Asia-Pacific Leads in Open Banking Regulation While Strengthening Personal Data Privacy

Michael Magrath, December 7, 2020

Of all the regional markets driving digital transformation at the regulatory level, the Asia-Pacific (APAC) region is leading the pack in strides. Banks and financial institutions operating in most Asia-Pacific region countries are implementing highly innovative digital services facilitated in part by national regulatory initiatives around legislation and policy. Asia, in particular, is extremely financially progressive and fintech friendly. In fact, Singapore has the most robust financial services regulatory framework and the most active national legislators and authorities of any developed country not in just the region, but the world. The Monetary Authority of Singapore is extremely active in legislating and is constantly issuing new regulations around a variety of issues in the financial services sector, including multi-factor authentication (MFA) and other security initiatives.

Across Asia Pacific, 2020 has been a year marked by advances in open banking, data privacy and data protection, digital payments, e-signature, e-KYC and remote onboarding. 

In this blog, we pull the highlights from our inaugural OneSpan Global Financial Regulations Report to provide a summary of how these themes are driving transformation for financial institutions in the Asia Pacific region. 

Open Banking and Fintech

Open banking in Australia is making slow but steady progress in becoming reality for consumers. In February, the Australian Competition and Consumer Commission (ACCC) published the final rules for competition and consumer data rights and the open banking initiative applicable to consumers seeking financial services. A phased roll-out of the rules under a national open banking initiative began with the Big Four banks on July 1, starting with sharing of “product reference data” with accredited data recipients. Mortgage and personal loan data sharing began November 1.

Unlike the EU’s PSD2, the ACCC will permit screen scraping for open banking. In September, the Senate’s Select Committee on Financial Technology and Regulatory Technology recommended a new agency be created to regulate the Consumer Data Right (CDR).

Meanwhile, New Zealand is currently exploring its own Consumer Data Right for open banking; currently, the country is considering an open banking model similar to the EU’s PSD2.

E-Signature, Digital Identity and Remote Onboarding

To ease digital business, certain governments further enabled the use of electronic signatures. For example, on December 10, 2020, amendments to South Korea’s Digital Signature Act regarding digital identification become effective. Changes in the Act remove certain requirements for certificates for digital signatures, to “remove barriers to entry” for consumers. And recent changes under the law promulgate the use of various types of identity proofing technology, including biometric authentication and blockchain, during e-signature certification.

COVID-19 has also prompted a number of regulatory and legislative activities in the region.

In May, for example, the Australian government permitted corporate contracts to be executed using electronic documents and e-signatures. This ruling was extended through March 21, 2021. Australia also announced plans to amend The Corporations Act 2001 and other relevant legislation and regulations to allow for the use of electronic signature when executing legal documents and to enable witnessing of official documents via videoconferencing or other secure technological means.

Also noteworthy, this year Hong Kong’s Insurance Authority extended temporary Phase 2 measures to “obviate the need to conduct face-to-face meetings in order to minimize the risk of infection” during the sale of insurance policies. The measures have been extended to December 31, 2020. The Monetary Authority of Singapore (MAS) encouraged FIs to actively promote the use of [non-face-to-face] digital options and provide customers suitable guidance on how to use them, specifically for remote identity verification.

In June, the Hong Kong Monetary Authority (HKMA) published a circular outlining remote onboarding for individual customers based on feedback from banks and fintech firms. The circular sets out regulatory expectations and best practices for remote onboarding. In September, the HKMA outlined key principles in relation to remote onboarding of corporate customers. Its circular details the differences between individual customer onboarding and corporate customer onboarding regarding customer due diligence.

Among the other countries in our report, in January, the Reserve Bank of India approved remote video-based authentication through Aadhaar. The Video Customer Identification Process (V-CIP) is a video chat session option that allows the customer to show identity documents that are checked against the issuing authority’s database. And in June, Malaysia’s central bank published a policy document on Electronic Know Your Customer (e-KYC).

Data Privacy and Data Protection

The was also a lot of activity within the region as it relates to data privacy and data protection.  In December 2019, India introduced the Personal Data Protection Bill into Parliament. It would create the first legal framework for data protection in India and includes similar provisions of the E.U.’s General Data Protection Regulation, such as the right to be forgotten.

In January 2020, the HKMA released a proposal to review the  Personal Data Privacy Ordinance (PDPO). The government is reviewing and studying possible amendments to the PDPO to strengthen the protection of personal data.

Singapore issued a consultation to amend the 2012 Personal Data Protection Law. The government wants to amend the law to “take into account technological advances, new business models and global developments in data protection legislation.”

In June, Japan’s National Diet passed an amendment to the Act on the Protection of Personal Information (APPI). Rules and guidelines are expected to be released sometime in 2021, and the amended APPI will officially come into force no later than June 2022. The amendments to APPI establish new definitions, clarify several existing clauses, and permit new types of personal data processing.

Of all the regional markets driving digital transformation at the regulatory level, the Asia-Pacific (APAC) region is leading the pack in strides. Banks and financial institutions operating in most Asia-Pacific region countries are implementing highly innovative digital services facilitated in part by national regulatory initiatives around legislation and policy. Asia, in particular, is extremely financially progressive and fintech friendly. In fact, Singapore has the most robust financial services regulatory framework and the most active national legislators and authorities of any developed country not in just the region, but the world. The Monetary Authority of Singapore is extremely active in legislating and is constantly issuing new regulations around a variety of issues in the financial services sector, including multi-factor authentication (MFA) and other security initiatives.

Across Asia Pacific, 2020 has been a year marked by advances in open banking, data privacy and data protection, digital payments, e-signature, e-KYC and remote onboarding. 

In this blog, we pull the highlights from our inaugural OneSpan Global Financial Regulations Report to provide a summary of how these themes are driving transformation for financial institutions in the Asia Pacific region. 

Open Banking and Fintech

Open banking in Australia is making slow but steady progress in becoming reality for consumers. In February, the Australian Competition and Consumer Commission (ACCC) published the final rules for competition and consumer data rights and the open banking initiative applicable to consumers seeking financial services. A phased roll-out of the rules under a national open banking initiative began with the Big Four banks on July 1, starting with sharing of “product reference data” with accredited data recipients. Mortgage and personal loan data sharing began November 1.

Unlike the EU’s PSD2, the ACCC will permit screen scraping for open banking. In September, the Senate’s Select Committee on Financial Technology and Regulatory Technology recommended a new agency be created to regulate the Consumer Data Right (CDR).

Meanwhile, New Zealand is currently exploring its own Consumer Data Right for open banking; currently, the country is considering an open banking model similar to the EU’s PSD2.

E-Signature, Digital Identity and Remote Onboarding

To ease digital business, certain governments further enabled the use of electronic signatures. For example, on December 10, 2020, amendments to South Korea’s Digital Signature Act regarding digital identification become effective. Changes in the Act remove certain requirements for certificates for digital signatures, to “remove barriers to entry” for consumers. And recent changes under the law promulgate the use of various types of identity proofing technology, including biometric authentication and blockchain, during e-signature certification.

COVID-19 has also prompted a number of regulatory and legislative activities in the region.

In May, for example, the Australian government permitted corporate contracts to be executed using electronic documents and e-signatures. This ruling was extended through March 21, 2021. Australia also announced plans to amend The Corporations Act 2001 and other relevant legislation and regulations to allow for the use of electronic signature when executing legal documents and to enable witnessing of official documents via videoconferencing or other secure technological means.

Also noteworthy, this year Hong Kong’s Insurance Authority extended temporary Phase 2 measures to “obviate the need to conduct face-to-face meetings in order to minimize the risk of infection” during the sale of insurance policies. The measures have been extended to December 31, 2020. The Monetary Authority of Singapore (MAS) encouraged FIs to actively promote the use of [non-face-to-face] digital options and provide customers suitable guidance on how to use them, specifically for remote identity verification.

In June, the Hong Kong Monetary Authority (HKMA) published a circular outlining remote onboarding for individual customers based on feedback from banks and fintech firms. The circular sets out regulatory expectations and best practices for remote onboarding. In September, the HKMA outlined key principles in relation to remote onboarding of corporate customers. Its circular details the differences between individual customer onboarding and corporate customer onboarding regarding customer due diligence.

Among the other countries in our report, in January, the Reserve Bank of India approved remote video-based authentication through Aadhaar. The Video Customer Identification Process (V-CIP) is a video chat session option that allows the customer to show identity documents that are checked against the issuing authority’s database. And in June, Malaysia’s central bank published a policy document on Electronic Know Your Customer (e-KYC).

Data Privacy and Data Protection

The was also a lot of activity within the region as it relates to data privacy and data protection.  In December 2019, India introduced the Personal Data Protection Bill into Parliament. It would create the first legal framework for data protection in India and includes similar provisions of the E.U.’s General Data Protection Regulation, such as the right to be forgotten.

In January 2020, the HKMA released a proposal to review the  Personal Data Privacy Ordinance (PDPO). The government is reviewing and studying possible amendments to the PDPO to strengthen the protection of personal data.

Singapore issued a consultation to amend the 2012 Personal Data Protection Law. The government wants to amend the law to “take into account technological advances, new business models and global developments in data protection legislation.”

In June, Japan’s National Diet passed an amendment to the Act on the Protection of Personal Information (APPI). Rules and guidelines are expected to be released sometime in 2021, and the amended APPI will officially come into force no later than June 2022. The amendments to APPI establish new definitions, clarify several existing clauses, and permit new types of personal data processing.

In September, Taiwan’s legislature introduced a bill aimed at aligning the domestic data protection framework with the EU’s GDPR. Taiwan’s goal, ultimately, is to satisfy adequacy requirements to allow cross-border data flow between Taiwan and the EU.

Finally, New Zealand’s new Privacy Act, repealing the Privacy Act of 1993, officially took effect on December 1, 2020.

Conclusion

Regulatory authorities overseeing the Asia-Pacific region continue to develop laws, regulations, legislation and policies that facilitate digital transformation at financial institutions while protecting consumer interests. With the Singapore Monetary Authority leading the charge, APAC authorities are at the forefront of progressive legislative initiatives that promote digital innovation in the financial services sector, especially in regards to open banking and fintech.

For further insights and updates, download our Global Financial Regulations Report. We welcome your feedback on how we can improve on this valuable resource. Reach us at [email protected] with your comments on this report.

This blog is the second of a regional series covering financial regulations in North America, Asia-Pacific, the Middle East, Europe, Africa and Latin America. Subscribe to our blog for alerts as new blogs are published.

OneSpan Global Financial Regulations Report
Report

OneSpan Global Financial Regulations Report

Download this 2020 report to keep current on the latest regulatory and legislative changes around the world – relative to e-signature, digital identity, cybersecurity, and more.

Download Now

This article is for informational purposes only and does not constitute legal advice. It is recommended that independent professional advice is sought from your side. OneSpan does not accept liability for the contents of these materials.

 

In September, Taiwan’s legislature introduced a bill aimed at aligning the domestic data protection framework with the EU’s GDPR. Taiwan’s goal, ultimately, is to satisfy adequacy requirements to allow cross-border data flow between Taiwan and the EU.

Finally, New Zealand’s new Privacy Act, repealing the Privacy Act of 1993, officially took effect on December 1, 2020.

Conclusion

Regulatory authorities overseeing the Asia-Pacific region continue to develop laws, regulations, legislation and policies that facilitate digital transformation at financial institutions while protecting consumer interests. With the Singapore Monetary Authority leading the charge, APAC authorities are at the forefront of progressive legislative initiatives that promote digital innovation in the financial services sector, especially in regards to open banking and fintech.

For further insights and updates, download our Global Financial Regulations Report. We welcome your feedback on how we can improve on this valuable resource. Reach us at [email protected] with your comments on this report.

This blog is the second of a regional series covering financial regulations in North America, Asia-Pacific, the Middle East, Europe, Africa and Latin America. Subscribe to our blog for alerts as new blogs are published.

OneSpan Global Financial Regulations Report
Report

OneSpan Global Financial Regulations Report

Download this 2020 report to keep current on the latest regulatory and legislative changes around the world – relative to e-signature, digital identity, cybersecurity, and more.

Download Now

This article is for informational purposes only and does not constitute legal advice. It is recommended that independent professional advice is sought from your side. OneSpan does not accept liability for the contents of these materials.

Michael Magrath is responsible for aligning OneSpan’s solution roadmap with standards and regulatory requirements globally. He is Co-Chair of the FIDO Alliance’s Government Deployment Working Group and is on the Board of Directors of the Electronic Signature and Records Association (ESRA).