Introduction to the Open Banking Phenomenon
Time to Read: 9 minutes
- An introduction to open banking, its key concepts, and implications for payments industry participants
- A framework for understanding open banking principles
- Adoption and usage statistics
What is Open Banking?
Over the last few years, the concept of open banking has gained popularity with numerous banks and fintechs eager to upend the traditional banking experience. Driven by regulation and market dynamics, open banking is taking root around the world. To guide this global phenomenon, open banking regulations are going into force in Russia, China and Southeast Asia. Mexico, Brazil and Japan have announced their plans for formal regulations. In the U.S. open banking has primarily been market driven, however the CFPB has signaled their intention to propose regulation.
In light of these announcements and already existing regulations in Europe (PSD2 and GDPR) and the U.K., we at Glenbrook believe it is useful to provide an introduction to key open banking concepts for those not already familiar with the topic.
At a fundamental level, open banking is the permissioned exchange of banking information from traditional financial institutions to third-party providers (TPPs) in order to facilitate innovative applications and services. Third-party providers can be defined as organizations or intermediaries using APIs to access customer financial data or as providers using this data to create new products and services. Examples of TPPs include:
- Financial Institutions
- Payment Service Provider
- Credit Rating Agencies
Glenbrook’s framework for understanding open banking principles consists of three C’s: Control, Competition, and Choice:
- Control – Open banking recognizes that consumers are the owners of their data, have the authority to grant permission to third parties to access that data, know where their data is being used, and have the ability to revoke permission at any time.
- Competition – Open banking increases competition on multiple fronts. Breaking the former monopoly on customer data, TPPs can create innovative products and services that challenge financial institutions as well as other providers. Furthermore, by reducing the burden associated with switching banks, consumers can more easily move accounts, forcing financial institutions to compete to attract and keep customers by providing the best experience.
- Choice – Building on the tenets of control and competition, open access to customer data creates a foundation for innovation, which in turn gives consumers more choice when it comes to the financial products and services they use.
Implications for Payments Industry Participants
Open banking carries the potential to disrupt key members of the financial services industry. In most cases the participants—FIs, TPPS, and consumers—enjoy clear benefits, but those benefits come at an asymmetric cost:
- Financial institutions will have to invest time and resources to API-enable their core systems. Such overhauls require a massive level of effort and investment.
- TPPs will have to integrate with the financial institutions in order to create compelling customer use cases. In some cases, financial institutions will be working on both simultaneously.
Financial institutions, with their traditional monopoly on customer financial information, are the party with the most to lose. By exposing customer data and payment initiation capabilities to third parties, financial institutions face the salient risk of relegation to a background, purely utility role while the customer relationship shifts to the TPPs. The TPP builds the new improved customer experience while banks are stuck holding deposits and performing back-office tasks like compliance.
However, opportunities exist for banks in the open banking world. Smaller financial institutions and credit unions and large commercial banks can all benefit, with creative opportunities for innovation and partnership. However, financial institutions will not experience the paradigm shift the same way:
- Smaller financial institutions and credit unions remain dependent on their core processors for enabling open data access via new APIs. Furthermore, these institutions almost always lack the budget and resources to execute a digital transformation.
- Large commercial banks carry the two-fold burden of updating their infrastructure to enable data access through APIs while creating products and services to compete with other financial institutions and new third-party providers. They benefit, on the other hand, from large customer bases and established channels to expose new products and services.
While banks are required to provide access to TPPs—by regulation in some jurisdictions, by the market in others—there are no restrictions on banks acting as TPPs themselves. This means that banks can take advantage of other providers’ APIs to build a better customer experience for their own users. In the UK for example, HSBC shifted its open banking ‘Connected Money’ app that includes account aggregation and folded those capabilities into its base mobile banking app. Barclays recently went further and created a payment initiation use case, which allows consumers to make payments from other financial institutions within their Barclays interface. In the U.S., banks have released their own APIs and developer portals for other banks and fintechs to leverage. Examples include Capital One, Wells Fargo and Citi with numerous financial institutions using open banking and APIs to improve the customer experience.
API-enablement lets financial institutions improve technical efficiency. Screen scraping is taxing on physical infrastructure as a result of its high data load, bandwidth, and data storage requirements. Jeff Bezos famously required all departments within Amazon to expose data and functionality via APIs or risk getting fired. As a result, the business enjoyed enhanced internal performance and the opportunity to expose functionality to third parties. While initially daunting, wise banks are following the same path.
Finally, where not restricted by regulation, financial institutions can monetize open banking. Depending on the data value and the quality of the API access, organizations or developers may be willing to pay a premium for enhanced API access.
Neobanks are arguably the greatest beneficiaries of open banking. Digital-first and built on modern tech stacks, neobanks are able to easily digest banking API’s and provide real time account updates. Use cases vary by region with more mature models existing in markets driven by regulatory requirements. In the UK, for example, Atom Bank announced a partnership with Plaid to provide small business loans. With access to historical transaction data and Plaid’s Payment Initiation API, the bank can streamline the lending process and provide real-time decisioning. In the U.S., many neobanks are forming partnerships with data aggregators to fund customer accounts and perform account verification/validation functions. As adoption of open banking APIs expands around the globe, we expect to see even more uptake and nuanced use cases take flight.
All participants of the payments and financial services ecosystem can participate in open banking as TPPs, an inherent characteristic of the new regime. Fintechs, networks, financial institutions, merchants, and even credit rating agencies can actively participate as both users of the information exposed by APIs to improve internal processes and as providers of new products and services. Arguably, any actor in the payments value chain can use open banking to its advantage.
Third-party providers, represented by both incumbents and new players, see ample opportunity in the market. Access to customers’ permitted financial data, previously enjoyed only by financial intuitions, creates opportunities for new business models, products, services, and revenue streams.
Potential examples could include:
- A fintech such as Wealthfront might use a bank’s “Customer Data API” or a data aggregator such as Plaid or Yodlee to get permissioned access to consumer banking information in order to drive a personal financial management (PFM) app.
- TAB Bank leveraging Mulesoft’s Anypoint Platform to quickly process small business loans. The bank could connect to MuleSoft’s APIs to get real time banking data and speed up lending decisioning for its customers.
From independent app developers to large technology companies (e.g., Apple, Facebook), open banking has leveled the playing field for delivery of financial services and what those services look like. Having greater variety in providers with unique perspectives and resources increases innovation and improved products. With a clear view of a customers’ finances, consumer-centric TPPs can provide targeted offerings that should increase customer loyalty and improve the customer experience.
A key challenge TPPs face is in implementing open banking APIs, and in cases where they do not exist, weighing the risks and benefits of alternative data access methods. Despite regulation in some markets, there is still fragmentation and lack of standardization in open banking API offerings. For example, in the EU, PSD2 did not mandate specific standards. Rather, various standardization efforts emerged such as the Berlin Group, the Open Bank Project, and the Open Banking Implementation Entity. In the U.S. there’s several industry associations advocating for standardization. The most notable is the Financial Data Exchange (FDX), a consortium comprised of financial institutions, fintechs, data aggregators and industry participants that sets technical standards for open banking APIs. In cases where APIs are not available, many TPPs are still utilizing screen scraping to gather banking data into their applications, posing a large security risk for customers and banks.
The cooperation and coordination between financial institutions and TPPs benefits consumers and business customers alike. If open banking’s goals are realized, consumers will have more financial services and products on offer as well as improved functionality. They should benefit from better insight into their financial lives that enables them to make better choices and reduces the stress of financial management. The competition open banking enables, and the innovation it brings about, should raise the quality of products and services. Finally, in a world where real-time payments are more prevalent with funds pushed instantly and irrevocably from account-to-account, well implemented open banking should improve the security of consumer banking login credentials.
Despite the potential benefits, there are real risks in exchanging sensitive financial data. Without standardized security protocols, third parties are free to store and use data as they wish. Many third parties are still using old standards of data exchange and storage, which increases the risk of data compromise from bad actors. Even when third parties take the appropriate steps to increase security, there is still potential for other types of poor consumer outcomes.
As with any new technology, participants are still adjusting to the API ecosystem. In some cases, there are still issues with API availability leading to unsuccessful API calls. Downtime due to large-scale platform outages prevents consumers from accessing vital financial information, creating a poor customer experience, at best, and potential financial loss.
We’ve seen some key global indicators that demonstrate this increased interest in and adoption ofo pen banking across the industry. Financial institutions have responded with a massive spike in open banking platforms around the world. Developer adoption of the OpenAPI specification increased by over 68% between Q3 and Q4 2020. (Platformable). Adoption by consumers is increasing. The Financial Data Exchange (FDX), published their Spring 2021 API usage stats depicting steady growth in North America, touting 16M customers.
As we continue to witness higher adoption, we expect increased innovation and more sophisticated use cases within the space. There are opportunities for all parties in the value chain to benefit as long as steps are taken to address security and privacy concerns.
Questions for Stakeholders
Open banking offers substantial opportunities for third party providers such as fintechs, data aggregators and financial institutions. Incumbents tied to their existing business model face a looming threat. Some key questions remain for stakeholders participating in this ecosystem:
Third Party Providers
- As providers of products and services to end users, where are there opportunities to innovate? What are key areas of exploration and investment? How can financial institutions, account holders and other providers benefit from innovation in this space? Will fintechs be at the forefront of innovation or will third party providers rely on innovation from financial institutions?
- How can permissioned financial data be leveraged to improve business performance and aid in additional revenue streams? Are there additional opportunities to monetize data paired with unique product features or value added services?
- With APIs at the forefront of secure data exchange, do you have the technical capability to connect or digest proprietary banking APIs? What are you doing to ensure sensitive information is used appropriately and safe from data compromise?
- What types of strategic partnerships can be formed between financial institutions or other providers to gain additional customers and propel more sophisticated use cases? Who have you identified as competitors or potential partners in the space?
- What is the right strategic response to open banking? What role does your institution need to play? How well positioned are your existing partners to support an open banking initiative? What are your direct competitors doing about open banking? Is competition, cooperation or a coopetition-based strategy the right way forward?
- What services based on open banking and fintech can be brought in-house through internal development or through provider partners?
- Serving the fintech community requires specific technical and business competencies. What is your level of readiness to address this market? What strengths in the areas of compliance, risk management, network sponsorship, and technology exist? How long will the window be open to serve the fintech providers before their needs are met by other banks?
About the Author. Heather Cerney has followed open banking regulations around the world since its inception in 2015. Heather helps lead Glenbrook’s research on banking innovation and open banking initiatives. Her background is in banking, having worked at Wells Fargo and Bank of the West prior to joining Glenbrook.