to avoid consumer detriment. In the insurance space, innovative firms are harnessing data to offer new products. For example, in cohort 1 of the Sandbox, a firm tested a flight insurance product that integrated with external data sources to facilitate an automated claims process (through which customers could instantly book a new ticket on their mobiles following flight cancellations). Since testing, incumbents have launched similar propositions to the benefit of their customers and this model could be used for other insured events that can be validated by trusted third-party data sources. This is a clear example of how regulatory initiatives can have an impact on the market and improve customer outcomes.

IV. Data in wholesale financial markets

32. The FCA is planning to publish a Call for Input on access to, and use of, data in wholesale financial markets. In addition to market data (needed by dealers and investors to trade and make investment decisions), this will explore data and analytical techniques used by wholesale market participants.

33. There are various sources of data (satellite imagery, client data, trade data, transaction data, social media and location data) which are increasingly collected and analysed through the use of advanced analytics, such as artificial intelligence and machine learning. These can be developed in-house or through third-party providers.

34. The FCA is keen to explore a number of issues, including whether there may be barriers to firms accessing data, or techniques for analysing data. Business models are changing to reflect the growing importance of data in wholesale financial markets and there may be an increased risk of collusive outcomes due to trading algorithms.

V. Conclusions

35. In the Furman review, it is noted the wider use/reliance on data as a competitive factor in the digital economy should prompt governments to update competition law enforcement to make it more logical, robust and forward-looking. [51]

36. We agree that competition authorities need to take into account the dynamicity of digital markets, so they consider intervening rapidly when possible (making use of interim measures if appropriate), are more forward-looking and mindful of potential competition and can deal effectively with the challenges raised by digital business models. [52] One such challenge may be the increased use of data in the future, fuelled by algorithms, which might bring about collusion or increased personalised pricing.

37. Competition authorities also need to better understand the value of different data sets (in particular the “economic and emotional value of data”) to firms and individuals, as recently acknowledged by Robin Finer, the FCA’s acting chief economist. Finer argues that “[i]n increasingly digitalised markets, where market power is determined by a firm’s ability to extract value from data, there is a challenge posed by consumers’ lack of understanding of what they are revealing and what that information is worth.” [53]

38. It is also crucial that competition authorities promptly spot the overlap with, and relevance of, privacy and consumer protection legislation, so they can liaise with the relevant regulators and determine how to implement the most effective remedial solution quickly. The FCA is mindful of this overlap and, for instance, the Innovate division is strengthening their “relationship with the Information Commissioner’s Office both independently and through work to establish the viability of a cross-sector Sandbox.” [54]

Move quickly and don’t break things: The introduction of Open Banking in the UK

Adam Land
Senior Director, Remedies Business and Financial Analysis, CMA, London
Bill Roberts
Head of Open Banking, CMA, London

I. Introduction

1. On 9 August 2016, the UK’s Competition and Markets Authority announced a package of reforms to improve competition in domestic retail banking markets, following an in-depth market investigation. [55]

2. At the heart of this package was an innovative, technology-driven remedy called Open Banking, in which banking customers and small businesses would be given control of their own banking data to enable them to benefit from a wide variety of new applications delivered through their computers, mobile phones or tablets.

3. The authors were both closely involved in the design and implementation of this project and, in this article, we will explain how a national competition authority came to be overseeing a trail-blazing technology project, describe the main features of Open Banking and draw some emerging conclusions that may be of use to policy makers in other countries or other sectors of the economy.

II. The problems that the CMA identified in retail banking markets

4. In common with other jurisdictions, competition authorities and other bodies in the UK have dedicated quite a lot of time over the years reviewing competition in the retail banking sector.

5. A landmark report in the UK was the Cruickshank review of retail banking services (on which one of the authors worked), commissioned by the then Chancellor of the Exchequer, Gordon Brown, and published in March 2000. Since 2000, aspects of competition in the sector have been reviewed by both the CMA’s predecessor bodies (the Office of Fair Trading and the Competition Commission), the Financial Conduct Authority, an Independent Panel chaired by Sir John Vickers, the Treasury Select Committee, as well as by the CMA itself.

6. The CMA’s diagnosis of the shortcomings in competition for retail banking services would have been familiar to these earlier reviewers as well as those charged with looking at competition in other retail banking markets.

7. The CMA found high and stable levels of market concentration, particularly in relation to personal current accounts and small-business banking, with incumbents’ positions protected by substantial barriers to entry and expansion. Banking products themselves are complicated and, frankly, boring which makes it difficult for customers and small businesses to engage actively with the market, to identify which providers offer value for money and to make good choices.

8. In addition, larger incumbent firms can have informational advantages over potential entrants or smaller rivals. For example, an existing lender to a small firm may have better information than other potential lenders about that firm’s repayment history, enabling the lender to advance credit which other lenders might turn down. The informational asymmetry may be even greater in cases where the firm also holds its primary business current account with the lender, as is often the case.

III. Why Open Banking appeared a promising solution

9. While the problems the CMA identified were familiar, the timing of the report and advances in technology enabled the CMA to identify some potential solutions that were unavailable to our predecessors.

10. The widespread adoption of smartphones and the particularly strong take-up in the UK of mobile banking applications, combined with a supportive policy environment, [56] meant that the UK was well placed to take a global lead in using, what was by now, proven technology to open up banking markets to greater competition and choice.

11. Giving customers greater control over their banking data provided a new “way in” to several of the knottier issues facing policy-makers.

12. For example, the complexity and opacity of charging for personal and business current accounts makes it very difficult for a customer to find the best value account for them—different banks levy charges in diverse ways and a customer’s transaction history (and even the precise sequencing of transactions) can make a substantial difference to the price they pay for banking services. With Open Banking a consumer can choose to use their transaction history to compare the actual charges they have incurred with their current provider against what it would have cost to bank with a rival. This in turn facilitates the development of digital comparison tools to make it easier for customers to exercise this choice. Similarly, a small business could choose to use its current account history to help demonstrate its creditworthiness to new lenders rather than feeling “trapped” in an existing banking relationship. In this way, Open Banking presented itself as a remedy to these long-standing problems.

13. As we looked further into Open Banking and engaged with the companies developing new products and services, more and more of these applications became apparent. However, despite the benefits available from introducing this technology, we came to the view that this change would not happen without a regulatory intervention. There were two main reasons for this:

  • Firstly, the larger banks faced conflicting incentives in relation to Open Banking. On the one hand, opportunities are available to those banks who embrace the technology and become pioneers in the new competitive landscape. However, the immediate effect is to open up competition to attract some of their more lucrative and long-standing customers. No bank would want to expose themselves unilaterally to greater competitive pressure.
  •  Secondly, these conflicting incentives were exacerbated by various coordination issues— 2017 all banks needed to prioritise Open Banking over other competing IT projects and introduce fundamentally similar standards at the same time. Uncoordinated action would risk inertia as no bank wanted to make the first move. An “industry-led” approach would risk moving at the “pace of the slowest,” as Sir Donald Cruickshank had pointed out in another context almost 20 years previously.

14. Against this background, and in line with its statutory duties to achieve an effective remedy to the adverse effects on competition that it has found, the CMA decided to introduce Open Banking at the heart of its remedy package. In the rest of this article, we describe the basic elements of Open Banking and how it has been implemented.

IV. The basic elements of Open Banking

1. What is open banking?

15. “Open banking” refers to a financial ecosystem in which customers can securely, and without needing to disclose their online banking credentials, share their personal financial data with trusted third-party providers (TPPs) of financial services. Open banking thus excludes data sharing schemes that rely on “screen scraping.” [57]

16. However, “open banking” can be implemented in various ways and there are important differences, for example, between the scope of the UK’s open banking project and the European Union’s second Payment Services Directive, PSD2, which also enables the sharing of financial data and is being implemented in the UK at the same time as open banking.

1.1 Open banking obligations compared with PSD2

17. Open banking in the UK differs from PSD2 in three main respects.

18. First, its scope is narrower, since it applies only to personal and business current accounts rather than all payment accounts, reflecting the terms of reference for the original CMA market investigation. PSD2, on the other hand, applies to all payment accounts including credit cards, charge cards and e-wallets. [58]

19. Second, the adoption of open baking standards is only mandatory for 9 UK providers of current accounts, albeit the largest in Britain and Northern Ireland respectively and accounting for around 90% of the UK market. PSD2, by contrast, applies to all providers of payment accounts. The CMA reasoned that since the open banking standards were to be available, free, to all providers of current accounts and that there would be a commercial advantage to them in doing so, smaller providers would adopt these standards in order to comply with PSD2.

20. Third, and possibly most importantly, in the UK the providers covered by the CMA Order (often referred to as the “CMA9”) are required to use common and open API, data and security standards whereas PSD2, while implicitly requiring the use of APIs, does not stipulate that the banks have to adopt common API standards. As a result, under PSD2 banks may adopt their own API, data and security standards so long as they meet the general provisions of the Directive. The CMA reasoned that common and open standards would make entry and expansion easier for smaller app developers since, unlike in the EU and absent voluntary harmonisation of standards by banks, [59] they would not have to produce many different versions of their app.

1.2 The benefits of open banking services

21. There are two main ways in which open banking can promote more effective competition: it can enable consumers to make more accurate and reliable product comparisons and it can facilitate the entry and expansion of new digital service providers to compete with incumbent banks.

22. The benefits of open banking as a facilitator of product comparison are most clearly evident in the case of business bank accounts. In the UK, banks generally charge SME customers on a per transaction basis. Patterns of account usage can vary quite considerably between customers so, for example, the kinds of transactions that a small business which deals mainly in cash providing goods and services locally undertakes will differ greatly from those of a business which trades just on the Internet, relies entirely on card transactions and has customers all over the world. In these circumstances a comparison between banks of the charges to an “average” customer are not likely to be helpful: the SME requires the bespoke advice based on their transaction history that open banking enables. [60]

23. Open banking also facilitates the entry of providers of services who are not themselves banks, but which provide banking services. These may entail providing users with the ability to view their payment accounts and analyse their financial affairs (“account information”) or they may also enable customers to authorise the movement of money in and out of their accounts automatically (“payment initiation”). Providers of the latter services are subject to tighter regulation given the higher risks associated with such transactions. [61]

24. Account information and payment initiation services provide different types of benefit. AISPs, for example, may offer what are referred to as “aggregation” services which enable users to see all their payment accounts in one place, typically through a “dashboard” which usually include analytics to help them manage their money better. This would include showing consumers what they are spending their money on and trends in their spending patterns.

25. Although aggregator services are essentially “passive,” they have the potential to provide more active guidance, for example alerting consumers to cheaper sources of credit on the basis of their current spending habits and taking account of providers’ lending policies. For example, one TPP in the UK scans the mortgage lending market and compares deals on offer with the consumer’s current provider. It can then alert customers using its app to money-saving opportunities through switching having already checked that the consumer meets the lender’s eligibility criteria. [62]

26. AISPs can provide other tools to assist customers manage their money more effectively. In the SME business space, for example, this functionality is being used by providers of cloud-based accounting systems such as Xero and QuickBooks to, for example, allow users to more easily reconcile their accounts receivable with their cash in the bank.

27. PISPs, because they can move customers’ money about for them, are able to offer “sweeping” services. These can, for example, automatically pay money into an account that is going into overdraft guaranteeing, if the money is being loaned, to charge less than a bank would for an overdraft. Sweeping services can also move cash out of the current account into a (higher) interest-bearing account until it is required. [63] Since a bank’s most profitable customers are likely to include heavy overdraft users and those who keep large cash balances in their current accounts, sweeper services may be able to exert significant competitive pressure on banks.

28. As well as fostering competition, open banking can deliver benefits for vulnerable consumers. Debt advisors can, for example, use open transaction data to construct reliable and comprehensive Standard Financial Statements and consumers with thin credit files can make use of their transaction data to demonstrate that they run their financial affairs responsibly and, by doing so, improve their credit score. [64]

2. Implementation

2.1 The Open Banking implementation entity (OBIE)

29. The CMA was not able itself to define the common technical standards that would be necessary to build open banking. It therefore created a special purpose vehicle, the OBIE, to provide a forum for discussion and agreement by its stakeholders (including established and challenger banks, FinTechs, as well as representatives of consumers and SMEs) on the design and implementation of technical standards and ancillary measures that would be necessary to ensure the ecosystem was secure and fair to customers. These ancillary measures included an accreditation process for third-party providers (in addition to the authorisation requirements of the UK’s financial regulator, the FCA) and the creation of processes for the resolution of disputes.

30. The OBIE, funded entirely by the nine major banks, was formed in October 2016 and has been in operation since then with a staff, mostly contractors, of around 150.

2.2 The Implementation Trustee

31. Despite making full use of its Order-making powers, the CMA could not guarantee that the stakeholders represented on the OBIE would reach agreement over key standards. Indeed, as the whole purpose of the project was to subject the established banks to new vectors of competition, their incentives might lead them to try and delay or frustrate the implementation process.

32. Accordingly, the CMA not only obliged the nine banks to make their “best endeavours” to reach agreement: it mandated the appointment of an Implementation Trustee whose role was to supervise the implementation process and, in the event of non-agreement between the parties, impose a decision on them. The nine banks were required to fund and resource this position at a level approved by the CMA, whose approval would also be needed for the proposed appointee and their mandate. The current [65] Trustee is Imran Gulamhuseinwala.

V. Where are we now?

1. Bank adoption: CMA9

33. The CMA9 banks were legally required to adopt the open and common standards developed by the OBIE but as there were some learnings that arose from the implementation process we describe these below.

1.1 The read-write API

34. The first major open banking release, the read-write API was scheduled for mid-January 2018. Two banks delivered on time: seven failed to meet the timetable that we had set.

35. The CMA is unable to levy fines in these circumstances but issued the seven banks with “Directions” [66] specifying in some cases that they should appoint and engage at their own expense professional services firms to review the robustness of their plans for delivery and report to the Trustee and the CMA on their progress. In one case the CMA prevented a bank from launching its own open banking product until its services were available to TPPs.

36. Even though by the second quarter of 2018 adoption by the major banks had occurred there were considerable differences between them in terms of the technical performance of their platforms, for example API response times and availability/outages and, perhaps more significantly, between the friction encountered during customer authentication journeys.

37. In some cases, customers had to click through over a dozen screens to complete the authentication process and access third-party open banking tools and in others they were confronted by repeated safety warnings or had to await the texting of one-time passwords. The effect of all this was to make it less likely that the customer would persevere with their journey, thus frustrating the objectives of the remedy.

38. Since the CMA had not specified in detail what customer authentication journeys should or should not entail in its Order, it was necessary to set out what was expected of the banks in a guidance document. Accordingly, the OBIE produced a set of customer experience guidelines (the “CEG”) and engaged in bilateral meetings with each bank, going through their customer journeys with them, comparing them to the CEG and agreeing plans where there were gaps to close.

1.2 “App to App” redirection

39. The next major release was in March 2019 when the “App to App” process (enabling bio-authentication) was to be made available. This was a major milestone for the open banking project as it had the potential to reduce significantly the friction in the customer authentication journey by allowing customers to authenticate themselves using a thumbprint or facial recognition, for example, on their smartphone.

40. As with the earlier release, and although one bank was early, several others were unable to deliver all of their functionality by the due date, including a major bank which asked for an extension of its deadline by several months. Again the CMA issued Directions setting out the steps that the banks seeking more time were required to take to bring them back on track.

41. Adoption of the common API standards themselves was, of course, mandatory for the nine banks subject to the Order but they were under no obligation to adopt the technology to launch products themselves. However, all of the largest banks have now created and launched aggregators, sometimes in partnership with FinTechs/new digital service providers. [67]

42. When we designed our remedies we envisaged competitive pressure on the established banks arising from two main directions: first, new (FinTech) entrants offering a narrower range of banking services than the banks but targeting their most profitable customers and second, the established banks themselves who would need to try harder to maintain and grow their customer base and who would therefore be more likely to try and acquire the customers of other major banks.

43. The launches by major banks of aggregators may be significant because these products will, almost by definition, be mainly of interest to customers who also hold accounts at rival banks and these customers may choose to start looking at their financial affairs through the rival’s “dashboard” instead. This, of course, raises the potential but realistic prospect of disintermediation for the major banks not solely, as originally envisaged, from new and possibly unfamiliar third-party providers but also from trusted high street banking brands.

2. Adoption by non-CMA9 banks

44. Although the non-CMA9 banks are not obliged to adopt the open API standards we thought that they would do so voluntarily as it would be a simple route to PSD2 compliance. At the time of writing, four non-CMA9 banks are live with the OB standards with another 20 in the wings, testing in the sandbox, and new applications are coming in weekly as the PSD2 deadline approaches. This gives us confidence that a significant proportion of the non-CMA9 banks will eventually adopt the standard.

3. Adoption by third-party providers (TPPs)

45. As of late May 2019 there are 60 TPPs live in production and another 150 in the regulatory approval pipeline. TPPs at present are predominantly AISPs: of the live TPPs, 58 are authorised as AISPs and 24 as PISPs though the number of PISPs is increasing.

46. Why the entry rate of PISPs is slower than AISPs is not clear but may be related to the functionality of the read-write API. For example, sweeper services are likely to work most effectively if the API enables recurring payments of variable amounts. It currently does not do so but a standard is in development and may be made mandatory. Similarly, the process of providing refunds to customers may not meet the requirements of providers and may therefore need to be modified.

4. Consumer adoption

47. At the time of writing we do not know exactly how many consumers are actively using open banking products. The Fintech trade association in the UK estimates that around 2m consumers were using personal financial management applications accessed through screen-scraping in 2017 and we know that the TPPs concerned are trying to convert these customers to API usage. We have not attempted to de-duplicate these providers’ customer lists since the cost of doing so would almost certainly exceed the benefits, given the hoped-for adoption of open banking products by a much wider group of consumers and SMEs.

48. That said, we can as a proxy for consumer adoption measure volume usage of the open banking APIs even if this cannot be translated into customer numbers. In July 2018 there were 3 million API calls; this July there were 80 million.

A Figure is available in the pdf version of this article.

5. International adoption

49. Outside of Europe, open banking is being implemented or contemplated in some 20 jurisdictions, particularly in the Asia Pacific region but also in the Americas and Africa. Again, the nature and scope of these implementations differ as do their objectives. In some jurisdictions, such as Mexico, they are grounded in a desire to increase financial inclusion; in Australia they originate from a belief that consumers have a right to control their own data, banking being the first iteration of a “consumer data right.”

50. Despite different objectives, the basics of these ecosystems are likely to be much the same and, based on the UK experience these will probably need to include that: information will be shared using open standard, common APIs (though perhaps initially just read-only); customer authentication protocols will be put in place; providers will be subject to some form of authorisation or accreditation; the regulator or the industry concerned will have to establish a liability model to ensure clarity for customers and other participants if things go wrong.

VI. Conclusions

51. Open banking has been an unprecedented intervention by a competition authority. By giving customers control over their own data, we have sought to open up banking markets to new forms of competition, while taking care to preserve the integrity and security of the retail banking system. We are nearing the end of the implementation phase and have learned some lessons along the way that may be of value to other agencies.

52. Firstly, we have found that compulsion or the threat of it will generally be necessary to implement open banking—or similar initiatives—successfully and within a reasonable timeframe. It seems very unlikely to us that banks would have voluntarily agreed and adopted common API standards, for example, without at least the threat of compulsion if they fail to act voluntarily. Even where banks have expressed a desire to adopt open banking, as appears to be the case in PRC, it may be necessary for government or a regulator to stipulate the actual standard to be adopted.

53. In the UK, for example, open banking proposals had been circulating for several years with no evident progress on a voluntary basis. It was not until the CMA used its powers to create the OBIE and oblige the banks to develop and adopt open and common API standards that the ecosystem began to evolve.

54. Secondly, while diversity of approach is a general benefit of competition, there may be risks in allowing individual banks discretion over the way they interpret certain requirements or in leaving this in the “competitive space.” Banks may have the incentive and the opportunity to use these to, for example, build unnecessary friction into customer authentication journeys. In a sector characterised by inertia it is very easy for a bank to “nudge” customers away from using open banking tools: a few milliseconds slower response times; an extra screen or two to click through; prominent risk warnings; unnecessary authentication steps generally.

55. Thirdly, with a project of this complexity and ambition, results will not be achieved overnight. We have had to remind ourselves and others that the timeframe for introducing open banking resembles growing a tree more than boiling an egg. With this in mind, we had two specific lessons to help maintain pace and momentum:

  •  Regulators should be prepared to countenance launching a “minimum viable product.” The first iteration of open banking may not be perfect in terms of a frictionless customer journey (though it must, of course, be 100% secure) but it may be preferable to have a prototype available to help establish through market testing the best way forward.
  •  Regulators should not set deadlines that accommodate the slowest moving banks. In the UK the pace at which the different banks could absorb the changes necessary to implement open banking varied quite a lot. Rather than proceeding at the “pace of the slowest,” we decided to set realistic but robust deadlines, accepting the risk that some banks might fail to keep pace with what we judged was a challenging but achievable timescale. This has required some robust enforcement in relation to those banks who missed deadlines, but has in our view led to a more timely implementation, without compromising quality.

56. Finally, competition authorities should challenge assertions—for example, by larger banks or by prudential regulatory authorities—that competition is the enemy of financial stability. Whereas some prudential regulators have deemed this to be the case, the Bank of England thinks otherwise, and we agree: we have seen no convincing evidence that uncompetitive financial systems are inherently more stable than competitive ones. Should problems emerge within the open banking ecosystem they could be swiftly contained in what is a highly regulated, data-rich market sector. A greater risk, in our view, is of protected incumbents who are “too big to fail.”

Fintech and access to data

Ingrid Vandenborre
Partner, Skadden, Arps, Slate, Meagher & Flom, Brussels
Stuart D. Levi
Partner, Skadden, Arps, Slate, Meagher & Flom, New York
Caroline Janssens
Senior Professional Support Lawyer/Non-Practicing Solicitor, Skadden, Arps, Slate, Meagher & Flom, Brussels

I. Introduction

1. Digital technology and big data have transformed the competitive landscape of the banking sector by allowing entrants to offer more efficient, diversified and affordable services. Incumbent financial institutions face increasing competition from new entrants including fintech firms, challenger banks, established tech companies and companies providing third-party data services (e.g., firms providing big data storage and analytics, programming interfaces, etc.). In this new landscape, the availability of, and access to, data has become a key competitive driver. While big data presents new opportunities, the scope of available data and how to govern access to that data pose new challenges for the industry and for competition authorities around the world. Key questions include whether incumbents should be required to share their data with new market entrants; whether, and to what extent, access to and use of big data can be considered to confer market power; and whether and, to what extent, concerns around big data should be considered under competition law as opposed to data protection rules. Any discussion on data access will inevitably be closely linked to the specificities of the market, the type of data, and its use and importance as a tool to compete.

2. In this article we examine recent and legislative initiatives that address issues surrounding access to data, specifically for the fintech sector, as well as more broadly. While there is currently no established European Commission (“Commission”) or national legal framework on how to deal with access to data in the banking sector in any Member State of the European Union, we examine how the wider ongoing policy debate around access to data in the wider digital sphere is equally relevant to some of the questions surrounding the role of data in the fintech sector.

II. Recent sector-based initiatives

3. The second Payment Directive 2015/2366 [68] (“PSD2”) entered into application on 13 January 2018 and sets out the regulatory framework that facilitates access to customers’ account data. Most Member States have transposed the rules and adopted national regulations to give the PSD2 effect. The PSD2 enables new regulated market entrants other than banks (i.e., fintech and other tech companies entering the payment services sector such as, for example, Apple Wallet, Google Pay and Samsung Pay) to access a customer’s bank account information and associated data and/or request payments, with a customer’s explicit consent. Some Member States have introduced related initiatives, with the UK leading the way with its “Open Banking” initiative, which gives customers more control over their personal account data and has enabled them to share their current account information securely with third-parties since January 2018. [69] In the U.S., by contrast, while banks are subject to certain restrictions on how they can use customer data under the Gramm-Leach-Bliley Act, there is no legislation similar to “PSD2” governing non-financial institutions. Rather, the U.S. has adopted a sectoral and state-specific approach to data usage and privacy.

4. The Commission’s Regulatory Technical Standards for strong customer authentication and common and secure open standards of communication have been central to achieving the objectives of the PSD2. [70] Other important legislation for the sector includes the proposed revised e-Privacy Regulation [71] designed to establish a new legal framework for privacy of electronic communications together with the General Data Protection Regulation [72] (“GDPR”); the Network and Information Systems Directive, which requires financial institutions to take appropriate cybersecurity measures; [73] and the Unfair Commercial Practices Directive. [74]

5. Neither the PSD2 nor these sectoral pieces of legislation contain provisions giving financial authorities specific competences regarding the protection of competition in the payment services sector, and the general competition law enforcement framework remains applicable.

6. A number of national competition authorities in the EEA have published studies [75] on the impact of fintech in the financial sector, each of which, identify new challenges and potential risks of foreclosure of new entrants by incumbent banks and make a number of recommendations to reduce those risks. These authorities highlight the lack of incentives for banks to grant fintech and tech companies access to key account data. The Portuguese authority, for example, warns that the risks of foreclosure it identified are not completely dispelled by the PSD2; while the Dutch authority calls for a refinement of the conditions set out in the PSD2 and implementing regulations. [76]

7. However, in March 2018, the Joint Committee of the European Supervisory Authorities (“ESAs”) published a report on big data analyzing its impact on consumers and financial firms. [77] Interestingly, the ESAs found that while the development of big data poses some potential risks to financial services customers, currently the benefits of innovation outweigh these and many of the risks identified are mitigated by existing legislation. [78]

8. In a study on competition issues in fintech published in July 2018 (“the Study”), [79] the European Parliament’s ECON committee noted the difficulty of applying traditional competition assessment tools (such as market definition and market power) in fintech because of the broad landscape of users, operators, services and strategies. [80] Traditional market indicators such as market shares, prices or profit margins fail to explain the economic relationships between supply and demand in the provision of fintech services given that some of these services are offered free or are provided through multi-sided platforms with several stakeholders intertwined. [81] The Study also stressed the role of data in assessing the competitive position of a company and that control over unique datasets should be one of the main factors to consider when assessing potentially anticompetitive conduct. [82]

9. However, the Study concluded that, currently, the market for fintech services is “too fluid [83] to reach firm conclusions on the existence of competition concerns that would necessitate “the deployment of competition tools on a large-scale basis. [84] It also noted that competition rules by themselves may be insufficient to ensure a level playing field and stressed that under competition rules, a refusal to access/supply constitutes an anticompetitive conduct only in cases of essential facilities, a concept that may not easily apply to datasets. [85] For instance, in Oscar Bronner, the Court of Justice of the European Union (“CJEU”) ruled that a product or service is indispensable if there are no alternative products or services and there are obstacles, technical, legal or economic, which make it impossible or unreasonably difficult for a company active in the downstream market to develop products or services without access to the indispensable ones in the upstream market. [86] The Study noted that “in the age of big data, where advanced data capture techniques allow for the creation of valuable datasets at a reasonable cost, it is difficult to consider a dataset as ‘indispensable’. In the field of payment services, for example, access to data by competitors is a matter addressed by financial regulatory rules”. [87]

In its Annual Economic Report 2019 [88], the Bank for International Settlements (’BIS’) notes that while the entry of big tech companies into financial services could make the sector more efficient, their role in finance raises issues that go beyond traditional financial risks. To tackle these issues, BIS calls for global regulatory and policy coordination between financial regulators, competition authorities and data protection bodies.

10. These reports raise the question as to whether the role of big data is different in the fintech space, and whether competition law principles considered for other data-rich sectors, should similarly apply to the financial sector. We summarize below the main policy initiatives surrounding the competition law assessment of big data generally.

III. Recent competition policy initiatives

11. In their joint report on big data issued in May 2016, the French and German competition authorities identified refusals to give access to data and discriminatory access to data as potential competition issues resulting from the collection of big data in the digital economy and identified two parameters of particular relevance when assessing the interplay between data, market power and competition law: the scarcity of data or ease of replicability and the scale and scope of datasets. [89]

12. In April 2017, the Organisation for Economic Co-operation and Development (“OECD”) called for caution in reacting to the challenges posed by big data. [90] In particular, authorities should examine on a case-by-case basis whether, in the relevant market, the data is replicable, whether it can be collected from other sources, the degree of substitutability between datasets, how quickly data becomes outdated and how much data a potential entrant needs to compete. [91] The OECD noted that extreme remedies such as requirements to share data should be carefully weighed and used only when there are no less intrusive alternatives. [92]

13. On 13 March 2019, the Digital Competition Expert Panel appointed by the UK Chancellor of the Exchequer and chaired by Professor Jason Furman, former chief economist to U.S. President Obama, issued a similar report [93] making strategic recommendations for changes to the UK’s competition framework to face the opportunities and challenges of the digital economy. The report stressed the need to fast-track enforcement in digital markets, placing less reliance on large fines and enabling action that targets and remedies issues more directly, while lowering the standards for judicial review. The report also proposed the establishment of a pro-competition digital markets unit tasked, notably, with the implementation of personal data mobility (i.e., giving consumers greater control of their personal data, in a similar way to the “Open Banking” initiative) and systems built on open standards.

14. On 4 April 2019, the Commission published a report [94] prepared by three special advisers (“the Advisers”) appointed by Competition Commissioner Margrethe Vestager to explore how EU competition policy should evolve in the digital age. The Advisers identified strong “economies of scope” across the digital economy, which favour the development of ecosystems, giving incumbents a strong competitive advantage that makes them “very difficult to dislodge”. [95] The Advisers also identified a “reasonable concern that dominant digital firms have strong incentives to engage in anti-competitive behaviour” that require “vigorous” competition enforcement and adjustments to the way competition law is currently applied, [96] including potential data-sharing or interoperability remedies for dominant technology companies if required to ensure effective competition. [97] While the Advisers considered that the existing basic framework of EU competition law remains relevant and sufficiently flexible to protect competition in the digital age, they advocated a departure from certain established concepts, doctrines and methodologies—such as consumer welfare, market definition and market power—and more emphasis on theories of harm and identification of anti-competitive strategies. [98]

15. Discussing access to data, the Advisers noted that there are cases where an obligation to ensure data access—and possibly data interoperability—“may need to be imposed [99] and added that “[w]here vertical and conglomerate integration and the rise of powerful ecosystems may raise concerns, requiring dominant players to ensure data interoperability may be an attractive and efficient alternative to calling for the break-up of firms—a way that allows us to continue to benefit from the efficiencies of integration”. [100] The Advisers noted that a broad dissemination of data must, however, be balanced against the need to ensure sufficient investment incentives for firms to collect and process data, as well as the need to protect privacy and business secrets. [101]

16. Similar initiatives have been undertaken in the U.S., where the Federal Trade Commission (“FTC”) for example recently held public hearings discussing the challenges posed by new technologies to competition and enforcement priorities, including the role data plays in this context. [102] These hearings followed earlier reports by the FTC focused on the impacts of big data on privacy and competition in the digital space. [103] At the state level, the California Consumer Privacy Act, which goes into effect in 2020, provides California consumers with a right to access their information in a portable format, in part, so they can more easily transition between service providers.

IV. Competition policy principles for big data in the fintech space

17. The Commission historically devoted attention to the relevance of datasets in its merger practice (e.g., Thomson/Reuters, Google/DoubleClick, TomTom/Tele Atlas, Facebook/WhatsApp, Verizon/Yahoo, Sanofi/Google/DMI JV, Microsoft/LinkedIn, Bayer/Monsanto, Apple/Shazam). In none of these cases, however, did it identify data as an important competitive asset, or separately define and assess a market for data products or datasets. In its August 2014 Facebook/WhatsApp decision, [104] the Commission concluded that privacy-related concerns arisingfrom the increased concentration of data within the control of one company as a result of a transaction would fall within the scope of EU data protection rules, not of the EU competition law rules. Assessing the competitive significance of the data involved, the Commission concluded that a number of alternative providers would continue to offer targeted advertising after the relevant transaction, and a large amount of internet user data that is valuable for advertising purposes is not within Facebook’s exclusive control. In its December 2016 decision on the Microsoft/LinkedIn transaction, [105] the Commission essentially confirmed its approach in Facebook/WhatsApp that privacy-related concerns do not generally fall within the scope of EU competition law. In that decision, however, it clarified that privacy-related concerns can be taken into account in a competition assessment to the extent that consumers see it as a significant factor in the quality of the services offered. [106]

18. In its more recent antitrust decisions, the Commission assessed the importance of big data more critically. In Google Shopping, the Commission concluded that the sheer accumulation of data, which is otherwise freely available, can effectively constitute a barrier to entry. [107]

19. Similar focus on data issues is growing in EEA Member States, with developments to watch. In Germany, the Federal Cartel Office (’FCO’) recently considered that Facebook’s collection and combination of user data from various sources without the user’s voluntary consent violate European data protection provisions which could be enforced also as an “exploitative abuse” under German competition law rules. The decision is novel in that it constitutes the first decision in which a competition authority has based its finding of an abuse of a dominant position under competition law on a violation of data protection and privacy rules. [108] On appeal, the Higher Regional Court of Düsseldorf suspended the FCO’s decision, notably, because it failed to explain how Facebook’s violation of European data protection rules affects competition. [109] Reportedly, the FCO intends to appeal against this ruling to Germany’s Federal Court of Appeal. In France, the competition authority required GDF Suez [110] (now ENGIE) to give access to its competitors, at its own expense, to some data of its client database to enable them to compete on an even footing as the gas markets opened up. The French authority had found that GDF Suez at the time had “significant advantage” over its competitors, potentially excluding competition. GDF Suez had used a large volume of consumer data to facilitate customer switching from regulated to unregulated offers, and to “win back” customers who had switched to competing unregulated offers. In the Netherlands, the Dutch competition authority recently imposed, for the first time, access to data and to digital platform remedies when it conditionally approved the acquisition of Iddink Group by Sanoma Learning. [111] By comparison, in the U.S., the FTC settled its case against CoreLogic’s acquisition of DataQuick Information Systems by ordering CoreLogic to license data assets to a divestiture buyer to ensure its viability as a competitor.

20. Even if case law is developing in relation to the assessment of data as competitive assets in competition law analysis, there is no clear precedent on how data issues should be assessed in the financial sector, or if there are different factors at play when it comes to financial or payment markets. Some important assessments may nevertheless be underway. One case to watch concerns the Commission investigation of Polish and Dutch banking groups. In October 2017, the Commission conducted dawn raids at Polish and Dutch banking groups over online access to bank account information by competing service providers. The press release indicates the Commission’s concerns that “[t]hese alleged anti-competitive practices are aimed at excluding non-bank owned providers of financial services by preventing them from gaining access to bank customers’ account data, despite the fact that the respective customers have given their consent to such access”. [112] It is also clear that the Commission is paying close attention to the emergence of new contactless mobile payment services such as Apple Wallet, Google Pay and Samsung Pay. [113]

21. Query how competition law issues surrounding the use of data should be assessed in the financial services context. Four key parameters of assessments have been put forward to assess the interplay between data, market power and competition law: whether the parties actually own or control the data; whether, in the relevant market, the data is replicable; whether the data is unique or reasonably available substitutes exist; and whether the relevant data constitutes a critical input to compete. However, these parameters leave many open questions when assessed in the context of financial services, where sectoral legislation addresses many of the risks associated with big data in connection with confidentiality, privacy and security, and where arguably markets may have lower barriers to entry, or are more fluid, as some of the reports have referenced.

22. In the financial services sector, it may be challenging to enforce any mandatory data sharing to ensure effective competition for a number of reasons. First, it may be unclear what legal rights fintech providers actually have in the data they hold. While such providers control the data they possess, customers may argue that they own the data regarding their own financial transactions while institutional counter-parties to transactions may claim the data is at least partly owned by them. In such cases, solutions based on data portability or data property rights may suffice. Second, data in the fintech space is often an amalgam of raw data coupled with proprietary analytics and data, and it is often difficult to parse them. Obligating a fintech company to share its raw data may not be sufficient to level the competitive playing field, but requiring the sharing of blended data might effectively require a company to disclose proprietary techniques or algorithms. Third, while there has been close regulatory focus on so-called big data, in many use cases, small datasets can be extremely valuable and powerful. Any regulatory policy that focuses on large players and large data sets may therefore create an imbalance in the marketplace. .

23. Many of the questions raised are, of course, not specific to the financial services sector, but they raise particularly interesting questions when assessed in the context of data sets that are already heavily regulated or constrained and where rights to data may not be straightforward. 

No barbarians at the gate? The relatively slow progress of big techs in EU and US retail banking

Jorge Padilla
Economist, Compass Lexecon, Madrid
Stefano Trento
Economist, Compass Lexecon, Madrid

1. Banks, regulators and industry commentators all agree that big tech entry in the retail banking sector represents an imminent threat for traditional banks. Santander notes that big techs “have at their disposal a great deal of consumer data to immerse themselves in the financial market,” and that “they wouldn’t be afraid to look directly in the eyes of some of the biggest Banks in the world to offer their clients all kinds of financial products. Information is gold, and they have ‘golden bars of information’. [114] BBVA believes that “[d]ata will be the key in the battle between banks and big tech. [115] The UK Financial Conduct Authority states that “[i]n terms of where we think real challenges are going to come into this market, it will be potentially around the entry of Big Tech firms. [116]

2. However, so far, big techs’ entry in the EU and US retail banking markets in competition with traditional banks has been limited, and mostly focused on selected market segments, such as payment services and, to a lesser extent, consumer lending.

3. This is in sharp contrast to the flat-out entry of big tech companies in retail banking in Asia, and especially in China. The different speed of entry may be explained by profound differences between the Asian and EU and US retail banking markets, including in relation to supply-side factors, demand-side factors and regulatory framework.

4. This article explores those factors and is organised in three main parts: part I sets out some facts; part II, which constitutes the bulk of the article, discusses the factors that may explain the different approaches of big techs in China vs in Western countries; and part III concludes.

I. Some facts

5. Big techs have started to offer payment services in the EU and the US, [117] with Apple Pay and Google Pay becoming mainstream means of payment. However, they have not—with few exceptions—entered other retail banking markets.

6. The only relevant exception so far is Amazon Lending, launched in 2011, which provides loans to small and medium enterprises (SMEs) operating in the Amazon Marketplace, assessing the creditworthiness of its borrowers using the myriad of data that it accumulates on its e-commerce platform.

7. Big techs have entered more forcefully and more widely the Chinese retail banking market, where they have established one-stop shopping ecosystems, like Alibaba’s Ant Financial, which offers a wide range of financial services to consumers and SMEs, including current accounts, payments, lending, asset management and insurance (see Table 1, setting out the example of Alibaba and Tencent).

8. For example, Alibaba’s MYBank—launched by Ant Financial in 2015—accepts deposits and provides loans. As of June 2017, MYBank extended total loans of approximately $17 billion, and Alibaba as a whole issued nearly $100 billion of loans over the past five years. [118] To assess the creditworthiness of its borrowers, MYBank (and Alibaba more in general) leverages on the information on its users it collects through inter alia Alibaba’s e-commerce platforms. [119] WeBank, China’s first digital bank initiated by Tencent, argues that it only finances around 20% of its loans using its deposits, and that it syndicates the remaining 80% to other banks. [120]

9. Alibaba also runs a wealth management platform—Ant Fortune—that reaches 180 million users and recommends funds based on the user’s financial profile. [121] Ant Fortune’s users can invest in the biggest money market mutual fund, Yu’e Bao, also part of the Ant Financial Group. [122] Alibaba, through Ant Insurance Service, is also a major distributor of insurance products, with nearly 400 million users, [123] and it is a strong player in the payment segment, with its mobile payment platform Alipay. Alipay has more than 870 million active users globally, [124] more than three times Apple Pay’s 270 million registered users and over one hundred times more than Google Pay’s 8 million active users. [125]

A Table is available in the pdf version of this article.

II. Why is China different?

10. The facts summarised above raise the question why big techs entered in Asia—and in particular in China—so significantly, but they did not do it to any similar extent in the EU and in the US. We believe that this is due to a number of concomitant factors, including:

  •  regulatory differences;
  •  low level of banking penetration in China;
  • socio-demographic differences;
  • different “co-opetition” strategies; [126] and
  • fear of a regulatory backlash.

We discuss each of these factors below.

1. Regulatory differences

11. In the aftermath of the financial crisis, EU and US financial regulators implemented new regulations or strengthened existing regulations in order to reduce the risk of a future financial meltdown. Compliance with these regulations has since become very burdensome for banks, and—as The Economist puts it—the past decade has witnessed a compliance boom in banking. [127] As a way of example, 82 new regulations or changes to existing regulation were introduced in the US in the third quarter of 2014, a total of 3,404 pages, implying that the average financial institution having to devote 653 additional employee hours to handle the new regulation in that quarter. [128] Tight regulation, especially on deposits and consumer protection, may have kept big techs away from retail banking so far in the EU and the US.

12. Regulation is instead much more favourable to entrants and to financial innovation in China. Firstly, regulations are much less intrusive. Secondly, enforcement of existing regulations is laxer. For example, Bilotta and Romano (2019) explain that MYBank has heavily relied on borrowed funds from other lenders to support its loans and that—while the Chinese central bank requires commercial banks to have their interbank funding at under one third of their total liabilities—in each of 2016 and 2017 interbank funds accounted for more than a half of MYBank’s liabilities. Yet, MYBank was not requested to change its liability sheet. [129] Thirdly, regulation in China limits the ability to compete of state-owned banks, creating a more attracting environment for entrants, including big techs. Bilotta and Romano (2019) note that Yu’e Bao’s record growth was in part explained by asymmetric regulation. Yu’e Bao captured market share from traditional banks by offering high interest rates (around 4% per year), which state-owned banks could not match because they are legally bound to pay 0.30% annual interest for demand deposits and 1.35–2.75% for term deposits. [130]

13. Consistently with this explanation, recent research from the Bank of International Settlements shows that easing in regulation increases the level of credit of big tech companies by 2.3%. [131] Also supporting this explanation, Reuters indicates that Ant Financial is now considering a shift away from payment and consumer finance services towards the provision of technology services as a result of growing regulatory pressure on its core financial businesses, including payments, micro lending and wealth management. In particular, [132] the Chinese central bank is expected to raise the reserve funds ratio of third-party payment companies to 50% and is expected to raise it further to 100%; as to micro-lending, tighter regulation is being implemented regarding source of funding; and as to wealth management, Ant Financial has set caps to limit the amount users can invest in Yu’e Bao following a requirement to control the size of the fund.

14. Not surprisingly, many believe the lenient regulatory environment is the main reason why big techs have been particularly successful in China and in other Asian countries. [133]

2. Lower level of banking penetration in China

15. Another factor that may have favoured big techs’ entry in China is the business opportunity available to those companies due to at least two factors: a lower level of banking penetration and a rising affluent class.

16. As to the lower banking penetration, the World Bank indicates that 94% of adults reported having a bank account in 2014 in high-income OECD economies as opposed to 69% in East Asia and the Pacific. [134] The World Bank also indicates that between 2011 and 2014 bank account penetration in China increased by 15 percentage points overall, an increase of 180 million individuals, and that it increased by 8 percentage points among the richest 60% of the population. [135] The World Bank also indicates that only about 4% of unbanked individuals said that the reason why they had no bank account was because they did not need one.

17. This suggests that financial exclusion is a big problem, especially in Asia, where most unbanked citizens live. Alibaba and Tencent, among others, have been able to fill this gap somewhat, providing credit and payment services to those without bank accounts. The rising middle class in China represents an attractive business opportunity to big techs entering the Chinese retail banking sector: McKinsey estimates that the assets held by China’s affluent middle class are expected to grow by about $3.4 trillion between 2014 and 2020. [136]

18. Finally, the lower level of banking penetration in China also meant that traditional banks had no opportunity to bundle and cross-subsidise their services, which created additional business opportunities for big techs. [137] Traditional banks enjoy a considerable competitive advantage over their non-bank competitors, including the big techs, because they are able to bundle their deposit products with other lending and payment services, thus exploiting the economies of scope that characterise this sector.

19. Big tech companies have very valuable data about their consumers, which can allow them to (i) identify shopping intention of individuals (and thus, potentially, their need for a loan); [138] and (ii) assess their credit worthiness. [139] However, they miss an important piece of information in order to compete head-to-head with banks; namely, information on their customers’ current and term accounts. This information is important for a number of reasons. Firstly, because while big techs may know that a particular user is visiting a car dealer (from the GPS installed in the user’s smartphone) or whether it is browsing the internet for an expensive jewel, they typically will not know whether that user has sufficient savings in its bank account to pay for those products or whether he/she will need a loan.

20. Bank account information also facilitates assessing credit worthiness. A recent academic article shows that consumers who get a loan from their own bank, i.e., who had a pre-existing account with that bank, are almost half as likely to default than consumers who get a loan from a different bank, i.e., consumer who did not have a pre-existing bank account with the lender. This is because banks can monitor the evolution of a customer’s income and expenses and can adjust credit limits if they spot unusual behaviour, like a sudden increase in expenses. [140]

21. Without bank account information data, big techs’ ability to assess default risk may be incomplete, as the example of Amazon Lending shows. As explained above, Amazon provides loans—through Amazon Lending—to SMEs operating in the Amazon Marketplace. One would assume that Amazon has very valuable information on the creditworthiness of SMEs selling through its e-commerce platform, since it has full visibility on cash-flows and inventories associated with the operation in that marketplace. It knows whether the market for a given product is expanding or contracting; it knows how many competitors are out there, and how they are performing; and it knows (from comments and data on returns) what are the features that make a product successful or unsuccessful. However, the Financial Times reports that Amazon Lending has stopped issuing new loans in Japan (one of its top three markets) and has cut staff while it tries to understand credit risk better. [141] Claurelle Schoekpe, general manager of Amazon Lending in Europe, said that Amazon “is not there yet” and explained that the new regulation on open banking (which may provide Amazon with access to its borrowers’ bank account information) will “help [Amazon] to start [answering] questions about what other kinds of information [Amazon] should be using in [their] underwriting. [142]

3. Different socio-demographic characteristics

22. Socio-demographic factors may also have played a role in promoting big techs banking in China, where the population is younger than in Europe, as reported in Figure 1. Younger generations (China’s most populous age cohort is 25–29, as compared to EU’s 45–49) are more likely to acquire banking services from big tech companies than older generations.

23. As The Economist puts it, young generations are demanding customers “with expectations of speedy, convenient service that have been set by Uber and Amazon Prime,” use mobile lending and peer-to-peer lending, [143] and are thus more willing to try banking with big tech companies.

A Figure is available in the pdf version of this article.

24. This is shown in Figure 2, taken from a 2018 study from Bain & Company. The chart shows:

  •  that individuals aged 18–34 (the red spots) are more likely to bank with big tech companies than individuals aged 55+ (the grey spots); and
  • that in Asian countries, such as China and India, both younger and older generations are more likely to bank with big tech companies than in their EU and US counterparts (although this may be at least partially explained by those countries being already exposed to big tech banking).

A Figure is available in the pdf version of this article.

25. Finally, Figure 3—also taken from a 2018 study of Bain & Company—shows that there seems to be a more widespread distrust of traditional banks in China and in India than it is the case in the EU and in the US (the only exception being Italy, where troubled banks such as Monte dei Paschi and Banca Carige have negatively affected the reputation of traditional banks).

A Figure is available in the pdf version of this article.

4. Different co-opetition strategies

26. Bilotta and Romano (2019) identify an additional reason why big tech entry in Western countries may be hindered; namely, that in these countries big tech companies supply services to traditional banks—such as cloud computing—which are very profitable. As Bilotta and Romano put it, big techs in the West “might not be interested in becoming strict competitors of incumbents due to their deep commercial relationships with them. Banks have become excellent customers of technology-driven services provided by tech giants, such as cloud-based infrastructures, AI and blockchain solutions, aimed at reducing their operating costs.

27. Microsoft Commercial Cloud and Amazon Web Services (AWS) are currently the top cloud providers in the EU and the US, with annual revenues of above $20 billion in 2017. [144] Google Cloud Platform serves a smaller share of the market ($4 billion in 2017 [145]), but it is investing heavily to catch up. [146] The Financial Stability Board (“FSB”) indicates that financial institutions currently spend around $37 billion on cloud services, and that they mainly use the cloud for customer relationship management, human resources, and financial accounting. However, the FSB notes, financial institutions are expected to increase their purchases of cloud services considerably as they expand the range of services they operate on the cloud, including consumer payments, credit scoring, statements and billings for asset managers’ basic current account. [147]

28. Supplying cloud-related services is a very profitable business, with total profits (including software and infrastructure) nearly reaching $100 billion in 2016 and being expected to double by 2020. [148] For illustration, AWS represented 10% of Amazon’s revenue and the entirety of its operating profit in 2016. [149]

29. Fighting banks would mean hampering this highly profitable business for big techs, which may explain why—in the EU and in the US—these companies have so far decided to partner with traditional banks rather than competing with them like in China. For example, the Amazon Prime Rewards Credit Card is issued by VISA and J.P. Morgan, [150] Amazon was reported to be in talks with J.P. Morgan to offer checking accounts, [151] and Apple is collaborating with Goldman Sachs on the Apple Card. [152]

30. Ant Financial’s expected shift away from banking services towards provision of technology services (including cloud-related services) as a result of growing regulatory pressure is consistent with this argument: there is a trade-off for big techs between competing directly with traditional banks and collaborating or providing services to them. If the first option becomes too burdensome (e.g., because of regulation), the second option becomes more attractive.

5. Fear of a regulatory backlash

31. Big tech companies know that—if they were to enter retail banking in Western countries—regulators may react if they see a risk for financial stability. The FSB, which comprises ministries of finance, central banks, supervisory and regulatory authorities from 25 jurisdictions, raised the concern that entry of big techs in competition with traditional banks may generate financial instability as “heightened competition could (…) put pressure on financial institutions’ profitability. This could lead to additional risk taking among incumbents in order to maintain margins. [153] The FSB also notes that big techs’ entry may also limit traditional banks’ ability to cross-subsidise products. [154]

32. In fact, major banks are already lobbying in Western countries, and—according to Bloomberg—“have called on regulators particularly in Brussels to make sure technology firms face the same restrictions as financial firms do. [155] For example, traditional banks feel at a disadvantage because EU and UK regulations require them to share their customers’ bank account information data with authorised third parties, including—possibly—big techs. Some banks are thus lobbying for reciprocity, by requesting that big techs also share their data with banks. If they are successful, this may pose a significant threat to big tech’s business model.

33. Another concern for regulators could be that big techs become too big players in the financial markets exposing these markets to systemic risk. This is possibly the reason why Chinese regulators are testing stricter regulation on Ant Financial, after this company has amassed a range of financial licences and “has become a crucial part of China’s massive and vulnerable financial system. [156]

III. Conclusions

34. This article identifies various factors that may have hindered big techs’ entry into retail banking in Western countries. The narrative we propose is consistent with big techs’ more forceful entry in China and in other Asian countries. Does it mean that traditional banks and regulators should consider that there is no threat of entry beyond payment services in the EU and the US? Of course, not. Firstly, big techs’ entry in banking started with payments and then expanded to other segments in China as well. [157] Secondly, some of the factors discussed above may play a different role in the future. For example, Open Banking in the UK and PSD2 in the EU will facilitate big techs’ entry. Thirdly, experience from other markets clearly shows that when big techs enter a new market they are able to leverage on their proven ability to tailor their services around customers’ needs, to exploit economies of scope (e.g., in relation to user data), and to cross-subsidise their services with the services they offer in other markets, so that they scale up very quickly.


[1M. Stucke and A. Grunes, Big Data and Competition Policy, Oxford University Press, 2016. The authors distinguish “big” from “normal data” on the basis of the volume of the data, the velocity at which data is collected, used and distributed, the variety of the information and the value of the data.

[2OECD, Big data: Bringing competition policy to the digital era, November 2016 – finding companies using data-driven innovation have experienced between 5 and 10% faster productivity growth that companies that do not.

[3Unlocking digital competition, Report of the Digital Competition Expert Panel of March 2019, para. 1.40 (https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/785547/unlocking_digital_competition_furman_review_web.pdf).

[4Id., at 9.

[5For instance, in 2017 Germany introduced a merger control threshold based on the value (€400 million) of the transaction.

[6Generally referred to as potentially anti-competitive acquisitions whereby an incumbent buys off a much smaller rival that had the ability to grow.

[8Competition and Markets Authority, The commercial use of consumer data, Final report, June 2015, para. 3.78. For the CMA there is a “greater likelihood of competition concerns” in those markets (i) in which data is a significant input into products and services produced, (ii) where there are few substitutes for the data collected by firms, (iii) where firms with existing market power control the collection of consumer data; and (iv) in which firms do not compete openly over data privacy and transparency of their uses of consumer data.

[9Autorité de la concurrence, Bundeskartellamt, Competition Law and Data, 10 May 2016 (http://www.autoritedelaconcurrence.fr/doc/reportcompetitionlawanddatafinal.pdf).

[10AGCM, IC53 – Big Data – sector enquiry opened on 30 May 2017. In June 2018 the AGCOM published an interim report in the context of the joint inquiry on “Big data” launched by the AGCOM deliberation No. 217/17 / CONS (https://www.agcom.it/documents/10179/11898202/studio-ricerca+04-09-2018/388e9d5d-e80f-4af4-a017-b81615c41fc1?version=1.0).

[11Bundeskartellamt, Case No. B6-22/16, Facebook exploitative business terms pursuant to Section 19(1) GWB for inadequate data processing.

[12On 26 August 2019, an appeal court in Düsseldorf has granted Facebook interim measures and suspended the Bundeskartellamt’s decision until the court has ruled on the merits of the appeal.

[13The four largest banks have had some 70% in PCAs and in excess of 80% in BCAs for a number of years, with new entrants and smaller banks gaining only little market shares.

[14The CMA in particular found that (incumbent) banks have a first-mover advantage over their smaller competitors (low acquisition costs plus economies of scale/scope) leading to unilateral market power over existing (inert) customers.

[15CMA, Retail banking market investigation, Final report, 9 August 2016, par. 166, page vii of the Summary. “We believe that it will significantly increase competition between banks, by making it much easier for both personal customers and SMEs to compare what is offered by different banks and by paving the way to the development of new business models offering innovative services to customers.” Please see also speech of 30 June 2017 of Alasdair Smith, CMA Inquiry Chair, at the BBA Retail Banking Conference, where he commented that “As you all know, the centrepiece of the measures which we are introducing to improve competition in retail banking is the Open Banking programme.”

[16Alongside service quality information and customer prompts.

[17Revised Payment Services Directive (2015/6366/EU).

[18In September 2015 Her Majesty’s Treasury set up an Open Banking Working Group to explore how data could be used to help people transact, save, borrow, lend and invest their money.

[19Royal Bank of Scotland Group, Lloyds Banking Group, Barclays, HSCB Group, Santander and Nationwide in Great Britain, and Danske, Bank of Ireland and Allied Irish Bank in Northern Ireland.

[20CMA Retail Banking Market Investigation Order of 7 February 2017, also setting out the required infrastructure (e.g., an Implementation Entity/Trustee) for open banking to be implemented effectively.

[21PISPs and AISPs are defined in PSD2 in Articles 4(15) and 4(16) respectively.

[22APIs are software communication protocols (standardised sets of requirements governing how software applications can talk to each other) which enable smooth data sharing between different systems.

[23This is the most important difference between PSD2 and UK Open Banking. Other differences are as follows: the UK initiative is mandated to nine banks only (instead of applying across industry) and it covers only PCAs/BCAs (within the scope of the market investigation) while PSD2 applies to “payment accounts” (enabling customers to place funds in account, withdraw cash, execute/receive payment transactions to/from third parties). UK open banking APIs are expected to be extended to all the payment accounts covered by PSD2 (i.e., credit cards, e-money wallets and some types of online savings accounts).

[24See European Commission, Fintech action plan: For a more competitive and innovative European financial sector, COM(2018)109, 7–8 and European Parliament report on Fintech: the influence of technology on the future of the financial sector (2017), 13.

[25See, e.g., the Berlin Group, which includes banks, payment schemes and associations and has been formed to set open standards in the interbanking domain between creditor bank and debtor bank.

[26AISPs and PISPs are subject to less stringent prudential requirements than banks because they do not hold deposits/clients’ funds.

[27An entity could be authorised for both account information and payment initiation services and therefore enable their customer to transfer the funds to switch to the better deal once that is found via the app/dashboard.

[28CMA, Retail banking market investigation, Final report, para. 13.8 on p. 443. In particular, transferring with the customer’s consent “cash from current accounts paying low or no interest to higher interest earning ones or transferring money into accounts that are about to go into overdraft.”

[29Karina McTeague speech of 1 March 2018 at the Pay360 conference Payments after PSD2: evolution or revolution (https://www.fca.org.uk/news/speeches/payments-after-psd2-evolution-or-revolution). McTeague noted that since 13 January 2018 the FCA has authorised a number of AISPs and PISPs providing innovative services such as storage of digital loyalty points or automatically investing customers’ purchases to the nearest pound.

[31The Commission for instance is currently investigating potential practices of banking associations in a number of Member States aimed at preventing fintech companies from gaining access to bank customers’ account data despite their consent. See European Commission – Fact Sheet “Commission confirms unannounced inspections concerning access to bank account information by competing services,” Brussels, 6 October 2017. Please see https://europa.eu/rapid/press-release_MEMO-17-3761_en.htm.

[32Bank of Ireland, Danske, HSBC, Lloyds Banking Group and Santander are the addressees of the CMA directions, which set a deadline for the banks to propose target dates for the outstanding issues (in relation to Bank of Ireland) or set out agreed target dates and implementation timetable—in particular to deliver App-to-App Redirection Functionality—(in relation to the other banks).

[33FCA, Strategic Review of Retail Banking Business Models, December 2018, para. 2.7, p. 13.

[34Although entry into core lending and deposit taking was viewed as unlikely in the “Future of Retail Banking” conference the FCA hosted in September 2018.

[35Id., para. 4.42 on p. 50.

[36For a discussion on the disruptive potential of the implementation of Open Banking (and PSD2) and the Bank of England’s decision to provide access to its real-time-gross-settlement system to non-bank payment service providers please see P. Siciliani, The Disruption of Retail Banking: A Competition Analysis of the Implications for Financial Stability and Monetary Policy, Journal of Financial Regulation, 2018, 23. The author in particular deals with the more likely impacts of increased competition at retail banking level: namely, reduced profitability; operational risk; deposit mobility; and disintermediation.

[39As found in the FCA FS 15/6 Call for Input on Big Data in retail general insurance of September 2016, where it was noted that “as more advanced analytical techniques become more widespread and such datasets become more valuable (…) [t]here may be competition concerns if firms were able to increase or create market power through their use of data” (p. 41).

[40MS17/2: Wholesale Insurance Broker Market Study, Final report, February 2019, p. 10. In 2016, among the brokers sampled for the market study 15 brokers offered such services, which accounted for approximately 8% of their revenues overall.

[41A block exemption regulation provides legal certainty setting out under which conditions certain arrangements can be deemed to meet the four conditions of Article 101(3) TFEU and therefore be lawful. From 1992 to 2017 Reg 3932/92 (OJ 1992 L398/7), Reg 358/2003, (OJ 2003 L53/8) and Reg 267/2010 (OJ 2010 L83/1) exempted in the insurance sector arrangements such as information exchange and pools. As regards information exchanges, the IBER covered: (i) the joint compilation and distribution of information necessary for the calculation of the average cost of covering a specified risk in the past; (ii) the construction of mortality tables, and tables showing the frequency of illness, accident and invalidity; and (iii) the joint carrying out and distribution (of the results) of studies on the impact of external circumstances on the frequency or scale of future claims for a given risk category.

[42The Commission carried out unannounced inspections at the premises of companies active in motor insurance in Ireland on 4 July 2017 and officially opened investigation on 14 May 2019. Please see press release of 14 May 2019: Antitrust: Commission opens investigation into Insurance Ireland data pooling system (http://europa.eu/rapid/press-release_IP-19-2509_en.htm).

[43FCA FS 15/6 Call for Input on Big Data in retail general insurance of September 2016.

[44A. Bailey, The challenges for insurance and regulators in a Big Data world, November 2016.

[45C. Randell, How can we ensure that Big Data does not make us prisoners of technology? Speech delivered at Reuters Newsmaker event of 11 July 2018: “We need to anticipate the fundamental questions which Big Data, artificial intelligence and behavioural science present, and (…) think about how to mitigate the risk that an algocracy exacerbates social exclusion and worsens access to financial services in the way that it identifies the most profitable or the most risky customers” (https://www.fca.org.uk/news/speeches/how-can-we-ensure-big-data-does-not-make-us-prisoners-technology). 

[46MS 18/1.1, General Insurance Pricing Practices, Terms of Reference of October 2018 (https://www.fca.org.uk/publication/market-studies/ms18-1-1.pdf).

[47ESMA, EBA, EIOPA, Joint Committee Final Report on Big Data (JC/2018/04), 15 March 2018, para. 34 (p.11).

[48Id., para. 13 (p. 6).

[49The FCA did not receive comments that big data raises or increases barriers to entry; mixed comments on whether the cost of investments in big data is significant (which may well depend on the insurer’s business model and investment decision ); and considered unlikely that access to and ability to substitute different types of data can restrict competition

[50In product design, pricing, marketing, distribution and sales, claims handling and fraud detection.

[51Unlocking digital competition, Report of the Digital Competition Expert Panel, March 2019, para. 3.5, p. 84.

[52Id., at para. 3.27 (e.g., multi-sided nature of the markets, zero pricing, the fact that “[e]xtensive data collection, computing power, artificial intelligence and machine learning capabilities may arguably create a multiplicity of small consumer markets”).

[53R. Finer, Weighing the value of data – trade-offs, transparency and competition in the digital marketplace, speech delivered at the Respublica conference “The Value of Data, Competition, and Financial Services,” London on 7 May 2019. “By increasing our understanding of these markets and the role and value of data, I believe we can help empower consumers to choose what to share, where, and for what. Understanding the variation in the use and value of data, in aggregate, can help inform debates about how to deal with technology firms’ market power. And in the years ahead, firms’ use of data may be a factor when considering proposed break ups of dominant technology players, versus adapting our existing anti-trust competition analysis” (https://www.fca.org.uk/news/speeches/weighing-value-data-digital-marketplace).

[54FCA, The Impact and Effectiveness of Innovate, April 2019, para. 9.4, p. 30.

[55Retail Banking Market Investigation, Final Report, Competition and Markets Authority, 2016.

[56See for example, Data Sharing and Open Data for Banks: A report for HM Treasury and Cabinet Office (2014) by the Open Data Institute and Fingleton Associates for an early example of UK Government’s recognition of the potential benefits of open banking.

[57The process whereby a TPP would acquire the online credentials of a bank customer and then use them to log into their account, in effect impersonating them.

[58In order to maintain consistency with PSD2, open API standards for payment accounts other than current accounts have been developed as part of the open banking project and are available free to all payment service providers.

[59The Berlin Group, for example, aims to foster interoperability and harmonisation of payment standards.

[60OpenWrks and Swoop, for example, both provide developers and others with the technology to support such comparison services.

[61PSD2 distinguishes between two types of third-party provider: Account information service providers (AISPs) and Payment initiation service providers (PISPs). The former are authorised to offer “read-only” access to the customer’s transaction data, meaning the TPP can view transactions but not execute them. The latter are authorised to use “read-write” functionality, meaning that they can, with the customer’s permission, move money into and out of their accounts. In practice, PISPs will be authorised as AISPs but not vice versa.

[62See for example MortgageGym’s planned service.

[63SafetyNet Credit is an example of a sweeping service provider.

[64Credit Kudos, for example, enables consumers to use their transaction data to improve their credit score. CreditLadder specifically helps tenants use their rental payment history as part of a mortgage application.

[65Sadly, the original Trustee, Andrew Pinder, died within a few months of taking up his position.

[66“Directions” are instructions issued to parties by the CMA requiring them to take or refrain from specified actions in order to bring them into compliance with an Order.

[67See for example the partnership between NatWest and Tink. https://techcrunch.com/2019/05/08/tink-natwest/

[68Directive (EU) 2015/2366 of the European Parliament and the Council of 25 November 2015 on payment services in the internal market, amending Directives 2002/65/EC, 2009/110/EC and 2013/36/EU and Regulation (EU) No 1093/2010, and repealing Directive 2007/64/EC.

[69This initiative followed the UK Competition and Markets Authority (“CMA”)’s Retail Banking Market Investigation, Final Report, 9 August 2016.

[70Commission Delegated Regulation (EU) 2018/389 of 27 November 2017 supplementing Directive (EU) 2015/2366 of the European Parliament and of the Council with regard to regulatory technical standards for strong customer authentication and common and secure open standards of communication, in force since 14 March 2018. The Regulation applies from 14 September 2019. However, some general obligations for access interfaces apply since 14 March 2019.

[71Proposal for a Regulation of the European Parliament and of the Council concerning the respect for private life and the protection of personal data in electronic communications and repealing Directive 2002/58/EC (Regulation on Privacy and Electronic Communications), COM(2017)10 final, 10 January 2017.

[72Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC, OJ L 119, 4.5.2016.

[73Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 concerning measures for a high common level of security of network and information systems across the Union.

[74Directive 2005/29/EC of the European Parliament and of the Council of 11 May 2005 concerning unfair business-to-consumer commercial practices in the internal market and amending Council Directive 84/450/EEC, Directives 97/7/EC, 98/27/EC and 2002/65/EC of the European Parliament and of the Council and Regulation (EC) No 2006/2004 of the European Parliament and of the Council (“Unfair Commercial Practices Directive”).

[75Dutch Competition Authority study, Fintechs in the payment system: the risk of foreclosure, 19 December 2017 - the authority stated on its website it “will keep a close watch on whether or not banks offer providers of new payment products access to payment information. If necessary, ACM can take enforcement action against anticompetitive practices”; UK Financial Conduct Authority Business Plan 2018/19, 9 April 2018 - the FCA stated it will review the use of data by financial services firms in order to assess potential opportunities and harms and where the FCA may need to intervene, p. 27; Spanish Competition Authority’s market study on the impact on competition of technological innovation in the financial sector (fintech), E/CNMC/001/18, 13 September 2018; Portuguese Competition Authority’s Issues Paper, Technological Innovation and Competition in the Financial Sector in Portugal, October 2018.

[76Spanish Competition Authority’s market study on the impact on competition of technological innovation in the financial sector, op. cit., p. 7.

[77Joint Committee of the European Supervisory Authorities, Joint Committee Final Report on Big Data, JC/2018/04, 15 March 2018.

[78Id., p. 23, para. 105.

[79Study requested by the European Parliament ECON committee, Competition issues in the Area of Financial Technology (fintech), July 2018.



[82Id., p. 13.

[83Id., p. 15.


[85Id., p. 88.

[86Case C-7/97, Oscar Bronner GmbH & Co. KG v. Mediaprint Zeitungs- und Zeitschriftenverlag GmbH & Co. KG, judgment of 26 November 1998, ECLI:EU:C:1998:569, para. 38–46.

[87Study requested by the European Parliament ECON committee, op. cit., pp. 88–89.

[88Bank for International Settlements, Annual Economic Report: III. Big tech in finance: opportunities and risks, 23 June 2019.

[89French Competition Authority and Bundeskartellamt, Competition Law and Data, 10 May 2016, p. 53.

[90OECD, Big Data: Bringing Competition Policy to the Digital Era, Executive Summary, DAF/COMP/M(2016)2/ANN4/FINAL, 26 April 2017, p. 3.

[91Id., p. 4.


[93Unlocking digital competition, Report of the Digital Competition Expert Panel, 13 March 2019.

[94Competition Policy for the Digital Era, a report by Jacques Crémer, Yves-Alexandre de Montjoye, Heike Schweitzer, 4 April 2019.

[95Id., p. 3.


[97Id., p. 9.

[98Id., p. 3.

[99Id., p. 9.

[100Id., p. 125.

[101Id., p. 76.

[102FTC Hearings on Competition and Consumer Protection in the 21st Century held during fall 2018–spring 2019.

[103FTC Report, Big Data: A Tool for Inclusion of Exclusion? Understanding the Issues, January 2016,

[104Case M.7217, Facebook/WhatsApp, European Commission unconditional clearance decision of 3 October 2014.

[105Case M.8124, Microsoft/LinkedIn, European Commission conditional clearance decision of 6 December 2016.

[106Reference is made in this respect to the May 2019 Lear report on ex-post assessment of merger control decisions in digital markets, prepared for the CMA. The report assesses several recent merger decisions of the CMA involving tech and big data companies with a critical eye regarding the authority’s insufficient assessment of, e.g., user experience or influence from the datasets at issue.

[107Case AT.39740, Google Search (Shopping), prohibition decision (Art. 102 TFEU) of 27 June 2017.

[108Bundeskartellamt, decision B6-22/16 of 6 February 2019, .. Germany’s Federal Cartel Office prohibited Facebook Inc., its subsidiaries Facebook Ireland Ltd. and Facebook Germany GmbH (together “Facebook”) from making the use of its social network conditional on the collection of user data from multiple sources without the user’s voluntary consent. While the FCO did not impose fines on Facebook, it restricted the way Facebook can collect and process user data from third-party sources, including Facebook-owned services, such as Instagram or WhatsApp.

[109Oberlandesgericht Düsseldorf Beschluss, Facebook v Bundeskartellamt, VI-Kart 1/19 (V), 26 August 2019 [in German].

[110French Competition Authority, decision 14-MC-02 on interim measures of 9 September 2014. The authority’s decision was upheld by the Paris Court of Appeal, but this judgment is currently under appeal to the Court of Cassation. On 22 March 2017, the French Competition Authority fined ENGIE €100 million for abusing its dominant position by using in particular its historical data file to convert its customers on regulated gas tariffs to market-based contracts for gas and electricity.

[111Dutch Competition Authority press release, ACM conditionally clears acquisition of Iddink Group by Sanoma Learning, 29 August 2019.

[112European Commission press release, MEMO/17/3761, 6 October 2017.

[113In a letter addressed to the European Parliament in response to concerns raised over the rollout of Apple’s payment technology in Germany, Margrethe Vestager wrote “the Commission is closely following these developments and their impact on the mobile payment sector,” as reported by MLex, “Contactless-mobile payments under ‘close’ EU watch,” 3 October 2018.

[114Santander Global Tech (2019), Fintech and Bigtech, how have they changed the banking industry?, https://santanderglobaltech.com/en/fintech-bigtech-how-have-they-changed-banking-industry.

[115C. Álvarez (2018), Data will be the key in the battle between banks and big tech, https://www.bbva.com/en/data-will-be-the-key-in-the-battle-between-banks-and-big-tech.

[117For example, Apple Pay, Google Pay, Amazon Pay, Messenger Pay (Facebook) and Microsoft Pay.

[118Institute of International Finance (2018), A New Kind of Conglomerate: Bigtech in China; and Citi GPS (2018), Bank of the Future: The ABCs of Digital Disruption in Finance.

[119Time (2019), How China Is Using “Social Credit Scores” to Reward and Punish Its Citizens, https://time.com/collection-post/5502592/china-social-credit-score.

[120P. Guy (2018), China’s Ant Financial and WeBank – ‘Too Big to Regulate’, https://www.regulationasia.com/chinas-ant-financial-and-webank-too-big-to-regulate.

[121A. Concepcion (2019), How Ant Financial Became the Largest Fintech in the World, https://www.applicoinc.com/blog/ant-financial-services-platform-largest-fintech-in-world.

[122Reuters (2019), China’s giant money market fund relaxes investment restrictions, https://www.reuters.com/article/us-ant-financial-funds/chinas-giant-money-market-fund-relaxes-investment-restrictions-idUSKCN1RM0MF.

[123N. Bilotta and S. Romano (eds.) (2019), The Rise of Tech Giants. A Game Changer in Global Finance and Politics.

[124L. Louise (2018), Alibaba Revenues Rise but Ant Financial Makes a Net Loss, in Financial Times, https://www.ft.com/content/6d756d0e-4f9f-11e8-9471-a083af05aea7.

[125N. Bilotta and S. Romano (2019), The Rise of Tech Giants. A Game Changer in Global Finance and Politics.

[126Coopetition is the act of cooperation between competing companies; businesses that engage in both competition and cooperation are said to be in coopetition. Certain businesses gain an advantage by using a judicious mixture of cooperation with suppliers, customers, and firms producing complementary or related products. Coopetition is a type of strategic alliance that is particularly common between software and hardware firms.” Investopedia, at https://www.investopedia.com/terms/c/coopetition.asp. See also A. Brandenburger and B. J. Nalebuff, Co-Opetition, Doubleday & Co, 1997.

[127The Economist (2019), assessing the creditworthiness of its borrowers using the myriad of data that it accumulates on its e-commerce platform (https://www.economist.com/finance-and-economics/2019/05/02/the-past-decade-has-brought-a-compliance-boom-in-banking).

[128P. Ryan (2014), Compliance Burdens on FIs Increased 26% in 3Q, https://bankinnovation.net/2014/11/compliance-burdens-on-fis-increased-26-in-3q.

[129N. Bilotta and S. Romano (2019), The Rise of Tech Giants. A Game Changer in Global Finance and Politics.


[131A. Carstens (2019), Big tech in finance and new challenges for public policy, https://www.bis.org/speeches/sp181205.pdf.

[132S. Zhang and J. Ruwitch (2018), Exclusive: Ant Financial shifts focus from finance to tech services: sources, https://www.reuters.com/article/us-china-ant-financial-regulation-exclus/exclusive-ant-financial-shifts-focus-from-finance-to-tech-services-sources-idUSKCN1J10WV.

[133Institute of International Finance (2018), A New Kind of Conglomerate: Bigtech in China.

[134World Bank (2015), The Global Findex Database 2014: Measuring Financial Inclusion around the World.


[136McKinsey & Company (2016), Weathering the storm: Asia–Pacific Banking Review 2016.

[137Traditional banks’ business model relies on cross-subsidisation of its services. In its simplest form, banks raise deposits in exchange for a given interest rate and the provision of financial services (such as direct debit, card payments and others), and use them to grant loans to borrowers at higher interest rates. Banks thus make profits from (i) the net interest, and (ii) cross-selling of other financial services and products for a fee (e.g., insurance, wealth management, currency exchange, overdraft and others).

[138M. de la Mano and J. Padilla (2019), Big Tech Banking, Journal of Competition Law and Economics, forthcoming

[139T. Berg, V. Burg, A. Gombović and M. Puri (2019), On the Rise of FinTechs—Credit Scoring Using Digital Footprints, Review of Financial Studies, forthcoming.

[140M. Puri, J. Rocholl and S. Steffen (2017), What do a million observations have to say about loan defaults? Opening the black box of relationships, Journal of Financial Intermediation 31.

[141N. Megaw (2019), Amazon seeks to revive its faltering loans business. https://www.ft.com/content/1eb61d50-81fb-11e9-b592-5fe435b57a3b.


[143The Economist (2019), What bankers need to know about the mobile generation.

[144L. Dignan (2018), Top cloud providers 2018: How AWS, Microsoft, Google, IBM, Oracle, Alibaba stack up, https://www.zdnet.com/article/top-cloud-providers-2018-how-aws-microsoft-google-ibm-oracle-alibaba-stack-up.


[146According to Business Insider, Google spent more than $30 billion in R&D on its cloud (J. Bort (2017) Google spent $30 billion on its cloud and is making some undeniable progress, https://www.businessinsider.com/google-spent-30-billion-on-cloud-and-is-making-progress-2017-3).

[147Financial Stability Board (2019), FinTech and market structure in financial services: Market developments and potential financial stability implications.

[148A. Levy and D. Bosa (2016), How Amazon Web Services is luring banks to the cloud, https://www.cnbc.com/2016/11/30/how-amazon-web-services-is-luring-banks-to-the-cloud.html?__source=sharebar|twitter&par=sharebar.


[150Business Insider (2017), Amazon and Chase introduce Prime credit card, https://www.businessinsider.com/amazon-and-chase-introduce-prime-credit-card-2017-1?IR=T.

[151E. Glazer, L. Hoffman and L. Stevens (2018), Next Up for Amazon: Checking Accounts, https://www.wsj.com/articles/are-you-ready-for-an-amazon-branded-checking-account-1520251200.

[152P. Schaus (2019), The smart way for banks to partner with big tech, https://www.americanbanker.com/opinion/the-smart-way-for-banks-to-partner-with-big-tech.

[153Financial Stability Board (2019), FinTech and market structure in financial services: Market developments and potential financial stability implications.


[155S. Brush (2019), Big Tech Is Coming for Big Bank Profits, Finance Regulators Warn, https://www.bloomberg.com/news/articles/2019-02-14/big-tech-is-coming-for-big-bank-profits-finance-regulators-warn.

[156S. Zhang and J. Ruwitch (2018), Exclusive: Ant Financial shifts focus from finance to tech services: sources.

[157A. Carstens (2018), Big tech in finance and new challenges for public policy.

PDF Version


  • Financial Conduct Authority (London)
  • Skadden, Arps, Slate, Meagher & Flom (Brussels)
  • British Competition Authority - CMA (London)
  • Skadden, Arps, Slate, Meagher & Flom (New York)
  • Financial Conduct Authority (London)
  • Compass Lexecon (Brussels)
  • British Competition Authority - CMA (London)
  • Compass Lexecon (London)
  • Skadden, Arps, Slate, Meagher & Flom (Brussels)
  • University Paris II Panthéon‑Assas


Fabio Falconi, Caroline Janssens, Adam Land, Stuart D. Levi, Sheldon Mills, Jorge Padilla, Bill Roberts, Stefano Trento, Ingrid Vandenborre, Marianne Verdier, Banking and big data, November 2019, Concurrences N° 4-2019, Art. N° 92003, pp. 22-47

Visites 595

All reviews