Authors
David Rivero[1]University of Navarra. and Xavier Vives[2]IESE Business School.
1. Introduction
Data has increasingly become a key asset for financial intermediaries. To spur competition in retail banking and stimulate innovations in the payments system, as well as financial inclusion, regulators in many jurisdictions have adopted or are in the process of adopting data sharing policies.[3]By October 2021, Babina et al. (2022) find that 80 of the largest 168 countries were in the process or had adopted data sharing related policies. This set of initiatives, either government-led mandates or market-driven partnerships, has been known as open banking. It refers to those actions that allow third-party firms, either regulated banks or non-bank entities, to have access under customer consent to their data through application programming interfaces (API).[4]APIs are digital interfaces that enable secure data communication between the software applications of different parties. By empowering customers to use their transaction data, open banking intends to elicit more innovation and competition in the provision of financial services in areas such as payments, borrowing or decision-making. Open banking modifies trade-offs between competition, efficiency, privacy, stability, and security with distributional consequences.
Open banking is still on its infancy and differs in terms of scope and state of development across jurisdictions. Early evidence suggests that the penetration of open banking in those areas with legislative mandates is materializing with the UK taking the lead. The Open Banking Implementation Entity (OBIE), funded by the UK’s nine largest banks under the governance of the Competition and Markets Authority (CMA), reported, as of May 2022, over 6 million UK users employed services linked to open banking, while it is expected that by September 2023 over 60% of the UK bank customers will be using open banking enabled products. In terms of usage patterns, the OBIE (2022) accounts that 62% of consumers use account information services and 32% are payment users.[5]Besides, between September 2021 and March 2022, OBIE (2022) reports a total of 21 million open banking payments including the funding of digital wallets, settlement of credit cards or tax payments. By November 2020, a survey conducted by the OBIE reported that 10% of UK small firms switched their business current account provider in comparison with the 4% in 2016 (before open banking).[6]Yet, there is still room for progress. The OBIE (2022) reports that, as of March 2022, only the 2% of the registered open banking firms in the UK provides personalized switching services to … Continue reading
In the EU, there are two legal frameworks concerning data. The Payment Service Directive 2015/2355/EC (PSD2) seeks to grant open access (with consent) to certain types of customers’ banking data for non-bank licensed providers of Payment Initiation Services and Account Information Services. This way, PSD2 mandates that banks allow authorized Third-Party Providers (TPPs) access to customer data and banks are obliged to provide this data to authorized competitors free of charge. The General Data Protection Regulation 2016/679 (GDPR) aims to give customers control over their data. Under this regulation, TTPs —including FinTech firms and BigTech platforms— must facilitate data portability only in cases where it is technically feasible. By May 2022, around 2700 payment and electronic money institutions making use of APIs had been authorized or regulated in the EU according to the European Banking Authority (EBA) central register under PSD2.[7]See https://www.eba.europa.eu/risk-analysis-and-data/register-payment-electronic-money-institutions-under-PSD2.
By contrast, the adoption of open banking has been slower in those jurisdictions where data sharing is mostly market-driven.[8]See McKinsey (2021). Industry initiatives like Financial Data Exchange, a non-profit organization operating in the US and Canada, intend to develop a common and interoperable API for user consent financial data sharing.[9]FDX members include financial institutions, financial data aggregators, FinTechs, industry utilities, payment networks, consumer groups, financial industry groups and other stakeholders involved … Continue reading Yet, the main concern of the Consumer Financial Protection Bureau (CFPB) is on how to ensure that customer data is held and used safely by BigTech companies. To promote competition in the American economy, the Biden Administration issued an executive order in July 2021 that includes, among the 72 initiatives proposed, requiring banks to share their transaction data to facilitate bank switching.[10]See https://www.whitehouse.gov/briefing-room/presidential-actions/2021/07/09/executive-order-on-promoting-competition-in-the-american-economy/. On the other hand, the implementation of open financial data initiatives in developing countries such as many East Asian jurisdictions has followed a voluntary approach (with specific technical standards) but seems to respond more to financial inclusion goals in an attempt to spur economic development. In other jurisdictions the development and implementation of open banking is materializing through public-private partnerships. An example is the Singapore Financial Data Exchange (SGFinDex), which enables individuals access to their financial data held across government agencies and financial institutions.[11]The SGFinDex is built on Singapore’s National Digital Identity (Singpass) and developed by the public sector in collaboration with The Association of Banks in Singapore (ABS), Life Insurance … Continue reading
There are very few assessments of open banking (OB) given its novelty. An exception is Babina et al. (2022), which finds that more comprehensive OB policies are associated with greater use of APIs by banks and by more VC-backed investment in FinTechs but with little effects on inclusion and competition.
In this paper we survey the impact of OB on competition in section 2. We examine the trade-offs induced by OB in section 3 and the regulatory implications in section 4, to conclude in section 5.
2. The impact of open banking on competition
Demand deposits (as well as cash) have served traditionally as the primary means of payment for retail transactions, which allowed depository institutions to exploit private customer information exclusively and enjoy scope economies between deposit/payments and loans. Asymmetric access to customer transaction data, though, may limit competition and create adverse selection that discourages the entry of innovative entities into the finance sphere and allow banks to retain customers.
The aim of OB is to foster competition and innovation. As such, it threatens the monopolistic position of depository institutions in the payment sphere. Yet, a central question is the extent to which OB will make the banking market more contestable. This is so because its impact will depend to a large extent on the nature of the third-party with which bank customers decide to share their transaction data gathered from payment accounts.
If a significant mass of the counterparties that receive customer information are other incumbent banks with which the customer did not maintain a former relationship, competition would be spurred within the banking system but barriers to new entry may remain since payment intermediation would be realized by the same pool of incumbents. In such a case, the degree of contestability may be limited. However, OB may boost contestability more whenever bank customers decide to share their data with nonbank institutions. FinTechs typically will have a more advanced data analysis IT but will lack data. A positive externality of the switch towards FinTech firms is that incumbents will have more incentives to innovate and invest in IT to meet the new customers’ service expectations.[12]Although the mere threat of FinTech entry may induce such incentives (see Vives and Ye, 2022b). As a result, OB would represent a push to replace obsolete legacy technologies.
The present vertical organization of financial services will prevail if entrants use the existing payment infrastructure, typically through bank partnerships.[13]An example of innovation wherein payment services rely on existing payment rails is the collaboration between Apple and Goldman Sachs to develop a credit card in 2019 or, recently, the launch of a … Continue reading This might be the case for those jurisdictions where the bank-based payment infrastructure is dominant (US and Europe, mainly). In the jurisdictions where it is not, like in China where Alipay and WeChat Pay are dominant, the BigTech platforms obtain the data generated from transactions and not banks. When users execute payment orders through such platforms, the bank only observes that the platform is the recipient and cannot gather valuable transaction data that might serve for credit scoring or financial product recommendations. If a significant number of customers satisfy their financial services needs through a specific platform, there is the risk that such platform might generate endogenous switching costs and a digital monopoly.[14]Indeed, to prevent excessive market power and facilitate data sharing with competitors in China, the People’s Bank of China ordered online payment groups to operate through a centralized clearing … Continue reading
The industrial organization of the banking sector might change if the interface with customers and customer data end being controlled by BigTech plaforms or platform-transformed incumbents. Then a shift may occur from vertical integration, in which incumbent banks manage each step of the financial intermediation chain -from private money creation to the development of internal interfaces to process customer transaction orders- to a horizontal industry where those BigTech platforms and platform-transformed incumbents control the customer interface with financial product providers. The result would be a new oligopolistic market structure for the provision of financial services.[15]See Vives (2019). What remains an open question is whether and how OB will influence this process.
To sum up, the impact of OB on competition is materializing to a large extent through the payment sphere. Mandates on data sharing at EU and UK jurisdictions will spur competition in the supply of financial services in the short run if the playing field is leveled for incumbents and entrants. But an ambiguous impact on competition intensity is possible. He et al. (2023), for example, show that lending competition will intensify (soften) if due to OB the screening ability gap between incumbent and fintech shrinks (expands). This ability gap is a function both of data availability and IT. Furthermore, the long run impact will depend, as argued, on how OB influences the market structure of the financial intermediation industry.
3. Data-sharing trade-offs
Although OB may spur competition within the own banking sector and lead to welfare gains through the entry of firms with a technological edge into the provision of financial services, it also presents trade-offs in the dimensions of privacy, competition/efficiency/welfare, and stability/security. Those trade-offs relate to information issues, inclusion, discrimination, risk-shifting and adverse selection effects.
3.1 Competition-Stability
The rents that incumbents extract ex-post from transaction data encourages the ex-ante production of information to extend market share and soften lending competition (Hauswald and Marquez, 2006). Similarly, the loan monitoring effort of incumbents will depend on the skin in the game (loan margins) they have (Vives and Ye, 2022a). As such, data-sharing instruments that eliminate surpluses generated from lending relationships may encourage the risk-taking appetite of incumbents, which might be detrimental for financial stability. In short, if OB diminishes the charter value of incumbents those may be prone to take more risk.[16]This is a well-known effect (see Vives, 2016).
Babina et al. (2022) find that an increase in customer data sharing fosters competition and innovation at the cost of lowering ex-ante information gathering. Then, if banks’ screening incentives are reduced with OB policies, credit allocation might worsen and a larger fraction of potential borrowers with riskier profiles could be granted credit in detriment to high-quality safer investment projects. Thus, data sharing policies may have undesired consequences for financial stability because of risk-shifting effects.
3.2 Efficiency-Security
Open banking will facilitate the inclusion of profitable unbanked agents. Furthermore, the entry of nonbanks with more advanced algorithms for data analysis will also help to discriminate the risk profiles of banked agents more efficiently through a more accurate credit risk assessment and pricing. However, data sharing also raises questions about cybersecurity and customer’s safety. Customer trust on the security of data sharing is indeed a necessary condition for the success of OB.[17]As a way of example, Strong Customer Authentication (SCA) requires identity verification and user consent to any action performed by a third-party provider in the EU to secure electronic payment … Continue reading Furthermore, the technical reliability of the APIs must be supervised to ensure the quality of the data provided to TPPs. If the design and implementation of APIs is imperfect in the sense that either TPPs cannot connect to it securely and efficiently on behalf of customers or incumbents cannot ensure the true nature of TPPs that ask for bank customer data, then doubts on data safety and trust issues for customers may appear, which could induce reputational losses for all participants. Early data on API performance seems to support the technical reliability and robustness of IT data-sharing systems. By October 2022, the OBIE reported that only 0.4% of the business API calls failed and 0.09% were rejected, suggesting a consistent implementation of APIs in the UK.
3.3 Privacy-Welfare
Bank customers can potentially have access to more efficient and cheaper financial services if they control their data. Yet, there are concerns on the use of data once customers give consent.[18]In a recent public consultation of the European Commission (EC) on the review of the PSD2, many citizen respondents claimed not being able to control how their data is used, believing that there are … Continue reading For example, customer’s welfare might be compromised if data is misused by third parties for preference manipulation. Liu et al. (2020) illustrate how consumer biases interact with data privacy and find that sharing consumer data with a digital platform exposes those individuals with a behavioral weakness to purchase products even though they do not improve their utility.
Furthermore, data-sharing might allow intermediaries to price discriminate with unintended welfare effects. Babina et al. (2022) find that the welfare effects of data sharing may depend on the financial service provided. They show that data-sharing to quality and targeting (e.g., financial advice) improves welfare for all customer types but it will diminish it for types costlier to service or with high willingness to pay when data is used to screen and price discriminate (e.g., in lending).
To encourage information disclosure, firms may commit to not price discriminate. However, Ichihashi (2020) shows that seller’s commitment to not use consumer’s information to price discriminate can decrease consumer welfare. Although consumers disclose more information to obtain accurate product recommendations with such commitment, they miss the opportunity to influence prices by concealing information whenever sellers commit to prices in advance.
Voluntary data sharing has adverse selection implications for credit quality assessment. In principle, only those customers with good credit profiles will choose to port their data to other competitors. Then, those who apply for a loan to a lender with whom they did not maintain a previous relationship might signal to be low-quality borrowers. He et al. (2023) find in a theoretical model that if the existing screening ability gap between incumbents and entrants is large, OB can improve “excessively” the competitiveness of nonbanks, hurting the entire pool of borrowers independently if they agree to share their data or not. This is so because those borrowers who use OB will be hurt from a weakened competition caused by the larger asymmetries from data sharing, while those who do not will be also worse off because of adverse selection by signaling being low creditworthy customers. A complementary theory is Parlour et al. (2022), who show a form of unraveling in a framework where consumers own their data and can port them, intermediaries learn credit types from payment transactions and banks compete with fintechs for payment services. They find that, in such setting, data sharing imposes a negative externality that forces all customers to share data with the bank for free: since low credit quality borrowers obtain a zero surplus regardless of if they share their data or not, any fintech customer declining to port their data is inferred as a high credit quality borrower and the monopolistic bank obtains all the surplus generated from the loan.[19]See Bergemann et al. (2022) for analysis of data externalities with digital competition. The authors also find that OB benefits the unbanked (i.e., financial inclusion) but may hurt those customers with strong bank affinity.
4. Regulatory issues
The benefits derived from OB, namely, innovation, inclusion, and competition, can be achieved only under a well-designed regulatory framework that protects data privacy and facilitates data sharing while balances the playing field of incumbent banks and potential entrants. As a result, several regulatory challenges arise.
A first regulatory challenge is to create an adequate legislation that allows the entry of BigTech companies into the provision of financial services but balancing the risk of monopolization in the long run. European legislation on digital platforms will be determined by the Digital Markets Act (DMA), which was proposed by the EC in December 2020. The main objectives of the DMA are (i) to make digital markets more contestable by reducing entry barriers for smaller platforms and start-ups and (ii) limit the anticompetitive practices of gatekeepers.[20]The DMA refers the term “gatekeeper” to those technological players operating digital core services with a dominant and durable market position that serve as gateway for business users to reach … Continue reading Importantly, instead of antitrust sanctions that take place after the infringement materializes, the DMA intends to foster competition by setting ex-ante rules that restrict the anticompetitive behavior before dominant positions obtain.[21]See Vives (2021) for an assessment of the antitrust challenges of technological progress.
To minimize the risk of digital monopolies, the DMA will force gatekeepers to open their communication APIs to enhance the interoperability of their platforms and reduce network effects (e.g., Telegram users might be able to operate through the WhatsApp’s platform) and will allow TPPs to have access to data generated in the platform. Furthermore, the EC will be able to impose heavy fines and to block acquisitions in the event of repetitive infringements. The latter aspect is relevant because, with the development of data sharing policies, BigTech companies may acquire digital startups specialized in the provision of financial services to accelerate its entry into finance.[22]A recent example is the acquisition of Credit Kudus by Apple, which could be an attempt of the latter to entry into the provision of lending services in Europe.
Questions arise in the EU on the asymmetries between the PSD2 and the GDPR and how they have to work together (for example, on the interpretation of consent under the two legislations).[23]See https://edpb.europa.eu/sites/default/files/files/file1/psd2_letter_en.pdf. Recall that PSD2 mandates that banks allow authorized TPPs access to customer data free of charge, while under GDPR, TTPs —including BigTech platforms— must facilitate data portability only in cases where it is technically feasible. Incumbent banks have pointed out that they may be in a disadvantageous position relative to BigTech platforms benefiting from the non-reciprocal access to data. The DMA could level the playing field by requiring gatekeepers to share information under interoperability rules, which will reduce the long-term risk of monopolization by digital platforms. For example, the DMA will provide end-users the chance to choose not to combine and cross-use personal data from their core platform services unless explicit consent is provided under the GDPR.
Another regulatory issue concerns the extent of data sharing to foster contestability to a broad spectrum of financial services. The current design of OB in European jurisdictions does not include other financial products such as saving accounts, credit cards, mortgages, or pensions. To this end, the EBA recently asked the EC about the possibility that the industry develops a common API to expand the access to payment accounts data towards other types of financial information such as savings, investments, and insurance.[24]See https://www.eba.europa.eu/eba-replies-european-commission%E2%80%99s-call-advice-%C2%A0-review-payment-services-directive.
5. Concluding remarks
Open banking holds promise to increase innovation, financial inclusion, and market contestability in the provision of financial services. Welfare gains derived from data sharing initiatives can lower intermediation costs and make payment services faster. However, potential trade-offs in terms of privacy, efficiency, security, and stability can be foreseen. Early evidence and theoretical models suggest that OB fosters entry but with ambiguous welfare effects even for those customers who do not allow to share their data with third parties. Data sharing on customer preferences might empower excessively entrants in detriment of customer welfare, especially if the technology gap with incumbents widens. The fact that the voluntary nature of data sharing is not sufficient to enhance a net social gain calls for further research on the implementation of OB and the quantification of these trade-offs. It is also unclear the extent to which the playing field should favor technological companies for a large-scale entry to promote contestability. Regulation must facilitate the entry of digital platforms in the provision of financial services but introduce mechanisms that prevent the formation of data monopolies. The DMA, by proposing the ex-ante rules for the identification of digital gatekeepers, can be a game-changer to curb potential anticompetitive behavior of BigTech platforms. Yet, the different legislations on data sharing and data privacy must be consistent to avoid interpretation conflicts. The expansion of data sharing from payment accounts towards other types of financial data and economic sectors is the next challenge in the evolution of OB in Europe.
In short, OB will tend to increase contestability in financial services but highlight the tension between the objectives of different regulators: the banking regulator worried about financial stability, the competition authority worried about customer welfare (in parallel to consumer protection regulation), and the data regulator worried about privacy.[25]See Carletti et al. (2020) for a broad perspective on those tensions in digital banking.
Notes
We are grateful to the editorial team of European Economy for helpful comments that contributed to improve this article. Rivero acknowledges financial support from Project PDI2019-108144GB-100, Ministerio de Ciencia e Innovación; Vives from Project PID2021-123113NB-I00 funded by MCIN/AEI /10.13039/501100011033/ FEDER, UE.
References
Babina, T., G. Buchak, and W. Gornall (2022). Customer data access and fintech entry: Early evidence from open banking. Stanford University GSB Research Paper, Available at SSRN: https://ssrn.com/abstract=4071214 or http://dx.doi.org/10.2139/ssrn.4071214
Bergemann, D., Bonatti, A. and Gan, T. (2022). The economics of social data. The RAND Journal of Economics 53(2): 263-296.
Carletti, E., Claessens, S., Fatás, A. and Vives, X. (2020) The bank business model in the post Covid-19 world, 2020, CEPR, pp. 158.
Hauswald, R., and R. Marquez (2006). Competition and strategic information acquisition in credit markets. The Review of Financial Studies 19(3), pp. 967-1000.
He, Z., J. Huang, and J. Zhou (2023). Open banking: credit market competition when borrowers own the data. Journal of Financial Economics 147(2), pp. 449-474.
Ichihashi, S. (2020). Online privacy and information disclosure by consumers. American Economic Review 110(2): 569-595.
Liu, Z., Sockin, M., and Xiong, W. (2020). Data privacy and temptation. NBER Working Paper 27653.
McKinsey (2021). Financial services unchained: The ongoing rise of open financial data. Available at: https://www.mckinsey.com/industries/financial-services/our-insights/financial-services-unchained-the-ongoing-rise-of-open-financial-data
OBIE (2022). The open banking impact report, June 2022. Intermediate outcomes (adoption) – The open banking Impact Report (foleon.com)
Parlour, C. A., U. Rajan, and H. Zhu (2022). When fintech competes for payment flows. The Review of Financial Studies 35(11): 4985-5024.
Vives, X. (2016). Competition and stability in banking, Princeton University Press.
Vives, X. (2019). Digital disruption in banking. Annual Review of Financial Economics 11(1): 243-272.
Vives, X. (2021). The antitrust FinTech challenge. Concurrences 4: 21-26.
Vives, X. and Ye (2022a). Information technology and banking competition. CEPR WP.
Vives, X. and Ye (2022b). Fintech entry, lending market competition, and welfare. WP.
Footnotes
↑1 | University of Navarra. |
---|---|
↑2 | IESE Business School. |
↑3 | By October 2021, Babina et al. (2022) find that 80 of the largest 168 countries were in the process or had adopted data sharing related policies. |
↑4 | APIs are digital interfaces that enable secure data communication between the software applications of different parties. |
↑5 | Besides, between September 2021 and March 2022, OBIE (2022) reports a total of 21 million open banking payments including the funding of digital wallets, settlement of credit cards or tax payments. |
↑6 | Yet, there is still room for progress. The OBIE (2022) reports that, as of March 2022, only the 2% of the registered open banking firms in the UK provides personalized switching services to facilitate customers to choose the most appropriate current account according with their liquidity needs. |
↑7 | See https://www.eba.europa.eu/risk-analysis-and-data/register-payment-electronic-money-institutions-under-PSD2. |
↑8 | See McKinsey (2021). |
↑9 | FDX members include financial institutions, financial data aggregators, FinTechs, industry utilities, payment networks, consumer groups, financial industry groups and other stakeholders involved user-permissioned financial data sharing. |
↑10 | See https://www.whitehouse.gov/briefing-room/presidential-actions/2021/07/09/executive-order-on-promoting-competition-in-the-american-economy/. |
↑11 | The SGFinDex is built on Singapore’s National Digital Identity (Singpass) and developed by the public sector in collaboration with The Association of Banks in Singapore (ABS), Life Insurance Association Singapore (LIA Singapore), and 15 participating financial institutions. |
↑12 | Although the mere threat of FinTech entry may induce such incentives (see Vives and Ye, 2022b). |
↑13 | An example of innovation wherein payment services rely on existing payment rails is the collaboration between Apple and Goldman Sachs to develop a credit card in 2019 or, recently, the launch of a high-yield savings account. |
↑14 | Indeed, to prevent excessive market power and facilitate data sharing with competitors in China, the People’s Bank of China ordered online payment groups to operate through a centralized clearing house in order to allow banks and other competitors to AliPay and WeChat Pay to have access to the information these digital wallets hold. |
↑15 | See Vives (2019). |
↑16 | This is a well-known effect (see Vives, 2016). |
↑17 | As a way of example, Strong Customer Authentication (SCA) requires identity verification and user consent to any action performed by a third-party provider in the EU to secure electronic payment transactions and reduce fraud. With this multi-factor authentication, TPPs do not need bilateral agreements with incumbent banks to connect their APIs to the bank domain, which prevents banks to block information sharing to any external regulated entity if customer allows it. Yet, there have been cases of breaches during the transfer of data, which constraints operational efficiency by making the process of bank switching harder. For instance, the CMA warned in 2021 Monzo, Bank of Ireland, NatWest Group, and Virgin Money over banking transaction history breaches for which over 150,000 customers were not provided with their transaction history in the needed timescale. |
↑18 | In a recent public consultation of the European Commission (EC) on the review of the PSD2, many citizen respondents claimed not being able to control how their data is used, believing that there are privacy risks giving third-party service providers access to their data. See https://ec.europa.eu/info/law/better-regulation/have-your-say/initiatives/13241-Open-finance-framework-enabling-data-sharing-and-third-party-access-in-the-financial-sector/F_en. |
↑19 | See Bergemann et al. (2022) for analysis of data externalities with digital competition. |
↑20 | The DMA refers the term “gatekeeper” to those technological players operating digital core services with a dominant and durable market position that serve as gateway for business users to reach end-users. Gatekeepers in digital markets that meet the quantitative thresholds included in the DMA will be designated after its entry into effect on May 2, 2023. |
↑21 | See Vives (2021) for an assessment of the antitrust challenges of technological progress. |
↑22 | A recent example is the acquisition of Credit Kudus by Apple, which could be an attempt of the latter to entry into the provision of lending services in Europe. |
↑23 | See https://edpb.europa.eu/sites/default/files/files/file1/psd2_letter_en.pdf. |
↑24 | See https://www.eba.europa.eu/eba-replies-european-commission%E2%80%99s-call-advice-%C2%A0-review-payment-services-directive. |
↑25 | See Carletti et al. (2020) for a broad perspective on those tensions in digital banking. |