Open banking is an $8 billion-plus revenue opportunity and one of the most seismic shifts in consumer and commercial finance technology in decades. Throughout open banking, two or more parties have access to banking data through an application programming interface (API). The goal of open banking is to improve the consumer experience. Let’s take close look at the origins of open banking, its uses, regulations, hurdles, and potential solutions.
What Is Open Banking?
Open banking aims to create a harmonized portrait of a person’s entire financial life. It relies on partnerships between two parties: Traditional banks and third-party providers (TPPs). The TPPs are often fintech startups who want to create innovative financial planning and asset management products, such as apps, make it easier for people to manage their finances. Some examples of open banking apps are budget planning programs, which pull data from a person’s bank accounts and credit cards.
The end goals and benefits of open banking are numerous. Most importantly, though, it holds the potential to create a single, unified platform for people to manage every money-related aspect of their lives, empowering savvier yet convenient financial decision making.
1. How Does Open Banking Work?
Open banking only works when traditional banks and financial institutions share consumer data with a TPP. The safest way to do so relies on open APIs.
APIs have existed for years. They allow divergent pieces of software to communicate with each other instantly.
What are the key advantages of APIs for open banking? They enable communication without revealing a user’s account credentials — meaning third parties do not receive or store usernames, passwords, and data.
Currently, there are three types of APIs:
- Public: Public APIs are the most relevant for open data banking. These are the platforms that allow TPPs to access consumer data from a bank without actually saving and storing it.
- Partner: Partner or B2B APIs are designed for two or more specific businesses and allow for the ready exchange of enterprise data. The applications are particularly effective for vendor-to-vendor communications, enterprise resource planning, and producer-retailer-reseller relationships.
- Internal: Internal APIs are proprietary, used by and within a single organization to more safely manage its own data.
All thee types of APIs decrease the significant cybersecurity risks associated with storing and protecting consumer information. TPPs get access to consumers’ information via a bank-maintained authentication token. The bank or financial institution itself is still the managing gatekeeper of any data, reducing the risk of replication of private information.
2. When Did Open Banking Start?
Open banking reforms began in Europe and the United Kingdom around late 2016. Regulatory bodies recognized a growing demand for greater transparency and security around consumer data, particularly essential information such as someone’s online banking and financial records.
It wasn’t until the United Kingdom’s Competition and Markets Authority stated the country’s major banks had one year to develop a viable open banking API platform that the technology took off.
Today, countries like the United States, Australia, and China are emerging players in the open banking narrative, although they still lag behind their European counterparts in several ways.
Where Is Open Banking Used?
A handful of countries have already positioned themselves as leaders in the open-banking-as-a-service revolution, with government regulations, private institutions and consumers themselves adapting accordingly.
1. United Kingdom
The United Kingdom is known as the world leader in open banking. The U.K. made open banking law as early as 2016. At that time, it gave major banks and financial institutions just over a year to develop an API framework that would communicate with authenticated TPPs.
The country’s Competition and Markets Authority maintains a website dedicated to helping consumers understand open banking. That website also maintains the most up-to-date list of banks currently operating with open banking systems. It also provides detailed instructions on how consumers can give TPPs consent to their data as well as how to request and make payments.
- Major financial institutions involved: The three largest banks in the U.K. — HSBC, Lloyds and the Royal Bank of Scotland — saw the most immediate pressure to rebuild infrastructure to meet compliance. Other banks mandated for open banking include Bank of Ireland, Danske Bank, Santander, and Nationwide.
- Major regulatory standards: All TPPs must be pre-licensed to request authorization from open-bank institutions. In other words, startups or entities cannot start asking banks for consumer information without having pre-authorized agreements with those banks, plus a government-authorized license. What’s more, consumers themselves must give clear consent for each TPP transaction requesting their data, per broader GDPR requirements.
- Overall consumer opinions: According to U.K. consumer surveys, the majority of people (63%) are happy with the services delivered by their current banks and are hesitant to use other institutions. Yet many are unaware that open banking is designed for them to still use their bank’s app or platform as their primary financial portal. What’s more, three out of four people (77%) are wary of outside institutions accessing their financial data.
The European Union mandated open-source bank infrastructure in January of 2018. Overseeing the change is the Payment Services Directive 2 (PSD2), a governing body already responsible for managing the E.U.’s payment services industry.
- Major financial institutions involved: Ahead of PSD2’s deadlines, major banks such as Denmark’s Saxo Bank, Spain’s BBVA and Scandanavian Nordea have launched open banking platforms. Many specialize in account aggregation, allowing customers to see all bank and asset accounts conveniently in one portal.
- Major regulatory standards: As with the U.K.’s open banking legislation, TPPs can only access consumer information if the consumer first gives direct consent and if the TPP holds open-data banking licenses.
- Overall consumer opinions: Some consumers are lukewarm about additional TPP verification work on their part. For example, in-person and online purchases over €30 will now require two-step authentication ranging from biometric fingerprint scans to manual passwords and card readers, making the purchases people already make more cumbersome.
3. United States
Open banking is beginning to catch on in the U.S.
- Major financial institutions involved: U.S. banks like Citibank and Wells Fargo have rolled-out APIs in several customer usage categories, allowing third-party integration with select TPPs. However, many of these are invite-only for an exclusive set of developers selected by the banks, such as Intuit’s new data accessibility agreement with Chase and Wells Fargo.
- Major regulatory standards: Open banking is currently “encouraged” by the Consumer Financial Protection Bureau for U.S. financial institutions, though not mandatory. As of today, 2010’s Dodd-Frank Act remains the closest set of compliance standards relevant to consumer data exchange and consent.
- Overall consumer opinions: Almost half (48%) of Americans age 18-21 see the value of open banking, compared to only 23% and 7% of middle-aged and elderly consumers, respectively. Combined, about 22% of Americans are “open” to open banking but have serious concerns over data privacy.
Institutions in Japan, Singapore, Hong Kong, and China have led the way in bringing open banking as a service to the public. Adopting certain platform models and features from Europe and the U.K.’s success cases, these countries lead the way in digitizing financial services in their respective regions. In fact, many industry watchdogs expect Asia’s open banking platforms to outserve and outmaneuver the earliest versions in the west.
- Major financial institutions involved: In Hong Kong alone, over 20 financial institutions have launched first-phase APIs for various customer segments and products. In China, things have developed even faster, with all of the country’s major banks now maintaining APIs, as of October 2019. Other influential institutions — such as Thailand’s Siam Commercial Bank and Singapore’s DBS — have also followed suit.
- Major regulatory standards: Similar to the United States, many of these innovations have been commercially driven, launched by private banks seeking to corner the market before competitors. Countries like Japan, South Korean and Singapore have gone one step further, with financial regulators creating API “playbooks” encouraging API developments and perimeters.
- Overall consumer opinions: Asian consumers have long practiced the most digitally integrated payment ecosystems in the world. Already embracing full-service digital banks and mobile payment platforms, Asian consumers are often first adopters of cutting-edge cashless transactions, which open banking fits perfectly into.
Open Banking Issues and Regulations
In the United States, regulations and usage standards lag behind the U.K. and the E.U. Many predict the country’s open banking revolution will be industry rather than regulations-driven. This method of change — like any industry disruptor — comes with pros and cons.
1. Data Consent
Worldwide, consumers are more concerned than ever with their data’s privacy and usage. Following data scandals such as the one involving Facebook and Cambridge Analytica, the public is wary of handing over personal information to third parties without transparent usage agreements that they can actually understand.
2. Data Protection
Following on the heels of affirmative data-sharing consent is the demand for robust data protection. In an open banking ecosystem, the onus for data cybersecurity rests almost entirely on banks. Many financial institutions will have to reinvest and innovate cybersecurity operations to account for the API-driven token models, a significant change for many. In fact, 76% of today’s banks cite customer data security and privacy as their top open-banking concern.
Though more secure than handing over usernames and passwords, token-authenticated API systems still have risks, such as:
- Bank data breaches
- Insider threats at banks and TPP fin-tech companies (e.g., employees mismanaging TPP access requests)
- Hackers using licensed TPPs to access customers’ accounts maliciously
3. Infrastructure Compatibility
The safe, streamlined exchange of data is at the heart of successful open banking operations. To perform this, though, banks must ensure their own apps and web portals are compatible with current and future TPPs.
Incompatibility between bank’s legacy systems and fin-tech startups’ presents a serious — and expensive — hurdle to user account aggregation, one over half of surveyed fintech leaders already experience.
4. Public Sentiment
User adoption is critical for open banking’s viability in the United States. Companies might face an uphill battle to assure consumers they’ll store, use and share data responsibly.
To placate public trust, banks and their partner TPPs must develop cutting-edge authentication controls, follow cyber incident and fraud protection best practices and clearly communicate data transfer policies to customers. Messaging that misses these marks will only fuel fears.
5. Regulatory Complications
The United States currently has six major bodies involved in finance and payment industry regulation — plus dozens of smaller, localized agencies. For comparison, the U.K. has two, and Australia and the E.U. one.
The crowded regulatory environment, plus a general aversion to banking industry red tape, has slowed open banking progress in the U.S. to a degree. Private institutions see the strategic advantage of offering open-banking amenities before their competitors yet currently have no direct government protection or persuasion to do so.
Open Banking Use Cases
Despite its implementation and adoption hurdles, there are clear instances where open banking is moving the needle — both for specific business functions as well as entire industries.
1. Customer Experience
Proponents of open banking compare the movement to a supermarket. Consumers will be able to hand-select the exact apps and services they want — just like they hand-select cereal, salad dressing and frozen pizza when buying groceries. The personally curated tech buffet presents numerous advantages to the consumer across their banking and financial planning experiences, including:
- Bolstered account and identity fraud protection
- Greater visibility into spending habits and behaviors
- Instant access to market investments, bank accounts
- One cohesive online and in-person payment method
Insurance lenders stand to use open banking for new insights into secure loan terms and more profitable handling of accounts. Agents can see the most complete, dynamic and up-to-date portrait of an applicant’s finances. Using that data, those in the agency can make the soundest lending and insurance decisions possible — for both their clients’ best interests as well as their business’ stability and reputation.
Open banking’s networked accounts also benefit insurance recipients. On their end, consumers have unparalleled visibility over personal spending behaviors and timelines. This begets better decisions about loans and debt, as well as consumer education on credit scores, interest rates, premiums and deductibles, and other relevant but often misunderstood finance and insurance terms.
3. Financial Services
Open banking’s framework stands to revolutionize financial services. This isn’t hyperbole, but rather a direct result of its business model inherently reliant on financial institutions — not intending to eliminate them. In simpler terms, without banks, there couldn’t be open data banking.
The onus is then on banks to provide a robust and user-friendly platform with the broadest array of financial products available for customers. Since people will have more choice than ever to weave between new fin-tech apps, integrations, and innovations, banks will be pressed to build the most competitive hosting platforms to encourage clients to remain with them. Already, we see a handful of banks worldwide creating such networks via proprietary account aggregation platforms, ones eventually allowing their customers to review all of the following at once:
- Core banking accounts
- Payment services and networks used, such as credit card providers
- Private and commercial loan histories
- Investment portfolios
- Bank apps and experiences
4. Small Businesses
Like private consumers, small business owners will have new and rich visibility over the financial realities of business decisions, such as taking out loans for expanding to a second location. That information also makes understanding commercial loan and payment terms far easier while simultaneously reducing the administrative costs and subject matter expertise needed to manage such finances. Likewise, business owners can create the most practical yet attractive loan applications possible, expediting timelines on receiving money from lenders and ensuring business needs are met.
Build an API Platform for Your Organization
Hydrogen assists forward-thinking organizations in developing their own dynamic APIs and applications, ones designed to beat competitors’ product strategy and preempt — not react — to the open-banking revolution.