Open Banking - A Practical Framework for Adoption
Updated: Jan 11, 2021
Open banking allows consumers to port their data out of their financial institution and use it in any way they choose, such as easily opening new accounts. Open banking has a multitude of benefits to financial institutions, their clients and Fintechs. Legislation to mandate open banking has been passed in some jurisdictions, however, North America is currently trailing behind the EU, Asia and Australia in its adoption. Most people and companies are talking about the big vision for open banking and the advantages it will bring to the parties involved, but very few are suggesting practical approaches to actually getting it done. In this article we present a practical framework for adopting open banking - and how your organization can take the first steps to get to the grand vision.
Open Banking around the World
Multiple jurisdictions have either mandated or started implementing open banking policies, with the UK and EU leading the pack. In the UK, the Competition and Markets Authority (CMA) requires nine of the UK’s largest banks to implement open banking standards. An approved roadmap for implementation was released in May 2020. The EU follows the Payment Services Directive (PSD2), under which banks are required to share banking data and provide the ability for payment initiation.
In Asia, The Hong Kong Monetary Authority (HKMA) has published an Open API Framework in July 2018. The Monetary Authority of Singapore (MAS) developed Open APIs in 2020. In Japan, although open banking is not mandatory, leading banks and Fintech firms have started building APIs in the past several years.
Australia is taking a broad approach to open banking. The Consumer Data Right Act (CDR) became a law on July 1, 2020. In this Act, consumers are entitled access to their banking information and also to data about their energy, phone and internet usage and accounts. Presently, Open Banking API implementation is under way at Australian Banks.
Canada and the US are lagging behind developed countries. In Canada, the Open Banking Advisory Committee of Finance Canada has just finished its second round of hearings in December 2020. In the US, a number of banks, Fintechs, intermediaries and regulators are holding ongoing discussions. In both Canada and the US, some banks are already building proprietary APIs to open some of their data to third parties. No concrete roadmap for industry-wide adoption is available as of yet. Because of this, Fintechs are still relying on aggregators like Plaid, Yodlee, Flinks and MX that gather customers’ financial data by screen scraping. Nevertheless, some technology companies are preparing for the introduction of open banking by developing ecosystems like Plaid Exchange and the Open Banking Project open source initiative.
Benefits of Open Banking
Although the focus of this paper is not on educating the reader on the benefits of open banking, it’s worth mentioning a few key points.
Consumers will benefit from open banking in a number of ways. First, account opening with new financial institutions or applications for new financial products such as a mortgage, will be much easier and faster. Instead of filling out lengthy forms, you will be able to grant the financial institution access to specific information from your existing bank or a central authority. Another benefit is a better, more fluid customer experience with Fintech products such as Mint or financial planning - your information will always be up to date, in near real time.
Fintechs will benefit from open banking by getting reliable access to financial information for their clients. They will no longer have to rely on third party aggregators that are flaky and break often due to multi-factor authentication problems and changes in bank websites that break screen scraping. Data will be provided securely through official bank-approved channels.
Banks and Credit Unions will have much better control and knowledge of the third parties that are accessing their clients’ financial data. In Canada specifically, Fintech adoption has increased from 18% to 50% since 2017 (according to a recent EY survey), and consumers are likely to continue using Fintechs for more services in the coming years. At the moment, banks have limited visibility into what specific Fintechs each client uses and how - and it is to the banks’ advantage to have greater visibility and insight into it.
Some banks are already working with Fintech partners for specific services, such as CIBC’s partnership with Borrowell for free credit scores, TD’s white-label of Moven in its MySpend app, and BMO’s implementation of Voyant for its WealthPath financial planning service. Executing these partnerships is currently costly and time consuming. Open banking will enable this to happen much faster and less expensively, and as a result will help banks deliver a larger variety of services.
Barriers to Adoption
Some of the barriers to adoption of open banking are: security and privacy, technical and operational preparedness, and concerns over money movement out of the bank.
According to a 2020 Business Insider survey, 76% of banks see data security and customer privacy as a concern regarding open banking adoption. Banks are also concerned about possible data breaches and the liability that may be associated with them. The current regulatory structure in the US prioritizes consumer protection and places the liability on banks in the event of a breach (Lexology, 2020).
According to the same Business Insider survey, 70% of fintechs and 52% of banks think process barriers are an issue for adoption and over 50% of bank and Fintech respondents cite technological incompatibility as an issue. Moreover, differences in organizational culture and mindset are a barrier cited by 66% of banks and 70% of fintechs. There is more work to be done on both sides to breach the gap.
Open banking preparedness has a long way to go. According to Business Insider, only 33% of banks have adequate security measures in place and just 26% have identified the right open banking partner - compared to fintechs, which fare 68% and 43% respectively in these categories.
In our conversations with four Canadian banks, we’ve heard concerns about money movement out of the bank. This is a valid concern, however, consumers can easily move their money out of the bank even without open banking. The risk of application-driven money movement can be further mitigated by proper governance and throttling of money movement from a user’s account under specific conditions.
If your organization believes that the old way of doing business and relying on your traditional products and services is sustainable in the long run, remember Kodak’s attitude towards digital photography, and BlackBerry underestimating Apple’s and Google’s competition. It’s not a question of ‘if’, but rather ‘when’. Open Banking will be the de-facto state of the financial industry in the future.
Open Banking Adoption Framework
A full-fledged open banking ecosystem will take several years to develop and reach maturity. At the same time, the longer the industry is stuck in analysis paralysis, the further it delays reaping the benefits of open banking. We cannot wait for the regulators to make a decision on open banking adoption. The financial services industry is fully capable of taking the first steps today in the adoption of open banking. We are proposing a three step framework that will enable that.
Figure 1: Open Banking Adoption Framework
1. Purpose-Specific Enterprise APIs
The first step that banks can take today is the development of purpose-specific APIs to cover a limited set of use cases. We propose the development of enterprise-wide APIs that will facilitate the integration of a financial institution with its Fintech partners.
As mentioned above, some banks are already working with Fintech partners to provide specific products and services. In nearly all cases, deep integrations are currently developed to pass customer and account data between the bank and each of its Fintech partners. Up to now, most of those integrations were custom-built, and as a result integrating with each Fintech partner was a lengthy and costly process. Often there is a common set of use cases for which these deep integrations are developed. If not managed from an enterprise perspective, developing integrations for multiple fintech partners could result in duplication of effort. Developing enterprise APIs for common use cases will ensure that effort is not duplicated, and can greatly accelerate the development of new integrations. At this stage, access will be tightly controlled, and only select partners will be allowed to use these APIs.
2. Limited Access Platform
A Limited Access Platform takes a step further towards standardizing access to open banking APIs and allows a larger number of Fintech participants to use the product. At this stage, a standard set of APIs will be defined and implemented by each financial institution. An additional set of use cases will be covered, including read and write account access. Fintech partners will be approved for access on a case-by-case basis, and each partner will have to meet a rigorous set of criteria in order to be approved. A Software Development Kit (SDK) with reusable components and widgets may be provided by the participating financial institutions to allow their partners to use standardized components provided by the bank.
At this stage, industry participants will participate in an extensible ecosystem that consists of APIs and SDKs for application development. Access will be granted to eligible Fintech partners that meet access requirements - and a self-serve onboarding with automatic approval will exist. Financial institutions will also be able to extend the standard APIs and SDKs with additional enhanced functionality. A Fintech working with a financial institution in this ecosystem will look a lot like a company building on the Apple App Store and Google Play.
With each step, the implementation of open banking will be standardized further, until it reaches full maturity and a standard set of interfaces, rules, and capabilities. Developing new services will become faster and less expensive at each stage.
Figure 2: Adoption Framework Detail
What Your Organization Needs to Execute Open Banking
Many financial institutions are already in the position to execute Stage I: Purpose-Specific Enterprise APIs. Your organization will need to consider the following factors to do so.
Open Banking Strategy. Define your organization’s position on open banking. Consider your readiness to adopt it, and the industry preparedness stage in which you will begin participating.
Enterprise API Strategy. Develop and approve the vision and strategy for enterprise APIs, as well as the path to evolving them into open banking.
Executive Sponsorship. Appoint an executive sponsor who will own and drive the vision for the implementation of open banking and the enterprise API strategies in the organization.
Governance. What is your position on allowing your clients access their financial data via third parties? What rules does your organization need to enforce?
Risk Management. What is your risk tolerance and appetite? Consider risks such as loss and theft of personal data, liability towards clients and partners, money laundering, and cybersecurity. Many of these are extensions of risks that are already covered in your existing risk management policies.
Technology. Is your technology infrastructure ready for open banking? What parts of your infrastructure, such as systems, applications, and tech stack, do you need to upgrade in order to begin supporting externally accessible APIs?
Processes. In what ways will your internal processes need to change to support the use cases and partner integrations through open APIs?
People. Do you have the right people in place who can support the processes and technology for open banking? What new skills does your existing team need to develop? Are there any new hires will you need to make?
Budget: A set budget for the development, maintenance, support, and all processes involved.
Define Project and Service Parameters:
- Use cases
- Access requirements for fintech partners
- Permitted and non-permitted uses
- Support model
- Legal and compliance approvals and reporting requirements
- Technology used
- Customer onboarding and lifecycle management
Fintech partners: A select group of partners who will be granted access to your open API.
Clients: A select group of early adopters who will be allowed to use the services supported by the aforementioned APIs. These will likely be personal banking or business banking clients who are using third party services that access their accounts at your financial institution.
Functions required to execute. We recommend having a diverse, cross-functional team that includes:
- Enterprise Architecture
- Open Banking Product Manager
- Project Manager (this role can also be filled by the Open Banking Product Manager)
- Product Development Team, which includes Developers, DevOps and QA
- Legal & Compliance
- Customer Support
- Risk Management
- Business Continuity Management
- Cyber Security
In conclusion, open banking is coming to the US and Canada - it’s a matter of ‘when’ and not ‘if’. We cannot wait for regulators to work out all of the details of what open banking will look like. The costs of waiting too long are too high, and will delay reaping the benefits of open banking by all ecosystem participants. Many financial institutions already have the capability to take the first steps in developing enterprise APIs that will make integrations with partners easier, more organized and more secure. If you are looking to get started with enterprise APIs in your organization, or need an experienced party to help drive that process, contact us for a consultation.