Image credits: fauxels from Pexels
Open banking is the piece of technology that is currently the buzzword among traditional banks that are trying to level up their online banking services. One of the key features of the open banking concept is that it helps fintech firms (or Third-Party Providers/TPPs as they are described in the PSD2 open banking regulations) access with consent the customer data held by banks, and some services provided by banks. In this way, open banking will be a major enabler for both fintech firms and banks, allowing them to brainstorm and bring to consumers new and innovative applications to enhance the online banking experience built on the data and services accessed from traditional banks.
In this blog, I will take a look at how banks differ from fintech firms, provide a brief introduction to open banking, and finally look at how open banking technology helps banks collaborate with fintech firms. (Note: I will be using the word “TPP” and “fintech” interchangeably, for the most part, both these terms give the same meaning.)
Banks and Fintech Firms
Banks include traditional banking institutions and newer additions such as neobanks and challenger banks. Neobanks and challenger banks are also types of banks that offer the same services as traditional banks. What makes them different is that they operate digitally without any or minimal physical presence. The way they reach customers is by mobile and web applications. Though the terms neo-banks and challenger banks are often used interchangeably they have their differences:
- Neobanks don’t have any physical presence while challenger banks are physically present.
- Neobanks rely on a partner bank to operate while challenger banks have a full banking license to operate the full suite of banking operations.
- Neobanks target a specific customer segment like SMEs while challenger banks cover the entire banking operations.
On the other hand, fintech firms are relatively new to the financial industry. Fintech firms evolved out of advances in technology. Arising out of their generally innovative, fast-moving, and consumer-focused nature, fintech firms are in a unique position to help traditional financial banks better serve their customers using cutting edge technologies. There are no specific or standard services that a fintech firm should or must offer but the possibilities are limitless. Some of the services fintech firms offer are:
- Peer-to-Peer lending (eg: Peerform)
- Payment gateways (eg: Stripe, PayPal)
- Digital wallets (eg: Samsung Pay)
- Asset management (eg: Bambu)
What is Open Banking?
In 2016 the Competition and Markets Authority (CMA) published a report about banking, where it found that older established banks didn’t have to compete hard enough for customers. This resulted in newer banks finding it harder to find new customers and grow, very little incentive for larger banks to innovate and develop new consumer-centric products and services, and a situation in which consumers had very little control over their financial information unable to access and share it in ways that made their lives easier.
Open banking, as a regulatory response to this situation, took its first step with the emergence of the Revised Payment Services Directive (PSD2) regulation in Europe in 2018. PSD2 requires all financial institutions to expose their customer banking, transaction, and other financial data, with appropriate consent from the consumer, in the form of secured APIs to TPPs. In this manner, it can be considered as a regulation that was brought in to break the potential monopoly in the banking industry and promote more consumer-friendly product and services innovation. Today, open banking has become a global trend that is covered around regulations like:
- Consumer Data Right (CDR) in Australia.
- API Playbook in Singapore.
- Open API Framework in Hong Kong.
- Open API standards in Nigeria.
- Regulations in countries such as Brazil, Mexico, Canada, New Zealand, Japan, and Russia.
- Industry-driven approaches in countries such as the US (FDX API initiative).
Open banking is considered as one of the main innovations’ that is reshaping banking as a whole.
Bank Fintech Collaboration
A few years ago banks looked at fintech firms as competition, but in the present, both of these entities look at each other as an opportunity to grow. This is why today most banks and fintech firms opt for partnerships.
Reasons for collaborating
- Banks can reach a larger audience.
- Fintech firms can start right away without needing to worry about access to sufficient data.
- Banks can concentrate more on their core functionalities.
- Fintech firms can increase their customer base rapidly.
How open banking acts as a catalyst for collaboration
Open banking plays a major role to help banks and fintech firms collaborate as they provide a more comprehensive and standard way for the Bank-Fintech collaboration.
1. Standard onboarding process for TPPs
The need to sign contracts with different banks to start a Bank-Fintech partnership is standardized so that all fintech firms have a standard and a more secure way to start using a bank’s API. One such approach is the Dynamic Client Registration (DCR). This method is specified in the UK open banking specification. This is how it works:
- The TPP logs in to the Open Banking Directory; This is a service where the information of TPPs and banks are stored.
- Completes the process of getting a Software Statement Assertion (SSA) for its application and downloads it; SSA is a document containing the client’s metadata.
- Calls the DCR endpoint deployed in the particular bank's open banking solution.
- The DCR request then responds with the client application details like the consumer key and secret.
Now the TPP can access the bank’s data using the credentials received for the application that was created. Click here to learn more about the UK TPP onboarding process. This makes it easier for fintech firms to register with many banks and start using their data and services easily without having to negotiate access with individual banks since:
- There is no need to enter into contracts with each and every bank.
- There are no long security processes to wait for to be able to access the API as most of this will already be completed prior to onboarding with banks.
- The certificate verified by the open banking directory will be used to identify the TPP from here on.
2. Standardized APIs
The authority governing the smooth flow of open banking in each region or country provides a specification that needs to be followed by banks when exposing their data as open APIs. All regulated and participating banks must adhere to these specifications. This makes it easier for fintech firms to integrate data from many banks. Some of the problems faced due to not following a standardized API specification are:
- The time taken by developers to devise ways to talk to the different APIs held by different banks is too long.
- Extended R&D processes based on this will also lead to an expensive process making it unprofitable.
- The absence of a performance standard will affect user experience for both the TPPs and end-consumers.
- Without these matters being standardized, the end-user experience would not be good and the system would fail even if the API template was up to a certain level.
Security is a major aspect when it comes to opening up sensitive data to TPPs. A recent study shows that two-thirds of consumers in the UK said they won’t share their personal financial data with non-bank providers mainly due to privacy concerns, which is why it is very important to get consent from the user whose data is about to be exposed to another party. The concept of consent management in open banking helps in managing the consents given by the customer. It allows the customer to give consent to what information the TPP can access and for how long.
Below is a sample consent management process as implemented using WSO2, conforming with the open banking UK specification:
- The consent flow starts with the customer initiating a service to consume (for example, retrieve personal account information).
- The TPP then asks for permission to access the accounts data on behalf of the customer.
- The user is redirected to the bank’s website to authenticate and authorize the consent required by the TPP to access his account data.
- The data that is required and all the information about the consent is displayed to the customer before he can approve it.
- The customer then approves it. (he/she also has the option to decline).
- The consented data is then returned to the TPP application and the user is redirected back to the TPP application.
Now the customer can see the account details in the TPPs application. This a consent flow from the open banking UK specification and this may differ from country to country according to their specification. Click here to learn more about the consent management process.
4. Developer Portal and API marketplaces
API marketplaces and developer portals are the platforms that enable banks to expose the APIs to TPPs. The developer portal is the place where fintech firms come in search for APIs of banks to start using them. It also helps the fintech firms to test and experiment with the combinations that work for them from the variety of customizations available in the portal. However, to stand out from the competition it is required to build a successful API marketplace. Banks like HSBC have been making an effort to build the best possible developer experience for its API consumers. They believe that end-to-end developer experience isn't just providing the bare minimum APIs as defined by the open banking and PSD2 regulations. The way they are trying to achieve this is by:
- Providing developers with a range of APIs to select from.
- A complete sandbox environment with realistic production data.
- Providing support and documentation to make the APIs as easy to implement as possible.
- Building a community around these APIs and its users.
- Giving non-developers a way to interact with its APIs.
5. Building on strengths
Innovation and providing consumer-centric technological solutions are not the core functions of banks. Open banking helps banks to focus more on providing and improving their core services while the fintech firms can bring in technological and consumer-focused innovations to the banks. This allows both banks and fintech firms to separate their responsibilities.
|Strengths of banks
||Strengths of fintech firms
|Existing customer base
||Agility and speed to market
|Reputation, trust, and stability
|Experience with regulators
||Ability to improve the user experience of current banking products based on being consumer-focused
|Full line of banking products
||Focus on a limited product set
These strengths are mostly a weakness in the other party’s end. A bank-fintech collaboration will help to build on each other's strengths and open banking makes the collaboration process effortless.
Open banking is either being mandated or encouraged by governments, leaving banks with no choice but to share their customer data and development environment through APIs with authorized third parties, such as fintech firms, in their financial ecosystem. Different regions have different regulations. The EU has the PSD2 regulation while Australia has the CDR. All these regulations have a common goal which is to allow financial institutions to open their customer data to TPPs. This makes it safer for banks and fintech firms to start collaborating as these regulations are imposed by the country's government.
The bank-fintech collaboration is mostly a win-win situation where one gets to work on its strengths to cover up the others’ weaknesses. It gives bank customers more control over their finances and therefore resulting in an increase in the customer base for both banks and fintech firms. Financial services innovation will be even more widely available due to the bank-fintech partnership revolution, with huge influences to come from innovation in big data, artificial intelligence, mobile, cloud computing, and AdTech in the next 3 - 5 years. WSO2 Open Banking is a fully-fledged open banking solution that covers the API management, security, analytics, and many other capabilities beyond the technical requirements of global open banking.
If you found this blog interesting you may also be interested in reading a little deeper into how banks could go beyond compliance alone when planning and implementing their open banking deployments.