January 05, 2023
Open Banking in Bahrain – MENA’s Disrupter – at a glance
Source: Fintech Galaxy
Open Banking in Bahrain – MENA’s Disrupter – at a glance

A few years since Open Banking took off in Bahrain, the local community is yet to witness a plethora of use cases built on top of Open Banking capabilities.

 

Bahrain has been leading the financial services’ transformation in the MENA region, especially when it comes to regulating the participants’ interaction under the Open Banking umbrella. The Bahrain Open Banking Framework adopted back in 2020 was among the first steps towards encouraging financial institutions to embrace Open Banking and simplifying its adoption.

 

One may have noticed a rather paced rhythm in implementing the new standards. Despite the regulator’s full support, there are still a few challenges that need to be overcome, including high product development costs, little consumer interest, and the growing levels of financial literacy.

 

In this piece, we aim to contribute to financial awareness by shedding some light on the Bahraini Open Banking regulations and providing a new angle to look at the value for the institutions, fintechs and the end consumer.

 

The Central Bank of Bahrain (CBB) rulebook – the directory of all rules, regulations and guidelines in Bahrain, is divided into a few major volumes that cover bank license types, ancillary service providers (AIS/PIS), and the list goes on.

 

Banks

 

The Open Banking-related information can be found within 3 main chapters in the CBB rulebook:

 

Volume 1 - Conventional Banks

Volume 2 - Islamic Banks


Volume 5 - Specialised Licensees.

 

Conventional banks are defined by the Central Bank of Bahrain (CBB) as those who are licensed and “operate on conventional principles”, also known as regular banks.

 

Islamic banks operate under Islamic Sharia principles.

 

In addition, CBB divides the banks' activities into two separate sub-categories:

 

retail

wholesale.

 

Each sub-category has its business rules, security processes, etc., well documented in the CBB rulebook.

All things considered, the Open Banking regulation is enforced on retail banks only (further referenced as “conventional retail banks” and “Islamic retail banks”), leaving corporate and/or wholesale use cases uncovered and at the hands of banks and FinTechs altogether.

 

eWallets

 

One of the few mentions of eWallets being mandated by CBB to open access to consumers' bank data is found under Volume 5 described as “licensees maintaining customer accounts”.

 

Further elaboration about them under the CBB rulebook is not clear today, as such, we will elaborate on this topic shortly.


Account types

 

In 2018, with the first launch of the Open Banking regulation in Bahrain, CBB made sure to clarify from day one which type of accounts Conventional and Islamic retail banks must cover:

 

(a)Savings accounts;

(b) Current accounts;

(c) Term and call deposits;

(d) Foreign currency accounts;

(e) Unrestricted investment accounts;

(f) Restricted investment accounts;

(g) Mortgage/housing finance products;

(h) Auto loans;

(i) Consumer loans/financing;

(j) Overdrafts (personal);

(k) Credit and charge cards;

(l) Electronic wallets and prepaid cards; and

(m) Other accounts which are accessible to the customer through an e-banking portal or mobile device.

 

The last-mentioned point leaves space for interpretation and discussions as the industry awaits more data to be opened while aiming towards Open Finance.


Consent lifespan for data access

 

The clarification of data access consent lifetime came only in July 2021 when CBB released a circular updating piece of the fifth volume. Looking back, that is the time when the European and the UK market participants were actively discussing and advocating for the extension of consent validity from 90 days to 180 or 365 days (which was later enforced in 2022).

 

In essence regulated entities (i.e., ancillary providers) in Bahrain can access consumer bank data for “up to 12 months”, thus supplying a better user experience and faster adoption of Open Banking-inspired financial services.

Personal customer data (identifiable data)

 

The regulation doesn’t add the bits for suiting KYC use cases or anything similar, as “the obligation should not apply to information supporting identity verification assessment; which the licensees should only be obliged to share with the customer directly, not a data recipient” (GR-6.1.5 from Volume 2 Islamic Banks).

 

Therefore, it is not clear if ancillary service providers (further AIS/PIS providers) can extract information such as the name, email or address of the account holder (customer).

Transaction history & value-added data

 

Leaving no room for interpretation as it happened with PSD2 in Europe, CBB requires retail banks to provide 12 months of historical transactions (or 365 days at the time of the data access). Moreover, an addition in April 2019 extended the value of accessed data through merchant category codes, bank fees and other charges that are considered publicly disclosed information to the consumer.

Payments

 

Like PSD2 in EEA or PSR in the UK, the rails supported by Bahrain banks via Open Banking compliant APIs are the same ones available via their own online interfaces or platforms.

 

The existing rails allow for regular or instant transfer at low rates (i.e., Fawateer, Fawri) and with Open Banking coming to the table, expanding the payment offering empowers both consumers and businesses to enhance and strengthen the payment experiences and product variety.


Strong Customer Authentication (SCA)

 

The applicability of SCA principles in Bahrain has been extended from the European RTS-like “two-out-of-three-factors" principle to an “all-three-factors" principle enforced in Conventional and Islamic retail banks. (see GR-6.3.14 from Volume 1).

 

Banks, however, can also be exempted from this implementation by the CBB, “provided that the licensee can demonstrate that it has established robust controls to mitigate the relevant key risks”.

 

What is next?

 

Bahrain has been at the forefront of Open Banking developments in MENA as the first country that implemented the necessary rules and technical standards. The local market starts to recognise the benefits the players bring, ultimately benefitting the retail consumers.

 

The industry now expects the next wave of Open Banking updates that will open doors for wholesale and corporate customers to leverage the capabilities of improved digital financial services. We hope these changes will reach the market soon, as the region eyes the next shift from Open Finance to open data.

 

For more details on how your business can leverage Open Banking / Open Finance, feel free to drop us a line here.



Cookies Information

We use cookies to ensue you get the best experience on our website

Privacy settings

Decide which cookies you want to allow.
You can change these settings at any time. However, this can result in some functions no longer being available. For information on deleting the cookies, please consult your browser’s help function.
LEARN MORE ABOUT THE COOKIES WE USE.

Necessary
Functionality
Analytics
Advertising

This website will:

  • Remember your cookie permission setting
  • Allow session cookies
  • Gather information you input into a contact forms, newsletter and other forms across all pages
  • Helps prevent Cross-Site Request Forgery (CSRF) attacks
  • Preserves the visitor's session state across page requests
  • Remember personalization settings
  • Remember selected settings
  • Keep track of your visited pages and interaction taken
  • Keep track about your location and region based on your IP number
  • Keep track on the time spent on each page
  • Increase the data quality of the statistics functions
  • Use information for tailored advertising with third parties
  • Allow you to connect to social sites
  • Identify device you are using
  • Gather personally identifiable information such as name and location

This website won't:

  • Remember your cookie permission setting
  • Allow session cookies
  • Gather information you input into a contact forms, newsletter and other forms across all pages
  • Helps prevent Cross-Site Request Forgery (CSRF) attacks
  • Preserves the visitor's session state across page requests
  • Remember personalization settings
  • Remember selected settings
  • Keep track of your visited pages and interaction taken
  • Keep track about your location and region based on your IP number
  • Keep track on the time spent on each page
  • Increase the data quality of the statistics functions
  • Use information for tailored advertising with third parties
  • Allow you to connect to social sites
  • Identify device you are using
  • Gather personally identifiable information such as name and location