Open banking refers to the concept of banks opening up access for their data to third parties, most commonly via open application programming interfaces (APIs). Typically, open banking is being introduced at the behest of regulators, such as the Competition and Markets Authority (CMA) in the UK. Both public data, such as product specifications and customer data, like account and transactional data, come under the remit of open banking. So what is open banking in business and what are the key themes?
Consumers will have the right to share their account data at their discretion with approved third parties in order to gain access to extra products and services. These may include account aggregation services that give users a single view of all the accounts they hold with different providers or services that allow consumers to make accurate product comparisons.
The ultimate goal of open banking is to encourage innovation by making it easier for specialist providers to compete with banks on a more equal footing, and hence to improve outcomes for consumers by making more choices and options available to them.
Regulatory and technological developments are driving the introduction of open banking.
Financial services regulators around the world are increasingly concerned with promoting competition and innovation in banking, reducing barriers to entry, and empowering consumers.
Why does open banking matter to business?
Banks that embrace the concept will be able to become one-stop shops for the best products on the market, crowdsource the development of new services, and generate revenue by selling access to their data and capabilities. Conversely, banks and other market participants that adopt a compliance-only approach risk losing customers and being downgraded to the status of commodities.
The real beneficiaries will be financial technology (fintech) companies, which will have the opportunity to forge direct customer relationships with banking customers that were hitherto off-limits.
Open banking, having only formally been launched at the start of 2018, is still a very new field. Consequently, it is only in the core retail banking sector that incumbents have established a presence.
Financial services regulators around the world have tried various initiatives to boost competition and consumer choice. Of all the strategies that are being employed to achieve this, perhaps the most significant and far-reaching is open banking.
What are the big themes around open banking?
APIs have emerged as the favoured mechanism for transferring data between banks and third-party providers (TPPs) in an open banking environment. There are two broad classes of APIs: read/write APIs and read-only APIs. The former applies to APIs that govern access to personal customer data for the purposes of account information and payment initiation, while the latter covers APIs that access public data such as branch and ATM locations and product specifications.
An increasing number of banks around the world, whether through their own initiative or as a result of regulation, are rolling out APIs for specific types of data.
Prior to the introduction of APIs, the only way for TPPs to access customer data was through screen scraping. Here, a user divulges their online banking login credentials to a TPP, allowing the TPP to emulate the user and collect their banking data as appropriate.
Under the EU’s second Payment Services Directive (PSD2), a proxy for screen scraping, in the form of an adaption of a bank’s customer online banking interface, will still be permitted. However, banks only have to offer this option as a fall-back in situations where their APIs do not offer all the required functionality and access to data. Where a TPP does use this method, it will have to identify itself to the bank using secure authentication.
The production of wealth in the modern economy is increasingly driven by companies that produce and analyse data, with Google and Facebook exemplifying this trend. Open banking will integrate the financial services sector into the new economy by facilitating the flow of large volumes of data between market participants.
In particular, providers of account information and payment initiation services will have direct access to consumers’ transactional data, thus giving them detailed insight into consumers’ behaviour. Such providers will thus be able to respond to their customers’ particular needs and requirements by offering them tailored and personalised services, which should lead to the creation of strong, loyal, and profitable relationships.
Banks will lose their monopoly on ownership of this data and are in danger of seeing their dominance eroded as a result. If they fail to deliver effective data-driven enhancements to their customer-facing services, they will cede control of their customer relationships to challengers and disruptors.
AI applications need to consume vast quantities of data to work efficiently, and hence the free flow of data encouraged by open banking will boost the utility of AI within retail banking. With the majority of customer interactions occurring through digital channels, there is considerable scope for AI to improve the quality of and add value to the user experience.
Advanced analysis of customer data will allow providers to uncover hidden patterns and relationships, thus enabling them to make more relevant and useful recommendations to their customers on an individual basis. They will be able to market to their customers on a segment-of-one basis rather than having to group users into broad demographic categories. Ultimately this will lead to deeper customer engagement.
What is the history of open banking?
It took a long time for the banking sector to start exploring the opportunities afforded by APIs, but developments over the last few years have been rapid.
The development of open banking initiatives in the UK, EU, and other markets
- 2000: Salesforce and eBay introduce the first web-based APIs for commercial use by third-party developers.
- 2002: Amazon Web Services launches, allowing third parties to integrate its services into their own sites via an API.
- 2004: Photo-sharing site Flickr introduces its API, which allows users to embed their Flickr photos into their own blogs and websites.
- 2006: Google Maps, Facebook and Twitter launch their own APIs to facilitate third-party integrations.
- 2009: Apple launches the iPhone 3G and App Store, an API-driven marketplace of third-party apps that quickly gains widespread adoption.
- Q3 2015: Open Banking Working Group (OBWG) established, with the objective of developing an open API banking standard for the UK.
- Q1 2016: PSD2 enters into force across the EU, with a deadline for full implementation by January 2018.
- Q1 2016: OBWG publishes its recommendations for implementing an Open Banking Standard in the UK.
- Q1 2016: BBVA launches API Market, its open API developer portal.
- Q1 2016: Capital One launches DevExchange, the US’s first fully open banking platform.
- Q3 2016: Open Data Institute launches Open Banking Development Group, with the aim of promoting open banking innovation.
- Q3 2016: CMA publishes its Retail Banking Market Investigation Final Report. Among its package of remedies is the creation of an open banking standard.
- Q3 2016: European Banking Authority (EBA) conducts a consultation on draft Regulatory Technical Standards (RTS) for Strong Customer Authentication (SCA) under PSD2.
- Q4 2016: EBA consults on guidelines on authorisation and registration of payment institutions under PSD2.
- Q4 2016: Monetary Authority of Singapore publishes Finance-as-a-Service API Playbook, which set guidelines, standards, and governance for API use, covering a total of 411 separate APIs.
- Q1 2017: EBA submits draft RTS for SCA to the European Commission.
- Q1 2017: CMA publishes its Retail Banking Market Investigation Order, mandating the UK’s nine largest banks (CMA9) to make their transaction data available via a Read/Write Data Standard.
- Q1 2017: HM Treasury carries out a consultation on its proposals for implementing PSD2 in the UK.
- Q1 2017: EBA publishes final draft RTS for SCA and secure communication under PSD2.
- Q1 2017: Deadline for CMA9 to make open data, for example, branch/ATM locations, available via a Read-only Data Standard.
- Q2 2017: EBA issues revised RTS for SCA and secure communication, taking into account the European Commission’s recommendations.
- Q2 2017: CMA9 to build and test alpha APIs in accordance with CMA’s Retail Banking Market Investigation Order.
- Q3 2017: EBA publishes final guidelines on authorisation and registration of payment institutions under PSD2.
- Q3 2017: EBA publishes final guidelines on major incident reporting under PSD2.
- Q3 2017: CMA9 to build and test beta APIs in accordance with CMA’s Retail Banking Market Investigation Order.
- Q3 2017: Starling Bank becomes the first UK provider to launch its marketplace, through which customers can access third-party services.
- Q3 2017: Canadian Department of Finance launches consultation on reforming the federal financial sector, including an examination of the merits of open banking.
- Q4 2017: EBA publishes final guidelines for complaints procedures for cases of PSD2 infringement by payment service providers.
- Q4 2017: European Commission publishes final text of RTS for SCA and secure communication.
- Q4 2017: Consumer Finance Protection Bureau publishes new principles relating to consumer-authorized access and use of financial account data in the US.
- Q4 2017: DBS in Singapore launches world’s largest banking API platform, offering access to 155 separate APIs.
- Q1 2018: Final deadline for full implementation of PSD2 across the EU.
- Q1 2018: Final version of RTS for SCA and secure communication is approved.
- Q1 2018: Final deadline for CMA9 to make transactional data available through open APIs in accordance with CMA’s Retail Banking Market Investigation Order.
- Q1 2018: Australian Treasury publishes a review of open banking, making 50 recommendations on the regulatory framework, data sharing and transfer, safeguards, and implementation.
- Q1 2018: Payments NZ commences open banking pilot that will test two APIs, covering account information and payment initiation.
- Q1 2018: Malaysian central bank sets up an open banking implementation group, comprising banks, fintechs, and other stakeholders in order to set common standards for open APIs.
- Q1 2018: Hong Kong Monetary Authority publishes consultation on an open API framework, covering deployment schedules, technical standards, and third-party certification.
- 2018: Early adopters in the UK and EU start to use API-enabled third-party banking services.
- Q1 2019: UK’s Open Banking Standard, as overseen by the OBWG, due to be finalised.
- Q3 2019: Final deadline for implementing RTS on SCA and secure communication across the EU.
- 2020: Open banking starts to gain mainstream acceptance from consumers in the UK and EU.
- Q1 2021: European Commission to submit a report on the application and impact of PSD2.
This article was produced in association with GlobalData Thematic research. More details here about how to access in-depth reports and detailed thematic scorecard rankings.