How Open Banking Will Redefine Tomorrow’s Transactions
“Open banking” will soon be the backbone of our financial services landscape, driving consumer financial activity as well as financial institution service models. It will provide a level of convenience and value that today’s (and especially yesterday’s) traditional banks and financial services companies can’t even come close to meeting.
Let’s consider these three examples:
1. Applying for a Mortgage
How about a mortgage application process where you don’t have to serve as a middle person to pull together all the necessary financial records?
2. Managing Your Personal Finances
How would you like to empower personal financial management services to access specific details about your spending history, various asset accounts, loan and credit card balances, insurance policies, and other critical information so that you can get a personalized plan for promoting your long-term financial success?
3. Setting Up Automated Payments
How about an automated payment system encompassing all of your finance-related accounts and subscriptions to securely process purchases, payments, and other obligations?
Open banking does all of this and more by creating API-enabling interfaces between banks, financial institutions, and any other third-party providers (TPPs) or financial-related services that a user chooses to loop in.
After all, it can be argued that it’s our data, and we should be able to create the kinds of efficiencies in managing it and obtain the insights that lie within it for our own benefit.
The technology behind this next generation of financial service integration shares financial information electronically between institutions for purposes the customer can authorize and approve – access and integration that can’t be provided solely through a bank.
In other words, open banking offers unparalleled financial data continuity.
Open Bank Data Security
The initial reaction to the concept of open banking from many people outside the financial industry is to question the wisdom of creating what appears to be more points of access for more people and systems in more areas of a person’s sensitive financial history. It’s an understandable reaction and it’s right to be cautious and wary.
But we already face those kinds of data security risks every day with each of the dozens of accounts we maintain. Reputable APIs pose no more or less risk … plus open banking doesn’t require access to, or the use of, customer passwords as do the current aggregate systems.
The alternative, current financial aggregator systems are far less secure. They rely on “screen scraping” – a monolithic information-gathering practice that grabs far more user financial data from your accounts than is needed for any particular activity and then stores it, along with your account credentials, i.e., user names and passwords.
This process initially was used as a convenience for financial institutions so they didn’t have to reenter data. But the treasure trove of information that’s swept into those databases makes them ripe for exploitation, theft, and other fraudulent activities.
In contrast, open banking through APIs provides direct access to only the payment and financial account data needed for each task and without accessing the accounts via formal credentials.
Still, open banking security is important. That’s why we need a solid regulatory structure around it to ensure the systems utilize and integrate only approved trustworthy APIs and that the data they’re entrusted with is well-protected. Consumers must be able to maintain ultimate control of, and rights to, their data.
Most observers agree that it’s high time the Consumer Financial Protection Bureau, responsible for consumer financial data matters, gets more active in these matters to provide these assurances. Consumers want open banking. Banks and financial institutions want to offer it.
Open Banking is Over There
As this PWC analysis lays out, the UK has made the most headway with open banking, and banks there are required to cooperate with approved Third-Party Providers. The banking industry there began exploring the concept of open banking in 2016, taking a strong consumer service expansion approach.
The EU was working in this area at the same time, focusing on standards for consumer convenience and security to provide a framework for member nations to adopt in their own open banking policies.
But What About Here?
By contrast, open banking in the U.S. is still industry-driven, happening in the vacuum of government guidance as noted above. Many banks are working with core providers like FIS, Fiserv, and JHA that have already developed and continue to maintain the necessary, secure API-based infrastructure. Alternatively, banks have the opportunity to incorporate their own API tools on top of that core.
Additionally, industry groups are developing protocols for API security performance. Individual banks are working with core providers and fintechs to implement agreements on APIs and data usage. Millions of Americans are benefitting from these early adoptions of open banking
But public and institutional acceptance in the U.S. will lag behind much of the rest of the world unless a strong regulatory infrastructure is put in place that provides both consumer and institutional confidence to engage.
- Outlawing data scraping as a means to access personal financial data.
- Requiring fintechs and other participants to be authorized to engage in open banking services only after they demonstrate appropriate privacy, security, and liability protection.
- Prohibiting the use of customer data in ways not authorized by the customer.
This seems like a reasonable framework, and I believe we’ll see a similar regulatory structure emerge in the U.S. within a few years – after all, nothing happens quickly in Washington!
Within a decade, the average U.S. citizen will have a far more effective way to utilize their own financial data for personal financial planning, payments management, subscription management, personal loan activity, and to access a wider variety of financial products.
Certainly we have it in the U.K. But few people trust the banks and government enough to share our information between banks