Financial transactions have played an essential role in simplifying trade and commerce in the economy. With technology in this area, transactions have become faster, making goods and services more easily accessible. Additionally, the utilization of alternative data for marketing purposes has considerably reduced the time required for selecting products or services. However, the evolution does not end there. Presently, a digital ecosystem is emerging, focused on leveraging financial data to foster inclusive financial services. Nevertheless, preserving the privacy of financial data remains a contentious topic, giving rise to numerous debates.

Then, how did this digital financial ecosystem come to fruition?

The emergence of this digital financial ecosystem can be attributed to the concept of open Banking. Despite the term “open,” it does not imply that financial data is left unencrypted. Instead, its exchange is open through APIs, wherein the data is tokenized in compliance with PSD2 (the European Union’s Second Payment Services Directive). This allows authorized third-party providers (TPPs) to access the data for KYC and other purposes, such as more accurate credit risk evaluation, improved workforce allocation, better product delivery, stronger fraud protection, etc. Payment initiation service providers (PISPs) can make payments directly through the customer’s bank for a frictionless experience.

The monolithic financial infrastructure had already been overridden for some years given its lack of flexibility; the pandemic just made the need more apparent. The robustness of digital financial infrastructure is imagined to give wings to PSPs and account aggregators (AAs) with safer financial data sharing. An example could be aggregating competitor bank data, as done by HSBC’s ‘Get Connected’ app, to give customers a broader financial picture across accounts. The need is to bring in more compliance regulations to prevent any misuse of sensitive data and have adequate mechanisms in place to handle technological loopholes that might appear.

Various governments globally are developing initiatives to bring holistic management of open data into play by creating a robust universal framework, which we’ll discuss in this article.

A glimpse of the global landscape

United Kingdom’s Open Banking Implementation Entity (OBIE)

In response to the Competition and Market Authority’s (CMA) retail banking market investigation, OBIE is responsible for ensuring UK banking providers implement the Open Banking Roadmap. This roadmap was merely a preliminary step taken by CMA, the scope of which is fairly limited.

There have been mixed views from experts regarding the success of open banking payments in the UK.

• Some feel that the firm’s APIs are performing well, while others are of the opinion that the inconsistency of API provisioning is undermining the entire system’s reliability.
• There are also significant variations in conversion rates across firms and channels.
  – The performance data submitted by CMA 9 firms is a subset and is not representative of the market.
  – The availability and quality of performance data across the ecosystem is another challenge.
• Counter-authorized push payment (APP) fraud measures tend to add friction to customer journeys, thereby limiting the adoption of payment initiation services (PIS) and account information services (AIS).
  – Contrary to various TPP’s beliefs, certain ASPSPs consider the countermeasures proportionate and necessary per their internal data regarding fraud attempts.
  – They also highlight the higher incidence of fraud in open banking channels compared to others.

The Joint Regulatory Oversight Committee (JROC), set up in March 2022, comprises HM Treasury, the CMA, the Financial Conduct Authority (FCA), and the Payment Systems Regulator (PSR). JROC is now embarking upon the next stage of open finance to govern the future of 6.5 million open banking-powered technology users in the UK. The main aim is to close the differential in customer protection between open banking and traditional card payments to induce open banking adoption.

Here are some key thematic learnings underlined by the UK’s SWG that are being prioritized by Future Entity (successor entity to OBIE) to unlock the potential of open finance:

• Achieving a balance between countering fraud and enhancing customer experience
• Improving ecosystem performance through consistent availability of APIs
• Expansion of open banking to use cases such as e-commerce and variable recurring payments (VRPs)

These priorities have been further segregated into time frames for a more focused and effective approach to resolving the apparent issues. In the short term, the focus is on transaction risk indicators, detailed evidence collection, and so on. In the medium term, steps will be taken to provide mechanisms allowing collaboration in the ecosystem. Over the long term, the emphasis will be on bringing in the Account 2 Account Retail Transactions scheme (A2ART) to accommodate ecommerce within the purview of open banking. Long-term priorities also involve the introduction of scalable VRP schemes for resolving open banking performance challenges.

Australia’s new consumer protection laws

Despite the idea of open banking propping up in Europe and spreading virally in the US, Australia still seems ahead of the trend by incorporating lessons from the first movers. Australian data-driven innovation contributes approximately $64 billion annually to its economy. The value proposition of open banking flowing effortlessly into open finance is that universal data sharing represents a new currency for businesses.

The essence of the matter is that open banking is not just to democratize customer data but also to drive competition among businesses by enhancing financial services access. A focus on B2B data sharing is required to stand true to the promises that serve as the bedrock of the open banking value proposition. The current double opt-in mechanism for being a ‘data sharing delegate’ accredited by the Australian Competition and Consumer Commission (ACCC) has presented resistance to the goal of a seamless digital experience.

Australia had initially opted for coverage of a full range of financial verticals. The consumer data rights (CDR )regime chose an economy-wide data-sharing framework to make the most efficient use of data across industries such as telecom and energy. But over the past few years after the CDR rollout, the government has realized the importance and need for a phased implementation process, as is the case in the UK. Initiatives such as the UK-Australia fintech bridge have provided clarity to the regulatory environment around data aggregation, allowing fintech start-ups to easily navigate this space.

The screen scraping method has permitted the coexistence of old and new regimes, allowing the market to build trust in open banking as and when it deems fit. Despite the limitations mentioned above, the rollout of      CDR      in conjunction with the New Payments Platform (NPP) has paved the way for further consumer-centricity through more trust in technological innovation. National policymakers need to work as peers rather than fighting to be the leader for a more consistent approach to data governance, as data is increasingly defying boundaries.

Europe’s PSD2 regulation

First introduced in 2007, the Payment Service Providers Directive (PSD) sought to support the development of a single payment market in the European Union. In 2015, PSD2 was adopted to further enhance the goals of innovation, competition, and efficiency in the payments ecosystem. PSD2 has ushered in a new era of open banking with its objectives of:

• Ensuring a level-playing field between incumbent and new providers of card, internet, and mobile payments
• Increasing the efficiency, transparency, and choice of payment instruments for payment service users (consumers and merchants)
• Allowing the provision of card, internet, and mobile payment services across borders within the EU
• Allowing innovative payment services to reach a broader market
• Ensuring a high-level protection for payment service users across all member states

In 2018, the new regulation that came into force allowed third parties to access bank infrastructure. The other major development in PSD2 was the introduction of new security requirements—Strong  Customer Authentication (SCA). This involved two-factor authentication for bank operations.

In the 5 years since its implementation, PSD2 has seen mixed success. Industry consensus is that fraud has considerably reduced after the introduction of PSD2. In fact, the European Banking Authority (EBA) found that the share of fraud by value is three times higher for payments authenticated without SCA compared with payments authenticated with SCA.

However, some challenges remain. To name a few:

• Obstacles to data access by account information service providers (those who collect and consolidate information on different bank accounts of a consumer in a single place) and payment initiation service providers (those who establish a payment link between the payer and the online merchant)
• Many payment systems (especially debit card systems) remain largely national, despite the rise in the cross-border provision of payment services
• The absence of a level-playing field between payment service providers, partly owing to the lack of direct access by non-bank Payment Service Providers to certain key systems required to finalize payments.

It is expected that the adoption of open banking services will double across Europe from 2022 to 2027, but many of the regulations do not allow open banking to be as innovative as it can be.

To address these challenges, PSD2 is getting a makeover after a thorough impact assessment by EBA.

Some of the proposed changes include:

• Streamlining authentication efforts by application of SCA in respect of payment account information services who will apply SCA only for the first access to payment account data by open banking account information service providers, unless there are reasonable grounds to suspect fraud
• Enhancing efforts to combat new types of fraud
• Greater transparency for credit transfers and money remittances from the EU to third countries
• Allowing non-bank payment providers to access all EU payment systems
• Ensuring more cash availability in brick-and-mortar settings and through ATMs
• Establishing clear rights and obligations for data sharing beyond the confines of payment accounts
• Enhancing the functioning of open banking, especially regarding the performance of data interfaces while eliminating obstacles to open banking services and allowing consumers control over their data access permissions
• Merging legal frameworks applicable to electronic money and payment services

The challenge for banks and other financial services providers is now to strike a balance and come up with innovative products that do not compromise on security.

Dynamics in the US market

The Consumer Financial Protection Bureau (CFPB) aims to facilitate a consumer-authorized data-sharing market in the United States. Simultaneously, the Financial Data Exchange (FDX) Consortium strives to foster standardized and interoperable protocols for secure access to financial data, given that 42 million customer accounts are already on its API. As per the McKinsey Global Institute, adopting open data ecosystems has the potential to boost national GDPs by up to 1.5% by 2030. Although the aforementioned systems have proven to help foster innovation in the development of financial products, some issues in the consumer-authorized data-sharing market still need to be dealt with.

Screen scraping, despite being an older and less efficient method, may still be used by small banks in the United States for a few reasons:

• Legacy systems may not have built-in API capabilities or may require significant investments to upgrade. A lack of resources, therefore, restricts smaller banks and credit unions’ ability to develop and maintain APIs.
• APIs require standardization and agreements between different banks and financial institutions to ensure seamless integration. However, in a fragmented banking landscape with numerous small banks, achieving such interoperability can be challenging.
• The time-consuming and complex process of regulatory compliance, security considerations, and potential testing and integration efforts for API implementation, especially for smaller banks with limited resources, limits their use.

The CFPB’s efforts can create an environment that encourages and supports the usage of open APIs in the U.S. financial industry.

1. The CFPB can collaborate with industry associations, technology providers, and financial institutions to foster discussions and initiatives around open APIs. By engaging in dialogue and partnerships, the CFPB can work towards developing industry standards, addressing challenges, and sharing best practices for open API implementation.
2. Initiatives such as hackathons, innovation challenges, or sandbox programs encourage the development and testing of open API solutions. By showcasing successful implementations and promoting innovative ideas, the CFPB can inspire wider adoption of open APIs.
3. By ensuring consumer control and choice, the CFPB can create an environment that incentivizes banks to adopt open APIs.
4. The CFPB can play a vital role in producing educational materials, hosting webinars or workshops, and providing resources that explain the technical aspects, security considerations, and potential use cases of open APIs.

How can Banks, Credit Unions, and TPPs be ready?

The accelerated pace of regulations around open data and the proliferation of platforms allow for greater adoption of an open data economy. This is crucial, as a whopping $416 billion of the bank’s revenues are at stake owing to this transition, as per Accenture. Bankers need to be ready for this wave of change. It might not look like it has much power on the horizon, but it has the capacity to engulf banks, as we know them, upon reaching the shore.

Adopting APIs in core banking platforms involves a technology blueprint that encompasses several components and considerations. Here’s a high-level technology blueprint for core banking platforms adopting APIs:

The key to the success of open banking is access to data. APIs can access data only when it is consolidated. Therefore, there is a need for data orchestration to consolidate the data, which is currently disparate. While banks have implemented multiple systems and applications based on LOBs, all this data needs to be aggregated in a single place, following which APIs and relevant services can access the same. Banks, TPPs, and credit unions need to stress on data integration and interoperability: to      follow      industry-standard data exchange protocols like JSON, XML, or ISO 20022.

• API Gateway: It is a centralized entry point for managing and securing API interactions such as authentication, authorization, rate limiting, and other security measures.
• API Management Platform: The platform enables easy discovery and consumption of APIs by external developers, partners, and internal stakeholders through features like API documentation, versioning, analytics, and a developer portal.
• Microservices Architecture: Decompose the monolithic system into smaller, modular services that are responsible for specific business capabilities. Each microservice can expose its functionality through well-defined APIs, enabling flexibility, scalability, and independent deployment.
• Service Orchestration: Orchestration ensures the seamless flow of data and operations across different microservices, allowing APIs to interact and work together to execute end-to-end transactions.
• Event-Driven Architecture: Events can trigger actions within the core banking platform and notify interested parties about relevant changes or updates. This architecture ensures loose coupling, scalability, and responsiveness in handling API interactions.
• API Security and Authentication: Apply role-based access controls to ensure that only authorized users or applications can access specific APIs and perform authorized actions.
• Scalability and Performance: Employ techniques like horizontal scaling, caching, load balancing, and auto-scaling to handle increased API traffic and ensure optimal performance even during peak usage periods. Implement monitoring and performance testing processes to proactively identify and address bottlenecks or performance issues.
• Compliance and Governance: Ensure compliance with regulatory requirements and industry standards related to API usage in the banking sector. Implement proper data governance practices, security controls, and monitoring mechanisms to maintain data privacy, security, and compliance with relevant regulations.

It’s important to consider the specific needs and requirements of the individual banking organization during the implementation and customization of this blueprint. The transition to open finance can be undertaken in a phased manner, as already seen through the examples of the UK and Australia, to make the bite-sized changes more palatable.

How can Solution Providers be ready?

A 2022 study conducted by the Stanford University Graduate School found that 49 out of the 168 surveyed countries have implemented open banking policies, while another 31 are in active discussions for the same. Given this acceptance of open data governance, FIs have started to realize the need to augment their offerings. A mere opening up of data is unlikely to bring in more customers, and a distinguished experience is required to attract more commercial attention. But the banks don’t need to build their APIs to serve this purpose. Instead, there are technology providers who provide connectivity between public APIs and proprietary platforms for an embedded experience.

Here are some ways technology providers can build solutions to support banks, TPPs, and credit unions to truly unlock the potential of open banking:

1. Data consolidation: Technology providers can offer banks and FIs a 360-degree view of their customers—consolidating all accounts such as deposits, mortgages, transactions, investments, and so on, in a single place, to better support open banking offerings.
2. Building micro-services-based platforms: A microservices architecture is a foundational component that facilitates banks to scale based on demand in the open banking ecosystem. Ensuring service orchestration calls for a shift towards microservices, a key enabler for banks to build and sustain an ecosystem of external partners.
3. Community building: Providers can help create communities via developer portals for accessing APIs to build end-to-end use cases in a sandbox environment.
4. API Policy and Management: Banks and FIs need to establish themselves as trustworthy ecosystem participants by using APIs and related technologies that are compliant with regulations. Providers can help them with API management and security via support on tools, policies, and procedures.

Opening up to the World of Open Banking

For a long time, open banking has existed in one form or another. But, it is now that it is grabbing eyeballs with the rapid uptick in adoption among consumers. In fact, nearly 83% of consumers already use digital services for at least one financial task. As open banking reshapes the banking industry, incumbent banks operating in data silos may consider embracing this once-in-a-generation shift. Recognizing the power of open banking, regulators across the world are also devising policies around it to empower consumers with greater inclusion, security, protection, and access to better financial services. Banks, credit unions, and FIs can leverage the power of open banking to become more customer-centric, enhance operational efficiency, and improve their interoperability.

As the acceptance of open banking expands, traditional banks—both large and small—will be required to adapt to this new world to remain competitive.

We at Opus Consulting have handheld leading banks and FIs in navigating their open banking journeys. Contact us to know how you can harness the power of open banking to scale your financial services business.

The post Stepping stones for Banks, Credit Unions, FinTechs, and Solution Providers toward Open Banking in the US appeared first on Opus | Inspiring Payment Innovation.