The State of Open Banking in the UK

leave a comment »

Here are the slides from my presentation to the APIdays London conference this morning (download the PDF).

This slideshow requires JavaScript.

The diagram illustrating how the next-generation bank will be powered by APIs was originally published here.

The Implementation Entity Steering Group organogram and roadmap were sourced from here.

Written by jackgavigan

October 11, 2016 at 11:15 am

Posted in Uncategorized

Brexit’s Impact on London’s Tech Startup Sector

leave a comment »

Now that the dust has settled on last weeks’ referendum, it’s becoming increasingly apparent that Brexit will actually happen, raising the question of what the implications are for London’s tech startup sector. Some are saying that Berlin, often cited as London’s biggest rival for the title of Europe’s startup capital, stands to benefit from Britain’s withdrawal from the EU.

Others reckon that, to paraphrase Marc Andreessen, free from EU red tape, it’s entirely possible that Brexit will make the UK a more attractive place to build and finance new technology companies. It certainly seems likely that the regulatory burden on businesses in the UK will be reduced considerably, and the absence of the UK’s moderating influence may well mean that businesses within the EU will be subject to more regulation than they would have been if the UK remained.

However, this impact isn’t likely to be felt for at least several years after the UK leaves the EU (which is unlikely to happen before October 2018). For me, the two key factors in the short to medium term are access to talent and London’s status as Europe’s financial capital.

As part of the EU, London has been able to draw on a huge pool of talent from across the continent. Young, tech-savvy talent has been able to move to London without having to worry about visas or immigration restrictions. Dissatisfaction with the level of net migration into the UK (and, in particular, the pressure this has placed on the UK’s public services) was a key factor in the referendum result, so it seems likely that restrictions on immigration will be put in place after the UK leaves the EU. The greatest restrictions are likely to be imposed upon unskilled migrants.

However, the UK government has long recognised the importance of being able to attract skilled talent, as evidenced by its inclusion of “digital technology” amongst the areas of expertise that are eligible for the Tier 1 (Exceptional Talent) visa. Therefore, it seems highly likely that a system will be put in place to maintain London’s attractiveness as a destination for graduates and other suitably skilled talent from the EU. Critically, the current visa scheme does not require that the applicant has a job offer, meaning that successful applicants can work for themselves or start a new company.

If the application process can be simplified, streamlined, and made less expensive (ideally, it should be as simple as applying for an ESTA to visit the US), there’s no reason why London shouldn’t continue to attract talent from across Europe.

London’s success as a financial capital might appear orthogonal to its success as a tech startup hub. Some view the financial sector as a source of competition for tech talent but the truth is more nuanced. A lot of talent is attracted to London because of the financial sector, adding to London’s talent pool. Many tech startups recruit people who have worked for banks or brokerages. It also provides a safety net for tech talent whose startup is unsuccessful. The perceived risk of starting a new company (or taking a role with a startup) is lower if you can be confident of being able to find contract work in the City if it doesn’t work out. This effect is obviously strongest in the fintech sector but I believe it applies across the wider tech sector.

As a financial capital, London is also a nexus for investment capital. Many VC funds are based here, and the UK has spearheaded equity crowdfunding, with a permissive regulatory environment and tax breaks for individuals investing in early stage startups. If London’s financial institutions are forced to move part of their operations to Europe, London’s economy will take a hit (probably similar in scale to – but lancer-lasting than – the post-2008 economic downturn) and there will be less capital available for early-stage companies. Large banks have already begun making contingency plans to relocate jobs and functions to Dublin, Paris or Frankfurt. The key determinant will be the extent to which the UK retains access to the single market for financial services after it leaves the EU and, in particular, whether UK institutions will retain the “passporting” rights that allow them to offer services across the EU from a UK base.

On the one hand, it seems unlikely that the EU will offer such a concession. The French in particular have long been disgruntled that London remained Europe’s financial capital, despite being outside the Eurozone. However, for the UK government, minimising the impact to the City of London will be a top priority, as the employment and tax revenues it generates make an important contribution to both the UK economy and the UK’s public finances.

Screen Shot 2016-06-27 at 08.54.42Fortunately, the UK has a strong hand to play in the negotiations that will follow the activation of Article 50. The UK imports far more from the EU than it exports to the EU. The German and Dutch economies would take a major hit if trade barriers were erected between the UK and the EU. Therefore, it seems likely that the UK government will seek to negotiate a deal that allows UK financial institutions to retain full access to the EU market, in exchange for allowing European exporters to retain access to the UK market. If such a deal is struck, the impact on London’s financial sector will be minimal.

Many other factors that have contributed to London’s success as a tech hub won’t be impacted by Brexit at all. Whether or not we’re in the EU, the UK is still one of the largest economies in the world. London will remain one of the great cities of the world, with the attendant economies of scope. London’s universities will continue to rank among the best in the world, contributing an endless stream of graduates to the city’s talent pool. London will remain a welcoming and cosmopolitan city, and English will remain one of the world’s most widely-spoken languages.

There’s also the prospect that leaving the EU will open up a host of other opportunities for the UK and London. Less red tape seems likely to reduce the cost of doing business here. Freedom from EU constraints will allow the UK to negotiate bi-lateral deals with other, emerging economies. We could even see the UK joining NAFTA to form a North Atlantic Free Trade Association. What we currently perceive as a crisis may well prove to be the source of endless opportunity.

In the short-term, we’ll probably hear more anecdotes about spooked VCs withdrawing investment offers to UK startups but as things settle down over the coming weeks, I expect we’ll return to business as usual. So, to quote Hussein Kanji, keep calm and carry on.


Written by jackgavigan

June 28, 2016 at 4:33 pm

Why I think TheDAO is a Success

with 4 comments

The usual plague of so-called “experts” have come out of the woodwork following today’s attack on TheDAO, to tweet, blog and bloviate their hindsight-informed opinions about TheDAO’s “failure” and the implications for the future of smart contracts (despite the fact that most of them barely can barely string together a coherent description of what a smart contract is, let alone write one).

I don’t view TheDAO as a failure. I view it as an experiment that has reached its conclusion. We learnt something important today – we learned that this particular configuration of a DAO doesn’t work. Future DAOs and smart contracts will be better because of what we’ve learned, from the specific bug that the attacker tried to exploit, to the insights we’ve gleaned into voting incentives and DAO governance. We’ve learnt a lot about the benefits of being able to upgrade smart contracts after they’ve been deployed, and the lawyers and regulators have plenty of food for thought and debate, with all the legal questions that have been raised by both TheDAO itself and the proposed use of a hard fork to return investors’ ether.

It’s very easy to criticise the team but they got a lot of things right and it appears that, in the end, all TheDAO’s investors will get their ether back (albeit with the assistance of the Ethereum community in implementing a hard fork). That’s no mean feat and they deserve credit and respect for what they achieved.

tumblr_o5ri2z5vfz1tirs7oo1_1280Most experimentation and innovation happens in private, and all the wrinkles are ironed out long before the final product is unveiled. However, in this area – cryptocurrencies, blockchains, smart contracts and DAOs – the experimentation and innovation is happening in the open.Bitcoin wasn’t invented in a corporate R&D lab. Ethereum was funded by the venture crowd, not a venture capitalist. The downside is that we get to see how the sausages are made and any mistakes are public, but the upside is that anyone can participate, and the degree and pace of innovation – its velocity, for want of a better term – is far higher as a result.

If we want to reap the benefits of open innovation, we also have to embrace the downsides, including the experiments that we learn from, even when the outcome isn’t what was expected or hoped for; we have to applaud those who try, even if they don’t succeed; and, above all, we should elevate those who do above those who merely talk, tweet and blog.

I invested a small amount of money in TheDAO because I believe that the best way to learn is to get involved and put some skin in the game. If I never get the money back, it will have been a small price to pay for the amount I’ve learnt. If I do get it back, then I hope that I’ll have the opportunity to invest it in TheDAO v2 so we can have another try and see if we can’t learn a bit more.

Written by jackgavigan

June 17, 2016 at 10:57 pm

Towards an Open Banking API Standard

with 2 comments

Disclaimer: I am a member of the Open Banking Working Group (OBWG) and was involved in drafting the OBWG report. However, the thoughts and opinions presented here are strictly my own.

The OBWG’s report was published yesterday with the somewhat misleading title The Open Banking Standard. We’re a long way from a standard but this report is a significant step along that path. Its purpose is to lay out a roadmap for defining an Open Banking API standard that can achieve widespread adoption, and to put forward some strawman proposals, intended to generate discussion of their merits and weaknesses, with the objective of generating new and better proposals.

The OBWG’s work follows on from the Fingleton report, which looked at the potential benefits of banking APIs and open data, and HM Treasury’s public consultation on data sharing and open data in banking.

The OBWG was convened with three core objectives:

  • Deliver a framework for the design of an open API standard in UK banking focussing on personal and business current accounts;
  • Evaluate how increased levels of open data in banking can benefit consumers, businesses and society; and
  • Publish recommendations in a paper by end of 2015 outlining how an open API standard can be designed, delivered and administered, alongside a timetable and implementation roadmap for achieving this

It’s important to note that this initiative is separate from – and has a wider scope than – PSD2. However, I would predict with a high degree of confidence that the functionality required to fulfil PSD2’s requirements will form part of the Open Banking API Standard, and I would not be surprised if the UK implements PSD2 by mandating compliance with the Open Banking API Standard.

One of the key challenges in coming up with such a standard is to figure out how banking APIs can be opened up to third parties while ensuring that consumers are adequately protected against fraud and banks aren’t unreasonably held liable for third parties’ failings. Currently, banks control the technology channels that their customers use to access their accounts electronically. Online banking is through the bank’s own website; mobile banking is through the bank’s own app. Liability for any losses rests with either the bank (if their security proves inadequate) or the customer (if they fail to take the necessary security precautions). Opening up banking APIs and granting access to third parties complicates that picture and banks are understandably wary.

The proposals presented in the report comprise a combination of provisions (including an OAuth-based authentication and authorisation model, and vetting and licensing of third parties) that represent a compromise somewhere between completely open access that would allow even hobbyist programmers to create apps that connect to banks’ APIs, and a overly-restrictive regime with requirements or costs that are too onerous for finch innovators and startups. One aspect that I’m a particular fan of is the idea that API functionality should be permissioned atomically, and that the security standards to which the third party will be held and the scrutiny to which they will be subjected should be commensurate to the level of access they wish to obtain. For example, a startup wishing to offer a personal financial management solution, which requires “read-only” access to accounts would be subject to less onerous requirements than a company seeking access to instruct payments from their customers’ accounts.

I have set up a mailing list to facilitate discussion of the report and future developments in this space. Instructions on how to join the list can be found here.

Fundamentally, I believe that the UK fintech sector will benefit hugely if we can make rapid progress towards an Open Banking API standard, and I believe that there’s an opportunity for the UK to take a leadership role, in the same way that it did in information security standards, with the adoption of BS7799 as ISO27001.

It’s entirely possible that neither the banks nor fintech innovators will be entirely happy with the report’s proposals. If so, then I think we’ve done a good job. Personally, I think it’s a significant step forward and I hope to remain involved at the next stage of establishing an implementation entity to take the concept forward.

Written by jackgavigan

February 10, 2016 at 5:28 pm

How well-advised was the Government when it drafted the Investigatory Powers Bill?

leave a comment »

The Telegraph today published a piece titled “Why is Silicon Valley helping the tech-savvy jihadists?“, which essentially suggests that, in war on terror, “the enemy is being aided by Western tech companies” who, in the pursuit of profit, “have calculated that they build user numbers by inflaming fears of violations of privacy and offering more secrecy than anyone else.”

It’s an inflammatory piece, penned by Clare Foges, a former special advisor at 10 Downing Street, and speechwriter to David Cameron during the Coalition government. Unfortunately, while she can clearly string a sentence together better than most of us, she clearly lacks any knowledge or understanding of cryptography. She appears to be under the impression that, if tech companies simply put their minds to it, they could come up with a solution that would protect the “good guys'” communications while simultaneously permitting the intelligence services to snoop on the “bad guys”.

The global tech industry made around $3.7 trillion last year. They employ some of the brightest people on the planet. Apple et al could, if they wanted, employ a fraction of these resources to work out how we can simultaneously keep the good guys’ data secure and keep the bad guys in plain sight.

Unfortunately, encryption doesn’t work like that. Clare even quotes Apple CEO Tim Cook’s explanation that “If you put a key under the mat for the cops, a burglar can find it, too.” but she clearly believes that, with her degrees in English and Poetry, she knows better than the CEO of the largest and most successful technology company in the world, not to mention the world’s top cryptographers, computer scientists and security specialists.

Clare Foges

Since resigning her role as speechwriter to David Cameron, Clare Foges has published a children’s book called ‘Kitchen Disco’

Clare is, of course, entitled to her opinion, however misinformed it may be, but it’s worth exploring how she formed that opinion. Her tenure at Downing Street included the abortive attempt to introduce the Draft Communications Data Bill (aka the Snoopers’ Charter) and she presumably helped draft speeches given by David Cameron in support of powers such as those now proposed as part of the Investigatory Powers Bill. It’s not unreasonable to assume that she was exposed to the policy-making process that produced those bills.

Good policy results from debate informed by facts and evidence, but Clare’s misconceptions about cryptography and tech firms’ motivations raise the question of whether the policy-making process which informed her opinion and produced the Investigatory Power Bill, was properly informed.

No doubt the government sought advice and guidance from GCHQ, which employs some of the UK’s top cryptography and security talent. However, they’re hardly impartial in this particular debate. Their job is to snoop, not to champion privacy. If the government is prepared to make their jobs easier, they’re hardly going to object. It’s difficult to imagine that an expert from GCHQ would make much of an effort to highlight the downsides of mandating that tech companies be required to insert backdoors at the government’s behest.

But I’d like to think that the policy-making process would ensure the presence of someone who would do so, who would provide the counter-argument, present the competing hypotheses, act as the Devil’s Advocate.

The question is, who fulfilled that role? Did anyone? Or was the Investigatory Powers Bill the result of policy-making in an echo chamber?

I fear the latter. The Investigatory Powers Bill represents bad policy, built on misconceptions like Clare’s assumption that solving the “key under the mat” problem is simply a matter of putting one’s mind to it.  Any advantage it will give the intelligence and security services pales into insignificance compared to the damage it will do, both to our right to privacy, and the UK economy, which could be impacted to the tune of billions of pounds if, as seems likely, cyber security companies avoid setting up shop in the UK for fear of being forced to backdoor their own products.

The government shouldn’t just take the Investigatory Powers Bill back to the drawing board. It should also review the policy-making process that produced it.

Written by jackgavigan

November 23, 2015 at 12:36 pm

Is Groupon on a Glide Path to Bankruptcy?

leave a comment »

Last night, Groupon just released its earnings for the quarter ending 30th September 2015. Revenue was below expectations, and flat compared with the same period last year. The company issued revenue guidance for Q4 of $815-865m, which would be a drop on the same period last year ($883m), suggesting that growth has stalled. The share price dropped by 25% in after-market trading.

There’s more bad news buried in the balance sheet numbers. Groupon benefits from a negative working capital model, where it receives gross revenue 60 days before it has to pay its suppliers. During the year before its IPO, Groupon’s current liabilities exceeded its current assets by hundreds of millions of dollars, which meant that it was reliant on continued growth to remain solvent.

The money it raised from the IPO eliminated that deficit but the situation deteriorated sharply during the past quarter – net current assets (i.e. current assets less current liabilities) plunged from over $300m to just $87,000.

Part of the decline is attributable to a share repurchase program – the company spent $192.9m repurchasing shares (which seems ill-advised with hindsight, given that it paid an average of $4.36 for shares that are currently trading at $3.09).

If revenue growth has indeed stalled, and the decline in net current assets continues into negative territory, Groupon could once again find itself at risk of the loss-of-confidence scenario I described four years ago:

..the question that merchants should be asking themselves is this: Will Groupon be able to pay me what they owe me in 60 days time?

If a merchant ever thinks that the answer to that question might be “No.”, they’ll opt not to offer deals through Groupon. Why would you sell (at a heavy discount, mind you) your products or services through a company that may not be able to pay you? Better to take the guaranteed revenue from normal customers who pay up front, than risk selling through Groupon and never recouping a penny.

Without deals to offer to the people on its mailing list, Groupon can’t make sales. If it can’t make sales, it can’t generate revenue. And, if it can’t generate revenue, its negative working capital model will very rapidly lead it to run out of cash.

The most dangerous thing about this situation is that it doesn’t matter whether or not Groupon actually can pay the merchants. If enough merchants believe that Groupon is not creditworthy, a tipping-point will be reached and it will become a self-fulfilling prophecy.

So, Groupon’s negative working capital model exposes it to the risk that a loss of confidence could cause it to become insolvent.

When I wrote that, I questioned the wisdom of Groupon’s decision to pay out most of the money it raised in its Series C, D and E rounds to previous investors. Today, I wonder why it’s depleting its cash to repurchase shares when there’s a real risk that it might need that cash to remain solvent.

Written by jackgavigan

November 4, 2015 at 12:37 pm

Posted in Bubble 2.0, Ethics

Uber & London

leave a comment »

Uber is often cast as the plucky upstart, taking on taxi monopolies and cartels on behalf of customers. Some cities artificially restrict the number of taxis. In New York, this drove the price of a taxi medallion to $1m in 2011.

In London, however, the number of taxis (or “hackney carriages”, to use the legal definition) is not limited. Anyone can become a licenced taxi driver, provided they meet the requirements. A prospective London cabbie must spend 3+ years learning the Knowledge (which literally causes their brains to grow bigger) , take an enhanced driving test, invest in a vehicle that meets specific requirements (including the ability to accommodate a wheelchair, and a 25-foot turning circle), commit (under pain of fines) to pick up anybody in the street who hails them if their yellow light is on, and agree to be subject to the fares set by TfL (Transport for London – the body that regulates transport in London).

In return, the government prohibited private hire vehicles (PHVs – i.e. unlicenced taxis/cabs) from picking up customers who hail them in the street or using a taximeter to calculate a fare based on time and distance. In effect, PHVs must be booked in advance and the customer must be able to agree the fare up-front.

Effectively, there was a social contract between London taxi drivers and the government. Taxi drivers had certain advantages over PHV drivers but they were also subject to more onerous licensing requirements. With no restrictions on the number of taxi licences issued in London, the laws of supply and demand dictate the number of black cabs on the streets, and customers get to choose what type of service they want to use.

Then Uber came along.

When Uber began operating in London, the London Taxi Drivers’ Association (LTDA) complained to TfL that Uber’s fares are calculated based on time and distance. TfL referred the matter to the High Court, where the case focused on whether the smartphone-and-app combination used by Uber drivers is a taximeter. The High Court decided that because the calculation of the fare does not happen on the smartphone, but on Uber’s servers, the smartphone is not a taximeter.

I’m not a lawyer but that seems like a loophole to me. To my mind, the real question is not whether a smartphone falls outside an archaic definition of what constitutes a taximeter, but whether Uber drivers should be allowed to charge a fare that is calculated based on time and distance. If the answer to that question is “No”, then the law should be updated to close the loophole.

However, if the answer is “Yes”, the government is effectively tearing up London’s taxi drivers’ social contract, and calling into question the economic viability of becoming a licensed taxi driver. Why bother spending all that time, effort and money if the rules mean that you’ll be operating at a disadvantage?

The worst-case scenario is that black cabs go from being a regular sight on the streets of London to an historical curiosity. That might suit Uber but I don’t think it would be a good outcome for the rest of us. Personally, I like to be able to flag down a cab (even when my phone battery is dead), secure in the knowledge that the cabbie’s done the Knowledge and isn’t just blindly following a satnav directions (which is the difference between getting home in 20 minutes versus being stuck in traffic on Pall Mall and Trafalgar Square for half an hour). I’d be quite happy if the cost of that is to require that Uber set the price of a journey in advance.

The outcome of the current public consultation being conducted by TfL should be a reaffirmation of the social contract with London’s licensed taxi drivers, and a regulatory regime that allows consumers to benefit from innovation, while preserving choice and ensuring that the quality of London’s taxi services doesn’t get dragged to the lowest common denominator.

Written by jackgavigan

October 27, 2015 at 3:42 pm

Posted in Innovation