Why Banks Should Consider Becoming Third Party Providers
- Dimuth Menikgama
- Senior Software Engineer - WSO2
Executive Summary
- Open banking regulations introduced standards that opened the door for many fintechs to enter the market as third party providers.
- Fintechs provide innovative applications to solve modern banking problems and are now functioning as a new front face for consumers.
- In such a context, financial institutions can either become innovative or partner with these fintechs to remain competitive in the open banking world.
Introduction
With the rise of open banking in the world, the traditional barrier that stood between users and their data has been broken. We can see many fintech third parties entering the banking world. This new competition brings better user experience, insights from data analytics, and improved services/products for consumers.
Due to this, financial institutions are forced either to be innovative themselves or partner up with these fintech companies in order to remain competitive. Even though financial institutions and third party providers (TPP) have two different roles in the open banking domain, many financial institutions are looking to fulfill both these roles in order to keep up with this new trend. In this article, I will briefly discuss why banks should consider taking the role of third party providers.
Who Is a Third Party Provider?
In a traditional banking setting, financial institutions (or banks) are directly connected to their end-users. They provide services such as account information, execute payments between accounts, lend money, and collect money. Bank users complete one or more of the above services by requesting them directly from a financial institution. This happened via internet banking applications, mobile banking applications, or by users physically being at the bank. We can depict this scenario as below.
In the above scenario, bank users connect to the public interface of a financial institution to achieve a task. If there are several such institutions, users are required to identify the different public interfaces to connect with all these.
Third parties were introduced to this scenario during the latter stages of digital banking. The responsibility of a third party is to act as an intermediary between the bank user and the bank. In other words, the third party provides a secondary public interface with which the end-consumer interacts. With this third party in the picture, users can request a service from the third party. In this case, the user does not require to have knowledge about the public interface of the bank. All these are taken care of by the third party. Consumers need to provide consent to this third party to perform a task in the financial institution on behalf of them.
The main problem with this approach is that third parties have to discover and integrate with the different financial institutions in a heterogeneous manner since there is no standardization. This is when open banking comes into the picture.
With open banking, financial institutions are supposed to expose their public interface in a unified standard manner. This allows easy integration for third parties and this attracts new fintech organizations to the financial domain as “Third Party Providers”. Fintechs such as Tink, Yodlee, and Plaid are becoming well-established, successful third parties in the open banking domain. Applications such as Kalgera (a personal finance management application), MoneyBox (an application that encourages saving spare money), and Mojo (an online mortgage broker) are some good examples for innovative consumer applications that are built on top open banking services. With these innovations, some of these companies are now getting attention from fortune 500 companies to build better applications.
Open banking specifications in various regions have different terms for this intermediary party. As an example, the Open Banking Standard in the UK and the Berlin Group NextGenPSD2 specification identify this intermediary agent as a “Third Party Provider” (TPP). Consumer Data Standards from the Australian region identifies this intermediary agent as a Data Recipient. Similarly, various regions have different names for this agent. But we will call this agent as TPP throughout this article.
Financial Institutions and TPPs
From the beginning of the open banking movement, financial institutions looked at TPPs as a threat. They actively engaged very much with their end customers before this recent open banking movement. Control over the generated end-user data was owned only by the financial institutions. Open banking regulations are now putting pressure on these financial institutes to open up and control the financial data in a secure manner via APIs. A registered TPP can obtain customer data via the APIs on behalf of the customer. This could, in theory, eliminate the requirement of the end-user to interact with the financial institution directly.
On the other hand, for a long time, many financial institutions have been providing internet banking and mobile banking applications for their customers. If a customer had several bank accounts in different banks, she/he had to visit these services in each bank to perform activities in each account.
In response to this poor customer experience, TPPs entered this space and tried addressing this problem even before pen banking regulations. At that time, financial institutions had the freedom to dictate the following:
- Providing a public interface for banking services or not.
- If providing such an interface, what are the exact services to be provided.
- Providing access to the public interface for a particular TPP or not.
The only way to sidestep these limitations was for TPPs to take up the practice referred to as screen scraping. In order for this to work, third parties needed to actively collect consumer account details, impersonate a web browser, and extract data or perform actions on the banking portal-actions intended to be manually completed by the actual consumer. While this resulted in widely adopted services like Mint, screenscraping entails inherent security risks for both consumers and banks. Some of the major concerns about the use of screen scraping were:
- Screen scraping required storing consumer credentials in a datastore owned by the TPP. Consumers and financial institutions didn’t have any control over the security of how these are stored.
- Consumers and financial institutions didn’t have control over the scope and duration of the provided consent.
- Screen scraping required removal of additional security barriers (such as OTP based second-factor authentication mechanisms) that protected consumers against fraud.
- Some financial institutions identified handing over credentials to external parties as a violation of terms and conditions of the bank account maintained by them.
Open banking was introduced by the authorities as an alternative to screen scraping. With open banking, it was mandated to expose a public interface for trusted third parties. Due to this, a lot of the resistance against the entry of TPPs to the market has been eliminated. Trusted TPPs were given the chance to integrate with any financial institute as per the regulations. Since most of the TPPs are tech-savvy fintech companies, they are working on better user experience and smooth services. In essence, TPPs have proved to be far more adept at building a better user experience in the public interface between service providers and consumers, overshadowing the public interface offered by traditional financial institutions. This has led to TPPs beginning to capture more market share with an ever-broadening section of the market by providing more timely and personalized value to the end-consumer. This means that TPPs are becoming a bigger threat to financial institutes and competition is becoming tough for financial institutions.
With this in mind, some of the financial institutions - while looking to collaborate more with fintech firms - are also actively looking to take the role of a TPP themselves, receiving data and services from other players in the open banking ecosystem and innovating new services and products to stay in the competition. This scenario can be depicted as below.
In the above example scenario, ABC bank has its own TPP application (marked in green). ABC bank is connected to its own TPP application as well as many other TPP applications via the same standard open banking platform. On the other hand, ABC bank’s TPP application is also connected to many other banks via the standard open banking platform exposed by those banks.
Due to the standardization mandated with open banking specifications, it is open for everyone to enter the TPP market. Let's first look at why it is easier for a financial institution to enter this TPP domain compared to a new fintech TPP application.
Why It's Easier For Financial Institutions To Become TPPs
Consumer trust
People have concerns about the trustworthiness of third party applications. This is especially the case if you are looking for an application to grant access to all your bank accounts. Financial institutions have already gained that trust in the community for many years. So from the perspective of a bank user, we can see that financial institutions have a better chance of winning consumers' trust.
Customer base
Attracting bank users and convincing them to grant consent to perform banking activities on behalf of them will be the hardest part for many TPPs. In this situation, financial institutions have a competitive advantage within their existing customer base. It will be easier for them to convince customers of the advantages of such an application. Furthermore, owing to their presence in this domain for many years, financial institutions know the exact audience to target when marketing a TPP application. They can pitch this to the right customers who are chosen based on behavioral data collected in the past.
Easy integration
New TPPs find it challenging to integrate with open banking APIs in the initial stages. Technical issues that they were unaware of will be revealed in these stages. If both the TPP application and open banking solutions are developed simultaneously, it will be easier for both of the components to identify these technical issues very early. Additionally, if there are security vulnerabilities or such issues exist in the system, the bank-owned TPP will be the first party to notice these.
Why Financial Institutes Should Operate a TPP Application
Now it's clear that bank-owned TPPs will find it easier to come to the TPP world compared to a new fintech TPP. But it is also important to evaluate the benefits financial institutes and their open banking systems can gain by having such TPP applications on their own.
Engage directly with consumers
As we already know, open banking regulations will change control over the banking data by exposing those over APIs. With that, TPPs who are retrieving this data will become the front face to the consumer when it comes to day-to-day banking requirements. If this continues, financial institutions will become service providers to these new third parties. Therefore, for banks choosing a strategy of leveraging their brand with consumers in the long term, they need to catch up with the changing open banking atmosphere. Becoming a TPP will again put them in the front line of the business. Without this, they may drop to the background of the financial services ecosystem, providing banking functionalities as a service, forming an infrastructure layer instead of acting on the frontlines.
Connect with other financial institutions
TPPs get the chance to connect with any registered financial institution with the permission of regulatory authorities and consumers. This will give a chance for bank-owned TPPs to integrate with other financial institutions and develop services using data previously not available to them. For example, bank A could offer a credit product to a consumer based on the consumer’s transaction history recorded in bank B. This expands the potential customer base for smaller or newer banks enabling them to compete with the larger or more established competition. Integrating with data streams from other banks would also help banks compare their services against those offered by the competition better. This could help the bank improve its open banking solution and services.
Identify vulnerabilities
Open banking concepts and technologies are still new to most financial institutions, fintech firms, and regulators. It's possible to expose a security vulnerability when implementing these concepts. On the other hand, it's also possible that some part of possible vulnerabilities is not covered when developing the specifications by the regulators. Since financial institutions cannot stay away from implementing open banking, it's better to have eyes on the other side of their interface. Having their own TPP application will cater to this without any additional cost. If there are vulnerabilities after any new changes, bank-owned TPP applications will identify them in early stages since they will be among the first few third parties who integrate with the open banking platform.
Better understanding of TPP integrations
TPP integration with an open banking platform is still not as smooth a process as it should be. We have seen many TPPs communicating back and forth with technical specialists in financial institutions to resolve technical issues encountered when trying to integrate. Financial institutions that own a TPP application do have prior experience in TPP integration with their platform. Financial institutions can use this expert knowledge of the internal TPP team to help the external TPPs to solve common problems.
Many traditional financial institutions are still struggling to evolve beyond old technologies. Taking the role of a TPP will force these organizations to widen their horizons to new technologies used by fintech. This will help engineering teams in the financial institutions to have a better understanding of how TPPs fit into this ecosystem and what technical issues they face in this process. This sense of empathy will help financial institutions build a better relationship with fintech in this new atmosphere.
Integrating with open banking is not a one-time process. Open banking has evolved since its first announcement and regulators are frequently publishing new API versions, security profiles, and user experience guidelines. With all these changes, it can be challenging for both TPPs and financial institutions to keep the integration running smoothly. TPP applications owned by the financial institutions can act as a test suite in such scenarios. Having such a TPP application will be a long term benefit for financial institutions to understand the reality of TPP integration.
Think beyond compliance
Open banking platforms are opening new opportunities for financial institutions to provide innovative value additions to TPPs and consumers. Banks are now looking into taking full advantage of open banking by introducing value-added services to consumers via TPPs. These can be coordinated well by having their own TPP. As an example, an additional API can be exposed by a financial institution to a selected set of TPPs (or only to its own TPP) to retrieve loan related information. These will give a competitive advantage to both TPP and financial institutions.
Furthermore, by acting as a TPP, they can consume value-added services provided by other financial institutions, bundle them with their own services and provide innovative products to consumers. This will be a huge opportunity for smaller banks (Tier 2 banks) as this will allow them to access massive data from much bigger players (Tier 1 banks). In most of the countries, these Tier 1 banks control the majority of consumer assets. By taking the TPP role, smaller banks can compete much better in the new market by providing useful consumer services with this new dataset (e.g: a personal finance management/ recommendation application can be developed by analyzing the credit scores, deposits and expenditure patterns).
Conclusion
Even though banks initially looked at open banking as a threat, it really is an open opportunity for all the parties involved in the financial domain. Standardization that followed open banking reduced the integration complexity by introducing common interfaces. Now that it's open for everyone, financial institutions are looking to develop or partner with third party applications and enter this new market. It is easier for them to enter the market due to reasons such as established community trust and an existing customer base. Financial institutions should look at making the most out of this opportunity as it is beneficial for them in many ways.
Learn more about WSO2 Open Banking here and how we work with global financial institutions.