Open banking has been taking over as the latest FinTech model of global market disruption, but market implementation so far has been fraught with delays, slowdowns and difficulties. Open banking refers to a financial data aggregation system that will be implemented in banks and financial service channels.
What is Open Banking?
Open banking refers to a financial data aggregation system that will be implemented in banks and financial service channels. An idea that has been brewing for a long time, open banking is to open up new FinTech innovation channels and disrupt how consumers view banking.
The practice of open banking enables the consensual sharing of personal banking data with third-party service providers, all without needing to provide account passwords or credentials.
The sanctioning of securely sharing consumer banking data is paving the way for new service channels and a new wave of innovation and competition to the industry.
- Sharing data through digital channels, permits faster, more accurate and more up-to-date information aggregation
- All data-sharing processes are conducted only after customer authorization
- Only licensed third-party service providers are able to develop applications
- Service applications include facilitating account aggregation and providing financial management tools
Security Concerns: Application Programming Interfaces
The main enabler of open banking and data sharing was through using an open tool for creating software, Application Programming Interfaces (APIs). Most importantly, the technology of open APIs allows the sharing of financial information with third-parties without the need to release sensitive account credentials like passwords.
- Previous attempts at providing open banking services such as account aggregators include the FinTech Mint
- Such applications use screen-scraping processes that require customers to provide account credentials to acquire financial data
- The US Treasury released a report to the Bureau of Consumer Financial Protection recommending firms to adapt API technology instead
The US Treasury report highlighted the risks associated with screen-scraping technology, as its processes “increase cybersecurity and fraud risks as consumers provide their login credentials to access FinTech applications.”
The push to move towards API technology means more effectively and securely transmitted information, “[a]s such, financial services companies can potentially deploy APIs that allow for the inclusion of robust security features, greater transparency and access controls for consumers, improved data accuracy, and more predictable and manageable information technology costs.”
The security of open API technology allows open banking systems to thrive and promotes the opening up of new channels of FinTech innovation and tools for consumers to securely manage their financials.
The only visible security concern so far with the use of open APIs is the introduction of malicious third-party applications that can tamper with a users’ account. However, especially with regulations being established surrounding these third parties in countries like the UK, only certain service providers will be licensed to be on the marketplace.
API technology is seen to be the key to opening the doors for third-party FinTech applications to enhance and commoditize the financial services sector.
So with all the components of open banking sounding concrete, why has implementation been so sedentary?
Not as Seamless as it Seems
While the concept of open banking has reached global ears, not all markets share the same enthusiasm and seamless integration as others.
Legislation Efforts from European and UK Markets
In attempts to push open banking and API innovation to the forefront, legislations and directives have been adopted in both European and UK markets, with a focus on banks’ compliance to share data.
- In Q4 of 2015, the European Banking Authority (EBA) issued an amended Payment Services Directive (PSD2) that outlines the rules and regulations surrounding plans to endorse open banking technology
- In Q3 of 2016, the UK Competition and Markets Authority (CMA) announced regulations that mandated nine of their largest banking institutions to allow vetted third-parties access to financial data through API technology
- The nine UK banks, also known as the CMA9, include Barclays plc, Lloyds Banking Group plc, Santander, Danske, HSBC, RBS, Bank of Ireland, Nationwide and AIBG
However, it seems that most financial institutions are having a hard time meeting the implementation milestones that were outlined on paper.
Banks across Europe have also been facing difficulties aligning their preparations with the checkpoints of the PSD2; with the final deadline for banks to request an exemption from mandatory implementation of contingency API processes passing last month, the final deadline for PSD2 compliance on September 14 is fast approaching.
In the UK, most of the CMA9 banks have requested extensions to their legislated deadlines, which originally encouraged early adoption of open banking processes to underpin the PSD2.
Imran Gulamhuseinwala, Trustee of the Open Banking Implementation Entity (OBIE) commented on the delayed implementation of CMA9:
“While we are aware that the Open Banking programme has ambitious and challenging timescales, it is disappointing that some banks have needed more time to deliver some important new Open Banking functionality to their customers.”
Even with the slow adoption so far, however, Gulamhuseinwala remains optimistic about the future of open banking in the UK, “overall it is clear that Open Banking is gaining momentum and traction, with innovative new products and services launching which will ultimately help customers move, manage and make more of their money.”
Concerns from Legacy Banks and North American Markets
Across the ocean, North American markets are taking a less regulatory approach so far.
US regulators have been taking a relatively uninvolved approach to open banking, with financial companies being left with the onus of establishing sector standards for themselves. Some say US adoption can instead only be facilitated through large companies providing the platforms for open banking innovation.
Without a heavily mandated directive or legislation, the US aims to promote innovation from third party businesses through providing a free-form environment, but may instead cause more delays in popularizing open banking.
Despite the lack of regulatory dialogue, action towards open banking adoption in the US is being seen; large American banks including Wells Fargo and JPMorgan Chase have initiated collaborations with prominent FinTechs to form divisions tasked with pushing open banking innovation. JPMorgan Chase has already signed a data-sharing agreement with fintech company Plaid, and Finicity has joined agreements with Wells Fargo and USAA.
In Canada, though legislation has not taken place yet, the Department of Finance announced plans to adopt a similar approach to the UK and lay down concrete prescriptive action in around a year’s time.
Darryl White, CEO, BMO Financial Group comments, “[i]f we can figure out how to solve for security, transparency and control, we can have an open banking system in this country that could work very well, in my view.”
With the slow API, adoption is seen worldwide, the most mitigating challenges in implementation lie in changing the heavy infrastructure of the banks involved. Pushing the technological changes onto legacy banking infrastructure means grappling with complex operating frameworks, manual systems, and regulatory risk and compliance, requiring the implementation process to be slow and thorough.
Looking to the Future
With open banking’s potential for creating new lucrative business channels and competition that will benefit the consumer, businesses looking to adopt API technology in their operating models should focus on extending their technical capabilities, but also to consider their place in a new, consumer-based competitive market.
Open banking technology is starting to resemble a global disruptive force in mobilizing financial service innovation, and it will change how financial institutions engage its consumers, however tangible progress on adoption has yet to reach mainstream channels due to legacy banking models.
Banks must act fast to take advantage of the opportunity to expand their services framework with consumers, and go beyond committing to the bare minimum open banking requirements.
Although the implementation of API technology and open banking processes are looking slow around the globe, it still is a disruptive pursuit that businesses and consumers should anticipate for.