OPEN BANKING: TRANSFORMING FINANCIAL SERVICES
TRANSFORMING THE FINANCIAL SERVICES INDUSTRY
Open banking is a major step toward transforming the financial services industry by enabling greater transparency and inclusivity through open data. Since 2016, the United Kingdom (UK) conceptualized open banking with the intention of encouraging banks to offer more innovative services and solutions to their consumers.
Open banking enables consumers' personal information to be shared between organizations in a standardized and secured manner as it attains the explicit consent of consumers. Through the use of Application Programming interfaces (APIs), third-party financial service providers can access the information efficiently and cost effectively thus enabling the development of innovative FinTech solutions. API is an interface that processes the user’s request and transfers the message to the system to perform a function. The concept enables interactivity between programs and systems by enabling interaction between applications, data, and devices; thus creating connectivity.
Figure 1: Open Banking Regime and Evolution of Financial Products and Services
Open banking allows for greater collaboration and integration amongst financial institutions and third-party service providers. Such tools enable aggregation, automation, and analysis ultimately creating a wide opportunity for third-party service providers to produce innovative business models and healthy competition in the market.
Existing market developments altered the demands and expectations of consumers interested in greater control and centralized access of their finances. Furthermore, the emergence of FinTech solutions accommodates the altered consumer demand with a focus on financial products and services that are convenient, accessible, affordable, agile, and most importantly secure.
Historically, financial institutions were the sole providers of financial services. However, competition has increased in varied markets with the emergence of new market players offering agile, innovative, and cost-efficient FinTech solutions. Open banking provides equal opportunities to incumbents and new Third Party Providers (TPPs) to compete through the authorized access of consumer data and bring consumers to the forefront of financial services.
By promoting open API infrastructure, through established rules, regulators can directly facilitate and enable innovation to better serve and protect consumers. Consumer data that has been siloed within financial institution will now be accessible to third-party service providers who would not have had access to such datasets otherwise. Access to data enables third parties to tailor their services based on analytics and unmet consumer expectations. Presently, there are two open banking modules; Account Information Service Provider (AISP) for accessing and aggregating account information, and Payment Initiation Service Provider (PISP) for online payment services. Below is a representation of how both modules operate.
The highlighted API modules allows third-party service providers to develop business models for various financial services solutions. Existing financial service providers and new market entrants can compete to improve the existing financial products and services delivered to individuals and businesses. Some examples include:
Individuals often face difficulty in comparing existing financial services in the market as there is no standardized way to display data. An open banking API could solve this problem as consumers allow a TPP access to their personal bank account data and the TPP's application would process the data in real-time, as opposed to the traditional approach of screen-scraping. The TPP's application would alternatively update the suggestions regularly and automatically based on the consumer’s bank account activity.
Personal Finance Management
Personal Finance Management (PFM) tools help consumers manage their money better through key tools including budgeting, predictive cash flow, managing spending, investments, and robo-advisory. Previously, organizations would screen-scrape the data from their consumers' bank accounts. With open banking, APIs can extract data from the consumer’s personal bank account, credit/debit card details, loans, mortgages, and other financial products to accumulate the data in one place and manage the individual's finances.
Access to Credit
When accessing credit, numerous documents and historical data are required to determine the credit score. An open banking API can simplify this process for individuals and SMEs to provide the TPP with relevant information to offer them the best financial product for their use. The information would be completed in real-time without the concern for data privacy.
Several businesses utilize online accounting software to reconcile and manage their ledgers. This approach requires consumer authentication to access the businesses’ bank accounts. With the use of open banking API, businesses can link their accounts to the TPP of the accounting service and share data seamlessly without delay.
Individuals often find it difficult to share bank statements in a readable format with other financial institutions. Open data enables financial institutions and TPPs to access bank statements helping speed up the processing of applications and thus enabling a more seamless consumer experience.
Individuals and businesses alike rely on their financial institutions to notify them of any fraud or misconduct occurrences with regards to their financials. With the help of open banking APIs, TPPs can now provide consumers with modern, efficient, and better means of monitoring account activity and notifying the consumer accordingly. By aggregating the consumer's financial information onto a single platform, the TPP can detect any fraudulent activity across varied accounts.
Through the gradual digitization of the financial services industry, an automated approach toward identifying consumers is crucial. Open banking can centralize consumers' digital identity profile to authorized parties within a network.
Open banking enables TPPs to initiate payments on behalf of the consumer and traditional financial institutions. This solution helps reduce the number of times consumers have to enter their credit/debit card details to initiate the payment on online platforms (Reynolds, 2017).
Open banking presents new opportunities and challenges for financial institutions and third-party providers alike. The benefits of open banking include:
Figure 2: Account Information Service Provider (AISP)
Figure 3: Payment Initiation Service Provider (PISP)
IMPACT OF OPEN BANKING
Within the open banking ecosystem, there are four key stakeholders;
Traditionally, financial institutions would access consumer information through screen-scraping. The method requires financial institutions to gain access to the consumer’s login details (for example the consumer's password or PIN code with their explicit consent) to access their accounts and analyze the available financial information or conduct payment transactions. With the use of APIs, however, financial institutions can now gain direct access to specific data without the need for consumer login details thus offering a seamless experience for their consumers.
Financial institutions already possess a rich database of consumer information giving them a competitive advantage against TPPs. Opening the data to the public, could either be an opportunity or a threat for incumbents. As an opportunity, access to constantly updated information will assist financial institutions to produce quicker informed decisions for the consumer, and for the consumer to make quick decision as well. However, competition entering the market thus forces financial institutions to keep up with technological advancements in order to maintain valuable relationships with their consumers. For example, a 2018 survey by global consultancy firm Bain & Company highlighted that 63% of 4,000 respondents in the UK were willing to provide a competing bank or FinTech access to their data (Bain & Company, 2018).
Open banking provides consumers with an advantage by having a centralized view of their financials and improve their decisions with a single open data platform integrating individual financial information from different service providers.
Open banking platforms aggregate data into a centralized space allowing consumers to review and compare products and services available in the market as well as utilize tools to better manage their finances, such as budgeting, advising, and bill payment. Additionally, consumers can make direct payments from their bank accounts through the payment service provider using the PISP model. For example, consumers can now simply provide the service provider access to their information to review account details when applying for a loan.
Furthermore, consumer protection is at the forefront of the regulator implementing open banking. Only with the explicit consent of the consumer can the TPPs access and share their financial information. This approach provides consumers with greater control over their finances and its distribution.
Open banking is optimal for those with mobile, online, and digital banking accounts. TPPs that provide similar solutions can leverage open APIs to access available consumer data and tailor services to market demands. TPPs can become regulated providers of financial services by being compliant with the jurisdiction’s open banking regulatory requirements (if applicable). With consumer authorization, TPPs can now initiate payments on behalf of consumers thus reducing transaction processing costs.
Open banking creates opportunities for TPPs to create personal finance management tools, targeting a niche in the market, and satisfying unmet market needs. TPPs develop APIs that utilize the open banking platform to analyze consumer spending and produce tailor-made recommendations accordingly using artificial intelligence, big data analytics, and other relevant technologies.
The support from regulatory regimes in regards to promoting the use of open banking platforms is a crucial factor that promoted authorization of data amongst key market players. Presently, as TPPs are relatively new market players, they have struggled to gain access to existing consumer data despite developing innovative solutions that are technologically advanced with a modern infrastructure. The implementation of open banking regulations, however, assists authorized TPPs to access data and thus tailor their services based on the data analytics of unmet consumer needs.
Open data within a network of authorized parties has inherent risks that could concern consumers especially with the existing focus on data protection. Such risks require the development of advanced prudential technologies that protect consumers from fraud, AML (Anti-Money Laundering), CTF (Combating Financing Terrorism), and other types of data misuse thus requiring strong governance of the open banking infrastructure.
OPEN BANKING REGULATORS
Varied jurisdictions have adopted individual approaches toward regulation open banking solutions. Below are examples of cases that are currently investigating and/or implementing open banking regulations:
The current state of open banking in the United Kingdom (UK) is in response to a lack of competition within the financial services industry as smaller and newer banks struggled to compete. The UK’s open banking regime is implemented through the CMA’s Retail Banking Market Investigation Order 2017, which requires the UK’s nine largest banks to provide authorized access to consumers' banking data through a secure platform (Gilbert + Tobin, 2018).
During February 2016, the UK’s HM Treasury launched initial guidelines on creating open banking data enabling an open banking ecosystem. By January 2018, the guidelines were amended to require an approval from the Financial Conduct Authority (FCA) to gain access to open APIs in the UK (PwC, n.d.).
The Monetary Authority of Singapore (MAS) and the Association of Banks in Singapore (ABS) developed a playbook for the use of APIs in Singapore (Monetary Authority of Singapore, n.d.). MAS has laid out progressive guidelines to the use of APIs within the financial services industry. With an organic approach to APIs, MAS encourages banks to implement APIs for their services, rather than enforce it. As a result, open banking is regulated by a non-mandatory governance framework. As per global consultancy firm Accenture's study, one-third of commercial banks' consumers in Singapore were open to the idea of trying open banking platforms in 2018 (Singapore Business Review, 2018). However, MAS requires a different API for each service a bank offers. While this detail allows for greater consumer protection, it results in lagging innovation. To monitor the developments of APIs, MAS created the Financial Industry API register that lists out the different APIs under different categories:
Product: provides information on financial product details, rates, and branch/ATM locations
Sales and Marketing: product sign-ups, sales/cross-sales, and leads generation
Servicing: manages consumers' profile/account details and their queries or feedback
Transaction: supports consumers' instructions for payments, funds transfers, settlements, clearing, trade confirmations, and trading
Additional services include authentication, authorization, reporting, market data, and compliance.
During January 2018, the Hong Kong Monetary Authority (HKMA) announced intentions to accept feedback on its open banking framework (Accenture, 2018). The initiative proved to garner attention from market players as 40+ respondents provided feedback on the framework including financial institutions, FinTechs, consultancies, payment scheme operators, and individuals (Hong Kong Monetary Authority, 2018). Following HKMA’s review of the feedback, it announced an official four-phase approach for its open banking framework:
Read-online: TPPs gain access to financial institutions’ data on products and services. This phase supports operators for product comparison sites as they require to only process read-only information. Deployment of approach will be within six months.
New applications and customer acquisition: Includes operators focused on customer acquisition and online applications for products including credit cards and loans. Deployment will be within 12-14 months.
Account information: Operators would be able to gain access to unprocessed and aggregated account information to create a centralized platform for multiple accounts and perform analytics for consumer insights. Deployment timetable will be confirmed following consultation sessions with local financial institutions.
Transaction processing: Allows operators to process payment instructions from consumers to traditional financial institutions. Deployment timetable will be confirmed following consultation sessions with local financial institutions (Accenture, 2018).
The regulatory approach of the European Union (EU) toward processing financial data of consumers is apparent in the Payment Services Directive (PSD2) with a focus on third party operators (PISPs and AISPs). The PSD2 launched on 12 January 2018 allowing financial institutions and third party payment operators to gain access to authorized data on consumers through open APIs (Gilbert + Tobin, 2018). In regards to transactions, PSD2 also allows consumers to complete payments in a unified platform across different currencies (Finextra, 2018).
The European Banking Authority also launched during March 2018 draft rules on regulatory technical standards (RTS) to accompany PSD2 (Payments Compliance, 2018). The RTS focuses on strong customer authentication, secure open standards of communication, and banning screen scraping with a plan to be fully enforced on September 2019 (European Payments Council, 2018). In regards to strong customer authentication, online payments are required to be authorized by at least two of the following three: something the customers knows (including passwords), something the customer has (including phones), and something the customer is (including fingerprints) (Stripe, 2019).
The Central Bank of Bahrain (CBB) issued draft regulations on open banking in Bahrain during November 2018 thus taking the lead in introducing open banking regulations in the MENA region. The initiative was a major step toward transforming the financial services industry by enabling greater transparency and inclusivity through open data. The UK government conceptualized open banking with the intention of encouraging banks to offer more innovative services and solutions to their consumers. Presently, two types of regulations are available on open banking: regulations with a focus on AISPs and PISPs.
Key themes of the draft rules include the following:
Standards for Authentication and Communication
AISPs and PISPs must have a secure customer authentication process and overall security approach for the following three primary elements:
Knowledge: information that is only known to the customer of the platforms e.g. passwords
Possession: something that only the customer possess e.g. algorithm specifications
Inherence: focuses on devices or software that reads an element of the customer e.g. biometric sensor
The security measures for each element must be independent to avoid compromise, especially in cases when the same device (such as a mobile phone or tablet) is used for more than one operation.
Customers must consent to initiate payment transactions. The PISP may agree on payment transaction limits and stop the use of a payment instrument if it compromises the security of the payment instrument or there is suspected unauthorized or fraudulent use of the payment instrument. There is no specific amount mentioned as a limit therefore indicating it is a case-by-case situation. The AISPs and PISPs may implement fees and charges, which reasonably correspond to operational costs, but should be explicitly agreed on by both parties in the initial legal arrangements.
Technology Related Requirements
AISPs and PIPSs must adhere to the best practices of technical standards, including for application program interfaces (APIs), electronic identification, transmission of data and web security. Technology architecture that uses “screen scraping” method must not be used. AISPs and PISPs in conjunction with licensees maintaining customer accounts shall develop an open banking API standard based on a standard adopted in a leading financial center, which should be subject to independent tests, including testing in a test environment.
The introduced regulation is directed toward open banking operators that are providers of account information and/or providers of payment initiation. Following the launch of the draft regulations, the domestic ecosystem welcomed the first graduate of the regulatory sandbox; the first open banking service provider in Bahrain. With the graduate’s solution successfully integrated with over 11 local banks, open banking in the future will enable TPPs to integrate and innovate more seamlessly with financial institutions.
The following section investigates the implementation of open banking solutions by varied stakeholders. Specifically, the section looks at case studies from the perspective of regulators, financial institutions, and TPPs.
Regulation: PSD2 Directive (EU)
The Payment Services Directive (PSD) came into effect during 2007 and was created as a legal foundation for payments fostering safer, secure, innovative, and efficient cross-border payments across the EU. The PSD2 implemented new laws in three critical areas since its launch:
Protecting consumers' rights: encourages greater transparency, efficient handling, and reporting of complaints and incidents in a reduced period
Enhancing security requirements: under the secure customer authentication term, it is mandatory that consumers provide at least two independent forms of identification
Enabling third party access: TPPs are allowed to launch their solutions with a focus on AISPs and PISPs
As a result, the initiative enables innovation in the financial services industry by easing the process for customers, financial institutions, and TPPs to circulate data (FinTech Finance, 2018). Additionally, the PSD2 applies to all payment account providers despite its size, which alters from the UK’s open banking approach that is currently only mandatory on its nine largest banks. The PSD2 also does not call for the creation of common API standards allowing parties to pursue alternative technical standards without restrictions (Smart Payments, 2018).
The implementation of PSD2 in the European Union highlights key challenges and opportunities in the implementation of regulations that promotes innovation in open banking. Firstly, in regards to opportunities, the PSD2 proves to be an inclusive regulation as it explicitly promotes the role of third-parties emerging in the industry and also allows traditional financial institutions to provide key features of open banking including the provision of account information and payment initiation.
Additionally, PSD2 supports emerging third-parties by legitimizing its operations and thus increasing consumer demands in the market through elevated confidence in such operations. Furthermore, PSD2 promotes financial inclusion as traditional institutions are obligated to provide data on payment accounts to regulated TPPs thus promoting the accessibility of data that can support credit decisions and strengthen the lending capacity of consumers (Figo, 2018).
However, PSD2 also is a prime example of regulations with apparent limitations as it explicitly prohibits TPPs from holding information on consumers following the completion of payments. As a result, TPPs are at a disadvantage compared to traditional players that have historical data for further consumer segments (Deloitte, 2017).
Financial Institution: DBS Bank (Singapore)
UK-based FinTech, Finastra, recently launched the Open Banking Readiness Index to assess banks in Asia Pacific on their benchmarking readiness and capabilities against the industry. The study suggested that 84% of the leading banks in Asia Pacific have an interest in collaborating with partners to adopt and enhance their open banking initiatives and capabilities. Specifically, the Open Banking Readiness Index evaluates banks across five different dimensions:
Adoption of APIs
Relationship with TPP ecosystems
Data infrastructure capabilities
State of innovation through the adoption of new technology (Finews, 2018)
More than 140 banks across 14 markets in Asia Pacific were assessed including: Singapore, Australia, Hong Kong, New Zealand, China, Malaysia, South Korea, India, Thailand, Taiwan, Japan, Philippines, Indonesia, and Vietnam.
The Open Banking Readiness Index highlighted that Singapore, Hong Kong, and Australia are the leading markets in terms of open banking readiness. Additionally, DBS Bank was highlighted as the leading financial institution due to its open banking infrastructure’s strength in two dynamics: its relationship with the ecosystem and data infrastructure capabilities. DBS Bank was praised for possessing more than 150 APIs and on-boarding more than 50 companies to develop efficient and valuable solutions for consumers including funds transfer and real-time payments (DBS, 2017). As a result, DBS Bank possesses one of the largest API developer platforms in the world. Key firms that have joined the platform to create their own solutions include wealth management startup soCash, insurance firm MSIG, and and digital property group PropertyGuru that has been able to provide consumers with instant “affordability assessments” (FinTech Futures, 2018). In regard to data infrastructure, DBS Bank was also ranked as a leading institution due to 85% of its technology, hardware, data centers, network management, and app development being built and managed internally (IDC, 2018).
Third Party Service Provider: Bud Financial Limited (UK)
Bud Financial Limited is a FinTech established in the UK and is regulated under the FCA as an open banking provider. Bud Financial Limited is a digital platform that centralizes existing financial services for customers to review in an “app-store-style” marketplace. Bud Financial Limited also focuses on wealth management to support customers in budgeting their financials (Reynolds, 2017). The company currently boasts a growing network of more than 80 FinTech partners highlighting its growing reach in the domestic market (Bud, n.d.).
Following partnerships with traditional financial institutions, during February 2019, HSBC and Goldman Sachs invested in a $20 million funding round for the company. HSBC also signed an agreement with the company during 2017 leading to the launch of a centralized platform in partnership with Bud Financial Limited. The initiative highlights the growing support from traditional financial institutions to foster the open banking ecosystem amid concerns of growing competition between different stakeholders (Clark, 2019).
Open banking regulations presents key participants in the financial services industry with strategic opportunities to play a leading role in gearing the industry toward innovation and agility. Moving forward, it is likely that global players will continue to refer to emerging case studies (as highlighted in this brief) to foster its own open banking ecosystem thus optimizing on opportunities and limiting potential complications.
Accenture. (2018, August 27). A Summary of the New Open API Framework in Hong Kong, and How it Compares with PSD2. Retrieved from https://bankingblog.accenture.com/summary-new-open-api-framework-hong-kong-compares-psd2?lang=en_US
Accenture. (2018, October 16). The Brave New World of Open Banking in APAC: Hong Kong. Retrieved from https://bankingblog.accenture.com/brave-new-world-open-banking-hong-kong
Bain & Company. (2018, August 20). Coping with the Challenge of Open Banking. Retrieved from https://www.bain.com/insights/coping-with-the-challenge-of-open-banking/
Bud. (n.d.). About. Retrieved from https://thisisbud.com/about
Clark, A. (2019, February 4). HSBC and Goldman Back UK Open Banking Startup. Retrieved from https://www.fnlondon.com/articles/hsbc-and-goldman-back-uk-open-banking-startup-20190204
DBS. (2017, November 2). Reimagining Banking, DBS Launches World’s Largest Banking API Developer Platform. Retrieved from https://www.dbs.com/newsroom/Reimagining_banking_DBS_launches_worlds_largest_banking_API_developer_platform
Deloitte. (2017, November 24). Anticipating the Challenges and Opportunities of PSD2. Retrieved from https://www2.deloitte.com/cy/en/pages/financial-services/articles/anticipating-challenges-opportunities-psd2.html
European Payments Council. (2018, March 13). The European Commission's Final RTS are in the Official Journal. Retrieved from https://www.europeanpaymentscouncil.eu/news-insights/news/european-commissions-final-rts-are-official-journal
Figo. (2018, February 16). How Banking Data Contributes to Financial Inclusion with Regard to Credit Provision. Retrieved from https://www.figo.io/en/blog/how-banking-data-contributes-to-financial-inclusion-with-regard-to-credit-provision/
Finews. (2018, November 14). Singapore: Most Advanced Market in Open Banking Readiness. Retrieved from https://www.finews.asia/finance/27751-singapore-open-banking-readiness-finastra-inaugural-open-banking-readiness-index
Finextra. (2018, October 21). PSD2 - A New Open Banking Payment Ecosystem. Retrieved from https://www.finextra.com/blogposting/16165/psd2---a-new-open-banking-payment-ecosystem
FinTech Finance. (2018, September 5). Addressing the differences between Open Banking and PSD2. Retrieved from https://www.fintech.finance/01-news/addressing-the-differences-between-open-banking-and-psd2/
FinTech Futures. (2018, July 9). Case Study: DBS - The Edge. Retrieved from https://www.bankingtech.com/2018/07/case-study-dbs-the-edge/
Gilbert + Tobin. (2018, September 5). Open Banking Regimes Across the Globe. Retrieved from https://www.gtlaw.com.au/insights/open-banking-regimes-across-globe#United%20Kingdom
Hong Kong Monetary Authority. (2018). Open API Framework for the Banking Sector and the Launch of Open API on HKMA’s Website. Retrieved from https://www.hkma.gov.hk/eng/key-information/press-releases/2018/20180718-5.shtml#1
IDC. (2018). Open Banking Readiness Index. Retrieved from https://www.finastra.com/sites/default/files/2018-11/Open%20Banking%20Readiness%20Index.pdf
Monetary Authority of Singapore. (n.d.). ABS-MAS - API Playbook. Retrieved from https://abs.org.sg/docs/library/abs-api-playbook.pdf
Payments Compliance. (2018, March 2). European Authorities Approve PSD2 Technical Standards. Retrieved from https://paymentscompliance.com/premium-content/insights_analysis/european-authorities-approve-psd2-technical-standards
PwC. (n.d.). The Future of Banking is Open: How to Seize the Open Banking Opportunity. Retrieved from https://www.pwc.co.uk/industries/financial-services/insights/seize-open-banking-opportunity.html
Reynolds, F. (2017, January). Open Banking: A Consumer Perspective. Retrieved from https://www.openbanking.org.uk/wp-content/uploads/Open-Banking-A-Consumer-Perspective.pdf
Singapore Business Review. (2018, December 5) One in 3 Bank Customers in Singapore Already Trialed Open Banking Platforms. Retrieved from https://sbr.com.sg/banking-technology/news/one-in-3-bank-customers-in-singapore-already-trialed-open-banking-platforms
Smart Payments. (2018, August 22). Understanding the Difference between Open Banking and PSD2. Retrieved from https://smartpayments.com/global-payments/understanding-difference-between-open-banking-psd2/
Stripe. (2019, March 19). PSD2: Strong Customer Authentication. Retrieved from https://stripe.com/guides/strong-customer-authentication#what-is-strong-customer-authentication
Disclaimer: The information presented in this summary is for informational purposes only and does not constitute and should not be construed as a solicitation or other offer, or recommendation to acquire or dispose of any investment or to engage in any other transaction, or as advice of any nature whatsoever. This summary is not designed to provide legal or other advice.