Open banking: implications and risks
July 2017 | SPOTLIGHT | BANKING & FINANCE
Financier Worldwide Magazine
July 2017 Issue
Open banking is an emerging trend aimed at creating an Application Programming Interface (API) banking ecosystem with the help of FinTech companies. This will help banks innovate new products, devise novel strategies of approaching customers, and provide better deals and other account information services to customers. Open banking has been gaining significant traction with banks focusing on moving higher up in their value chain, by providing customers and businesses with next-generation products supplemented with digital offerings.
According to the Competition and Markets Authority (CMA), open banking will mean reliable, personalised, financial advice, precisely tailored to particular circumstances and delivered in a secure manner.
Highlights of open banking initiatives in various geographies
The UK has taken the lead in open banking initiatives, in producing an open banking framework that could enable the open banking standard in the UK. This has also prompted the CMA to draft the recommendations in its final report released in 2016. According to the report, large banks are to adopt and maintain a common standard for open APIs, to address the lack of innovative and competitive products in the financial market.
In Europe, the Payment Services Directive (PSD2) and General Data Protection Regulation (GDPR), which have been designed to regulate financial innovation, are driving Europe towards an open banking standard.
Other markets such as the US, Latin America and Asia have been experimenting with open banking in pockets and have expressed strong interest in pursuing technological advancements in the financial services industry.
What are the key impacts?
The whole idea of open banking is aimed at creating key benefits for customers such as current account comparison services, personal finance management and easy access to credit services. Open banking principles will shake up the banking sector in a similar way as price-comparison services did to the insurance industry. It will empower customers to take control of their finances, make better-informed decisions and manage multiple accounts through a single application.
The day is not far away when banks will be forced to re-think their existing product portfolio, discontinue some revenue-generating flagship products and align with the highly competitive open market. For example, overdrafts; FinTechs could offer applications that would alert users when their balances reach zero or near-zero levels. With customer consent, they could automatically add funds from other accounts, making overdrafts redundant.
With single-touch access to open APIs, customers will be able to run algorithms and assess product suitability using apps that will help them optimise their use of financial products, and alert them about options from other providers.
Though banks have always been the custodians of customer data, they are data rich, insight poor (DRIP). With the advent of FinTech companies, banks are under pressure to innovate quickly and respond to the wealth of information they possess. To counter this, banks can partner with FinTechs to offer personalised financial services to their customers, including visual insights on their spending, saving patterns, and the like.
Banks will have to embrace the challenges of banking API-fication. With consumer preferences moving from analogue to digital, banks will have to offer their services to fit consumer likelihood of adoption. Though there is a school of thought that open banking is more of a compliance issue for banks, one must not forget that there is a fundamental and irreversible change that is happening in the banks’ business model, forcing them to make the switch from traditional branch services to digital.
Risks arising out of open banking
Open banking does not come without conduct risks. With the recent reports of cross-selling controversies in the US and misselling of Payment Protection Insurances (PPIs) recently in the UK, it will be difficult for banks to gain customer confidence and comply with regulations such as GDPR and PSD2. This depends on customers, who may or may not provide consent to use their data for developing new products and services.
An open banking ecosystem serves as a platform for various participants such as data providers, third-party providers, customers, regulators and government agencies to engage for the betterment of consumer services. As many stakeholders are involved, friction due to information asymmetry might emerge between the counterparties involved in a contract that makes use of customer data. The risk of information asymmetry is therefore inherent. For example, in predatory lending, financial institutions target financially unsophisticated borrowers to forcibly opt for the firm’s financial products.
Though identity verification and fraud prevention are important opportunities for banks’ open API initiatives, there are risks associated with data loss, identity theft, data protection violations, money laundering and financing terrorism. With banks aiming to go fully digital, their operations will be completely managed over the web; this itself creates an environment for higher chances of fraudulent activities.
Accessing customer banking data has always been on hackers’ wish list. In open banking, aggregated customer data such as transactions and balances held in the third-party provider’s infrastructure and servers (open APIs) pose a significant risk to cyber security.
With government agencies and financial regulatory bodies proposing independent authority to oversee open banking standards, governance and compliance requirements, banks will have to immediately comply with GDPR and PSD2. Failure to accommodate GDPR and PSD2 regulations as part of the open banking framework may expose banks to the risk of financial or reputational loss.
Sasidharan Chandran is a banking and financial services risk management consultant at Tata Consultancy Services (TCS). He can be contacted by email: firstname.lastname@example.org.
© Financier Worldwide
Tata Consultancy Services (TCS)