Organisations participating in Open Banking will be subject to obligations and risks resulting from their responsibilities for exchanging and handling consumer’s data under pending Open Banking regulations.
To participate in Open Banking, organisations are required to keep consumers’ data safe, use it only with consumers consent, and keep consumers on notice of the transmittal and usage of their data. Organisations must also promptly notify consumers when a breach of those responsibilities occurs.
Open Banking rules and standards, as well as consumer’s expectations, both require participating organisations to exercise a special duty of care when it comes to their data. Deloitte has developed its Open Banking assurance offering to not only provide assurance on an organisations compliance with relevant rules and standards, but also provide insights to ensure that the operating structures put in place are fit for purpose.
Deloitte has developed a range of tools to assist organisations to confidently move into Open Banking.
Open Banking Obligations Tool
Deloitte has developed an Open Banking Obligations Tool which identifies rules and standards that apply to Data Holders and Data Recipients. This includes an Open Banking Controls Assurance Program and Open Banking Accreditation and Compliance Review.
Open Banking Controls Assurance Program (ASAE 3150)
- Prior to go-live : Review design of planned controls
- Following go-live : Review of design, implementation and operating effectiveness of controls
Open Banking Accreditation and Compliance Review (ASAE 3100)
- Prior to go-live : Readiness gap analysis or initial accreditation assessment against Open Banking rules and standards
- Following go-live : Periodic review of compliance with Open Banking rules and standards
Open Banking Controls Assurance Program
Our controls assurance program determines the extent to which the controls implemented by the organisation effectively enable them to maintain compliance with relevant obligations.
Controls assurance provides stakeholders with confidence around the design of planned controls prior to go-live, and may help the organisation avoid costly re-design later. Controls assurance can also provide periodic assurance on the maintenance of the control environment and its operating effectiveness post go-live.
Open Banking Accreditation and Compliance Review
Our initial accreditation and ongoing compliance review determines whether the range of obligations an organisation is subject to have been met over the relevant period. These include testing that data has been kept safe, used only as consumers have instructed, and consumer notifications have been actioned timely.
An Open Banking Accreditation and Compliance Review will address periodic review obligations for Open Banking participants required by the rules.
For more information about Deloitte’s Open Banking series see:
Open Banking – the time to act is now