🙏 Support Newgale's Campsite Crash Victims: Help Dan's family after the recent crash. Our Ordo Payments donation page ensures your support goes directly to them. Make a difference today.

The JROC Report: A Summary

Alt text: An open book with small text, accompanied by a pair of glasses, representing the JROC Report's summary on Open Banking, Payment Initiation, and Fintech's Future.

On 17 April 2023, the so-called Joint Regulatory Oversight Committee (JROC), comprising an alphabet soup of regulators: the Financial Conduct Authority (FCA), the Payment Systems Regulator (PSR), the Competition and Markets Authority (CMA), and HM Treasury (HMT), published its long-awaited report.

With plenty of government and regulatory support, it’s no surprise that there is much anticipation and optimism for the development and expansion of Open Banking over the coming years. 

Spoiler alert, what’s the coolest thing that’s set to come out of the continuing advancement of Open Banking in the UK in the next few months? Variable Recurring Payments (VRP): It’s much talked about, it’s one of the two top priorities in the JROC report, and is set to take Open Banking payments adoption well above the latest 7 million users milestone. 

Where are we today? 

To date, Open Banking has been a competition remedy. It was brought about to force competition into the retail banking sector, with enabling legislation in the form of the Payment Services Directive 2, and implementation sureties via the CMA mandating the 9 largest banks in the UK and Northern Ireland to comply with their Order. 

The banks under the mandate of the CMA Order are: 

  • AIB Group UK (trading as First Trust Bank in Northern Ireland)
  • Bank of Ireland (UK)
  • Barclays Bank
  • HSBC Group (including First Direct and M&S)
  • Lloyds Banking Group (including Bank of Scotland and Halifax)
  • Nationwide Building Society
  • NatWest Group (including NatWest, Royal Bank of Scotland and Ulster Bank NI)
  • Northern Bank Limited (trading as Danske Bank)
  • Santander UK

The regulatory mandated CMA Order activities were: 

(i) single immediate Open Banking payments, and 
(ii) repeated payments via Open Banking, called Variable Recurring Payments (VRP), restricted to the use case of moving money between accounts in the same name, termed sweeping, where there are great use cases in the unsecured lending, pre-payment and wealth management sectors. 

The current road map as set out in the original CMA Order is all but complete. Businesses can now collect payments simply, swiftly and securely, in real-time and at low cost, using Open Banking APIs via any collection method, be it contact centres, in-person, eCommerce, email, text, WhatsApp and even via a QR code on a paper bill. With an Open Banking payment, money is transferred instantly, arrives in your account automatically and correctly referenced; from the paying customer’s viewpoint, all it takes to pay is a few taps on their smart phone where they are directed to their online bank or bank app to authorise payment, there’s no sign up, registering or app download needed to pay. 

For the Open Banking Variable Recurring Payment use case of sweeping, savers, borrowers and topper-uppers can set up recurring mandates to repay loans or credit cards, pay into savings accounts or top up cards or supplementary accounts, all in accordance with an initial one-time set up mandate. Variable Recurring Payments operate like a smart direct debit or card on file instruction, with minimum friction but all the security, convenience and flexibility. 

What’s next? 

With the current state of play seeing single Open Banking payments and Variable Recurring Payments for sweeping already being used, the JROC report sets out the next phase for Open Banking. It covers unrestricting the use of Variable Recurring Payments so that Open Banking can be used for all repeated bills and payments like subscriptions, and not just for sweeping money between accounts in the same name, the evolution of a central standards body along with the vision for the sector, and the continual monitoring and improvement of APIs and all the tech, ensuring consistency and predictability in performance and availability.

JROC report overview 

JROC have split the next phase of Open Banking into 3 areas: 

  1. Vision 
  2. Future Entity 
  3. Future Road Map – including Variable Recurring Payments (VRP)

Here’s a look at what each of these areas encompasses. 


We at Ordo are pleased to see the development of Open Banking being underpinned by a vision. We’ve previously talked about the necessity for a collective and FinTech innovation focussed vision which guides future regulation, and we’ve got what we asked for. 

The priorities for the vision for the future of Open Banking are: 

  • establish a sustainable and competitive footing for Open Banking enabling it to develop 
  • unlock the potential of Open Banking payments 
  • adopt a scalable model for data sharing 

The JROC report commits to strong regulatory direction alongside a collaborating industry. It wants to see Open Banking become an alternative to cards, a vision complementing the PSR’s strategy for both unlocking Open Banking and being a challenger to the cards industry, and ensuring that as society becomes more digitalised, it is not only the card schemes and banks as card issuers, that grow. 

Success measures

If this vision is successful, there will be: 

  • greater innovation
  • lower prices
  • improved service for users, growing innovation in Open Banking
  • few technical glitches  
  • less fraud 

As Open Banking powered payments, both single and repeated, come with all of the above success criteria as standard, it is safe to assume that Open Banking is a significant part of the regulatory future of the UK payments landscape. 

2. Future Entity 

This is about who’s running the show, or rather, who’s the orchestrator in the middle coordinating industry collaboration, and creating and ensuring that standards are adhered to, along with strong regulatory direction where needed. 

Currently, that central body is a company called Open Banking Limited (formerly the Open Banking Implementation Entity, OBIE). It was tasked with bringing about the CMA Order, which it largely has, as evidenced by Open Banking single payments and sweeping Variable Recurring Payments services alive and kicking in the market, offered by Payment Initiation FinTechs like Ordo, and others. 

So with the road map as mandated in the CMA Order mostly complete, there’s a need for a new mandate and potentially for the central orchestration body to evolve. The new mandate will be backed by legislation in the form of the Data Protection and Digital Information bill when it becomes law later this year. This phase of JROC’s work will look at various options for corporate structure for the evolution of Open Banking Limited, a structure that reflects its updated mandate and enable it to successfully carry out its extended role; in the meantime, the potential future central standards body is referred to as the “Future Entity”. Whilst its structure is being determined, Open Banking Limited, as it exists today, will continue its current functions, both maintaining CMA Order work, and progressing beyond CMA Order work, until the Future Entity is up and running. It will continue to be funded by the banks who were a part of the original CMA competition remedy. 

How will the structure of the Future Entity be decided? 

This is one of the most important activities in the JROC report and the regulators are consequently taking a lead role in its design. The FCA will be leading a working group consisting of other JROC members, Payment Initiation FinTechs like Ordo, banks, consumer representatives, business representatives, Open Banking Limited and the Payment Systems Operator of the Faster Payments system (Faster Payments being the payment rails Open Banking uses), Pay.UK. It will have expert sub-groups feed into it and start in June. Terms of Reference have been published. 

What will the Future Entity do? 

All agree that the Future Entity should be a central standards body with the purpose of supporting the development of new, and improving existing, Open Banking solutions. It will achieve this by improving and developing existing and new standards and guidelines for banks and Payment Initiation FinTechs, like Ordo. 

The Future Entity will gather and monitor data to ensure improvements and developments are data and evidence based, tackling any performance issues and fraud. And it will coordinate to develop multi-lateral framework agreements enabling the industry to collaborate for the launching of new Open Banking services like, for example, unrestricted Variable Recurring Payments services by FinTechs. 

Future Entity design principles

The design principles, as set out in the JROC report, for the Future Entity are that it must: 

  • support competition and innovation for consumers and businesses
  • develop financial stability and fulfil the original core CMA Order services
  • scale functions to deliver beyond CMA Order activities, such as unrestricted Variable Recurring Payments 
  • manage the long term regulatory framework which will see wide mainstream adoption of Variable Recurring Payments services and new Open Banking services 
  • have a broad membership base 
  • support Open Finance and Smart Data, subject to regulatory oversight
  • have an independent board 
  • have broad and equitable funding

Future Entity working group outputs 

Over the coming months, the Future Entity working group, chaired by the FCA, will decide upon the: 

  • role of the Future Entity regarding core CMA Order activities and additional services 
  • funding model – for beyond CMA Order activities 
  • structure 
  • implementation plan 

Future Entity options 

There are three options under consideration as set out in the JROC report and which will be considered by the FCA chaired Future Entity working group: 

  • parent-subsidiary group company structure – a new subsidiary company would continue current CMA Order core activities, whilst new innovative beyond CMA Order activities will be managed from the parent company, Open Banking Limited 
  • single entity – current Open Banking Limited to manage both CMA Order core activities and beyond CMA Order activities, ring-fenced from each other 
  • two separate entities – a new stand-alone company incorporated to manage beyond CMA Order activities, with CMA Order core activities continuing to be managed in current Open Banking Limited 

Whichever structure is progressed, it is clear from the FCA led working group, and the multiple references to beyond CMA Order activities, that Variable Recurring Payments services are a key consideration for this next phase of Open Banking. This is alongside ensuring current and future activity is of a consistently high and reliable standard, which will be entrusted to the third work stream, Future Road Map. 

3. Future Road Map including Variable Recurring Payments beyond sweeping 

The future road map for the Future Entity is the product focus of the JROC report. 

Crucially, the regulators will be taking a leading role in progressing a particular product, unrestricted Variable Recurring Payments, enabling Open Banking to extend to all repeated payments use cases, not just sweeping. 

As with the Future Entity work, a regulator will be chairing a working group, and this time it will be the Payments System Regulator leading with other JROC members, Payment Initiation FinTechs like Ordo, banks, consumer representatives, business representatives including a utility company, Open Banking Limited and Pay.UK. The working group will begin in June and Terms of Reference have been published.

Variable Recurring Payments pilot – 2023 

The JROC report states there will be a pilot of new beyond CMA Order services to go live by the end of 2023, and that this pilot of new services will be Variable Recurring Payments, in 2023. The FCA and PSR will be publishing a joint pricing discussion paper by the end of Q2’23 for consideration by the VRP working group. 

The VRP working group will produce a framework which will be piloted before the end of the year for VRP. The aim of this framework is that it will be rolled out and evolve to accommodate other beyond CMA Order services, once proven for VRP, and become the long-term regulatory framework, to be adapted as necessary.

Levelling up 

In order to improve and maintain current standards and API performance, Open Banking Limited will be responsible for collecting and analysing data to ensure Open Banking services work well, operate with good conversion rates, and result in businesses and consumers receiving reliable, consistent and predictable services when they use Open Banking. 

Financial Crime 

During a recent breakfast briefing given by the Managing Director of the PSR, Chris Hemsley stated that Open Banking was inherently more secure than using Faster Payments alone. With Open Banking, the business collecting payment inputs its account details and reference indelibly, negating any input needed by the payer, and the Payment Initiation FinTech facilitating the Open Banking transfer displays the exact account title to the payer which cannot be changed. With this backdrop, as part of its data gathering and analysis remit, Open Banking Limited will be looking at what fraud occurs where in Open Banking services, and assessing where fraud detection can be improved, with a view to stopping fraud whilst allowing secure legitimate payments to flow. 

Consumer Protection

Following on from the built in protections that exist with Open Banking payments, such as secure customer authentication and API only access as a given, a framework will be created to determine process and action for when payments go wrong, complementing the liability framework in legislation. The overriding principle for consumer protection is that liability should fall where fault lies, and such protection is for when the payment goes wrong, and not extend to purchase protection and insurance at this stage, to preserve the competitive nature of Open Banking and reflect its inherently more secure basis. 

Information flows

Payment Initiation FinTechs like Ordo have been requesting more information from banks to be able to inform their journeys and their customers. Information such as implementing transaction risk indicators and error codes will greatly assist in creating good customer journeys. This category of functionality will be managed in this third work stream as part of the future road map.  

With services soon set to go beyond the original CMA Order activities, enabling Payment Initiation FinTechs like Ordo to offer Variable Recurring Payments for all bill and payment types, is another huge step forward for the UK’s FinTech sector. The Future Entity will ensure users receive consistent and reliable services, and with informed regulatory oversight, this means we can all benefit from innovative low cost real time payments being sent and received simply, swiftly and securely every day.

If you would like to know more about the regulatory drivers for Open Banking or Variable Recurring Payments, or how you can get Open Banking capability straight out of the box and save time and money from day 1, get in touch with Ordo today.