Launch of the ‘bLink’ platform

(Translated by DeepL)

On 25 November, Switzerland entered the era of Open Banking with the launch of the ‘bLink’ platform operated by SIX. This development places Switzerland within an international movement that aims to promote the sharing of financial data via standardised interfaces, in order to offer customers greater access to innovative services offered by a variety of financial service providers.

Open Banking is defined as a standardised model for sharing financial data, which aims to facilitate the exchange of information between financial service providers via standardised interfaces. This model makes it possible, for example, to consolidate all of a person’s financial assets held at several banks and, where applicable, at their pension fund(s) in a single application. It also offers the possibility of initiating payments from a third-party application without going through the online platform of the bank where the account is held. In stark contrast to a vision centred on the confidentiality of financial information, the idea here is to promote the sharing of data in a standardised format (usually in the form of an Application Programming Interface / API) in order to facilitate its use by service providers other than the bank that holds the account. The practical consequence of this phenomenon is a fragmentation of the value chain, giving customers a real choice between multiple financial service providers.

Internationally, Open Banking has been subject to regulation for many years, with the aim of encouraging banks to share their data if their customers so wish. Several jurisdictions – including the United Kingdom, Hong Kong, Japan, Singapore, the United States and Australia – have established specific legal frameworks. Within the European Union, Directive (EU) 2015/ 2366 of the European Parliament and of the Council of 25 November 2015 on payment services in the internal market (also known as the ‘PSD2 Directive’) constitutes the normative framework of reference that has fostered the emergence of a fintech ecosystem whose development has been greatly accelerated by easier access to financial data in a standardised and therefore easily exploitable format.

In comparison, Switzerland has long lagged behind in the operational and legal implementation of open banking. However, the Federal Council supports its development and, for the time being, favours a non-binding approach based on self-regulation. This approach preserves the flexibility of the Swiss financial ecosystem but requires greater commitment from the players involved to ensure an adequate level of interoperability. In this context, the launch of the ‘bLink’ platform on 25 November marks a crucial step in the development of Open Banking in Switzerland. Operated by SIX, bLink aims to become the Swiss standard in this field. To date, around 60 financial service providers and third-party suppliers have already joined, and it is expected that a growing number of players will join in the future.

This project is a continuation of the initiative launched in 2022 under the auspices of Swiss Fintech Innovations, as well as the Memorandum of Understanding coordinated in 2023 by the Swiss Bankers Association, through which participating financial services institutions formalised their commitment to the development of Open Banking services.

The development and operation of Open Banking platforms in Switzerland raises several major legal issues. Three areas are of particular importance and have been given special attention in the contractual architecture underlying the bLink platform :

1. Banking secrecy, which in principle limits the disclosure of customer data to third parties unless the customer waives this right (see below) ;
2. Personal data protection, which requires, in particular, transparency of processing, compliance with the principle of proportionality and limitation of the purposes for which personal data are processed ; and
3. Cybersecurity requirements, with a view to ensuring the confidentiality, integrity and availability of data and infrastructure.

The cornerstone of an Open Banking model – and the ‘bLink’ platform is no exception to this rule – is user consent (i.e. mainly bank customers). Customers must approve the sharing of their data, usually via their e-banking application, thereby authorising their financial institution to transmit certain information to third parties. The processing by these third parties remains strictly limited to the scope of the consent given and must pursue specific purposes. In addition, one of the conditions for banks to join the ‘bLink’ platform is the obligation to offer customers the possibility of withdrawing their consent at any time. It is also symptomatic that the ‘bLink’ platform offers a consent management module, which it refers to by the neologism Consent Management-as-a-Service (CaaS).

In parallel with the lifting of banking secrecy and data protection aspects, the customer documentation underlying the sharing of banking data on an Open Banking platform such as ‘bLink’ must warn customers that third-party service providers who have access to banking data provide their services to customers under their own responsibility, particularly in terms of data security and quality of service.