開放銀行下之監理模式比較——以金融消費者資料自主為中心

本文以我國開放銀行的監理模式為研究對象，探討我國現階段之法制架構及監理模式如何影響我國開放銀行之發展，並對之提出修改建議。我國開放銀行係採自願自律自律模式加上銀行委外架構，此一模式在開放銀行第一階段僅涉及金融產品資訊時能毋須受限於漫長立法過程，而加速推動開放銀行時程，惟當推展至第二階段之消費者資訊時即突顯出我國開放銀行法制及監管架構不足之處，致開放銀行發展受限。詳言之，由於開放銀行下消費者、銀行及第三方服務提供者的三角關係中，係以消費者資料自主權作為中心，若欠缺消費者資料自主權的賦予，則此欠缺中心的三角關係將難以得到妥適的法規定位。而我國現行法制及監管架構無法體現開放銀行是由消費者「主導」的本質，也使消費者個人資料的使用與保護、消費者在開放銀行下的權利與限制、對第三方服務提供者的監管等問題無所適從。因此，本文建議我國應修法賦予金融消費者資料自主並除去銀行委外架構。本文接著爬梳目前開放銀行發展較成熟之國家，包括歐盟、英國、澳洲及新加坡之金融消費者資料自主法制與監理架構，以提出對我國之修法建議。本文最末建議我國應以行政函釋方式納入金融消費者資料自主，並就消費者資料自主之行使與範圍提供進一步具體建議。再來，就第三方服務提供者之監理，本文建議我國除去委外架構後，應以既有之「開放API管理平台」來監管第三方服務提供者，並引入第三方服務提供者的分級管理機制。本文希望透過各國開放銀行比較法之研究，能給予我國未來開放銀行監理架構修改之進一步參考。

關鍵字

開放銀行；開放 API ；第三方服務提供者；消費者資料自主；資料可攜權；個人資料；財金公司；作業委外

並列摘要

This thesis studies the regulatory model of open banking in Taiwan and, analyzes how Taiwan’s current legal framework and regulatory model affect the development of open banking in Taiwan, and provides suggestions for moving forward. Taiwan regulates open banking based on a non-compulsory model together with banks’ outsourcing arrangements. For opening financial product data in the first phase, this model can bypass the long legislative process and accelerate the development of open banking. However, while proceeding to the second phase which concerns consumer-related data, the current regulatory model limits the potential development of open banking. To elaborate, since the current model does not empower consumers with data autonomy, it is hard to define the legal relationship among consumers, banks, and third-party service providers under current laws. Furthermore, the current legal framework and regulatory model also fail to reflect the “consumer-directed” side of open banking. Issues such as consumer data protection, the right and its limitation of the consumers in the open banking, and the supervision of third-party service providers thus become unsettled. Therefore, this thesis suggests that Taiwan should introduce consumer data autonomy into its laws and abolish the bank outsourcing arrangement model. To provide specific suggestions, this thesis explores the legal frameworks and regulatory models of consumer data autonomy in the European Union, United Kingdom, Australia, and Singapore. This thesis, in the end, suggests that Taiwan should establish the data autonomy of financial consumers by administrative interpretations and provides detailed scope and limitation of such data autonomy. As for the supervision of third-party service providers, this thesis suggests that after abolishing the bank outsourcing arrangement model, the current open API platform can be used for supervising third-party service providers. In addition, the differential supervision mechanism of third-party service providers should also be introduced. Through the comparative legal studies of open banking regulations in various countries, this thesis wishes to provider further references for the future development of open banking in Taiwan.

並列關鍵字

Open Banking ； Open API ； Third-party Service Provider ； Data Autonomy of Consumers ； Right to Data Portability ； Personal Data ； FISC ； Bank Outsourcing Arrangement