1. What is open banking?
Open banking allows third parties to access financial data such as current accounts, card accounts, savings accounts, loan information, and KYC information. In some markets like Europe, open banking also allows access to bank accounts to initiate payments, also known as open payments.
Open banking is often associated with legal requirements that allow third parties to access bank accounts. This is most prominent in the United Kingdom, where “Open Banking is a national program implementing legal requirements for access to current accounts. However, open banking (or more broadly open finance) is also understood as the development of a new financial ecosystem based on connections between financial institutions and businesses, supported by APIs. Financial institutions are allowing fintech companies and other businesses to integrate financial services into their customer offerings, providing access to banking data and delivering full banking services through APIs.
2. The meaning of Open Banking and the factors driving Open Banking
2.1. The meaning of Open Banking
Open Banking focuses on serving consumers, using API or SDK technology as the core foundation and operating within the financial ecosystem. Based on this definition, open banking has three main characteristics: data portability, customer autonomy, and the responsibility of the recipient.
2.2. Data portability
The International Organization for Standardization (ISO) defines data portability as “the ability to easily transfer data from one system to another without having to re-enter the data.” Based on this definition, in open banking, consumers can share their relevant banking data with third-party service providers (TPPs), in accordance with “data portability.” Data portability in open banking is supported by standardized and compatible data technology, primarily APIs.
2.3. Customer autonomy
Customer autonomy is the ability to consider and act based on reasons that are appropriate to the market context. This is a fundamental principle of liberal democracy, where marketers are allowed to influence customers but must respect their autonomy. Open banking empowers customers to control the sharing of their banking data, and this right is supported by the legal rights of customers to share data through open banking.
2.4. Responsibilities of the receiving party
The open banking system requires third-party providers (TPPs) to be accountable to customers. Therefore, Fintech companies that receive banking data must be responsible for protecting this data from leaks, theft, etc. This is why closely managing TPPs through regulation is very important. Overall, these three characteristics of open banking reflect the goal of improving competitiveness, fostering innovation, and enhancing consumer protection.
2.5. Factors driving open banking
a. Increasing customer expectations
Customers expect seamless, instant services that provide added value to meet their financial needs. As consumers demand more personalized financial tools to improve their financial situation, financial institutions (FIs) will have to compete with fintech companies to maintain customer relationships and generate new revenue streams.
Open banking and open finance allow financial institutions to leverage customer financial data to enhance customer experience and reduce administrative costs for processes such as account opening, mortgage application, and home loan borrowing. For example, HSBC allows intermediaries to share business account statements of self-employed mortgage borrowers through open banking, shortening the time from loan application to approval.
Banks and fintech companies can develop innovative and personalized financial solutions in the payments sector, such as lending or personal financial management (PFM). This is a fertile ground: Over 90% of consumers in North America use digital applications to manage money, from products and services for simple financial tasks like bill payments or digital banking to more complex needs like financial forecasting, cryptocurrency investing, and crowdfunding.
Worldwide, the movement demanding the transfer of control over personal data to consumers, especially data shared with third-party service providers (TPPs), is becoming increasingly strong. Therefore, service providers (such as banks, fintech) need to adjust their systems to allow customers to decide the data they share, including granting customers the right to permit (or revoke) data sharing and only allowing the recipient to use the data for SPECIFIC PURPOSES that the customer has agreed to.
Open banking enables businesses operating in the financial sector to leverage customer financial data, after obtaining their consent, to develop innovative and highly personalized financial solutions.
b. Open API connectivity is becoming increasingly popular
With Open API, financial institutions (FIs) can expand their service distribution channels by collaborating with fintech companies. Open banking through APIs can be seen as the next step in the evolution of banks’ distribution models.
By sharing data via Open API, financial institutions allow fintech companies to integrate this data into their applications. FIs can charge fintech companies for data usage or establish revenue sharing if the partner brings new customers to the FI. In this way, FIs create an ecosystem of third-party developers, providing innovative experiences for customers without having to develop everything in-house.
Financial institutions (FIs) can also connect through APIs with other financial service providers and offer their products to customers. In this way, FIs can quickly bring new products from leading providers to market.
As a result, the traditional value chain of banking and financial services is shifting from a single approach to a multi-party ecosystem. However, many financial institutions and large enterprises are still in the process of digital transformation. On the other hand, the infrastructure of fintech companies is designed with an API-first and cloud-based approach. The challenge for financial institutions is to modernize their infrastructure while meeting the rapidly changing demands of customers and complying with increasingly complex legal requirements.
c. Customer identification has become a core element in business strategy
Customer identification is one of the top priorities for businesses. Financial institutions (FIs) are striving to modernize their customer identification solutions. Some notable trends in this area include:
Modernizing customer identification at financial institutions (FIs) is often driven by the desire to improve digital experience. This is not a new motivation, but the provision of multi-party services is creating challenges as the old identification systems of FIs hinder a seamless experience. Financial institution leaders are well aware that multi-party services are a new trend.
The modernization of customer identification at financial institutions (FIs) often stems from the desire to unify all digital services into a single authentication and identification experience. Customers can use a single identity to access FIs’ digital banking services, loans, asset management, etc. This brings many benefits to both customers and FIs, including optimizing the provision of digital services, reducing operational costs, simplifying the information security network, and eliminating outdated identification systems.
Ultimately, the motivation driving financial institutions to modernize customer identification solutions also arises from the desire to prevent cyberattacks. The business risks from cyberattacks are increasing. Criminal groups have become proficient in exploiting leaked customer data and conducting phishing campaigns, enticing consumers to provide their login credentials or multi-factor authentication (MFA) codes.
Recent fluctuations from the pandemic have accelerated market developments, leading to unprecedented cybersecurity risks for financial institutions (FIs). Leading experts in cybersecurity have emphasized solutions such as Zero-trust architecture (ZTA) to help FIs strengthen their network defense capabilities. Advanced customer identification solutions are key to effectively implementing ZTA. Customer passwords are often the weak link that criminal groups exploit to successfully carry out attacks. In the modern digital economy, passwords are no longer adequate. Modern customer identification solutions can help FIs eliminate user passwords and transition to multi-factor authentication (MFA) forms that are resistant to fraud.
Customer identification is receiving tremendous attention in the industry. The banking and fintech sectors are striving to optimize the digital experience for customers and defend against sophisticated cyberattacks, including API-based attacks.
d. Regulatory agencies are promoting increased competition and innovation in the financial market, with a comprehensive financial strategy
Open Banking has been chosen as the first step towards this goal by many countries. According to the World Bank, inclusive finance “facilitates daily life and helps families and businesses plan for everything from long-term goals to emergencies and surprises.” Additionally, “as account holders, individuals are able to access other financial services, such as savings, credit and insurance, starting and expanding businesses, investing in education or health, managing risks and overcoming financial shocks, all of which help improve their overall quality of life.”
3. Global open banking approach
Open banking initiatives are emerging everywhere. Some are driven by regulations, policies (e.g., EU, UK) and some are market-driven, for example: the United States. The scope of initiatives varies: some are limited to banking services (EU) and others extend to non-financial sectors such as Insurance, Securities, E-commerce…(Australia). In Europe, asymmetric data access requirements mean that banks must provide TPPs access to payment account data, but banks do not have access to the data held by TPPs (unless the accounts themselves are opened by that bank). In some other jurisdictions, data sharing rights are reciprocal.
Overall, these methods can be divided into four types:
- Type 1: Mandatory data sharing (Regulation-Driven)
FIs are required to share with third parties data that customers have consented to. Third parties must register with the regulatory or supervisory authority and are often subject to strict scrutiny by government agencies.
For example: Australia, Brazil, EEA, India, Mexico, UK…
- Type 2: Encouraged data sharing (Hybrid)
Regulatory authorities have issued guidelines including recommended standards and technical specifications and encourage participants.
For example: Hong Kong, Japan, Singapore, South Korea…
- Type 3: Market-driven approach with no clear rules on data sharing (Market-Driven)
There are no clear rules or guidelines requiring or prohibiting financial institutions from sharing data with third parties with customer consent.
For example: China, USA…
Generally, open banking is part of the strategy for developing the financial sector or, more broadly, the national digital transformation strategy. Therefore, there may be many principles of open banking development in each country, stemming from policy initiatives that promote the development of the financial sector in an open and inclusive direction.
