Authors

David Rivero^[1]University of Navarra. and Xavier Vives^[2]IESE Business School.

 

1. Introduction

Data has increasingly become a key asset for financial intermediaries. To spur competition in retail banking and stimulate innovations in the payments system, as well as financial inclusion, regulators in many jurisdictions have adopted or are in the process of adopting data sharing policies.^[3]By October 2021, Babina et al. (2022) find that 80 of the largest 168 countries were in the process or had adopted data sharing related policies. This set of initiatives, either government-led mandates or market-driven partnerships, has been known as open banking. It refers to those actions that allow third-party firms, either regulated banks or non-bank entities, to have access under customer consent to their data through application programming interfaces (API).^[4]APIs are digital interfaces that enable secure data communication between the software applications of different parties. By empowering customers to use their transaction data, open banking intends to elicit more innovation and competition in the provision of financial services in areas such as payments, borrowing or decision-making. Open banking modifies trade-offs between competition, efficiency, privacy, stability, and security with distributional consequences.

Open banking is still on its infancy and differs in terms of scope and state of development across jurisdictions. Early evidence suggests that the penetration of open banking in those areas with legislative mandates is materializing with the UK taking the lead. The Open Banking Implementation Entity (OBIE), funded by the UK’s nine largest banks under the governance of the Competition and Markets Authority (CMA), reported, as of May 2022, over 6 million UK users employed services linked to open banking, while it is expected that by September 2023 over 60% of the UK bank customers will be using open banking enabled products. In terms of usage patterns, the OBIE (2022) accounts that 62% of consumers use account information services and 32% are payment users.^[5]Besides, between September 2021 and March 2022, OBIE (2022) reports a total of 21 million open banking payments including the funding of digital wallets, settlement of credit cards or tax payments. By November 2020, a survey conducted by the OBIE reported that 10% of UK small firms switched their business current account provider in comparison with the 4% in 2016 (before open banking).^[6]Yet, there is still room for progress. The OBIE (2022) reports that, as of March 2022, only the 2% of the registered open banking firms in the UK provides personalized switching services to … Continue reading

In the EU, there are two legal frameworks concerning data. The Payment Service Directive 2015/2355/EC (PSD2) seeks to grant open access (with consent) to certain types of customers’ banking data for non-bank licensed providers of Payment Initiation Services and Account Information Services. This way, PSD2 mandates that banks allow authorized Third-Party Providers (TPPs) access to customer data and banks are obliged to provide this data to authorized competitors free of charge. The General Data Protection Regulation 2016/679 (GDPR) aims to give customers control over their data. Under this regulation, TTPs —including FinTech firms and BigTech platforms— must facilitate data portability only in cases where it is technically feasible. By May 2022, around 2700 payment and electronic money institutions making use of APIs had been authorized or regulated in the EU according to the European Banking Authority (EBA) central register under PSD2.^[7]See https://www.eba.europa.eu/risk-analysis-and-data/register-payment-electronic-money-institutions-under-PSD2.

By contrast, the adoption of open banking has been slower in those jurisdictions where data sharing is mostly market-driven.^[8]See McKinsey (2021). Industry initiatives like Financial Data Exchange, a non-profit organization operating in the US and Canada, intend to develop a common and interoperable API for user consent financial data sharing.^[9]FDX members include financial institutions, financial data aggregators, FinTechs, industry utilities, payment networks, consumer groups, financial industry groups and other stakeholders involved … Continue reading Yet, the main concern of the Consumer Financial Protection Bureau (CFPB) is on how to ensure that customer data is held and used safely by BigTech companies. To promote competition in the American economy, the Biden Administration issued an executive order in July 2021 that includes, among the 72 initiatives proposed, requiring banks to share their transaction data to facilitate bank switching.^[10]See https://www.whitehouse.gov/briefing-room/presidential-actions/2021/07/09/executive-order-on-promoting-competition-in-the-american-economy/. On the other hand, the implementation of open financial data initiatives in developing countries such as many East Asian jurisdictions has followed a voluntary approach (with specific technical standards) but seems to respond more to financial inclusion goals in an attempt to spur economic development. In other jurisdictions the development and implementation of open banking is materializing through public-private partnerships. An example is the Singapore Financial Data Exchange (SGFinDex), which enables individuals access to their financial data held across government agencies and financial institutions.^[11]The SGFinDex is built on Singapore’s National Digital Identity (Singpass) and developed by the public sector in collaboration with The Association of Banks in Singapore (ABS), Life Insurance … Continue reading

There are very few assessments of open banking (OB) given its novelty. An exception is Babina et al. (2022), which finds that more comprehensive OB policies are associated with greater use of APIs by banks and by more VC-backed investment in FinTechs but with little effects on inclusion and competition.

In this paper we survey the impact of OB on competition in section 2. We examine the trade-offs induced by OB in section 3 and the regulatory implications in section 4, to conclude in section 5.

 

2. The impact of open banking on competition

Demand deposits (as well as cash) have served traditionally as the primary means of payment for retail transactions, which allowed depository institutions to exploit private customer information exclusively and enjoy scope economies between deposit/payments and loans. Asymmetric access to customer transaction data, though, may limit competition and create adverse selection that discourages the entry of innovative entities into the finance sphere and allow banks to retain customers.

The aim of OB is to foster competition and innovation. As such, it threatens the monopolistic position of depository institutions in the payment sphere. Yet, a central question is the extent to which OB will make the banking market more contestable. This is so because its impact will depend to a large extent on the nature of the third-party with which bank customers decide to share their transaction data gathered from payment accounts.

If a significant mass of the counterparties that receive customer information are other incumbent banks with which the customer did not maintain a former relationship, competition would be spurred within the banking system but barriers to new entry may remain since payment intermediation would be realized by the same pool of incumbents. In such a case, the degree of contestability may be limited. However, OB may boost contestability more whenever bank customers decide to share their data with nonbank institutions. FinTechs typically will have a more advanced data analysis IT but will lack data. A positive externality of the switch towards FinTech firms is that incumbents will have more incentives to innovate and invest in IT to meet the new customers’ service expectations.^[12]Although the mere threat of FinTech entry may induce such incentives (see Vives and Ye, 2022b). As a result, OB would represent a push to replace obsolete legacy technologies.

The present vertical organization of financial services will prevail if entrants use the existing payment infrastructure, typically through bank partnerships.^[13]An example of innovation wherein payment services rely on existing payment rails is the collaboration between Apple and Goldman Sachs to develop a credit card in 2019 or, recently, the launch of a … Continue reading This might be the case for those jurisdictions where the bank-based payment infrastructure is dominant (US and Europe, mainly). In the jurisdictions where it is not, like in China where Alipay and WeChat Pay are dominant, the BigTech platforms obtain the data generated from transactions and not banks. When users execute payment orders through such platforms, the bank only observes that the platform is the recipient and cannot gather valuable transaction data that might serve for credit scoring or financial product recommendations. If a significant number of customers satisfy their financial services needs through a specific platform, there is the risk that such platform might generate endogenous switching costs and a digital monopoly.^[14]Indeed, to prevent excessive market power and facilitate data sharing with competitors in China, the People’s Bank of China ordered online payment groups to operate through a centralized clearing … Continue reading

The industrial organization of the banking sector might change if the interface with customers and customer data end being controlled by BigTech plaforms or platform-transformed incumbents. Then a shift may occur from vertical integration, in which incumbent banks manage each step of the financial intermediation chain -from private money creation to the development of internal interfaces to process customer transaction orders- to a horizontal industry where those BigTech platforms and platform-transformed incumbents control the customer interface with financial product providers. The result would be a new oligopolistic market structure for the provision of financial services.^[15]See Vives (2019). What remains an open question is whether and how OB will influence this process.

To sum up, the impact of OB on competition is materializing to a large extent through the payment sphere. Mandates on data sharing at EU and UK jurisdictions will spur competition in the supply of financial services in the short run if the playing field is leveled for incumbents and entrants. But an ambiguous impact on competition intensity is possible. He et al. (2023), for example, show that lending competition will intensify (soften) if due to OB the screening ability gap between incumbent and fintech shrinks (expands). This ability gap is a function both of data availability and IT. Furthermore, the long run impact will depend, as argued, on how OB influences the market structure of the financial intermediation industry.

 

3. Data-sharing trade-offs

Although OB may spur competition within the own banking sector and lead to welfare gains through the entry of firms with a technological edge into the provision of financial services, it also presents trade-offs in the dimensions of privacy, competition/efficiency/welfare, and stability/security. Those trade-offs relate to information issues, inclusion, discrimination, risk-shifting and adverse selection effects.

 

3.1 Competition-Stability

The rents that incumbents extract ex-post from transaction data encourages the ex-ante production of information to extend market share and soften lending competition (Hauswald and Marquez, 2006). Similarly, the loan monitoring effort of incumbents will depend on the skin in the game (loan margins) they have (Vives and Ye, 2022a). As such, data-sharing instruments that eliminate surpluses generated from lending relationships may encourage the risk-taking appetite of incumbents, which might be detrimental for financial stability. In short, if OB diminishes the charter value of incumbents those may be prone to take more risk.^[16]This is a well-known effect (see Vives, 2016).

Babina et al. (2022) find that an increase in customer data sharing fosters competition and innovation at the cost of lowering ex-ante information gathering. Then, if banks’ screening incentives are reduced with OB policies, credit allocation might worsen and a larger fraction of potential borrowers with riskier profiles could be granted credit in detriment to high-quality safer investment projects. Thus, data sharing policies may have undesired consequences for financial stability because of risk-shifting effects.

 

3.2 Efficiency-Security

Open banking will facilitate the inclusion of profitable unbanked agents. Furthermore, the entry of nonbanks with more advanced algorithms for data analysis will also help to discriminate the risk profiles of banked agents more efficiently through a more accurate credit risk assessment and pricing. However, data sharing also raises questions about cybersecurity and customer’s safety. Customer trust on the security of data sharing is indeed a necessary condition for the success of OB.^[17]As a way of example, Strong Customer Authentication (SCA) requires identity verification and user consent to any action performed by a third-party provider in the EU to secure electronic payment … Continue reading Furthermore, the technical reliability of the APIs must be supervised to ensure the quality of the data provided to TPPs. If the design and implementation of APIs is imperfect in the sense that either TPPs cannot connect to it securely and efficiently on behalf of customers or incumbents cannot ensure the true nature of TPPs that ask for bank customer data, then doubts on data safety and trust issues for customers may appear, which could induce reputational losses for all participants. Early data on API performance seems to support the technical reliability and robustness of IT data-sharing systems. By October 2022, the OBIE reported that only 0.4% of the business API calls failed and 0.09% were rejected, suggesting a consistent implementation of APIs in the UK.

 

3.3 Privacy-Welfare

Bank customers can potentially have access to more efficient and cheaper financial services if they control their data. Yet, there are concerns on the use of data once customers give consent.^[18]In a recent public consultation of the European Commission (EC) on the review of the PSD2, many citizen respondents claimed not being able to control how their data is used, believing that there are … Continue reading For example, customer’s welfare might be compromised if data is misused by third parties for preference manipulation. Liu et al. (2020) illustrate how consumer biases interact with data privacy and find that sharing consumer data with a digital platform exposes those individuals with a behavioral weakness to purchase products even though they do not improve their utility.

Furthermore, data-sharing might allow intermediaries to price discriminate with unintended welfare effects. Babina et al. (2022) find that the welfare effects of data sharing may depend on the financial service provided. They show that data-sharing to quality and targeting (e.g., financial advice) improves welfare for all customer types but it will diminish it for types costlier to service or with high willingness to pay when data is used to screen and price discriminate (e.g., in lending).

To encourage information disclosure, firms may commit to not price discriminate. However, Ichihashi (2020) shows that seller’s commitment to not use consumer’s information to price discriminate can decrease consumer welfare. Although consumers disclose more information to obtain accurate product recommendations with such commitment, they miss the opportunity to influence prices by concealing information whenever sellers commit to prices in advance.

Voluntary data sharing has adverse selection implications for credit quality assessment. In principle, only those customers with good credit profiles will choose to port their data to other competitors. Then, those who apply for a loan to a lender with whom they did not maintain a previous relationship might signal to be low-quality borrowers. He et al. (2023) find in a theoretical model that if the existing screening ability gap between incumbents and entrants is large, OB can improve “excessively” the competitiveness of nonbanks, hurting the entire pool of borrowers independently if they agree to share their data or not. This is so because those borrowers who use OB will be hurt from a weakened competition caused by the larger asymmetries from data sharing, while those who do not will be also worse off because of adverse selection by signaling being low creditworthy customers. A complementary theory is Parlour et al. (2022), who show a form of unraveling in a framework where consumers own their data and can port them, intermediaries learn credit types from payment transactions and banks compete with fintechs for payment services. They find that, in such setting, data sharing imposes a negative externality that forces all customers to share data with the bank for free: since low credit quality borrowers obtain a zero surplus regardless of if they share their data or not, any fintech customer declining to port their data is inferred as a high credit quality borrower and the monopolistic bank obtains all the surplus generated from the loan.^[19]See Bergemann et al. (2022) for analysis of data externalities with digital competition. The authors also find that OB benefits the unbanked (i.e., financial inclusion) but may hurt those customers with strong bank affinity.

 

4. Regulatory issues

The benefits derived from OB, namely, innovation, inclusion, and competition, can be achieved only under a well-designed regulatory framework that protects data privacy and facilitates data sharing while balances the playing field of incumbent banks and potential entrants. As a result, several regulatory challenges arise.

A first regulatory challenge is to create an adequate legislation that allows the entry of BigTech companies into the provision of financial services but balancing the risk of monopolization in the long run. European legislation on digital platforms will be determined by the Digital Markets Act (DMA), which was proposed by the EC in December 2020. The main objectives of the DMA are (i) to make digital markets more contestable by reducing entry barriers for smaller platforms and start-ups and (ii) limit the anticompetitive practices of gatekeepers.^[20]The DMA refers the term “gatekeeper” to those technological players operating digital core services with a dominant and durable market position that serve as gateway for business users to reach … Continue reading Importantly, instead of antitrust sanctions that take place after the infringement materializes, the DMA intends to foster competition by setting ex-ante rules that restrict the anticompetitive behavior before dominant positions obtain.^[21]See Vives (2021) for an assessment of the antitrust challenges of technological progress.

To minimize the risk of digital monopolies, the DMA will force gatekeepers to open their communication APIs to enhance the interoperability of their platforms and reduce network effects (e.g., Telegram users might be able to operate through the WhatsApp’s platform) and will allow TPPs to have access to data generated in the platform. Furthermore, the EC will be able to impose heavy fines and to block acquisitions in the event of repetitive infringements. The latter aspect is relevant because, with the development of data sharing policies, BigTech companies may acquire digital startups specialized in the provision of financial services to accelerate its entry into finance.^[22]A recent example is the acquisition of Credit Kudus by Apple, which could be an attempt of the latter to entry into the provision of lending services in Europe.

Questions arise in the EU on the asymmetries between the PSD2 and the GDPR and how they have to work together (for example, on the interpretation of consent under the two legislations).^[23]See https://edpb.europa.eu/sites/default/files/files/file1/psd2_letter_en.pdf. Recall that PSD2 mandates that banks allow authorized TPPs access to customer data free of charge, while under GDPR, TTPs —including BigTech platforms— must facilitate data portability only in cases where it is technically feasible. Incumbent banks have pointed out that they may be in a disadvantageous position relative to BigTech platforms benefiting from the non-reciprocal access to data. The DMA could level the playing field by requiring gatekeepers to share information under interoperability rules, which will reduce the long-term risk of monopolization by digital platforms. For example, the DMA will provide end-users the chance to choose not to combine and cross-use personal data from their core platform services unless explicit consent is provided under the GDPR.

Another regulatory issue concerns the extent of data sharing to foster contestability to a broad spectrum of financial services. The current design of OB in European jurisdictions does not include other financial products such as saving accounts, credit cards, mortgages, or pensions. To this end, the EBA recently asked the EC about the possibility that the industry develops a common API to expand the access to payment accounts data towards other types of financial information such as savings, investments, and insurance.^[24]See https://www.eba.europa.eu/eba-replies-european-commission%E2%80%99s-call-advice-%C2%A0-review-payment-services-directive.

 

5. Concluding remarks

Open banking holds promise to increase innovation, financial inclusion, and market contestability in the provision of financial services. Welfare gains derived from data sharing initiatives can lower intermediation costs and make payment services faster. However, potential trade-offs in terms of privacy, efficiency, security, and stability can be foreseen. Early evidence and theoretical models suggest that OB fosters entry but with ambiguous welfare effects even for those customers who do not allow to share their data with third parties. Data sharing on customer preferences might empower excessively entrants in detriment of customer welfare, especially if the technology gap with incumbents widens. The fact that the voluntary nature of data sharing is not sufficient to enhance a net social gain calls for further research on the implementation of OB and the quantification of these trade-offs. It is also unclear the extent to which the playing field should favor technological companies for a large-scale entry to promote contestability. Regulation must facilitate the entry of digital platforms in the provision of financial services but introduce mechanisms that prevent the formation of data monopolies. The DMA, by proposing the ex-ante rules for the identification of digital gatekeepers, can be a game-changer to curb potential anticompetitive behavior of BigTech platforms. Yet, the different legislations on data sharing and data privacy must be consistent to avoid interpretation conflicts. The expansion of data sharing from payment accounts towards other types of financial data and economic sectors is the next challenge in the evolution of OB in Europe.

In short, OB will tend to increase contestability in financial services but highlight the tension between the objectives of different regulators: the banking regulator worried about financial stability, the competition authority worried about customer welfare (in parallel to consumer protection regulation), and the data regulator worried about privacy.^[25]See Carletti et al. (2020) for a broad perspective on those tensions in digital banking.

 

Notes

We are grateful to the editorial team of European Economy for helpful comments that contributed to improve this article. Rivero acknowledges financial support from Project PDI2019-108144GB-100, Ministerio de Ciencia e Innovación; Vives from Project PID2021-123113NB-I00 funded by MCIN/AEI /10.13039/501100011033/ FEDER, UE.

 

References

Babina, T., G. Buchak, and W. Gornall (2022). Customer data access and fintech entry: Early evidence from open banking. Stanford University GSB Research Paper, Available at SSRN: https://ssrn.com/abstract=4071214 or http://dx.doi.org/10.2139/ssrn.4071214

Bergemann, D., Bonatti, A. and Gan, T. (2022). The economics of social data. The RAND Journal of Economics 53(2): 263-296.

Carletti, E., Claessens, S., Fatás, A. and Vives, X. (2020) The bank business model in the post Covid-19 world, 2020, CEPR, pp. 158.

Hauswald, R., and R. Marquez (2006). Competition and strategic information acquisition in credit markets. The Review of Financial Studies 19(3), pp. 967-1000.

He, Z., J. Huang, and J. Zhou (2023). Open banking: credit market competition when borrowers own the data. Journal of Financial Economics 147(2), pp. 449-474.

Ichihashi, S. (2020). Online privacy and information disclosure by consumers. American Economic Review 110(2): 569-595.

Liu, Z., Sockin, M., and Xiong, W. (2020). Data privacy and temptation. NBER Working Paper 27653.

McKinsey (2021). Financial services unchained: The ongoing rise of open financial data. Available at: https://www.mckinsey.com/industries/financial-services/our-insights/financial-services-unchained-the-ongoing-rise-of-open-financial-data

OBIE (2022). The open banking impact report, June 2022. Intermediate outcomes (adoption) – The open banking Impact Report (foleon.com)

Parlour, C. A., U. Rajan, and H. Zhu (2022). When fintech competes for payment flows. The Review of Financial Studies 35(11): 4985-5024.

Vives, X. (2016). Competition and stability in banking, Princeton University Press.

Vives, X. (2019). Digital disruption in banking. Annual Review of Financial Economics 11(1): 243-272.

Vives, X. (2021). The antitrust FinTech challenge. Concurrences 4: 21-26.

Vives, X. and Ye (2022a). Information technology and banking competition. CEPR WP.

Vives, X. and Ye (2022b). Fintech entry, lending market competition, and welfare. WP.

Authors

Nir Kshetri^[1]The University of North Carolina at Greensboro, USA.

 

Abstract

Open banking has been a trend that is gaining a broader acceptance among financial institutions and consumers. Digital technologies such as application programming interfaces (APIs), cloud computing, artificial intelligence and machine learning and blockchain have helped financial institutions develop new open banking capabilities to be responsive to the needs of individuals and businesses. Understanding the technological and policy factors underlying open banking is critical for the further growth of this new market. This article analyzes the roles of these technologies and tools in facilitating the growth of open banking. Also discussed are lessons learned and policy implications.

 

Introduction

Open banking has gained increasing acceptance among financial institutions and consumers. According to the market research company Research and Markets, the size of the global open banking market was US$ 7 billion in 2018, which is expected to reach US$ 43 billion by 2026 (Research and Markets, 2022). One estimate suggested that as of early 2021, up to 87% of countries offered open banking in some form (Sieber, 2021). The rapid growth of this phenomenon is driven fundamentally by digital technologies and tools such as application programming interfaces (APIs), cloud computing, artificial intelligence (AI) and machine learning (ML), and blockchain. Emphasizing the importance of many of these technologies in open banking, Swiss technology company Temenos, which specializes in enterprise software for financial services, put the issue this way: “[Open banking participants] require a resilient, secure and scalable technology platform that is cloud-native, API-first, built on microservices and enabled by AI” (p. 3).

The availability and responsible use of these technologies are key to the success of open banking. Adequate public policies will obviously play a major role in ensuring such conditions and facilitating the growth of the open banking industry and market. For instance, it is crucial to understand unintended consequences and potential biases in AI algorithms when they are used in open banking. Socially sensitive data such as gender, ethnicity, family status and other demographic data may lead to unintended consequences when the providers of financial services utilize such data to develop strategic pricing models. Analytics and algorithmic pricing could change the pricing and access to credit for very marginalized groups (deloitte.com, 2018). The success of open banking scheme hinges critically upon the measures taken to enhance the customer experience, protect information privacy and strengthen cybersecurity (deloitte.com, 2018).

This article gives an overview of key technologies and tools that are facilitating or likely to facilitate the growth of open banking. It also focuses on lessons learned and discusses policy implications.

 

Key enabling technologies

This section focuses on key digital technologies that are being utilized or have the potential for use in the future to facilitate the growth of the open banking industry and market.

 

Application programming interface

In open banking, financial institutions interact with each other at the customer’s direction on an a la carte basis (Voas et al., 2022). Open banking customers may include individuals, trusts, estates, private businesses, public sector entities, investors and even other banking entities (Laplante and Kshetri, 2021). Such interactions are facilitated by APIs. An API is a set of programming codes and protocols that works as an intermediary to allow two applications to talk to each other. API banking specifically involves a set of protocols to make a bank’s services available to other third-party providers via APIs (Rao, 2020). It provides a real time solution for processing transactions in a secure manner (ICICI 2022). For instance, third-party providers need a lot of personal information to develop a customer-oriented application. API can extract the required information from external servers. For example, if a third-party provider needs information about a customer’s transaction history, it can submit a request to an API Banking. The requested information is retrieved from the bank database and sent it back to the third-party provider. This process is referred to as API Call (PayCEC, 2022).

An encouraging trend is that financial institutions have introduced APIs for diverse client types, platforms and operating systems to fulfill various open banking needs, which is likely to facilitate the growth of open banking. As early as in 2020, India’s ICICI Bank’s API Banking portal had 250 APIs that allowed businesses, fintech companies, and e-commerce start-ups to connect with the bank (Corneille, 2020). Likewise, Singaporean multinational banking and financial services corporation DBS’s developer portal offers over 200 APIs. The APIs have facilitated payment and loan innovation with firms such as ride-hailing and food delivery company Grab, online property search company PropertyGuru and multinational fast food chain McDonald’s (Open Future World, 2022).

 

Cloud computing

Open banking requires financial institutions to perform real time processing of a large amount of data from diverse sources. These institutions’ on-premises legacy systems often lack the capabilities to meet the needs of open banking, which entail dealing petabytes of data in real time in order to authenticate various transactions initiated through APIs. It is not possible to aggregate and analyze these data on existing on-premises systems that lack the required agility (Finextra 2020).

In order to handle the open banking ecosystem’s requirements, banks thus need to have a platform that is resilient and scalable. Cloud computing is an ideal means to deal with such challenges. The scalability of cloud offering makes it possible to collect, store, analyze and distribute data easily. Financial institutions can access cloud services on demand and pay only for what they consume (Finextra 2020).

Cloud computing solutions can thus help banks reduce the expense and overhead costs associated with handling huge data volumes since they are not required to run hardware on premises. Such solutions also offer the flexibility required in handling data volume fluctuation (Beatty, 2020). In addition, cloud computing can also be used to organize big data and a test environment for developers to innovate securely (Beatty, 2020). Cloud computing also provides a safe and secure environment for sensitive data and reduces cybersecurity and other risks (Beatty, 2020). Infrastructure as a service (IaaS) providers such as AWS offer cybersecurity services that are more advanced than what any organization can achieve by themselves (Finextra 2020).

 

Artificial intelligence and machine learning

AI involves simulation of human intelligence by machines to perform tasks that seemed to be possible only with human thinking and logic before. ML is a type of AI that helps increase accuracy of software applications in predicting outcomes without explicit programming. AI and ML help banks to analyze huge volume of data effectively. Euro Banking Association has identified three strategic areas in financial services that are likely to be impact by AI and ML: processes, products and services, and markets (EBA, 2020). In a use case discussed in Voas et al. (2022), members of a household struggle to manage multiple recurring payments such as mortgage, credit cards, car insurance, home insurance, life insurance, healthcare, property and income taxes, and utilities. In such situations, AI can learn by observing the transactions to provide additional insights that can help optimize cashflow, and minimize late payments, and thus improve the credit rating for members of the household (Voas et al., 2022).

 

Blockchain

In open banking transactions, financial institutions can ask potential customers about their willingness to give financial services providers access to their data. A potential problem is that if individuals and businesses say they are willing to do so in order to get access to financial services, they need to give access to all of their financial and personal data (Ben-Ari et al., nd). Surveys have found that consumers are reluctant to share their bank details with third parties. A key point that needs to be emphasized here is that financial transactional and personal data are more sensitive compared to other forms of information. For instance, a survey conducted by De Nederlandsche Bank (DNB) found that only 25% of Dutch consumers shared their payment data in 2020 in order to get access to new services. Most of the consumers had shared data only with their existing banks. Consumers had more confidence in the bank of that had their main payment account, compared to other parties. The survey found that consumers are not likely to provide their data to new player entering into the payment market in the future (Finextra 2021).

The above challenge can be potentially addressed with blockchain-based self-sovereign identity, which gives consumers control over their information they use to prove who they are. This means that consumers choose what information to share, with whom, and when. Financial institutions and other parties they transact with gain access to consumer data when the data subjects grant it to them. The data can only be used for its intended purpose (Grant, 2022).

Financial institutions can also benefit from blockchain-based self-sovereign identity since valuable resources are not wasted in building trust with consumers. In such a model, the burden of responsibility for data privacy and security is with consumers rather than the financial institutions (Grant, 2022). It is also important to note that due to privacy regulations such as General Data Protection Regulation (GDPR) and California Consumer Privacy Act and other factors, financial institutions and other companies have adopted personal data minimization policies (Kshetri, 2021a). Such policies can help protect themselves from liabilities arising from a negligent act related to data handling. Blockchain adoption is compatible with such policies since financial institutions do not store customer data in a blockchain model.

In blockchain-based solutions, personal data can be seen only with the subject’s permission and such data cannot be stored by a third party. Moreover, the proof of identity is stored in a cryptographic format. This means that blockchain-based systems can be designed to provide a high level of privacy protection. Indeed, secure storage and transmission of digitally signed documents have the potential to be most popular blockchain applications. Due to blockchain’s “super audit trail”, such applications have been built and tested in diverse areas such as supply chain and trade financing, logistics and shipping, and insurance in order to validate the identity of individuals as well as digital and physical assets (Mainelli, 2017; Kshetri, 2021b).

In order to illustrate the above point, we can consider the Canadian identity and authentication provider SecureKey and its network Verified.Me. SecureKey received investments from Canada’s big banks including CIBC, BMO, Desjardins, TD, and Scotiabank (Galang, 2017). The Verified.Me service is available on both cellular devices and desktop, which helps users verify their identity to access services provided by financial institutions. It is built on IBM Blockchain Platform, which uses the Linux Foundation’s Hyperledger. Users can prove that they are who they say they are faster and with a high level of privacy protection (Comben, 2019). The company uses a blockchain-based “triple blind” privacy protocol to connect individuals to partnering online services using an existing credential. The “triple blind” mechanism means that consumers can use their bank credentials to log in and access their cellular phone services. The bank cannot see the data’s destination and the recipient cannot see the bank used or bank account information. SecureKey, as a middleman, is also “blind” and cannot see information about the user of the services (Ho, 2017).

An additional benefit of blockchain is that it can improve reliability of financial and other reporting, and compliance with various laws and regulations (deloitte.com, 2020). By maintaining immutable records of the process and history of transactions, this technology can make regulatory reporting and compliance simpler, more automated and more efficient (Fintech Times, 2021).

 

Lessons and policy implications

Open banking’s potential to address the challenges facing the financial sector has not yet been fully realized. Especially, privacy and security issues have been of concern among large proportions of lenders and consumers, which have hindered the adoption of open banking (Laplante and Kshetri, 2021; Rose, 2021). The potential of AI and other technologies to improve the security and efficiency the financial system has not been fully realized (EBA, 2020).

Partnerships and collaborations at various levels are needed to facilitate the adoption of the above technologies and their responsible use. For instance, currently AI is mainly being used to enhance operations and improve products and services (EBA, 2020). Several organizational factors such as availability and accessibility of data, resources and concerns about cybersecurity and societal challenges related to bias, transparency, and liability are among major barriers that hinder the adoption of AI (EBA, 2020). It is important for financial institutions to work collaboratively to address these issues. For instance, AI can be used to identify threats facing the banking industry. Financial institutions should make full use of the data that are made available and accessible through open banking. In order to extract valuable insights from data, efforts also need to be directed toward increasing the quality of the data (EBA, 2020).

National governments can also play a key role in facilitating the development of digital infrastructures to enrich the open banking ecosystem. In some countries, the governments have already taken initiatives and actions on this front. In India, for instance, the digital infrastructure known as the India Stack has been a key part of the open banking ecosystem. The India Stack consists of a set of open APIs along with a universal digital ID system Aadhaar, which makes it possible for the government and private companies to develop and deploy cashless and paperless products (SignDesk nd). The Aadhaar identification system consists of a 12-digit unique identity card launched by the government in 2010 enables biometric checks to verify the identity of individuals and digitally authenticate them for a variety of services. As of July 2022, there were 1.33 billion users registered for the Aadhaar (https://www.biometricupdate.com/202207/uidai-ceo-lauds-successes-of-aadhaar-biometric-id-at-india-digital-week-2022). Financial institutions can also conduct electronic know-your-customer (eKYC) of customers using the Aadhaar system, which reduces their costs of verifying the identity of customers. Various APIs are available to facilitate open banking. For instance, Aadhaar holders can use online electronic signature service eSign to digitally sign a document. Likewise, the Ministry of Electronics and Information Technology has provided digital locker facility for documents known as DigiLocker (Fintechnews Singapore, 2021).

The India Stack also includes an interoperable payments system known as the Unified Payment Interface (UPI) (Carriere-Swallow et al., 2021). A key goal of the India Stack is to create a unified software platform for stakeholders such as government agencies, businesses, startups and developers. The UPI allows consumers to access bank accounts from registered apps such as mobile wallets in order to make transactions to any bank. As of early 2021, the UPI accounted for about 30% of retail transactions (Fintechnews Singapore, 2021).

Public private partnerships can also be used to enrich open banking ecosystem. For instance, as discussed above, AI is a key technology facilitating the development of AI. However, AI is at a nascent stage of development. The use of AI in open banking can lead to many policy and ethical dilemmas. Regulators and financial institutions can team up to develop standardized AI specifications for various areas related to open banking such as information exchange, infrastructure, governance, and security. It is important for such specifications to cover AI algorithms and models for validating and verifying mandatory regulatory compliance, audits, market risks analysis, anomalies, and outliers (Kannan, nd).

Finally, national governments and international developmental organizations can also collaborate to make digital technologies, and infrastructures available to various open banking participants, which can help accelerate the diffusion and adoption of open banking. The Association of Southeast Asian Nations (ASEAN) Financial Innovation Network (AFIN), which was formed by the Monetary Authority of Singapore (MAS), the International Finance Corporation (IFC) and the ASEAN Bankers Association has introduced API Exchange (APIX) (Monetary Authority of Singapore, nd). A key goal of the APIX is to support financial innovation and inclusion in the ASEAN economies by providing a global, open-architecture platform. In addition, the MAS has introduced an API guidance and collaboration platform, which has encouraged financial institutions to open up their data and services (Open Future World 2022). Third party providers can integrate and test solutions with each other via a cloud-based architecture (Voas et al., 2022).

 

Concluding comments

A number of digital technologies are driving open banking, which has the potential to promote financial inclusion and provide better access to a wide range of financial products and services to individuals and organizations. For instance, open banking makes it possible for borrowers to obtain better terms and pricing. Among the technologies and tools discussed above, while blockchain is not currently being used widely in open banking, this technology holds tremendous potential to address privacy concerns of consumers, which has been a key barrier to the expanded use of this new financial product.

Measures at the firm, industry, national, and international levels are needed to further accelerate the diffusion of open banking. For instance, at the firm level, financial institutions need to develop tools, policies and procedures regarding cloud data management and a responsible use of AI. Close collaboration among financial institutions can help achieve various goals of open banking. In addition to inter-firm collaborations at the industry level, public-private partnerships are needed to address privacy, security and other challenges such as those related to AI ethics and model bias.

 

References

Beatty, A. (2020). How the cloud is the path to open banking, 7th December, https://www.fintechfutures.com/2020/12/how-the-cloud-is-the-path-to-open-banking/

Ben-Ari, A., Green, M., Butcher, I., and O’Neill, P. (nd). Securing open banking with blockchain and Intel® SGX technology, White Paper, https://www.intel.co.uk/content/dam/www/central-libraries/us/en/documents/final-pdf-applied-blockchain-and-intel-sgx-12.pdf

Carriere-Swallow, Y., Haksar, V., and Patnam, M. (2021). India’s Approach to Open Banking: Some Implications for Financial Inclusion, February 26, https://www.imf.org/en/Publications/WP/Issues/2021/02/26/Indias-Approach-to-Open-Banking-Some-Implications-for-Financial-Inclusion-50049

Comben, Ch. (2019). Why Canadian banks are choosing the SecureKey blockchain system May 9, https://coinrivet.com/canadian-banks-choosing-securekey-blockchain-system/

Corneille, E. (2020). 4 top Indian private banks’ APIs enabling innovations in open banking October 07, https://ibsintelligence.com/ibsi-news/4-top-indian-private-banks-apis-enabling-innovations-in-open-banking/

deloitte.com (2018). Open banking What does it mean for analytics and AI? September 2018, https://www2.deloitte.com/content/dam/Deloitte/au/Documents/financial-services/deloitte-au-fs-open-banking-analytics-ai-060918.pdf

deloitte.com (2020) Blockchain and internal control: The COSO perspective: New risks and the need for new controls, July https://www2.deloitte.com/us/en/pages/audit/articles/blockchain-and-internal-control-coso-perspective-risk.html

EBA (2020). Artificial Intelligence in the era of Open Banking, August, pp. 36–37. Euro Banking Association, https://www.abe-eba.eu/thought-leadership-innovation/open-banking-working-group/management-summary-artificial-intelligence-in-the-era-of-open-banking/

Finextra (2020). How the cloud adds value to open banking business models and strategy, 13 November, https://www.finextra.com/newsarticle/36927/how-the-cloud-adds-value-to-open-banking-business-models-and-strategy

Finextra (2021) Open banking will only succeed if consumers are ‘onboard’ 09 March 2021 https://www.finextra.com/blogposting/19992/open-banking-will-only-succeed-if-consumers-are-onboard

Fintech Times (2021). Hardbacon: 5 Fintech Trends That Will Reshape the Financial Services Landscape, The Fintech Times, https://thefintechtimes.com/hardbacon-5-fintech-trends-that-will-reshape-the-financial-services-landscape/

Fintechnews Singapore (2021), India’s Open Banking Landscape Thrives on the Back of Digital Public Infrastructure, March 15, https://fintechnews.sg/49565/india/indias-open-banking-landscape-thrives-on-the-back-of-digital-public-infrastructure/

Galang, J. (2017). With IBM partnership, SecureKey enters next phase of developing secure digital identity network. Betakit, Retrieved from (〈http://betakit.com/with-ibm-partnership-securekey-enters-next-phase-of-developing-secure-digital-identity-network/〉).

Grant, J. (2022). The role of blockchain in the Open Banking era, January 24, https://fintechweekly.com/magazine/articles/the-role-of-blockchain-in-the-open-banking-era

Ho, S. (2017). Canada’s SecureKey receives U.S. grant to build digital identity network. The Globe and Mail, 〈http://www.theglobeandmail.com/technology/canadas-securekey-wins-us-grant-to-help-build-digital-identity-network/article34022647/〉.

Hope, K. (2022). Open Banking and the Rise of Bankingas-a-Service https://www.temenos.com/wp-content/uploads/2022/06/Open-Banking-and-the-Rise-of-Banking-as-a-Service-V4.pdf

ICICI (2022). What is API Banking? https://www.icicibank.com/business-banking/cash-management-services/api-banking

Kannan, V. (nd). Open intelligence – AI in banking and financial services https://www.tcs.com/what-we-do/industries/banking/white-paper/ethical-ai-solutions-strategies-banking-financial-institutions

Kshetri, N. (2021a). Cybersecurity Management: An Organizational and Strategic Approach, The University of Toronto Press: Toronto

Kshetri, N. (2021b). Blockchain and Supply Chain Management. Elsevier: Amsterdam, Netherlands, Oxford, the U.K. and, New York, USA

Laplante, P., and Kshetri, N. (2021).Open Banking: Definition and Description, IEEE Computer, 54(10): 122-128

Mainelli, M. (2017). Blockchain Will Help Us Prove Our Identities in a Digital World. Harvard Business Review, Retrieved from (〈https://hbr.org/2017/03/blockchain-will-help-us-prove-our-identities-in-a-digital-world〉).

Monetary Authority of Singapore. (nd). API Exchange (APIX), https://www.mas.gov.sg/development/fintech/api-exchange

Open Future World (2022). Open Finance Global Progress Ebook: Singapore Special Editorial Focus, May 16, https://openfuture.world/open-finance-global-progress-ebook-singapore-special-editorial-focus/

PayCEC. (2022). The history, overview, and future of Open Banking In The UK, 15 Aug, https://www.paycec.com/news/the-history-overview-and-future-of-open-banking-in-the-uk

Rao, H. (2020). What is API Banking and How it is Enabling? JULY 30, https://razorpay.com/learn/business-banking/what-is-api-banking/

Research and Markets (2022). Insights on the Open Banking Global Market to 2031 – by Financial Services, Distribution Channel and Region, October 28, https://www.globenewswire.com/en/news-release/2022/10/28/2543585/28124/en/Insights-on-the-Open-Banking-Global-Market-to-2031-by-Financial-Services-Distribution-Channel-and-Region.html

Rose, K. (2021). 41% of lenders taking ‘wait and see’ approach to Open Banking, March 31, 2021, https://bestadvice.co.uk/41-of-lenders-taking-wait-and-see-approach-to-open-banking/

Sieber, S. (2021). “Open Banking: What Does It Mean For The US?” March 3, https://www.forbes.com/sites/scarlettsieber/2021/03/03/open-banking-what-does-it-mean-for-the-us/?sh=180aa28db52a

SignDesk (nd) How India Stack Transforms India into a Cashless Economy?, https://signdesk.com/in/aadhaar/india-stack-transforms-india-cashless-economy

Voas, J., Laplante, P., Kassab, M., Lu, S., Ostrovsky, R., Kshetri, N. (2022). Cybersecurity Considerations for Open Banking Technology and Emerging Standards, January 3, The National Institute of Standards and Technology, https://csrc.nist.gov/publications/detail/nistir/8389/draft

Authors

Alberto Dalmasso^[1]Satispay

 

Abstract

Considered one of the milestones of the second European Payment Services Directive, the concept of open banking has, indeed, brought a novelty to the financial scenario. The idea of opening up access to consumers’ banking information to third parties – so far the prerogative of the banks – certainly has a revolutionary scope. A few years after that moment, it is perhaps worth asking whether open banking actually brought that long-awaited revolution to the financial system.
Questioning its limits, analysing its criticalities, and keeping open banking at the core of the political and regulatory debate can help to overcome these limitations and move it towards the broader concept of open finance, a concept that will see the forthcoming Payment Services Directive as the regulatory vehicle on which the European institutions will focus their activity.
Open banking seems to suffer, today, from an inefficient implementation, incapable of exploiting its potential: the expectations associated with the emergence of genuinely new subjects, and truly bearers of value-added services, do not seem to have been fully met.
However, the new challenges of geopolitics and the legislative innovations that the European Union is working on, from the digital euro to Instant Payments, could mark the turning point towards a truly effective open banking, capable of bringing innovation and competitiveness, and thus, of repopulating the Fintech world with new players

 

Introduction

The principle behind open banking, i.e. allowing third-party financial service providers to access consumers’ banking information, is considered to be one of the cornerstones underpinning the Second Payment Services Directive.

It is through open banking, moreover, that the European legislator intended to foster the emergence of third parties – the notorious TPPs (Third-Party Providers) -, harbingers of innovation, stimulus, and competitiveness in a financial system to be opened up and populated by new players, to balance the oligopoly of the major banking subjects that, until then, had dominated the European and world economic scene.

More than seven years now, after the issuance of the Directive, it seems to be an opportune time for a reflection on how and whether this principle has been correctly implemented, and whether open banking has indeed contributed to open innovation in the financial sector.

The new challenges of geopolitics and the new legislation on which the European Union is working, and which will soon become reality, will lead to a rethinking of open banking, which to date seems to have been caught in the meshes of a less than optimal implementation, unable to fully exploit its potential.

The revision of the Payment Services Directive, the new Regulation on Instant Payments, the rulebook on the SPAA Scheme, and, last but not least, the great and challenging test of the Digital Euro, could change the face of open banking for the better, leading it to actually achieve its goal: to create competitiveness in Fintech and foster the emergence of new, truly ground-breaking value-added services.

 

Open banking – Some considerations on PSD2 implementation

The second Payment Services Directive aimed to create a banking system based on open data, requiring banks to open up their application programming interfaces to thirdparty developers, in order to overcome the competitive logic between these subjects and open the way to start-ups, fintechs and new innovative realities.

The fact that banks were obliged to share their account holders’ information with third parties was, in fact, a revolutionary concept, a picklock able to disrupt the traditional financial model and open it up to competition between old and new players in an environment – the banking one – in which the revolution that had already characterised other sectors had not been triggered until then.

At the core of this revolution is the opening of European banks’ APIs to allow third parties access to payment data. It is worth asking, in this regard, whether this has actually led to more competition in areas of traditional bank dominance.

Borrowing a term from game theory, PSD2 intended to trigger what is known as ‘coopetition’ between banks and third parties: cooperation between competitors that increases the benefits for all players and makes the market win-win, with a profitable outcome for all competitors when they cooperate.

Well, co-opetition, a term that returns often in the open banking debate, seems far from having occurred, both for banks and third parties.
First of all, many traditional banks, in order to compete with the emerging third parties, have ended up creating new banks, entities that are, to all intents and purposes, listed as ‘traditional’ rather than new. Banks that are banks, but appear as TPPs: a circumstance, this, rather far from the principle of competition to which open banking should aspire.

Looking, however, from the perspective of third parties, as the market consolidates, it is possible that many players will be acquired by larger players, foreshadowing a scenario, also from the TPP side, in which a few, large incumbents will be the leading providers of the future – a scenario closer to concentration than to competition.

The reason why this scenario can be considered plausible is, surely, an inadequate implementation of the Directive by banking entities, whose implementation of open banking platforms remains far from expectations.

To compensate for inadequate bank APIs, the TPPs that came into being thanks to PSD2 are, in almost all cases, entities that implement and manage APIs, rather than entities that provide banking services: entities, therefore, whose intermediation is necessary to access open banking services.

Although these are services with a high added value in terms of innovation and technology, looking at the general offerings of the companies created by the Directive, what emerges is that they are primarily developer of as-a-service solutions, software solutions that enable banks to be PSD2-compliant, to offer API interfaces for TPP providers in order to allow access to the end customer’s current account.

Third Party Providers were conceived, in the idea of the European legislator, as subjects necessary to stimulate competition in a sector traditionally dominated by the large banking incumbents and thus to expand the range of financial services available to the customer: asset management, savings and investment, payment management, credit scoring, lending.

Services which, however, in the majority of cases, continue to be provided by traditional banks, often using in-house companies that provide the service and which, although they are listed as TPPs, certainly cannot be classified as ‘newcomers’. These entities cannot be said to have contributed to increased competition in the provision of value-added financial services.

On the other hand, the entities that really came into being by exploiting the Directive’s potential are companies that can be properly ascribed to the IT category – rather than Fintech – which, aware of the banks’ implementation limitations, specialised in developing complex and comprehensive IT solutions, capable of compensating the banks’ insufficient APIs.

 

Finding minimum common standards on API

So far, the impression is that the Open Banking paradigm is still in its early stages, and its potential benefits could materialise further.

The efficiency deficit of APIs and the banks’ difficulties in finding an effective solution surely also stem from the inconsistent implementation of the Directive among the Member States. The divergences in the implementation of APIs, due to regulatory divergences between the Member States, constituted a substantial barrier to the full implementation of the directive’s goals. As a result, greater difficulties have emerged in promoting and developing European rather than national solutions, with all that this has entailed in terms of fragmentation and – therefore – barriers to the emergence and access of new players in the financial services market.

The absence of common criteria enabling the market to develop technical implementation standards also led to integration problems, long lead times for API adaptation, and the need for prolonged testing phases.

The revision of the Payment Services Directive will necessarily have to take these aspects into account. It will be crucial to find the balance in ensuring the adoption of common minimum standards while avoiding the adoption of a legislative framework that risks blocking or slowing down technological developments.

Currently, a number of standard-setting organisations coexist in Europe, whose role is generally limited to the publication of periodic API specifications, the implementation of which is then left to the individual banks, with all that this entails in terms of fragmentation and high integration costs – again, barriers to entry to the detriment of the emergence of new players.

It could be argued that TPPs were born with the aim of being able to co-exist with different technologies, to the point of making the banks’ weaknesses their strengths: they built business models based on the creation of unique APIs for those who do not want to deal with technical differences.

Once again, a missed opportunity – and one that must be recovered – for the hoped-for creation of a competitive environment in which new, genuinely Fintech players can bring value to the financial ecosystem.

It will be interesting, in this regard, to follow the developments of the SPAA Scheme and the recently published first version of the Rulebook. A set of rules, practices and standards that will enable the exchange of payment account data and facilitate the initiation of payment transactions in the context of the Directive’s ‘value-added’ services could indeed be a way of revising the potential of open banking in an efficient and competitive manner.

 

Between the new Payment Services Directive and Digital Euro – the possible future for open banking

A new perspective on open banking may come from the revision of the Second Payment Services Directive. The trend towards more and more open data has in recent years extended to new areas such as insurance and asset management. The growing interest of Big Tech in the financial sector, the platform economy, and the impact of the recent conflict on geopolitical settings and global finance are irreversibly changing the order of priorities in European economic and monetary policy.

Looking at PSD2, it is noticeable how the European legislator set itself the objective of combining the concept of open data with the necessary security guarantees. An objective that is certainly still relevant in the transition towards a broader concept of open finance; however, not the only one and no longer the priority. The axis seems to be shifting, more and more, towards the new paradigms of competition and sovereignty.

The existence of large BigTechs increasingly playing a leading role in the financial services market forced the European Union to adopt measures to tackle abuses of dominant market positions and to prevent access to data from becoming the exclusive monopoly of non-European players. Moreover, the development outside Europe borders of stable digital currencies was immediately perceived as a risk to European monetary sovereignty.

Protecting European economic sovereignty from the above-mentioned threats is probably one of the most important reasons behind the decision to implement the digital euro.

While the issuance of a digital currency is a huge challenge, this may indeed be the challenge that can take open banking to the next level and really meet its goal of populating the financial services market with new players.

Financial services are going through a period of great change in a very challenging economic and geopolitical environment, and it is in this context that the digital euro is taking shape: the hope is that these challenges that are accompanying its creation can make it a resilient, receptive financial instrument, capable of adapting to the backdrop of a shifting economy.

Access to the digital euro by a plurality of actors – be they credit institutions, payment institutions, e-money institutions – will have to be guaranteed by a set of common rules, guarantees and minimum requirements, in order to achieve the goal of making it an instrument capable of responding to new consumer needs in terms of fast and secure digital payment instruments.

To achieve this goal, it will be essential to think of a way of accessing deposit data in Digital Euro that is uniform, standardised, and capable of facilitating the emergence of new players and enabling existing ones to create new value-added services for users based on the Digital Euro.

In this scenario, truly high-performance open banking could really be the key to the implementation of a truly universal digital currency in terms of access and use.

Authors

Magda Bianco^[1]Head of the Directorate General for Consumer Protection and Financial Education at the Bank of Italy and GPFI co-chair. and Maria Iride Vangelisti^[2]Director in the Financial Education Department at the Bank of Italy.

 

Abstract

There are different open banking models around the world, some of them market driven, others regulatory driven. All of them offer clients the possibility to share their banking data with third parties, opening up competition and having an impact on the conditions at which financial services are offered. Open finance and open data can be viewed as further developments of open banking, allowing the sharing of a wider range of data with different financial and non-financial entities. In this paper, we concentrate on the conditions for open banking to benefit the financially less served and more vulnerable segments of the population, fostering financial inclusion. We suggest that until now this objective has been somehow overlooked, even where open banking has been driven by regulation, and make concrete proposals for possible improvements.

 

Introduction

Over the past twenty years, digital innovations deeply affected banks’ business models, opening up new opportunities and new risks (BIS 2018). Open banking is one of these developments, which took place as a market driven process in some countries and was regulatory driven in others^[3]In 2013 Singapore published the Finance-as-a-service API (application programing interface) Playbook. Europe and Hong Kong regulated open banking in 2018, Australia in 2020. In Japan, in 2020, an … Continue reading.

We find various definitions of open banking. In what follows, we assume that the core of open banking is an account holder giving permission to a third party – different from the intermediary holding its bank account – to access the data registered on his account. The data can then be processed and used by the third party to offer the bank customer additional services, not encompassed in the contract subscribed with the bank, or similar services at different conditions^[4]The BIS, in the Report on open banking and application programming interfaces (November 2019) uses a similar definition:”Open banking is the sharing and leveraging of customer-permissioned data by … Continue reading.

Regulators may want to introduce an open banking regime in their respective countries for two main reasons. First, they may consider fair giving banks’ account owners the right to use their data to exploit all possible benefits for themselves. Customers may give third parties access to their banking data even if there is no legal regime for open banking in place, but they do it at their own risk. An open banking regime, on the contrary, allows the sharing of data in a secure and efficient way. Second, regulators might aim to foster competition in the banking sector, favoring the entry in the market of technologically advanced intermediaries, with the objective to push innovation and force traditional banks, which might be reluctant to overcome existing legacies, to adopt innovative business models. This could have positive effects on the market in terms of quality of the service offered, potentially faster, less costly and more tailored to the customers’ needs.

When open banking is regulated, the legal framework may cover different areas: the type of authorisation the third party needs to access customer data; which data can be shared; the characteristics of the services to be offered by the third party; the platform to be used for data sharing; the applicable security requirements. Another important aspect is whether granting access to third parties is mandatory for intermediaries holding the account or they can refuse access.

Hence, open banking may have an important impact on different features of the bank-client relationship and, more generally, on the way financial services are offered. In this paper we concentrate on a specific aspect: the conditions for open banking to benefit the financially less served and more vulnerable segments of the population, fostering financial inclusion. We will suggest that until now this objective has been somehow overlooked, even where open banking has been driven by regulation.

The first paragraph frames the analysis by discussing opportunities and risks of digital financial inclusion. The second paragraph focuses on the innovative services offered in an open banking regime that may favour inclusion by benefitting specifically the financially less included and identifies the possible constraints for their actual access to these services. Also based on this analysis, the third paragraph attempts an evaluation of the European legislation on open banking, based on the international guidelines on policies to foster financial inclusion, with some suggestions on how to move forward. The last paragraph concludes.

 

1. Digital financial inclusion: opportunities and risks

Financial inclusion is defined as a condition in which households and firm have access to formal financial services, and are able to use them according to their needs. Financial inclusion has been acknowledged as a means to increase the well-being of households and businesses and their economic empowerment (Allen et al., 2016). Moreover, financial inclusion has been documented as an enabler of financial sector stability and soundness (Khera et al., 2021).

In 2010, at the G20 Summit in Seoul, the Leaders of the G20 recognised financial inclusion as one of the main pillars of the global development agenda and endorsed a concrete Financial Inclusion Action Plan (FIAP). They established the Global Partnership for Financial Inclusion (GPFI)^[5]https://www.gpfi.org/about-gpfi. – an inclusive platform for all G20 countries, interested non-G20 countries and relevant stakeholders – to carry forward work on financial inclusion, including the implementation of the G20 FIAP.

Innovation is potentially a key driver of financial inclusion. The World Bank measures access to and use of financial services since 2011 through the Global Findex, a comprehensive and nationally representative survey of nearly every country in the world (Demirguc-Kunt et al., 2012). Since then, access to financial services has experienced a substantial growth also thanks to the increased digitalisation.

In 2021, worldwide account ownership reached 76 percent of the global population, with an increase of 26 points over the last ten years (account ownership was 50% in 2011). Holding an account is the first step towards financial inclusion. Usage of financial services also increased in the last years. Receiving digital payments such as a wage payment, a government transfer, or a domestic remittance – via an account – catalyzes the use of other financial services, such as storing, saving, and borrowing money (Demirguc-Kunt et al., 2022). Over the last years the pandemic fostered the use of digital financial services, especially payments (Boakye-Adjei, 2020). The expansion of mobile network connectivity and the affordability of mobile phones and computers contributed to the push towards greater financial inclusion.

In view of the increased digitalisation of financial services, in 2016, under the G20 Chinese Presidency, the GPFI published the “High Level Principles for Digital Financial Inclusion” (HLP). The report (GPFI, 2016) recognises digital financial services^[6]Digital financial services mean financial products – including payments, transfers, savings, credit, insurance, securities, financial planning and account statements – delivered via … Continue reading as key enablers for financial inclusion because capable of reducing costs, expanding scale, and deepening the reach of financial services through efficient interconnections among participants in economic activities. However, it also acknowledges that digital technology enhances existing risks such as legal and operational risks, due to frauds and malfunctionings, that ultimately lead to mistrust and exclusion. Digital technology also enables the generation and analysis of vast amounts of customer data, which introduce a new set of benefits, but also risks that should be managed.

These risks should be addressed first and foremost through regulation, supervisory controls and competition rules, defining a level playing field among different players, allocating clearly responsibilities and introducing specific risk control measures. Secondly, a sound consumer and data protection framework is essential to building trust in the use of digital financial services. Finally, to foster effective use, it is also critical for customers to understand the characteristics of the digital financial services, their rights and obligations, and the possible benefits: financial education programs are therefore essential.

Hence, to specifically benefit also the vulnerable, and increase inclusion, innovation should be governed to ensure that its benefits are widely shared and also accompanied by policies that help in safeguarding clients from the access to non regulated services providers, in avoiding frauds, in acquiring services that suits their needs and understanding how – and to whom – to complain if something goes wrong (Frost et al., 2021).

In order to provide countries with concrete examples of best practices on customer oriented policies to favor digital financial inclusion, the GPFI published under the Italian G20 presidency a “Menu of Policy Options for digital financial literacy and consumer protection” (GPFI 2021). The Menu specifically proposes the following actions: a) favouring “protection by design”, i.e. encouraging providers to design innovative products and services aimed at satisfying the interest of consumers, avoid aggressive and unfair market practices and ensure the legitimate use of customer data^[7]An effective approach of “protection by design” is product governance (see GPFI, 2021, Technical Annex, pag 16).; b) embedding financial inclusion objectives in innovation policies, in order to take into account the specific needs of the vulnerable when designing the strategies (and, in doing this, avoid unnecessary risks)^[8]Effective approaches include: the development of regulatory sandboxes and innovation hubs with the specific objective of promoting an inclusive approach in the design of financial products and … Continue reading; c) addressing risks of online fraud and scams and mismanagement of personal data, that are particularly relevant for less financially and digitally educated people, often having access to poor quality devices^[9]Effective approaches include: awareness campaigns, issuing specific warnings (with details about frequent types of new and old forms of scams and how financial consumers and firms can identify them); … Continue reading; d) introducing effective redress mechanisms, essential to build trust in the financial services^[10]The strategy may include: online reporting systems, tracking and analysing complaints to identify unfair market conduct (see GPFI 2021, Technical Annex, pag 17). and e) designing effective financial education programs, taking advantage of the opportunities offered by the digitalisation^[11]Examples include: targeted digital campaigns, info-graphic guides and consumer awareness sessions. Partnerships with local established stakeholders linked to vulnerable and excluded groups. The … Continue reading.

These suggestions are meant to guide policy makers in introducing inclusive innovations and could serve as a benchmark to analyse gaps also in existing open banking regimes, with respect to the objective of benefitting the excluded and less served.

 

2. Open banking for the underserved

We observe different open banking models around the world (Plaitakis et al., 2020). Here we start our analysis from a “narrow” open banking model, as is the one adopted in Europe, but also in Hong Kong.

Europe is an area where open banking has been introduced by regulation. The Second Payment Services Directive (PSD2) imposed specific security requirements for payments and regulated the sharing of data between banks and third parties. The aim was to regulate two services that were already offered in the market, but with modes that exposed the customer to great risks. The first service disciplined by the PSD2 is the payment initiation service (PIS), that allows a third party to initiate a payment on behalf of a client, using the money deposited in its banking account; the intermediary offering it is called PISP (payment initiation service provider). The service is designed to allow the payment of the transactions at the check-out via a credit transfer, instead of using a payment card. The second service is the account information service (AIS) offered by an AISP (account information service provider). The rationale of the service is providing the customer with consolidated information on one or more payment accounts. In disciplining the two services (PIS and AIS), the PSD2 actually “laid the foundations for open banking in Europe”^[12]Opinion of the European Banking Authority on its technical advice on the review of Directive (EU) 2015/2366 on payment services in the internal market (PSD2), 23 June 2022, p.1..

In fact, once secure communication standards between the account holder bank and the third parties have been established, intermediaries started offering a whole range of new services, also beyond those provided for by the Directive, such as budgeting tools and categorising spending, credit scoring and advice services on savings, insurance, investments or credit (see also Banca d’Italia, 2021). This evolution was not obvious at the beginning: only in 2019 EBA clarified that the data acquired by the third party via an account information service could be used also to offer other services – to the account owner or to third parties – provided that the account owner agrees and gives its consent according to privacy law^[13]Opinion 4631/2019 published on 13 September 2019 in response to Question ID 2018-4098.

We aim to focus our attention on which of these services could be beneficial for those financially less included and more vulnerable.

Financially vulnerable people tend to have irregular income. They experience difficulties in accessing credit and obtaining a credit card. Moreover, low level of digital and financial literacy makes them more prone to poor financial management, and to fraud when using digital payments. Open banking services may help them overcome these shortcomings (BIS-WB 2020; Plaitakis et al., 2020). Payment initiation services give them the possibility to buy on-line, and save money by comparing the different offers, even if they do not possess a credit card. Payment initiation services can also be used to settle recurrent payments at due dates, avoiding penalties for late payments, and to top-up prepaid cards or phone money accounts, avoiding extra-charges (Reynolds et al., 2019^[14]The Report tries to quantify potential consumer benefits from open banking services, by segmenting consumers according to their resilience to small shocks and to whether they have unsecured borrowing.).

Account information services provide customers with a consolidated view of their accounts. Low income individuals may benefit from a professional monitoring on their accounts. Third parties might be entrusted to give advice on financial management and deadline planning. A wise liquidity management could prove effective to avoid overdrafts, and the related costs. At the same time a reminder on bill payments on due dates could help have a sound financial behavior. Third parties could also increase the access to credit by providing rating services based on the monitoring of the account^[15]Credit rating services based on the analysis of payment flows could be beneficial also for small and medium enterprises having difficulties to access credit.. They could offer budgeting tools that help planning payments, and in particular the repayment of loans, possibly coupled with payment initiation services; they might favour saving by advising on how much and when to save. General financial advice could also be provided: third parties could propose different credit or investment solutions, offering tools to compare conditions and, thus, induce better informed, and probably less costly, financial decisions. If the customer decides to change provider, also switching costs could be lower, given that information is shared in an efficient and secure manner.

If open banking also allows for online monitoring of payment transactions, third parties could offer vulnerable individuals greater protection from frauds and scams. They may detect transactions that are not coherent with the spending pattern of the client and force the intermediary to double-check them before execution. This kind of service could be useful for all categories of individuals who are vulnerable from a digital point of view, e.g., elderly^[16]Machine learning and artificial intelligence techniques are successfully used by some firms, mostly in the USA and the UK, to analyse financial transactions for signs of vulnerability in the user and … Continue reading.

Against the opportunities that open banking may offer for vulnerable individuals, there are at least four points of attention.
First, open banking (in the narrow version described above) requires an on-line account; hence, vulnerable unbanked people are out of reach. They could be included if authorities extend the sharing of data among financial institutions also to include non-financial institutions such as energy, telecom, utility companies. Open data – the portability of nonfinancial data – might have a substantial impact on access to financial services for unbanked populations. However, not many authorities have gone in this direction because of the complexity of setting up a safe and efficient framework encompassing different sectors and, thus, requiring coordination among different authorities. So far, this goal has been explicitly pursued in the UK, with the Smart Data strategy^[17]This is a regulatory strategy envisaged by the UK Government to extend consumer data sharing across several regulated markets in order to foster consumers bargaining power vis-à-vis service … Continue reading, and Australia, with the Consumer Data Right^[18]The Australian Government envisaged an economy-wide consumer data-sharing framework (the Consumer Data Right – CDR), which allows individuals to share their data with accredited third parties … Continue reading.

Second, there might be an issue of transparency and trust. On the one hand, excluded or underserved individuals tend to be the less educated and are less able than other customers to understand the characteristics of the services offered and to manage the relationship with the intermediary (Ampudia et al. 2017, Coffinet et al. 2017, Demirgüç-Kunt et al.2018). On the other, financially underserved people tend to mistrust the financial system. Various studies find that lack of trust in financial institutions is associated with a lower tendency to hold either a bank account (Ampudia et al. 2018) or a savings account (Beckmann et al. 2017). The combination of the two characteristics may result in a reluctance by excluded or underserved people to use open banking services, a quite complex service in itself.

The third point concerns the management of personal data. The common message – delivered by authorities and intermediaries – is “do not share your personal data with third parties”. The objective is to protect banking customers from frauds; to some extent, sharing personal data could be also interpreted as gross negligence by the customer with negative consequences for the possibility to obtain a refund in case of unauthorised transactions. Open banking is based on the sharing of data with trusted counterparties, but for customers it may be difficult to understand who is trustworthy and who is not; which conditions must be satisfied to be on the safe side; which kind of data can be shared; which are the rights and responsibilities of the parties involved. Less financially equipped people may find it difficult to manage properly their own data, with the risk of falling victim to impulsive or unaware behavior, which one can later regret, as well as of potential data breaches, abuses and frauds (Borgogno et al., 2020).
The last point regards costs. Financially vulnerable people are less wealthy and more concerned about costs than others. They could be discouraged to acquire open banking services, e.g. financial advice, if they are expensive and the benefits not straightforward and clearly understood.

 

3. Open banking in Europe (the PSD2): how effective in addressing inclusion?

The PSD2 offers a comprehensive legal framework for open banking in Europe. It states which kind of intermediaries can offer the payment initiation and the account information services. If providers are different from banks, according to the law they should ask the competent authority for an ex-ante authorisation before entering the market. When active, ex-post controls ensure that authorized intermediaries observe given requirements. There are specific rules in place for secure data communication and risk controls, that address relevant risks and, specifically, operational risk^[19]See EBA Regulatory Technical Standards on strong customer authentication and secure communication under PSD2, issued in 2017 and amended in 2022..

However, in Europe open banking services have not been yet widely used, with substantial differences among countries^[20]In Italy, for example, at the end of 2021, clients accessing open banking services were less than 120.000. This compares with the UK where there are 4.5 million regular open banking services’ … Continue reading. Users seem to be mostly individuals with high financial and digital skills.

A survey conducted among 5,500 respondents from 22 European countries showed that open banking has been accessed mainly by people who already use digital finance intensively and are keen about financial innovations. Among them, young adults and other active users of financial services, with a high level of trust in digital finance are the main users. The study finds that the preference for anonymity, the reluctance to share data – as well as the distrust in non-bank providers – negatively impact the propensity of Europeans to use open banking. In particular, there is no strong evidence on the usefulness of open banking for underserved and low income people (Polasik et al., 2022). Another study performed on Dutch consumers in 2019 found that individuals tend to trust more their own bank than third parties (Bijlsmaa et al., 2020).

Searching for the reasons of this limited success in favouring inclusion, Table 1 compares the PSD2 open banking regime with the GPFI policy options presented in 2021 to favor inclusion when introducing innovative services (GPFI, 2021). The comparison shows that while the European regulation offers a clear framework for customer protection (addressing risks of frauds and providing redress mechanisms), financial inclusion objectives have not been taken explicitly into account by the European regulator when drafting the Directive.

As a consequence, on the hand, intermediaries did not have strong incentives to pose a specific attention to less financially evolved customer when designing their offer for AIS and PIS; on the other hand, national authorities did not accompany the introduction of the new legislation with communication campaigns to increase the awareness of all stakeholders on the issue. In this sense the Directive has been somehow a missed opportunity to enhance inclusion and access to financial services.

 

Table 1: PSD2 and the financial inclusion objective

GPFI policy options 2021	PSD2 provisions for AIS and PIS
Favouring “protection by design”	There is no mention of the need to evaluate the customer profile in offering AIS and PIS, nor a reference to pose specific attention to vulnerable customers.
Embedding financial inclusion objectives in innovation policies.	There is no mention in the Directive of financial inclusion objectives.
Addressing risks of online fraud and scams and mismanagement of personal data	In case of unauthorized transaction connected with a payment initiation service, the intermediary holding the account is always obliged to refund the customer. European Data protection rules apply to AIS and PIS.
Introducing effective redress mechanisms	Complaint procedures and alternative Dispute Resolution Mechanisms are provided for in the Directive for AIS and PIS.
Designing effective financial education programs	There is no mention in the Directive of the need to accompany the offer of AIS and PIS with adequate financial education initiatives.

Keeping this lesson into account, in the revision of PSD2 some adjustments might be considered. A first set, relatively simple to implement, concerns making more explicit the inclusion goal and providing more (relevant but simple) information to potential users. A second set has a potentially broader scope, affecting some of the foundational choices of the model adopted in Europe.
The first set includes four possible adjustments.

First, the legislator, when disciplining open banking could, at least in the whereas, mention financial inclusion as an objective, alongside innovation and competition. Intermediaries may be invited to take into account the specific needs of different categories of clients, among which also the excluded and less served, when they offer the new services. Moreover, national authorities could be asked to monitor the evolution of the market and intervene if necessary to steer the development of services suitable for the less vulnerable.

Secondly, given that the data acquired via an AIS can also be shared with other counterparties, it might be provided that clients are made aware through easily accessible and readable tools of who can use the data and for which purpose. The customers should also be able to easily revoke consent at any time, using dashboards that enhance transparency and give customers control over their data, fostering trust.

Thirdly, given that open banking is particularly complex and involves more than one provider, it is important to ensure that the characteristics of the service offered to customers are clear and understandable, even beyond what is provided for by transparency rules on a specific contract. A benchmark could be, at least form a theoretical point of view, the Directive2014/92/EU (PAD)^[21]DIRECTIVE 2014/92/EU OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 23 July 2014 on the comparability of fees related to payment accounts, payment account switching and access to payment accounts … Continue reading, which has also explicit financial inclusion purposes: whereas 48-49 require communications to be accessible and adequate, and incentivise intermediaries to support the most vulnerable consumers with guidance and assistance on the products. In particular, art. 106 of the PSD2 required the European Commission (EC) to produce a user friendly electronic leaflet explaining the rights of the consumers, that authorities and intermediaries have to make available on their websites. However, the leaflet “Your rights when making payments in Europe” concentrates on electronic payments and makes only a quick reference to the new services provided for by the Directive. A simple and easy-to-read leaflet specifically dedicated to AIS and PIS – describing the characteristics of the services offered, potential benefits, roles and responsibility of the different parties involved, as well as to whom to complain in case something goes wrong – could enhance trust in the new services also by less digitally and financially skilled people.

Finally, specific financial and digital education initiatives could be envisaged to help customers understand their rights and obligations, and risks and opportunities of the new services offered. Specific campaigns could explain the potential benefits of sharing personal data, also in terms of a greater access to the most useful financial services, without taking undue risks.

A wider set of suggestions comes from the comparison of existing open banking regimes around the world (Plaitakis et al. 2020). Among the components that appear as critical to enhancing inclusion, especially for vulnerable individuals in developing countries, are: a) the extension to different financial services (not just payments, but also credit, insurance…); b) “data reciprocity” among market participants (i.e., between data holders and data users) instead of an obligation only on incumbents to share the data (the symmetry might be extended to redress mechanisms); c) a specific attention to cost distribution across market participants (an excessive burden on incumbents may reduce their incentives to an active participation); d) less clear-cut is the evidence on the benefit of a somehow centralized standardization of API (application programming interfaces to be used for data sharing) vs leaving the industry to determine data sharing standards. Also these elements could be evaluated in the future revision of the PSD2 or in the path towards open finance^[22]See the European consultation on Open Finance (https://finance.ec.europa.eu/regulation-and-supervision/consultations/finance-2022-open-finance_en) and the proposal included in the 2023 Commission … Continue reading.

Specifically (points a) and b)) how and to what extent data sharing could include also other entities, directly or indirectly involved in the payment business, could be considered. A specific evaluation could be conducted on the costs and benefits of such enlargement, also having financial inclusion objectives in mind. An effective way to ensure data reciprocity – also for the benefit of the underserved – could be assessed, levelling the playing field among different actors, and taking into account that some of the new entrants are also Big-tech having a competitive advantage in the collection and management of data; this market evolution was not fully foreseen in 2015, when the expectation was more of small fintechs entering the market, as opposed to incumbent banks^[23]On this topic see also Pozzolo 2021. On the rationale underpinning reciprocity in customer data sharing frameworks, see: de la Mano et al. 2018; Di Porto et al. 2020; Borgogno et al. 2020..

Regarding the last two points (costs and API standardisation), when drafting the PSD2 the European legislator decided to place the burden of developing the infrastructure for the sharing of the data on the data holder intermediaries, essentially banks, without imposing a unique standard. Banks are also responsible in the first place for compensating the client in case something goes wrong, even if it is someone else’s fault. However, avoiding to focus on one side to handle and compensate the customer, and instead fostering a mutual understanding of the respective rights and obligations might to be key to foster the development of open banking services (Carr et al. ,2018).

In this regard, the UK’s experience can be analysed as an interesting best practice going beyond PSD2. From the beginning, also due to the role played by the Competition and Markets Authority (CMA), the data sharing between banks and third-party service providers has been standardized mandating the eight major British banks to develop jointly a single, open, standardised API freely available for the whole industry. In addition, the Open Banking Implementation Entity (OBIE) has created a the Dispute Management System, a mechanism to handle requests, complaints or disputes arisen from an open banking originated transaction to which all intermediaries are invited to join. The mechanism itself cannot solve the customer issue but it does provide a tool by which members can share information and provide an outcome for the benefit of their shared customer. Based on the recognition that eliminating barriers to cooperation is essential to achieve the goal of the open banking regime, UK finance proposed to set up a governance body, with the participation of all involved intermediaries, in charge of all strategic decisions regarding the offer of open banking services with a view to “enable consumers, small businesses and corporates to benefit from a highly efficient, safe and reliable Open Data and Payments market, as well as continuing to provide a platform for UK financial institutions to meet their regulatory requirements”^[24]https://www.gov.uk/government/consultations/future-oversight-of-the-cmas-open-banking-remedies/the-future-oversight-of-the-cmas-open-banking-remedies..

 

Conclusions

Granting third parties access to customers’ on-line accounts may give them effective new tools to manage their finances and, thus, new opportunities. In this regard, the promise of open finance is even greater than open banking. If financial inclusion is taken into account from the beginning as one of the objectives of open banking, alongside competition and innovation, the benefits of data sharing could also be more easily available to less evolved customers, which otherwise risk to be excluded.

What is needed? Greater attention to the needs of the most vulnerable, in terms of product design and communication, awareness campaigns and financial education initiatives that inform the public on the benefits of open banking in terms of new services offered, avoiding that customer take undue risks or fall victims of fraud and scams. In this regard, digital education and data protection are essential. It might be worthwhile to consider mechanisms where incumbents and new intermediaries are encouraged to cooperate for the benefit of the shared customer, e.g., through a governance body with wide market representation, capable of agreeing on the basic technological, operational and organisational features of the open banking implementation, such as technical standards for data sharing, liability and dispute resolution.

 

Notes

We would like to thank Oscar Borgogno and Massimo Doria for their suggestions and thoughtful comments. The opinions expressed in the paper are those of the authors and do not involve Banca d’Italia or the GPFI.

 

References

Allen, F., Demirguc-Kunt, A., Klapper, L. and Martinez Peria, M., (2016). The foundations of financial inclusion: Understanding ownership and use of formal accounts, Journal of Financial Intermediation, 27, issue C, p. 1-30.

Ampudia, M. and Ehrmann, M. (2017) Financial inclusion: what’s it worth? European Central Bank Working Paper, No. 1990

Ampudia, M. and Palligkinis, S. (2018) Trust and the Household–Bank Relationship. European Central Bank Working Paper No. 2184.

Banca d’Italia (2021), Psd2 e Open Banking, Nuovi modelli di business e rischi emergenti, November 2021, https://www.bancaditalia.it/compiti/vigilanza/analisi-sistema/approfondimenti-banche-int/2021-PSD2-Open-Banking.pdf

Beckmann, E., Mare, D. S. (2017) Formal and Informal Household Savings: How Does Trust in Financial Institutions Influence the Choice of Saving Instruments? MPRA Paper 81141. https://mpra.ub.uni-muenchen.de/81141/1/MPRA_paper_81141.pdf

Bijlsmaa, M., van der Cruijsena, C. and Jonkera, N. (2020). Consumer propensity to adopt PSD2 services: trust for sale? Working Paper No. 671, De Nederlandsche Bank (DNB), The Netherlands Tilburg University, January, 2020

BIS (2018). Basel Committee on Banking Supervision, Sound Practices Implications of Fintech developments for Banks and Bank Supervisors, February 2018

BIS (2019). Basel Committee on Banking Supervision, Report on open banking and application programming interfaces, November 2019

BIS and World Bank (2020). Payment aspects of financial inclusion in the Fintech era, April 2020

Boakye-Adjei, N.Y. (2020). COVID-19: Boon and bane for digital payments and financial inclusion. Bank for International Settlements FSI Brief No. 9.

Borgogno O. and Colangelo, G. (2020). Consumer inertia and competition-sensitive data governance: the case of Open Banking, Journal of European Consumer and Market Law, Vol. 9, Issue 4, 2020, pp. 143 – 150

Borgogno O. and Colangelo, G. (2020). The data sharing paradox: BigTechs in finance 16 European Competition Journal 492.

Buckley Ross P., Jevglevskaja, N. and Farrell, S. (2022). Australia’s Data-Sharing Regime: Six Lessons for Europe, King’s Law Journal, 33:1, 61-91.

Carr B., Urbiola, P. and delle Case, A. (2018), Liability and consumer protection in open banking, September 2018, Institute of International Finance.

Coffinet, J. and Jadeau, C.(2017). Household financial exclusion in the Eurozone: the contribution of the Household Finance and Consumption survey.

Demirgüç-Kunt, A., Klapper, L., Singer, D., Ansar S. and Hess J. (2018). The Global Findex Database 2017: Measuring Financial Inclusion and the Fintech Revolution. World Bank, Washington, DC

Demirgüç–Kunt, A. and Klapper, L. (2012). Measuring Financial Inclusion: The Global Findex Database. Washington DC, The World Bank Group.

Demirguc-Kunt, A., L. Klapper, D. Singer, Ansar, S. (2022). The Global Findex Database 2021 : Financial Inclusion, Digital Payments, and Resilience in the Age of COVID-19. Washington, DC, The World Bank Group.

de la Mano M. and Padilla, J. (2018). Big Tech Banking, 14 Journal of Competition Law and Economics 494 (2018)

Di Porto F. and Ghidini, G. (2020). I Access Your Data, You Access Mine’. Requiring Data Reciprocity in Payment Services. 51 International Review of Intellectual Property and Competition Law

Frost J., Gambacorta, L. and Shin, H. S. (2021). From financial Innovation to Inclusion. IMF Finance and Development, March 2021, https://www.imf.org/external/pubs/ft/fandd/2021/03/making-financial-innovation-more-inclusive-frost.htm

GPFI (2016). G20 High-Level Principles for Digital Financial Inclusion, https://www.gpfi.org/publications/g20-high-level-principles-digital-financial-inclusion

GPFI (2021). G20 Menu of Policy Options for Digital Financial Literacy and Financial Consumer and MSME Protection https://www.gpfi.org/sites/gpfi/files/1_G20%20Menu%20of%20Policy%20Options.pdf

Plaitakis A. and Staschen S., (2020). Open banking: how to design for financial inclusion, CGAP https://www.cgap.org/research/publication/open-banking-how-to-design-for-financial-inclusion, October 2020

Polasik, M. and Kotkowski, R. (2022). The Open Banking Adoption Among Consumers in Europe: The Role of Privacy, Trust, and Digital Financial Inclusion. Available at SSRN: https://ssrn.com/abstract=4105648

Pozzolo A. (2021). PSD2 and the Transformation of the Business Model of Payment Services Providers, in E. Bani, V. de Stasio, A. Sciarrone Alibrandi (Edd.), The transposition of PSD2 and open banking, Bergamo University Press, Sestante Edizioni

Purva, K., Ng, S., Ogawa, S. and Sahay, R. (2021). Is Digital Financial Inclusion Unlocking Growth? IMF Working Paper, June 2021

Reynolds F. and Chidley, M. (2019). Consumer Priorities for Open Banking, https://www.openbanking.org.uk/wp-content/uploads/2021/04/Consumer-Priorities-for-Open-Banking-report-June-2019.pdf

Authors

Harish Natarajan^[1]World Bank.

 

Abstract: This article discusses the emerging experience on regulating open banking, and presents some forward looking considerations around the ongoing shift from open banking to open finance to open data, impact on competition, and consumer protection.

 

Open Banking^[2]This article is based on a presentation made by the author at an event. The presentation benefitted from the support of Fredesvinda Montes (World Bank) and Ivan Mortimer Schutts (International … Continue reading as a terminology was introduced in the UK, as a regulatory initiative following a series of investigations on enhancing competition in the banking sector. Starting with the Cruickshank report in 2000, and more proximately the Fingleton report^[3]September 2014, “Data Sharing and Open Data for Banks: A report for HM Treasury and Cabinet Office” in 2014, which called for banks publishing customer data using open data constructs. A somewhat earlier parallel development was “Screen Scraping” that used system-based interfaces to “scrape” data from internet banking and other online financial services to develop useful products and services – Yodlee in the US, was one of the earliest such offering. “Screen scrapping” has been associated with concerns on data security and privacy protection, given that the third parties are essentially handling the customer credentials and as such operated in an unregulated zone. In this context^[4]Adapted from, “Regulatory Approaches to Open Banking”, World Bank, 2020., open banking has emerged as a system to give customers the right to share with third parties they trust with their banking data and information in a secure manner and to opening and unbundling processes and services in banking sector and boost competition.

More generally, there is a broader context of three intersecting trends in the real sector and financial sector which has motivated open banking initiatives. The first trend is one of integrating third parties into business processes in the financial sector. Notable examples including lead generation, risk analysis, and data analysis. All of which require access to structured and standardized access to data and ability to trigger or initiate specific business processes. The second trend is to integrate financial services into new business models engendered by the digital economy. The notable example includes deep integration between financial service providers system with the accounting and financial management systems of businesses. The third trend is one of expanding access to payment systems for non-bank payment service providers given their increasing relevance in the payments market. Open
banking lies at the intersection of these broader trends – see figure 1.

Figure 1: Open banking lies at the intersection of trends in the real sector and financial sector

This consent-based access to data and the potential communication that it allows open
great opportunities for innovation, however it is also raising several policy considerations.
The main objectives pursued by regulatory frameworks that define open banking are
generally around encouraging innovation and fostering competition, resulting in new
products and services at competitive prices to the benefit of consumers, while minimizing
the risks and mitigating them, and as such striking the right balance. The below table
summarizes the opportunities that accrue to the different stakeholders and the challenges that they encounter.

Table 1: Challenges and Opportunities of open banking^[5]World Bank, Open Banking Regulatory Approaches – Technical Study on Regulatory Approaches for Open Banking

From a regulatory perspective, open banking should also be seen in the context of ongoing efforts by regulators to adjust the regulatory framework to create space for new entrants to provide financial services in multiple ways,^[6]World Bank, Fintech and the Future of Finance, 2022. notably – e-money issuance and digital bank license. E-money licenses has been leveraged by telecom operators in Emerging Markets and Developing Economies (EMDEs) notably in Sub-Saharan Africa, although also in other regions. As the e-money providers have reached a certain scale, they are keen to pursue opportunities to expand their offerings and are entering into partnerships to offer products and services of banks and other financial service providers to their customers, often leveraging Application Programming Interfaces (API) based data exchange and transaction initiation. The development of digital banks is bringing in new entrants who start with a narrow product suite and are exploring a similar business model. Some of the digital banks are also pursuing a “Banking as a Service” (BaaS) model wherein they seek to be the gateway to a broad range of banking services that fintechs and other financial institutions can use to strengthen and expand their own offerings. BaaS models also make extensive use of APIs. In some jurisdictions the e-money providers have sought digital bank licenses on their own or in partnership with other technology partners. Open banking could in some ways open an alternate pathway for the e-money providers to expand their products and services, and at the same time BaaS while in some sense an alternative to open banking could also complement open banking by going beyond the set of APIs in the open banking remit.

Open banking raises broadly three sets of policy questions for regulators. The first is on how to foster and harness the positive impacts on competition and innovation; the second set relates to data protection and privacy; and the third is on whether and how to regulate the third parties who will now have access to customer data.

Competition and Innovation

Open banking can enable new entrants to offer more tailored and compelling services thereby expanding the range of products and services with knock on effects on competition, innovation, efficiency, and financial inclusion. The incumbents can also harness open banking to more efficiently onboard customers and offer integrated services. Globally, regulators have had to grapple with a range of questions in their quest to harness open banking for advancing competition and innovation. The key questions include: (i) Who: which incumbent institutions should be obliged to open access; and (ii) What: what types of information and services can be accessed.

On question of “who” – some regulators have required only the dominant banks (for e.g., UK, and Brazil); some have mandated it for all banks (e.g., Mexico); and others have expanded the scope to include all types of financial institutions (for e.g., Mexico and India). On the question of what – in general, there are two types of access – read and write. The former relates to being able to access information and the latter to also initiate transactions and in that sense modify the data. There is also a further distinction being made in some jurisdictions on product and service level information, anonymized aggregate information, customer demographic and other “static” information, and customer transaction level information. On both the questions, some jurisdictions have adopted a phased approach. Many jurisdictions that started with only banks have started expanding the coverage to cover the entire financial sector – and in that sense being more “open finance”.

There is a related question to the “who” and “what”, which is how the access is to be structured and under what terms. This question has been the most challenging given that it spans the spectrum of technology, operational and business model aspects. On the technology and operational model front, the overarching architecture and mode of access is a key decision. Globally, there are broadly three different architectures have been observed^[7]BIS, “API Standards for Data Sharing”, 2022 – (i) centralized – with a central entity acting as a bridge between the data providers and receivers; (ii) de-centralized – with data providers and receivers establishing linkages on their own; and (iii) hybrid – which uses some centralized elements like establishing a trust framework and then leaving the providers and receivers to discover and consume the services using the trust frameworks. In general, the centralized and hybrid approaches have been more common in jurisdictions that have regulated open banking. Beyond the interface models described above there are of course issues related to data format, customer authentication and consent management processes, and service quality. On the business model – the fundamental question is should the open banking services be priced and if so at what level. Some jurisdictions have left the process of determining the technology and business model aspects to the private sector. Others have made some choices specifically on the technology and operational model – for e.g., Korea and Turkey (centralized); and Europe (hybrid). In India, where the hybrid model has been chosen, there is an added element of creating a new category of entities “account aggregators” who come in between the data providers and receivers and act on behalf of the data subject.

The question of pricing has been a very difficult issue to address. On the one hand, the data providers incur costs in maintaining the data and the associated IT systems and as such incur real costs in providing the service. On the other hand, the customers have a legitimate right to their data and a high price could act as a barrier to development of open banking. Further, in the absence of some organizing entity arriving at an acceptable price is a challenge. The centralized model seeks to resolve this through the central entity playing that role – for e.g., NPCI in India plays this role for payment initiation services. The hybrid model could also lend itself to such approaches. In general, the interchange structure followed in the payment card industry and the pricing models seen in credit reporting markets could prove relevant for open banking as well. In this regard, it is worth noting that both in the centralized and hybrid models, the central entity administers key functions akin to say a “payment scheme” or a credit bureau. This leads to the question of whether these central entities should be regulated as financial infrastructures.

It needs to be noted that while open banking seeks to expand competition, without adequate safeguards competition could actually get further weakened^[8]Adapted from World Bank, Fintech and the Future of Finance, 2022.. There is also an increasing realization that while open banking was not necessarily designed with BigTechs in mind, they are however likely to benefit significantly from this. It is becoming clear that BigTechs, given their strong customer base and apps that are integrated into daily lives of end-users, can derive significant benefits from open banking – for example in India, big techs were able to leverage the third-party payment initiation capability to rapidly expand their presence in the payments market, prompting the imposition of volume caps^[9]No single third party application can exceed a market share of 30% by payments volume.. This has also prompted calls for introducing the principle of reciprocity and requiring the third parties that access open banking services to also themselves being obliged to open access. This however poses several issues starting from the scope of the data extending beyond the financial sector domain and challenges in standardizing. There is broad movement towards taking an open data approach, wherein the data subject is vested with the right to access and share their data held with any entity – the Customer Data Rights initiative in Australia goes in this direction.

Data Protection and Privacy^[10]Adapted from “Role of consumer consent in open banking”, World Bank, 2021.

Open banking is an economic reform premised on processing personal data, with consumer consent. While open banking increases transparency in financial markets by making data more widely shared, it also creates concerns about personal data protection and privacy. The use of such data could vary from enabling Third-Party Providers (TPPs) to offer payment-initiation services to comparators that use account information to compare services and products offered to a specific consumer from different service providers. As more sources of data are used to understand financial behaviors, data protection and privacy have gained even greater importance. By helping to build trust and a sense of control among consumers, data protection and privacy safeguards, including consent, can increase the uptake and use of digital financial products and strengthen the formal economy.

The range of data-protection and privacy considerations under data-sharing scenarios includes data-protection principles, data governance and enforcement, and data security, including cybersecurity. In many jurisdictions, personal data-protection regimes are part of the broader legal framework for open banking and often based on another well-known European benchmark—the GDPR. While the confidentiality of information is very relevant, the focus on open banking has shifted on how consumers are able to control and maximize the beneficial use of their banking data (Leong 2020). In this context, consent of the customer is a key construct for safeguarding the interests of the customer. As such explicit consent addresses the inherent tension that exists in the use of personal data for commercial purposes— such as open banking—by enabling consumers to exert control over the use of their data. While consent is a core part of the legal and regulatory framework for open banking, clear guidance on how to implement consent is frequently lacking. Data-protection laws provide general requirements on consent clauses but may not fully reflect the technology and market conditions present in open banking.

Consent alone is inadequate to support data protection and privacy, but it is a critical tool that gives consumers some control over their data, if properly designed and implemented. As the European Data Protection Board (EDPB) observes, “If it is correctly used, consent is a tool giving the data subject control over the processing of his data. If incorrectly used, the data subject’s control becomes illusory, and consent constitutes an inappropriate basis for processing” (EDPB 2020b).

In addition, several overarching consumer protection considerations also apply and need to be accounted for in open banking context. Notably, clauses in data-protection and privacy regulations that establish time limits for the use of personal data can give consumers with negative performance episodes incentives to improve their standing, reducing the possibility that some consumers may become economically marginalized for temporary problems. Consent can also provide an opportunity to teach consumers about their rights and responsibilities in financial markets and with respect to data use, so they are better self-advocates and can help to enforce regulatory requirements and market discipline.

Consent should be seen as one part of a more comprehensive approach to protecting consumers’ interests; an adequate data- and consumer-protection framework is necessary to protect consumers effectively under open-banking schemes. In some instances, these involve consumer input, supervision, and feedback. In others, they relate to the “privacy architecture” built into financial products and services, of which consumers may not ever be aware. In addition, broader discussions around the potential negative consequences resulting from inadequate safeguards around data analytics and algorithm development are relevant consideration in the context of open banking as well.
The below table summarizes the key policy considerations pertaining to data protection, privacy and more broadly consumer protection in the context of open banking.

Regulating third parties

Open banking regulations introduce new categories of regulated financial institutions. The PSD2 model of introducing two new categories of institutions – the Account Information Service Provider (AISP) and Payment Initiation Service Provider (PISP) – has been widely adopted across the World. There is however some variation on the approaches related to application of prudential requirements, financial conduct requirements, and supervisory approaches. An alternate model in India – is one of not regulating the PISP and instead treating it as a specific product offered by a regulated payment system through its partner banks/payment institutions and relying on the operating rules and procedures of the payment system to achieve the regulatory outcomes. On the other hand, a new category of entities called “Account Aggregators” is introduced, who act as a “data fiduciary” orchestrating the data requests from institutions that have a legitimate interest and the providers of information, and the consent of the data subject. This model while like AISPs at first glance, in reality represents a different regulatory approach. Notably, it does not pre-judge the type of services the data receivers will offer, and allows all institutions regulated by any of the financial sector regulators in India and the Department of Revenue, Government of India to be able to participate as data receivers.

Forward Look

Finally, while some topics have not been incorporated into any regulation yet and hence are beyond the scope of this article, they are on the agenda for discussion in many countries. The role of bigtech firms in the data economy, the extension of data sharing to other sectors of the economy (referred to as “smart data”), or potential efforts toward international interoperability are examples of issues that will very likely have the attention of regulators in the near future.

As described in this article, open banking is to a great extent about ecosystem creation and the smart use of data to deliver new products to customers and to encourage competition. There is no single model or solution to achieve these objectives. The models summarized in this article differ in their approach and scope, in the strictness of the standards or principles defined, and in the definition of the responsible governing bodies, among other things. Some early lessons from the experience thus far on open banking regulations, include:

The technology, operational, and business model issues are critical for open banking issues to be successful. While regulatory frameworks, rightly do not delve too much into these aspects, they should at the minimum foster development and adoption of standards and industry wide co-ordination mechanisms. Leveraging existing industry bodies and market infrastructures like payment systems and credit reporting systems would be relevant. Regulators however need to ensure that they are able to influence and shape the governance arrangements to ensure that the intended public policy objectives are achieved.

• The full life-cycle aspects of an open banking transaction need to be considered. For e.g., what happens to customer disputes for an open banking-initiated transaction or when a consent needs to be revoked.
• Authorities should support the industry in developing appropriate service level agreements on aspects like data quality, API uptimes, and response times. Appropriate enforcement mechanisms should also be considered.
• Lastly, adequate industry consultations should be used to inform regulations and decisions on technology, operational, and business model aspects. The incidence of the costs associated with open banking could be concentrated on the incumbents, while the benefits are more widely dispersed. This calls for active consultations and appropriate mechanisms to ensure incentives are aligned.

Early regulatory efforts have been concentrated on defining standardized API frameworks, creating governance bodies and rules, enhancing security, developing infrastructure, and establishing authentication methods. Among the next items on regulators’ agenda in the area of open banking are issues such as the future scope of open banking, competition with other industries, especially with big tech players, and international interoperability.

In that respect, market participants and regulators are starting to talk about the evolution of the scope of open banking toward open finance and smart data. Open finance refers to the capacity of consumers to access their data via a suite of finance products, including mortgages, savings, insurance, pensions, and so on. On the other hand, smart data suggests the idea of customers accessing their data in nonfinancial services sectors, such as energy, water, mobile, and data from bigtechs. Although the only country to regulate the extension of open banking to other sectors so far is Australia, discussions around it are taking place at different levels in other areas. The idea of reciprocity when giving access to data is a principle that banks are starting to claim as a necessary step toward a level playing field. The Smart Data Review in the United Kingdom and the report of the Canadian Senate Committee on Open Banking also go in the direction of extending access to data to other sectors beyond banking.

Concerning bigtechs, their increasing interest and positioning as financial service providers, especially through banking-as-a-service models, has raised questions about the impact of their access to data from financial institutions. Some banks are starting to claim the idea of reciprocity in the access to customer data to guarantee a level playing field. On the other hand, regulatory authorities are analyzing the implications for financial stability and consumer protection, and also the division of responsibilities between bigtechs and their partnering banks.

Finally, one last element on the agenda of open banking that could contribute to the development of global markets is international interoperability, still at very early stages of discussion. The fact that there is no globally adopted API standard, and that TPPs may need to use different API standards to communicate with banks in different jurisdictions, could lead to potential challenges, such as inefficiencies for third parties or fragmentation of the digital financial ecosystem.

Notes

The views expresed in the article are the authors personal opinions and not representative of the World Bank’s management or board of Directors.”

Authors

Pietro Carlo Padoan^[1]Chairman UniCredit.

 

Abstract

Open Banking is bringing a significant impact to the financial sector offering business opportunities which go beyond the need to comply to a mandatory regulation on the enhancement of functionality and security of the underlying technology. New players and FinTech companies are riding the Open Banking wave and, by a certain extent, paving the way for traditional large banks to access to innovative revenue models through partnership and collaboration archetypes. Banks are asked to recalibrate their investments and adopt a holistic strategy in order to take advantage of the extensive and deep client relationships and to exploit new revenues streams mainly related to the use of data. Indeed, Open Banking represents a natural evolution as the financial ecosystem becomes more and more digitally capable. Within this context, banks’ competitive positioning is that of being the primary custodian of financial data and building on their own strengths to enrich customer experience so to guarantee the long-term sustainability of the business in the decades to come.

 

Introduction

More than a decade ago the idea of Open Innovation was beginning to make its way in the innovation policy circles. The idea was simple yet pathbreaking. Rather than protecting their invention innovators should share their ideas with other innovators so that a growing pool of new ideas were made available. This would benefit all innovators at a limited cost. The idea rested on the aspect of public good that innovation carries.

Transition strategy towards an Open Innovation model includes flexible and service-oriented business models able to integrate customers, moreover, put customers in the center of business focus through the adoption of appropriate architecture, IT infrastructure and business strategies. Today this approach seems to be extended to Open Banking, a banking practice that provides third-party financial service providers open access to consumer banking, transaction, and other financial data from banks and non-bank financial institutions, which can be seen as a powerful accelerator of innovation in banking. In what follows we will discuss some of these aspects, which deal with innovation in products, technology, business models, companies data generation, and as a consequence bringing new opportunities for policy making.

 

From regulatory driven implementation to business opportunity: a holistic view on the impact of Open Banking on the business model of large banks

Open Banking is bringing a significant impact to the financial sector and is progressively becoming a strategic leverage to expand products and services, increase transparency and empower customers to take more informed financial decisions. Banks are embracing the business opportunity represented by Open Banking shifting their investments beyond the need to comply to a mandatory regulation and focusing on the enhancement of functionality, performance, security and stability of the underlying technology.

While moving the first steps in the adoption of the Open Banking, many banks had to put their effort mainly in the implementation of the new regulations and technology framework to allow the networking of data across institutions for use by consumers, other banks, and third-party
service providers. Today, with the foundation of the new technological structure implemented, the threat of merely meeting a regulation can be diverted to build further and stronger on the business opportunities created by the Open Banking paradigm.

The shift from mere costly compliance to a business opportunity to take advantage of, calls for a holistic approach. In fact, each bank needs to select its relevant business case and assess the
investments needed, exploring new and innovative revenue models together with partnership and collaboration archetypes. The strategy adopted will direct both the quality and the benefits of products and services for the different customer segments.

In this context, financial services are asked to identify the scenario that provides the greatest value with the shortest time to market while continuing to invest in capabilities to keep up with technological progress. The key areas defining the Open Banking strategy for incumbents
currently concern new payment solutions as real-time payment initiation, less cumbersome processes especially for corporate customers as well as digital customer identity verification, personal and business financial management and enhanced credit risk scoring. Clearly, Open
Banking is impacting a wide range of products, some of which are driven by standardized technology or proprietary methods while others are offered partnering with external providers including emerging players and FinTech companies.

 

How are new players and FinTech companies riding the Open Banking wave?

Turning the gaze to the broader financial ecosystem, it is worth to mention that prior to the introduction of Open Banking, FinTech companies had already started developing and offering services based on the aggregation of different data sources, such as personal finance management
tools or digital accounting capabilities for corporates. Now, most of the FinTech companies active in this sector, are focusing on providing other businesses with solutions to integrate Open Banking technology into their propositions. Services in this space include platform to collect and share specific set of data, processes to streamline digital onboarding, tools to facilitate fast payment initiation and platform for account and asset aggregation. Within this framework, traditional banks are mainly interested in the possibility to integrate authorized third-party data of current or new clients to enhance identity verification and anti-frauds processes and to refine customer segmentation to improve client’s engagement. On the other hand, neo-banks are using these FinTech solutions to enable easier ways to transfer money towards their accounts and offer to final customers advanced payments solutions on their highly technological channels. Another relevant case is that of non-banks entering the market introducing brand new services as the so called “Buy Now Pay Later”. These players are using Open Banking capabilities coming from third party providers to offer the possibility to purchase online and split the ticket installments without any additional charge with a smooth digital process.

 

Open Banking: exploration of new revenue opportunities and innovative business models for large banks

It is evident that Open Banking is providing enhanced capabilities for a wide range of players opening the doors to a new wave of digital products and services. Reduced time-to-market, low infrastructure maintenance costs, greater level of specialization offered by emerging players or FinTech companies, are all advantages that could potentially lure away bank customers with fast and user-friendly services. But all these do not tell the entire story though, as banks’ extensive and deep client relationships, grounded in years of mutual trust, will prove difficult to prise apart. In addition, incumbents deal in comprehensive offerings, covering the whole spectrum of financial services. With these differences in mind, collaboration represents a highly promising avenue for both parties – with banks benefiting from FinTech’s technological expertise, and FinTech companies gaining access to banks’ deep industry experience and client bases.

A strategic approach for large banks could be the creation of an “ecosystem” of partners to offer a broad range of innovative products tailored on different segments and needs and act as intermediaries between them and the customers. In turn, banks could sell specialized services for which they still hold a dominant position to either fintech companies or smaller banks. Last, another promising concept could be the “revenue sharing model”, which sees banks and third parties collaborate in the co-creation of new products and services and share future revenues.

The value creation enabled by Open Banking encompasses also brand-new revenue streams that could support the mitigation of the pressure on traditional margins. Examples are represented by the possibility for banks to leverage external data and analytics-driven information, such as status of liquidity management and payment flows to anticipate client needs. For their part, banks can explore data monetization use cases to provide actionable insights to other players.

In addition to new revenue streams, Open banking is also paving the way for the adoption of innovative business models. Traditionally, when new products or services are launched, the monetization strategy is to charge customers fees to use them, as happens for example by charging for real-time payment collections and reconciliation. When providing a service in partnership with an ecosystem partner instead, a common model is represented by the revenue sharing, a sharing system that ensures each entity is compensated for its efforts. But banks can also start considering the adoption of digitally native models such as pay-per-use, a payment model that charges based on resource usage, whose scope of application is expanding in other industries (as manufacturing) and could be potentially borrowed and tailored for banking use cases.

 

Strategic moves and Investments needed to unlock Open Banking opportunities

Targeting the innovative revenue streams and business models enabled by Open Banking, requires a holistic strategy and the assessment of significant investments. With this respect, key factors with a huge impact are the creation of compliant application interfaces and the task of overhauling legacy infrastructure to meet current and future technology requirements.

From an infrastructure perspective, managing the complexity of bank legacy systems, the interoperability of current and future offering and the integration of external providers with the existing environment is all but trivial. IT Architecture efforts to migrate or complement legacy systems and the implementation of external solutions demands a significant amount of resources, people, time and money. In addition, for what concerns the pure application development, it is crucial to endow programmers with tools allowing them to create valuable connection and not just standardized interfaces to comply with regulation; this will turn the costs into an investment able to maximize the interaction with other players’ interfaces as well.

Another unquestioned spillover of Open Banking is the large data network generated. Large financial institutions risk being unable to exploit new incoming data, while providing other players with the considerable and increasing amount of banking data available thanks to their own clients. Hence, the definition of a proper data strategy and a clear investment roadmap to acquire technology, tools and skills to enhance data integration and advanced analytics is another significant expense to be carefully evaluated.

Finally, it is central to focus on the cyber-threats and cyber-security risks of Open Banking. Although the regulatory framework is laid on strict rules on security and data protection, it is important for banks to invest in new protection strategies to safeguard application, prevent, assess and fight cyber-attacks in the new era of interconnectivity.

On a higher level, for banks to stay relevant in this competition arena, the shift towards Open Banking calls for multiple activities of process transformation and optimization. More broadly this concerns the transformation of process characteristics, methodologies, tools, but also investments in upskilling and reskilling programs for employees, to be paired with onboarding of the right resources from the outside.

As Open Banking picks up pace, organizations must figure out not only the best investment strategy but also the best pricing scheme for their customers. Older pricing models may not fit in the Open Banking system as the increased demand for price transparency and matching, could fuel a growing willingness by customers to switch banks. This dynamic is forcing banks to assess new effective pricing strategy able to offer the best return on investment while ensuring value for third parties involved.

 

The path to transforming Open Banking investments into business opportunities

It appears evident how Open Banking represents a natural evolution as the financial ecosystem becomes more and more digitally capable. Within this context, banks’ competitive positioning is that of being the primary custodian of financial data, acting as regulated intermediaries between technology vendors and customers. Traditional financial institutions can really exploit the advantage of being perceived as the ones providing greatest protection.

At the same time, banks are asked to build on their own strengths to enrich customer experience, and with it, enhance acquisition, retention and revenue performance, as well as improving back and middle office functions and efficiency. In addition to the internal transformation, a key component in achieving this end is also to partner with the right external player to complement bank offering.

Comparing the investments needed with the new business opportunity powered by Open Banking, it is reasonable to assume that the balance can hold. A plausible expectation for the short term is that infrastructural investments will weigh the most while in the medium to long term, what will account for the greater part will be new revenue flows and minor costs given by increased efficiency. All this needs to go hand in hand with skillful strategic and tactical choices, continuous efforts towards clients’ retention and a boost in infrastructures’ readiness to expected evolution in markets and regulation.

Balancing the benefits and opportunity with costs and investments needed to make large banks ready to fulfill the task, is challenging. But the path is clear: Open Banking must be integrated in the strategy for product and service development, to guarantee the long-term sustainability of the business in the decades to come.