Frustrated with siloed departments at Amazon in 2002, Jeff Bezos’ sent an internal memo to all teams that left little room for misinterpretation. Effective immediately, they were to communicate solely through service interfaces that expose one another’s data and functionality. No backdoors, design everything to be externalizable, and “anyone who doesn’t do this will be fired.”
The Bezos Mandate was a pivotal moment for Amazon. With that level of shared data and functionality, the company’s efficiency and innovation skyrocketed above any competition. This internal openness eventually led to external growth: the exposed model made it possible to launch Amazon Web Services (AWS) and provide APIs to other organizations.
Nearly two decades later, nearly every industry has benefited from mimicking this level of transparency and access to data and APIs—but banking hasn’t. Open banking could change that.
Open Banking Doesn’t Mean Giving Away Data
Open banking has the potential to not just create Amazon-level efficiency within banks, but also grant customers more power and simplicity when it comes to managing their finances.
It works by allowing third-party access to data (with customer consent) through APIs. This streamlines the exchange of information between banks, lenders, and investment and other financial firms, making it possible for customers to manage all of their financial data and explore financial products in one place with the help of third-party providers (TPPs) such as fintech companies.
Understandably, talking about increasing access to financial data sets off security alarm bells for banks. Providing customers’ information to third parties could dissolve the foundation of trust that banking is built on.
To address this, countries adopting open banking also adopt strict security protocols like strong customer authentication (SCA) requirements. While increased access will always come with some risk, fintech companies are held to these standards and an expectation to leverage sensitive data securely.
Hoping to benefit economically, countries across the world are adopting open banking as a mandatory model.
Open Banking Mandates and Incentives Go Global
Allowing TPP access to data across banks and financial firms makes it easier for customers to use fintech to compare financial products across providers, making the market more competitive.
In 2015, the Revised Payment Services Directive (PSD2) laid out a 2018 deadline for European states and banks to ensure all electronic payment services conform to open banking standards.
The idea was to boost innovation, competition, and efficiency in the European Union (EU). A few years and a pandemic later, we’re seeing the results. Open banking is now also regulated in the UK, India, and Australia. Turkey and Mexico will soon follow.
Taking a less hands-on approach, the governments of Canada, Brazil, South Africa, and others have industry initiatives or regulatory interest in open banking. The governments of the US and Japan, meanwhile, play only a facilitating or coordinating role in open banking without seeking to regulate it.
Yet even with global spread, the actual usage of the model is hard to measure. For example, the 2 million registered daily users who have consented to open banking in the UK only constitute only 3% of the population; traditional paper checks from unregistered customers remain more popular.
This restraint is likely due to a few challenges.
Combining the Strengths of Both Fintechs and Banks
Open banking promises better customer experiences and a more competitive financial industry, but the security considerations are complex. It’s not just about keeping customer data secure. Banks also want to be sure that the people initiating transactions and loans are actually who they say they are, and that the fintech companies accessing data are following security protocols.
Banks have a long history of ensuring secure payments and data, authenticating identities, and buffering against privacy concerns, earning unrivaled trust with their customers.
Thanks to strict protocols like the ones found in PSD2, fintechs are just starting to look under the waterline of the security iceberg. For their part, Fintechs also do bring unrivaled ability to innovate and connect with customers through technology in an increasingly digital world. Once they have a handle on security and working under the supervision of financial authorities, the strengths of banks and fintechs combined may revolutionize banking.
In some places, it’s already started.
U.S. Banks Are Opening Up to Open Banking
Open banking is just one of many things swept up into the long list of accelerated evolutions spurred by the pandemic. Allied Market Research reports that the global open banking market will reach $43.15 billion by 2026, six times its value in 2018.
This global market includes a diverse array of approaches to open banking. HSBC Hong Kong is identifying fintechs to build new products for existing customers. Meanwhile, Commerzbank in Germany offers a premium partnership API track for building fintech relationships. In Taiwan, Taishin Bank developed an open bank that integrates all banking services into one platform.
And while Europe dominated early growth, North America is expected to have the highest growth between now and 2026 according to the Allied report.
Perhaps this isn’t surprising, considering that 72% of the top 50 banks by market cap have API platforms—including eight of the ten U.S. banks on that list. Charles Schwab even signed an agreement with Finicity, an open-banking software provider now under Mastercard, in September 2020.
All of this doesn’t even touch on Plaid, the dominant U.S. open banking provider connecting apps like Venmo, Betterment, and Chime to customers’ banks. Plaid was recently acquired by Visa for $5.3 billion.
Slowly but surely, banks are opening up to open banking.
Where Is Open Banking Headed?
Part of this willingness on the part of banks may be due to the growing “need for speed”. When lockdowns kept customers out of branches, call centers were overwhelmed. Banks scrambled to adopt solutions like chatbots and AI that, under normal circumstances, may have taken years to launch.
Fintech companies with integrated APIs were at a distinct advantage, often rolling out tools and products in 90 days or less. As consumers increasingly come to expect financial solutions to be quickly and easily available, banks that can’t keep up may miss out.
What will we see as these rapid rollouts enable innovation? Currently, account management and secure payments dominate the open banking market. But with the industry picking up steam over the last year, fintechs have stepped up with additional services like account verification, data enrichment, and credit extension.
Banks stand to gain from partnerships with fintech companies if they can navigate open banking in a way that meets their needs for data security. APIs unlock new market segments and extend a bank’s value chain, when done right. This fact creates optimism for some experts about open banking’s future:
“Because of the opportunity it presents, and enabling technologies such as payment orchestration now making it easier to adopt, we believe that 2021 is the year that companies can finally embrace the open banking opportunity.”
-Brian Coburn, CEO, Bridge
Opportunities for Banks to Leverage Open Banking
With this expansion of services, consumers would have more choice in how and they do their banking, and who they do it with. Previously underbanked customers may find that they qualify for credit under different terms than traditional lenders use, for example.
This doesn’t have to be a situation where banks lose.
With increased consumer comfort with (and preference for) apps, and especially with government support, the stage is set for foundational changes to the financial industry. Approached strategically, banks can partner with fintechs in ways that ensure everyone, including customers, comes out on top.
To do open banking right, banks need to ensure they’re offering the same level of security that has earned customer trust for decades. Open banking efforts depend on consent to data use, so banks will need to ensure customers they are protecting customer privacy. Multi-factor authentication, AI, and machine learning can all play a role here, but most important will be acknowledging the ever-evolving nature of risk and the need for continual security education and upgrade.
Moving forward, banks should continue to scrutinize third parties’ security capabilities and monitor their protocols. External-facing applications are especially vulnerable, and fraudsters can quickly exploit breaches. Strong identity verification and authentication help, but the ability to act quickly if the volume of suspicious activity spikes will be critical.
A system is only as strong as its weakest link. With strict security certification processes for third parties and diligent security practices, banks and fintechs can work together to create a data-sharing ecosystem that customers trust.