Unlocking the potential of open banking in New Zealand

In May, Aotearoa reached a milestone in open banking when the country’s four largest banks were required to support payments via secure Application Programming Interfaces (APIs).

APIs are digital connections enabling secure data sharing between banks and authorised third parties.

Payment initiation APIs, now supported by the four major banks, allow third parties to securely connect to banks—with explicit customer consent—enabling customers to make direct bank account payments through third-party apps.

For example, when a customer makes an online purchase, instead of entering credit or debit card details they could choose to pay directly from their bank account with a few taps. Here’s how it could work:

1. The online merchant connects to the customer’s bank through a secure API
2. The customer authenticates the payment within their bank’s secure environment
3. The transaction is completed immediately without the need for a debit or credit card.

This process is not only fast and convenient, but could also help save money on transaction fees.

The next major API deadline is in November, when the four main banks must have the technology in place to allow customers to securely share their banking data with third-party providers of their choice.

This goes beyond payments, allowing the sharing of account information and transaction history. This opens up a world of possibilities for personalised financial services, such as budgeting tools, savings apps, and tailored investment advice.

For instance, a customer could allow a budgeting app to access their transaction history. The app could then automatically categorise their spending, provide insights into their financial habits, and offer personalised advice on budgeting, saving, and investing.

Customers looking for a home loan could also benefit from open banking. For example, a comparison service could access the customer’s banking data to create a comprehensive financial profile, including their income, regular expenses, savings habits, and existing debts. The service could use this data to match the customer with a range of suitable lenders or give lenders the opportunity to offer personalised loan terms based on the customer’s unique financial situation.

These examples show how open banking enables both fintechs and traditional financial institutions to innovate and provide greater convenience, choice, and personalisation for consumers.

Next steps

Having the technical infrastructure in place is crucial, it’s not enough alone to truly unleash the potential of open banking. To fully realise its benefits, the country needs a robust Consumer Data Right (CDR) regime.

A CDR is a regulatory framework that gives consumers the right to safely access and share their data with third parties, and puts standardised safeguards in place to ensure security and privacy.

In the New Zealand context, for a CDR to best support open banking in delivering on its potential – being trusted by consumers, and reaching critical mass – we believe it should rest on three key pillars.

Consumers in control

First, consumers must have complete control over their data. This means deciding which third parties can access their information, and for what specific purposes, as well as having the ability to revoke that access at any time. The success of open banking hinges on trust, and without it, the entire system loses its foundation.

By putting customers firmly in control of their data, we create an environment where people feel secure enough to engage with these new financial technologies. This level of control is not just a feature – it’s a fundamental requirement for building and maintaining the trust necessary for open banking to succeed and thrive in Aotearoa.

Accreditation

Second, there must be robust accreditation and security standards for any entity wanting to take part in the open banking ecosystem. This ensures that customer data is only shared with trusted, vetted providers. The accreditation process could assess things like a third party’s data encryption methods, storage practices, and protocols for handling sensitive information, with mandatory security audits to ensure compliance.

Managing liability

Third, liability must shift with the data. Clear rules around data usage and liability are essential for creating a secure, trustworthy open banking environment. As data moves from banks to fintechs, the responsibility for protecting and securing that data should move with it. This shift in liability is crucial because it ensures the party with direct control over the data is also accountable for its protection. It incentivises fintechs to maintain robust security measures and handle customer data responsibly.

At BNZ, we believe that a comprehensive CDR framework built on these pillars is critical for the success of open banking in New Zealand. It will provide the necessary protections for consumers while fostering innovation and competition in the financial sector.

Moving forward

We also see a crucial role for key stakeholders, including the government, banks, fintechs, and consumer advocates, to work together to educate the public about open banking.

Over time, open banking has the potential to revolutionise how New Zealanders manage their money, access financial services, and interact with banks and other providers. By securely sharing financial data, it enables innovative, personalised services that can help people save, budget, and invest more effectively.

As we continue this journey, it is important to remember that open banking is ultimately about empowering New Zealanders with greater control over their financial data and access to services that can improve their financial wellbeing. By working together – banks, fintechs, government, and consumers – we can build a thriving open banking ecosystem that benefits all New Zealanders.

This article is solely for information purposes and is not intended to be financial advice. If you need help, please contact BNZ or your financial adviser. Neither BNZ nor any person involved in this article accepts any liability for any direct or indirect loss or damage arising out of the use of, or reliance on, all or any part of the content.