You may have borrowed from a bank to buy a home, and you probably use your checking account for making most of your monthly payments. But technology is increasingly creating options to maximize the value you get from your bank, beyond those basic services. With open banking, third-party providers (TPPs) can help you save money, borrow more easily, and pay painlessly. In the UK, regulations already require banks to cooperate with authorized TPPs. In the United States, some banks voluntarily make data available, and that trend is likely to continue, with or without it becoming a requirement.
What is open banking?
Open banking is the practice of enabling secure interoperability in the banking industry by allowing third-party payment services and other financial service providers to access banking transactions and other data from banks and financial institutions. Third-party organizations are able to access the data through the use of application programming interfaces, or APIs. As the global economy continues to evolve, open banking is becoming more popular, because it allows for faster, more secure transactions anywhere in the world and it gives consumers more opportunities, through the use of third parties, to manage their finances.
Open banking is enabled by a series of technologies, regulations, and services that aim to allow developers to create new banking services, new banking business models, and new commerce capabilities. New customer expectations and technology-centric regulations are important lubricants for open banking to thrive. Three forces combine to make the open banking dream possible: changes in banking regulation, changes in culture, and changes in technology.
For the consumer, open banking promises to provide more choices, better service, and frictionless commerce. For example, you might want to use Amazon, Paypal, and Facebook to send money or gifts securely to friends with a simple click or swipe. No more logging in to your bank to enter payee details or account numbers; just click “send $200 to Ruby,” and you’re done. Or, instead of clicking, ask Siri, Alexa, or Cortana. A second example would be when you want to use a third-party financial planner who needs secure access to your accounts.
In open banking, that third-party financial planner could securely access all your spending habits with no hoops for you to jump through to make that happen. Risk and compliance used to be portrayed as a thankless and challenging job, replete with legal, technical, and cultural complexity. New technology and tech-centric regulations provide a wind beneath the wings of developers making banking systems more agile, intelligent, and automated — and perhaps for the first time — cool.
How open banking works?
Open banking allows third-party payment service providers and other financial service providers to access the personal and financial information of their customers’ banks. Before this can happen, the customer must grant access to the sharing of information, usually via an online consent form following a terms and conditions agreement. The third-party providers then access the relevant shared data via exposed APIs.
Those APIs are able to process transactions from one bank to another without requiring the tedious steps consumers have had to take in the past. APIs can also look at a consumer’s transaction history to help identify relevant products and services that personalize the customer experience. Examples include a new credit card that offers a lower interest rate or more cashback than their current one, or a savings account that earns more interest than the consumer’s current savings method.
At the heart of every open banking API call is data, so agile access to data is the first port of call in any innovative system. But although every fintech business wants an agile, efficient, scalable data lake, most have a data swamp: balkanized data sources, a mix of old and new, real-time and streaming data, and a maze of organizational barriers. Combatting this requires an efficient integrated system. Before you can expose the data in your applications via APIs, you must first ensure that you are working with a complete, accurate view of all the data and that the data that users are working with is fresh, accurate, and up-to-date. That is the value of integration. Once integrated, the data in your applications can be exposed securely and directly via APIs.
There are generally two ways to accomplish this data integration: application integration or data virtualization. Physical integration enables the APIs to call directly to your backend systems in a secure way. On the other hand, data virtualization is exactly as its name sounds. You use an integrated virtual layer of your data instead of physically combining all your sources. Data virtualization allows teams to turn dozens of independent data sources into one virtual data warehouse with nearly the same performance as a single system. So, instead of over-using ETL to create a bigger data swamp for APIs, data virtualization leaves data where it is. This provides a unified interface to customer information as if it was, indeed, a single system. Both integration solutions can be considered to help you take your data swamp.
Benefits of open banking
One benefit of open banking is the ability to connect data (via APIs) from several accounts in order to efficiently share between financial firms, consumers, and third-party payment service providers. This has slowly been reshaping consumer experience and the competitive landscape of the banking industry, due, in part, to disruptions from third-party providers.
The ability to access networked accounts is beneficial both for the consumer and the institution. Lenders can get a better understanding of their consumer’s situation through a comprehensive view of their finances, helping them assess the risk level and offer optimal account terms. At the same time, it helps the consumer gain a better understanding of their own financial situation before making any financial decisions.
Digital natives entering the marketplace expect real-time customer service from their financial providers. Firms can take advantage of new technologies to streamline costs. Faster time to market with new products.
Open banking’s impact on the market
Open banking benefits small businesses over the market leaders because it opens up new avenues for opportunity. New businesses can now enter the market with smaller, more affordable alternatives to traditional financial services. Larger, established banks will have to work hard so as not to be disrupted by the market newcomers. The intent of this is to drive down costs while encouraging the adoption of modern technology and improved customer service. Rather than simply administering financial transactions, taking advantage of open banking can allow all institutions to form relationships with their customers.
Risks associated with open banking
The safety and confidentiality of finances, as well as other personal data, is a top priority both for users and financial institutions. However, as with any digitally-based service, there is always the potential for data breaches. APIs are not without a certain amount of risk, with most concerns stemming from poor security, hacking, and insider threats. The existence of malware designed by third-party app providers to infiltrate an account and wipe the data remains an issue as well. There is also the concern of payment service providers mishandling their own customers’ data to gain an advantage in the market.
Today’s API security technology is very advanced and an ideal fit for the needs of open banking. It has robust authorization and authentication capabilities to manage API access and traffic. The key capabilities include Single system management of traffic for all gateways, including embedded micro gateways. You can define access and security policies like rate limiting and throttling between different consumers. Robust security standards such as OAuth2, HTTPS, JWT, HMAC, XML sig, Kerberos, CORS, WS-I, and ISO 27001. Along with today’s robust security standards, many countries have taken steps to mitigate the security risks of open banking by putting regulations on the industry. For example, the European Union has updated its Payment Services Directive, specifically addressing open banking practices in the PSD2.
Risks aside, traditional banking is falling to the wayside in favor of open banking and the entrance of smaller, non-traditional institutions ready to compete in the market. Those that try to adapt to new technologies rather than those who maintain the status quo will have more success in the long run.
Case study of Africa
Let’s talk about how open banking is creating a revolution in Africa’s economic landscape, as reported by ‘PYMNTS’. According to International Monetary Fund (IMF) data, there are more than twice as many mobile money accounts as there are bank accounts across the countries in that part of the world.
In Mali, there are 935.6 registered mobile money accounts per 1000 adults, which show an exceptionally high level of technological penetration. However, the same data shows that the number of depositors with commercial banks is just 195.1 per 1000 adults.
These numbers may suggest that open banking is facing a dead end on the continent, as it is still lacking a considerable base of account holders for it to be worthwhile.
Some of Africa’s biggest banks are betting big on APIs that enable Fintechs to access their data and services. The rest is following the traditional account-to-account payment method and it is proving its value even among the unbanked population.
As per Ecobank’ FinTech lead Djiba Diallo, the pan-African bank’s open banking strategy is as much about expanding the reach of its services and allowing third parties to build on top of its infrastructure as it is about enhancing the offering for existing customers.
“It’s about connecting the bank’s services or enabling fintechs to connect with the bank’s services, be it for enabling payment, be it for collecting money, [opening] accounts or to create tokens to withdraw money on our ATMs,” Diallo explained to PYMNTS.
Elaborating further, she said that Ecobank partners with telcos and mobile money operators to allow them to leverage its technology and services, apart from creating useful products that can be used to withdraw cash from ATMs and for digital payments.
Across Africa, banks are growing their API catalogs and creating sandbox environments to embrace mobile money and allow fintechs to tap into their payment rails, ATM networks, account opening and lending services.
These solutions are helping the fintechs to hold the most potential for segments of the African population which were outside the traditional banking ambit in the past.
Richard Southey, the chief digital experience officer at pan-African bank Absa, told PYMNTS that “open banking kind of plays are important in that banks on their own are never going to be able to develop all the bespoke applications, which are going to be important towards an informal trader, for instance.”
“Fintechs are starting to solve those problems [and] we are seeing more and more banks getting involved putting out API marketplaces for fintechs to climb on to,” he added further.
While Ecobank was moved to open up its infrastructure to third parties to enable the fintechs to reach new customer segments that the legacy banking model has traditionally underserved, many African countries are also considering a governance pattern in this sector, similar to what the European Union has in form of a second payment services directive (PSD 2).
That particular reform helped Europe’s open banking movement as it created a legal mandate for banks to share account data with authorized third parties and allow payment initiation via open APIs.
In October 2021, the Central Bank of Egypt (CBE) adopted a new set of regulations governing the country’s Instant Payments Network (IPN).
These rules allowed approved mobile phone applications to provide payment services and instant transfers, and revealed the mobile-centric nature of Africa’s open banking sector approach.
The Central Bank of Nigeria has now a “Regulatory Framework for Open Banking”, defining how the country’s banks should approach data sharing with third parties.
In a strategy document for 2021-2025, the Central Bank of Kenya (CBK) also hinted that an open banking mandate would come soon.
“CBK will work to define standards for effective and appropriate API development and mandate robust but secure data portability in the market,” the five-year plan said.
Regulatory-driven approaches in two major parts of the world
In July 2018, the Hong Kong Monetary Authority issued an ‘Open API Framework’ and listed out a four-phase approach for banks to implement Open APIs. It starts with product and services-related information sharing, and concludes with sharing of transactional information and payments initiation services. While banks will be required to develop APIs, they will be able to restrict API accesses to those Third Party Providers with which they choose to collaborate.
In Australia, like other Open Banking initiatives, the upcoming Consumer Data Right Act (CDR) will allow consumers to share their data with authorised Third Party Providers. The CDR will be applied to the financial sector first, followed by energy and telecommunication arenas and steadily will cover all areas of the formal economy. The CDR is also the first Open Banking legislation to introduce the concept of ‘reciprocity’.
Under the ‘reciprocity’ clause, a system will be created in which all eligible entities will participate as data holders and data recipient, in order to create a ‘more vibrant and dynamic’ digital economy. The policy supports the principle that an accredited data recipient should also provide equivalent data, when customer asks for it.
A Deloitte report says remarks that open banking initiatives are still in implementation stages. It pitches for companies and financial regulators to raise consumer awareness. Even the creation of a safe and fully functioning cross-industry data sharing ecosystem will take a huge amount of time.
While the barriers between financial services and other industries break down, firms’ relationship with their customers, along with the distribution of risk and liability between firms and sectors, will change as well. The report advocates the regulators to “break down their own sectoral and geographical siloes and put the protection and fair use of customer data at the top of their agenda.”
Financial services firms wishing to participate in this open banking ecosystem will need a radical review of their long-term strategies, along with a fair assessment of their technological and operational capabilities. They also quickly need to realise that putting customers in control of their data is going to be the perfect way ahead for the sector.