Global adoption of open banking is growing, but not at a rate commensurable to the optimism shared regarding how it may forever change banking. Challenges such as security and privacy concerns, deep customer apathy, limited consumer awareness, and financial institutions’ legacy technology landscape are blamed for the slow uptake of open banking. A recent survey by Finastra revealed a positive outlook — 86% of the banks surveyed plan to leverage open banking capabilities in the near future — but about half the banks surveyed highlighted several bottlenecks, such as poor regulatory support, high investment requirement, and lack of will from decision-makers.
UK adoption has been the fastest, with consumers generating over 200 million monthly calls, driven by 226 registered providers including third-party providers (TPP) and banks. Elsewhere, the industry is playing catch-up. In the U.S. for example, players are just warming to the idea of opening up their banks; only a few banks have notable open banking initiatives. BBVA's banking as a service (BaaS), for example, allows third parties to integrate payments and banking services with their own business models. Sadly, other than some guidance on data aggregation, U.S. regulators have not provided any legislation to effect open banking. However, some industry associations and operators (including NACHA and Financial Data Exchange) are driving the adoption of standardized and interoperable access to data.
Open banking success will require the cooperation of banks, mutual funds, wealth management, insurance and other traditional financial institutions to provide access for third parties to the affluent customer data they harbor. More important is the scaling of connectivity across these institutions. However, achieving this has proven challenging even in markets with regulatory support. Progress thus far has hinged on bilateral agreements between data aggregators, TPPs and financial institutions.
Recent moves by two of the world’s largest card networks — Mastercard and Visa — to acquire data aggregators Finicity and Plaid, respectively, may provide the nudge required for open banking to live up to its lofty potential. Mastercard and Visa have strong partnerships with financial institutions and merchants, and provide the rails through which some fintechs operate. Moreover, they run critical financial market infrastructures such as Automatic Clearing House (ACH), real-time payments systems, and mobile payment systems in some markets. By design, they are well-positioned to offer the type of interconnectivity and scale required to drive open banking. And with the acquisition of data aggregation capabilities, they offer a platform wherewithal to rapidly scale open banking globally.
Nevertheless, there are inherent challenges. Here are what we consider the three primary ones, along with thoughts on surmounting them:
1 Data Privacy and Security
The most commonly debated challenge is data security and customer privacy. According to Experian’s 2020 Global Identify & Fraud report, 72% of consumers are willing to give their personal information for easier access to their accounts but 88% want control over that data. The card networks’ holistic approach to risk management within the payment ecosystem (i.e., compliance of issuers, processors, acquirers, and merchants with guidelines and standards defined by the card networks) has driven consumer trust in electronic payments. Similar approaches can provide value in driving consumers’ trust with their digital interactions via devices (phones, wearables, and web) and with the stakeholders involved in open banking: banks, merchants, fintechs and government.
TPPs such as fintechs have provided more secured and innovative methods for consumers to authorize access to their data domiciled in banks — for example, consumer credentials are shared with trusted intermediaries, which in turn share the data with banks but tokenize it to apps and developers. However, banks must improve on consent management by investing in capabilities that allow TPP requests to access consumer data and to inform customers who is accessing their data, to what purpose, and for what period of time.
The manner of data transmission still faces criticism. Screen-scraping in particular has taken much heat, especially from banks. The argument for open APIs as the preferred and secured transmission method is well supported across the industry, but it is not an inclusive method because many smaller banks and credit unions cannot afford customized data interfaces or APIs. Here again, the card networks have a role to play in ensuring inclusivity and standardization of APIs for data transmission. In addition, they may need to collaborate with associations such as NACHA and FDX (to drive data standardization) and with core banking system providers like Fiserv, Jack Henry, and Oracle that serve small to mid-size banks (to facilitate open APIs for these institutions).
2 Building a Business Case
Banks struggle to articulate a clear path to generate a meaningful return on their investments in upgrading internal systems that enable integration with third parties. In some cases, they have spent millions of dollars upgrading legacy monolithic core systems to a modernized, highly componentized microservices architecture and API-driven core, but the justification to allow a TPP to plug in, access data, and compete for the same customers served by the banks is not clear yet.
Different API monetization models have been widely discussed (examples include charging per API call, bundled subscriptions for API access, and earning commission on API calls that complete or extend transactions). While these models can generate revenue, they won’t necessarily move the needle for banks. Rather, banks should consider APIs as enablers for driving products that can generate real growth to the top line, such as increasing risk assets and liabilities under management; extension of payment services; cross-border-related financial services; and risk transfer to third parties – particularly for customers deemed too risky for the banks to serve.
It is critical that banks take a holistic approach to investing in their open banking agenda (i.e., understand the ecosystem and partnership opportunities), be clear on the capabilities required to deliver on select use cases, articulate a plan to monetize and price the use cases, and align on technology strategy and operating model.
As the following figure shows, using a holistic framework, we helped a leading North American bank transform its online trading platform through APIs. The client realized 60% increase in API consumption, identified new revenue sources through cross-selling and upselling opportunities for its products, and reduced its data management costs by 15%.