India needs robust regulatory framework for open banking operations

Experts believe India needs a robust regulatory framework to deal with challenges emanating from increasing number of players sitting in different geographical locations getting involved in open banking operations.

Open banking refers to sharing and leveraging of customer-permissioned data by banks with third-party developers and firms to build applications and services, including those that provide real-time payments, greater financial transparency options for account holders, marketing and cross-selling opportunities.

Sivarama Krishnan, Partner & Lender, Cybersecurity, PwC India pitched for a three-level governance model to deal with the security issues concerning open banking, stressing at with open API (application programming interface) and disruptive innovations regulated entities will integrate even deeper with the external world.

“We need governance at three levels – broad country level privacy framework (minimum principles to be met by all entities of certain size and above), individual regulatory framework for specific industry-related use cases around privacy requirements and organizational to evolve data protection techniques which help protect the data which can be shared for processing purposes with third parties,” he explained. “Regulated entities that can mandate the data protection techniques to be followed by critical ecosystem partners, who process sensitive data security for them.”

M Rajeshwar Rao, Reserve Bank Deputy Governor, at a webinar on open banking organized by Tata Consultancy Services in association with the Embassy of India in Brazil, said technological innovation in banking is paramount importance but cannot be pursued at the cost of customer privacy and data protection which are non-negotiable.

Also Read: India Inc gives helping hand and resource access for COVID-19 care

Prakash Shetty, Head of Operations, Compliance and CS, Clix Capital, said open banking is still in its nascent stage of development at least in India and in some other similar developing jurisdictions. “A comprehensive regulatory framework, covering eligibility criteria for participants, SOPs to maintain basic operational ethics, customer safety standards and all by keeping the dynamic nature of the industry in mind can solve a big range of issues,” Shetty said. “Indian legislators had recently updated the data protection laws with a principle that customers own their data and have the right to control it. This can be a substance for an open banking framework; however, we expect specific guidance over system security protocols, open API standards and other technical specifications.”

Dhruv Matta, Principal Associate, Lakshmikumaran & Sridharan Attorneys, said privacy in India is currently a paper-based right and to operationalize effective enforcement of this right, a national privacy legislation is the need of the hour. He added that this will ensure better privacy standards for consumers and will ease the transition with the compliance requirements of the proposed legislation.