The onslaught of fintechs and non-traditional financial services providers, as well as new consumer-oriented regulations (e.g., the European Union-led Revised Payment Services Directive) pose an existential threat to financial institutions, accelerating digital disruption,. It is estimated that, collectively, these factors threaten to strip banks of over $660 billion in profits over the next five years. At risk are the highly profitable banking segments of payments, consumer lending and wealth management.
Very few banks have fully explored the possibilities and opportunities that open banking offer. One immediate concern is that this approach could enable competitors to encroach upon coveted customer relationships and substantially erode margins across services. Other challenges focus on security, privacy and uncertainty over how to monetize and derive value from externalized data assets.
Although some of these concerns are valid, here are seven ways we suggest that FIs embrace open banking’s upsides and suggestions on ways they can minimize the downsides.
Thinking hard about a positioning strategy.
The foremost decision on open banking foray is about the positioning that a bank intends to take. Banks can either function as plug-and-play aggregators offering a plethora of collaborative functions or as orchestrators offering banking-as-a-platform services. BBVA’s BBVA API Market marks one such move that facilitates the development of new products and services from companies, startups and developers by tapping into their customer data.
Working overtime to fend off the competition.
Studies indicate customer still trust their banks more than any other players notwithstanding their penchant for apps that are empowering them with tech-enabled offerings. Build vs. partner strategies must weigh the pay-offs and consequences associated with each of the alternatives. Banks need to decide on the right mix of internal and external participation. Banks would do well to invest in their own fintech ventures through incubation to foster a digital business culture in their banks. And they can partner with third-party fintechs on complementing areas.
Unleashing innovative offerings.
Open banking is all about winning the customer with innovative offerings with the aid of technology. Banks should resist the temptation to embrace application programming interface (APIs) for APIs’ sake. Instead, they should focus first on their business capabilities that can offer customer value when they are delivered through APIs. This product mindset should inform and guide their API development process. The key to success lies in empowering customers with seamless and highly tailored offerings.
Capital One’s digital identity API solutions suite is a case in point. They are designed to allow third-party websites and applications to validate and authenticate the identity of users against identity information that has been verified by the bank, all with customer consent to ensure privacy and transparency.
Banks must first understand the preferences of their different customer segments. They should focus particularly on those segments that contribute most to their profits and are susceptible to flight risk, which should inform them about the right offerings to focus on. Initiatives such as innovation labs would go a long way in inculcating much needed digital business culture in the organization. Japan’s Mizuho Financial Group has successfully embarked on this path.
Banks must also rewire their business processes to suit the changing needs demanded by open banking offerings and also determine the degree at which to integrate APIs into their systems. Banks may leverage their own as well as third-party fintech partnerships to develop innovative apps to accelerate the pace of innovation cycles that are part of the emerging open banking marketplace. Another critical aspect is to keep the technology stacks flexible enough to learn and adapt on the go.
Embracing evolving interoperability standards.
Banks’ individual approaches to app development should be accompanied by pan-industry agreed-upon standards. These standards are essential to ensure interoperability, which is the prerequisite for success in the open source era (e.g., The Open Bank Project). Another initiative underway is the IFX Forum. Launched in May 2017, this forum created a working group comprising companies such as ACI Worldwide, NCR, Oracle, U.S. Bank and Wells Fargo.
Deploying secure APIs.
Data security and privacy are paramount in the open banking era. Banks must develop secure APIs to guard against risks to data security and privacy. Data sharing in financial services tends to be risk- and permission-based, with required audit trails, and subject to regulation and risk management. Banks need to adopt an identity-centric approach to ensure that the right level of authorization and authentication is enforced when third-party applications are interacting with API services. All the API management platforms provide open internal standards (OAuth 2.0) that enable a third party to securely obtain delegated authorization to act on behalf of a banking customer.
Aside from platform-driven security, customer consent is a key factor in data sharing. General Data Protection Regulation (GDPR) in force from May 25, 2018, for all EU countries. Fine-grained consent management and its enforcement on an API channel consumed by a third-party client will become imperative.
Moving heritage systems into the 21st century.
Legacy systems modernization is a key challenge for many enterprises. Traditional architectural approaches, which focus on point-to-point integration, are often incapable of addressing this challenge since it creates scaling inflexibility. Banks are hard-pressed to respond since many lack the specialized teams that can connect decades-old systems silos. The status quo often creates bottlenecks and increases maintenance costs.
API-led modernization is the way forward as it provides a channel to expose data while protecting the integrity of the source systems through secured/governed access. By exposing systems through APIs, teams can create an ecosystem that seamlessly connects data, applications and systems (e.g., CRM and other enterprise apps) that communicate with existing legacy systems. This makes retiring or modernizing systems much easier.
Focusing on customer education.
Customer awareness about the implications of open banking is still relatively low, and the bulk of those who are aware are mistrustful and fearful about potential abuse of their data. In short, privacy, security and lack of education/awareness are key obstacles to pervasive adoption. The recent Facebook and Cambridge Analytica personal data scandal accentuated this fear.
Customers must feel comfortable with how their private data is handled and secured by balancing the convenience of banking service with user experience. To this end, it is essential to educate customers on the benefits of open systems, while creating a robust consent model. The consent model should have a clear and stated purpose on how data can and will be used. It should also ensure that the customer can revoke the consent as easily as it was given.
Therefore, a clear and valuable educational program, and paired with a holistic consent framework, will help consumers transcend the cage mindset and consider moving forward with open banking solutions as they emerge to be the rule rather than the exception.
This article was written by Amit Anand, an AVP of Consulting in Cognizant’s Banking & Financial Services Practice.
To learn more, read our white paper “Why Banks Must Become Smart Aggregators in the Financial Services Digital Ecosystem,” view our related Perspectives article "Future Finance: Why Banks Must Become Money Orchestrators,” visit the Banking & Financial Services section of our website, or contact us.