U.S. financial institutions have been told for years that open banking is coming sooner or later. Bankers and credit union executives can be excused for regarding this with some trepidation.
The business case for open banking is uncertain to many. The downsides they find all too apparent, especially given that the rollout of open banking in Europe and elsewhere around the globe has been anything but smooth.
What does open banking really mean for U.S. financial institutions? Will it produce revenue? How can the potential pitfalls be overcome? And what has been the experience of institutions in jurisdictions where open banking is already law?
What Open Banking Means
Before we dive into the issue, let’s clarify what open banking really means. The concept is built on application programming interfaces (APIs), which have been operating on the web for 20 years. Salesforce was among the first to enter this space.
Many of us actually use APIs in our everyday lives and have been for some time. In their first decade, APIs enabled services like the photo-sharing site Flickr to allow embedding of photos in blog posts. One prominent early example was the API provided by Google Maps that allowed wedding guests the ability to see the directions to the event venue on the wedding site, rather than following a link somewhere else.
The use of APIs permeated the tech industry as Twitter and eBay launched their APIs in response to third-party software using scraping technology to collect and share tweets and product listings. This hit too close to home for many financial services companies.
Screen scraping technology has been around since the early days of the internet (and of online banking) and remains in active use, but comes with a number of problems. Most important of these, from financial institutions’ perspective, is giving login credentials to a third party without setting strict limits on that access, which is neither elegant nor ideal. But even companies known for their use of APIs, such as Plaid, have resorted to screen scraping when API connections were not possible.
Despite such drawbacks, APIs in their simplest form fulfill the promise of the early web. Far better than hyperlinks, APIs allow websites to be truly connected, and for data to flow in a controlled fashion from one repository to another. What traditional financial institutions are being pressured to do now is offer publicly available APIs for developers. Open banking takes this concept one step further as it explicitly refers to a regulatory framework mandating access.
- Fight Over Consumer Data Ownership Pits Banks Against Fintechs
- Open Banking Fintech Partnerships Required For Better CX
Regulation Opens Doors But Adds Complexity
Not surprisingly, the regulatory landscape regarding open banking is quite complex. Regulations already in place, such as the California Consumer Privacy Act (CCPA), which went into effect in January 2020, are already being rethought.
Proposed changes ease the burden on businesses considerably and weaken the stringent consumer protections as first envisioned. The end result will likely be a CCPA that is considerably less robust in its privacy protections than Europe’s General Data Protection Regulation, or GDPR. Still, banking institutions across the U.S. should do their best to abide by the general terms of these privacy protection laws and anticipate that similar regulations will eventually reach their consumer footprint.
In Europe, regulation around open APIs had been in the air for more than five years, but open banking only truly came into effect in September 2019 with the full enforcement of PSD2. European banks had plenty of warning, and many built robust suites of APIs accessible to developers, perhaps most notably BBVA. PSD2 mandates that banks open their data to third parties, as well as offering protections around customer data.
Some estimates run as high as 87% of countries offering open banking in some form or other, but these calculations typically count the U.S. as starting out on the path. The Open Bank Project reports 47 countries — or roughly 25% — around the world which have or are considering adopting open banking policies. The U.S. does have private organizations taking this seriously, such as NACHA, which sets standards for ACH interbank payments, and the Financial Data Exchange (FDX), which is looking at ways to securely exchange financial data while protecting customers and without resorting to screen scraping.
New Zealand is working on a set of shared API standards beginning with payment initiation and account access, and in 2019 conducted trial runs between banks and third parties to test those standards. New Zealand’s approach is market-driven and its stated goal is to bring financial innovations to market “more quickly and simply.”
An interesting corollary for this approach is how the U.S. handles real time payments. A banking consortium, The Clearing House, has built a real time payments network, but it is currently only used by a small number of banks, and reselling through the industry’s core vendors has had limited success. Meanwhile the Federal Reserve plans to bring its own real time solution to market, but implementation remains years away. The Clearing House argues that the Fed is stalling innovation by causing banks to wait to see which option is better.
A set of API standards from FDX (or Plaid, which Visa is acquiring) might invite a similar belated federal response, and bring about the same inertia.
What Open Banking Could Mean for U.S. Banks
The idea of building APIs and allowing access to consumer data can seem overwhelming to a bank but exposing the plumbing and piping of your back end arguably has many potential upsides as well, particularly in a financial institution’s ability to act as an enabler.
Ismail Chaib, advocate for open banking and Chief Operating Officer of TESOBE, a German company provides open banking solutions, notes that APIs are a way for financial institutions to offer new products. “With APIs, you don’t need to address all the needs of your customers,” he said. “You can get products out faster and improve the customer experience.”
This strategy and more building on it are why some of the larger and arguably more progressive banks in the U.S. like BBVA, Capital One, and Citi have taken a proactive approach to open banking by exposing dozens of APIs for developers and fintechs alike to access.
Chaib’s observation recalls a thesis put forward by Frank Rotman of QED Investors that in most industries, manufacturing has been separated from distribution for many years. Movie studios haven’t operated their own theaters for many years and factories do not sell pencils directly to consumers. Both rely on intermediaries.
Banking organizations can go about this in two primary ways. First is by serving as manufacturers of products, delivering them via third parties, as Green Dot has done with their checking account being embedded in the Stash app. Alternatively, institutions can serve as distributors of products created by fintechs or other vendors like what Lead Bank is doing offering Self Lender to their customers. The second model tends to be more common.
There are examples of Rotman’s thesis being challenged by digital-first companies such as Netflix and Tesla, both of which create products and then market and sell them directly to consumers, but their product lines are extremely focused.
Banking also differs from these narrow lines. Banking users generally require a broad swath of financial products and services. It is exceedingly difficult for a single institution to produce and distribute products as varied as peer-to-peer payments and home equity lines of credit that are both best-in-class.
Chaib points to the U.K., which is more than two years into its open banking journey. “Most of the CMA9 banks (the banks mandated to adopt open banking) offer account aggregation, better and more up-to-date credit scoring to accounting packages or cashflow management for SMEs, and PFM-type functionalities to their customers as a result of Open Banking,” Chaib said. “This is what open banking is about. New services, faster to market.”
In other words, for financial institutions to become truly engaged with fintech companies, an API strategy is required and it is best to have a proactive approach and strategy to open banking to differentiate from the competition. This concept shouldn’t be strictly limited to banks’ relationships with fintechs, however. Institutions need an API and data management strategy more broadly, to take part. The more proactive they can be, the better they are positioned.