What is open banking?
Open banking is the practice of enabling secure interoperability in the banking industry by allowing third-party payment service and other financial service providers to access banking transactions and other data from banks and financial institutions. Third-party organizations are able to access the data through the use of application programming interfaces, or APIs. As the global economy continues to evolve, open banking is becoming more popular, because it allows for faster, more secure transactions anywhere in the world and it gives consumers more opportunities, through the use of third parties, to manage their finances.
Open banking is enabled by a series of technologies, regulations, and services that aim to allow developers to create new banking services, new banking business models, and new commerce capabilities. New customer expectations and technology-centric regulations are an important lubricant for open banking to thrive. Three forces combine to make the open banking dream possible: changes in banking regulation, changes in culture, and changes in technology.
For the consumer, open banking promises to provide more choices, better service, and frictionless commerce. For example, you might want to use Amazon, Paypal, and Facebook to send money or gifts securely to friends with a simple click or swipe. No more logging in to your bank to enter payee details or account numbers; just click “send $200 to Ruby,” and you’re done. Or, instead of clicking, ask Siri, Alexa, or Cortana. A second example would be when you want to use a third party financial planner who needs secure access to your accounts. In open banking, that third party financial planner could securely access all your spending habits with no hoops for you to jump through to make that happen. Risk and compliance used to be portrayed as a thankless and challenging job, replete with legal, technical, and cultural complexity. New technology and tech-centric regulations provide a wind beneath the wings of developers making banking systems more agile, intelligent, and automated—and perhaps for the first time—cool. They even have a cool new name: RegTech.
How open banking works
Open banking allows third-party payment service providers and other financial service providers to access personal and financial information of their customers’ banks. Before this can happen, the customer must grant access for the sharing of information, usually via an online consent form following a terms and conditions agreement. The third-party providers then access the relevant shared data via exposed APIs.
Those APIs are able to process transactions from one bank to another without requiring the tedious steps consumers have had to take in the past. APIs can also look at a consumer’s transaction history to help identify relevant products and services that personalize the customer experience. Examples include a new credit card that offers a lower interest rate or more cashback than their current one, or a savings account that earns more interest than the consumer’s current savings method.
At the heart of every open banking API call is data, so agile access to data is the first port of call in any innovative system. But although every fintech business wants an agile, efficient, scalable data lake, most have a data swamp: balkanized data sources, a mix of old and new, real-time and streaming data, and a maze of organizational barriers. To combat this requires an efficient integration system. Before you can expose the data in your applications via APIs, you must first ensure that you are working with a complete, accurate view of all the data and that the data that users are working with is fresh, accurate and up-to-date. That is the value of integration. Once integrated, the data in your applications can be exposed securely and directly via APIs.
There are generally two ways to accomplish this data integration: application integration or data virtualization. Physical integration enables the APIs to call directly to your backend systems in a secure way. On the other hand, data virtualization is exactly as its name sounds. You use an integrated virtual layer of your data instead of physically combining all your sources. Data virtualization allows teams to turn dozens of independent data sources into one virtual data warehouse with nearly the same performance as a single system. So, instead of over-using ETL to create a bigger data swamp for APIs, data virtualization leaves data where it is. This provides a unified interface to customer information as if it was, indeed, a single system. Both integration solutions can be considered to help you tame your data swamp.
Benefits of open banking
One benefit of open banking is the ability to connect data (via APIs) from several accounts in order to efficiently share between financial firms, consumers, and the third-party payment service providers. This has slowly been reshaping consumer experience and the competitive landscape of the banking industry, due, in part, to disruptions from third-party providers.
The ability to access networked accounts is beneficial both for the consumer and the institution. Lenders can get a better understanding of their consumer’s situation through a comprehensive view of their finances, helping them assess the risk level and offer optimal account terms. At the same time, it helps the consumer gain a better understanding of their own financial situation before making any financial decisions.
- Digital natives entering the marketplace expect real-time customer service from their financial providers.
- Firms can take advantage of new technologies to streamline costs.
- Opportunity for new business channel offering expanded product offerings
- Faster time to market with new products
Open banking’s impact on the market
Open banking benefits small businesses over the market leaders because it opens up new avenues for opportunity. New businesses can now enter the market with smaller, more affordable alternatives to traditional financial services. Larger, established banks will have to work hard so as not to be disrupted by the market newcomers. The intent of this is to drive down costs while encouraging the adoption of modern technology and improved customer service. Rather than simply administering financial transactions, taking advantage of open banking can allow all institutions to form relationships with their customers.
Risks associated with open banking
The safety and confidentiality of finances, as well as other personal data, is a top priority both for users and financial institutions. However, as with any digitally-based service, there is always the potential for data breaches. APIs are not without a certain amount of risk, with most concerns stemming from poor security, hacking, and insider threats. The existence of malware designed by third-party app providers to infiltrate an account and wipe the data remains an issue as well. There is also the concern of payment service providers mishandling their own customers’ data to gain an advantage in the market.
Today’s API security technology is very advanced and an ideal fit for the needs of open banking. It has robust authorization and authentication capabilities to manage API access and traffic. The key capabilities include:
- Single system management of traffic for all gateways, including embedded microgateways
- You can define access and security policies like rate limiting and throttling between different consumers
- Robust security standards such as OAuth2, HTTPS, JWT, HMAC, XML sig, Kerberos, CORS, WS-I, ISO 27001
Along with today’s robust security standards, many countries have taken steps to mitigate security risks of open banking by putting regulations on the industry. For example, the European Union has updated its Payment Services Directive, specifically addressing open banking practices in the PSD2.
Risks aside, traditional banking is falling to the wayside in favor of open banking and the entrance of smaller, non-traditional institutions ready to compete in the market. Those that try to adapt to new technologies rather than those who maintain the status quo will have more success in the long run.