Regulators are pressing for institutions to open their APIs. But first, the banks need to know their customers want what open banking can give them.
What if open banking became a reality … and nobody noticed?
January 2018 was a watershed month in the creation of an open banking environment in which banks switch to open APIs (application programming interfaces), enabling third-party developers to get more involved in building applications and services and leading to greater transparency for account holders.
First, the EU’s Payment Services Directive II (PSD2) was implemented, promising safer cross-border European payment services and better protection for consumers when they pay online. Second, new regulations from the UK Competition and Markets Authority (CMA) went into effect, requiring the nine largest banks to set about building a common set of API standards that would give regulated companies secure access to accounts of customers who give their approval.
All well and good. But a recent survey conducted by an independent consumer organization named “Which?” found that 92% of consumers have never heard of open banking, and many banks are still reluctant to open up their APIs and share their data with third parties.
Danske Bank was one of just three institutions to fully meet the CMA’s deadline. Søren Rode Andreasen, chief digital officer, admits that the uptake of open banking has been much slower than he expected. “I think it will take some time for the good ideas to materialize and for customers to get comfortable with it,” he says. However, “in the long run, the impact of this might be bigger than what we expect right now.”
The biggest hurdle is security and an agreed-upon standard. “Our bank has spent 200 years making it impossible for anybody from outside the bank to access the money of our customers,” says Andreasen. “We have put in all sorts of security measures to make that impossible, and now we have to give access to third parties—which means we have to change a lot of things to allow our security mechanisms to access this data for third parties.”
All banks have different underlying data models with different IT systems, Andreasen notes, which makes agreeing on a common standard difficult. Unlike many other institutions, Danske Bank runs all its brands in all the countries in which it operates on the same IT system. Others may have multiple systems in the same countries, making open banking a much more complicated undertaking.
Frustrated by data-sharing delays? Give the banks time to get it right, says Sankar Krishnan, executive vice president of banking and capital markets at Capgemini. “Banks are keen to ensure they have adequately tested the solutions and that they work all the time,” he says. “Given there are multiple direct and indirect channels, multiple business lines and product groups, it is extremely important to ensure that the APIs are not garbage and don’t have bugs that come in the way of transparent exchange of information. It is encouraging to see that some of the banks are treating third-party apps just like they would treat direct debits from a security standpoint.”
PSD2 and the new CMA regulations went into effect at roughly the same time as the General Data Protection Regulation, which vastly raises the bar on data privacy for all individuals in the EU, notes Christian Ball, head of retail, GFT UK, a supplier of IT solutions for financial services.
The Customer Is King
For institutions to embrace open banking, outreach to consumers is crucial, says Mia Iwama Hastings, head of business development at Priviti, a startup whose consent management product helps track complex data-sharing agreements and transactions. Fintechs and banks need to explain open banking to consumers clearly and simply to gain trust. And they need to collaborate effectively with each other to incentivize customers to share their data securely.
“Consumers need to grasp how and when their data is being shared securely with third parties, how they can manage consent, and what the ultimate benefits are for them,” says Hastings. “Why would people agree to share their financial data if they don’t understand how it’s helping them or how it’s being kept safe?”
Consumers share data with Amazon and Google because they can see benefits and have developed a measure of trust, she notes. Fintechs and banks need to build the same trust. Consumers need to know that they are in control of how, when, and with whom they are sharing data. “We need to empower people by giving them the knowledge and tools to manage their consent for data sharing simply and in real time,” Hastings says.
Banks are well positioned from a technology perspective, argues Hans Tesselaar, executive director of the Banking Industry Architecture Network (BIAN); open-banking inertia is due instead to lack of demand from customers. “We [banks] need to move into more complex areas—e.g., initiating a loan or applying for a mortgage,” he says. “If you can do those things on a mobile device, then open banking will take off.”
To help speed up adoption by smaller banks and fintechs, BIAN identified over 100 APIs and plans to build some of them with its members to create an API exchange for developers. “Developing APIs is rather time-consuming and costly; so if we can provide the industry with some prefabricated APIs, it will help speed things up,” states Tesselaar. “They will be generic, so developers will need to tailor them a little bit to connect with their back-end systems, but we expect we can provide 90% usable APIs leaving developers just 10% to do themselves.”
Banks still have to ensure they are providing apps that customers want. “I visit a lot of countries, and unfortunately, I see the same 40 to 50 ideas again and again,” says Andreasen. “Right now, we are only talking about accounts and payments initiation. A lot of companies out there are going to struggle in the future because customers don’t want that many apps on their phones.” Aggregation apps that show accounts at multiple banks may have little value, for instance, as most customers don’t have accounts with multiple banks.
HSBC was the first to allow customers to view all their UK current accounts—savings, mortgages, loans, etc.—on its Connected Money app. The first use cases of open banking in big banks “revolve around data being used to drive more accuracy in credit scoring and … exposing specific elements of the bank value chain for utility purposes,” Ball recently wrote on his blog. “Going forward, [open banking] will grow exponentially as firms begin to expose more data around all of their product sets.” While today’s apps help users measure their spending habits in real-time, APIs of the future will help them do complex things, such as apply for mortgages, with the swipe of a mobile touch screen.
Danske Bank’s recent investment in Danish account aggregation and money management app Spiir provides Danske with the technology to aggregate accounts from multiple banks in the Nordics (Nordic API Gateway). “It’s a fast way for us to give our customers access to their bank accounts across banks for those who need that,” Andreasen says.
That’s why 94% of UK fintechs— despite apparent consumer disinterest— see open banking as a rich field, according to the EY UK FinTech Open Banking Snapshot from March. GFT UK confirms a demand for more personalized services. Data from the company’s research revealed 67% of customers “would be more likely to take out a loan with a bank if it came with practical advice unique to them.”
Personalization is open banking’s key strength, Hastings agrees. “If fintechs and banks harness the power of data sharing to deliver outstanding, user-centric products and services, that provide the best and most personalized customer experience,” she says, “then consumers will be willing to adopt open banking.”