Part 1: What is Open Banking?
Conversations about open banking abound today, but comparatively few about open banking in the U.S. and the impact it will have. Primarily regulation-driven open banking initiatives in the U.K., E.U., and elsewhere are starting to show results, although not without some to-be-expected speed bumps, such as compliance delays for some pivotal institutions. By comparison, open banking in the U.S. sometimes seems the equivalent of an unpopular or politically incorrect topic introduced at a cocktail party: no one really wants to talk about it. Is the U.S. late? Or just on plan but marching to a different drummer?
Part of the confusion may be due to semantics.
Open banking in regulatory-driven countries has been propelled by consumer-privacy legislation (notably, the General Data Protection Regulation (GDPR) in the European Union and its equivalent in other countries). The E.U.'s sweeping consumer-data-privacy regulation, GDPR protects citizens and their data, including who "owns" it, who can access it, and the right to be "forgotten." Such regulations are enabling secure, seamless data sharing in finance—or even mandating it for consumers, in the case of regulations like the European Union's Payment Services Directive 2 (PSD2), which includes adherence to GDPR.
Although they happened half a world away, GDPR and PSD2 set the tone for open banking in the U.S.
Open Banking, Defined
McKinsey defines open banking this way: "Open banking is a collaborative model in which banking data is shared through APIs between two or more unaffiliated parties to deliver enhanced capabilities to the marketplace." In the U.S, this is taking the form of open access to the bank via APIs versus directly through the online banking applications that banks provide.
Translation: Consumers want safe and secure sharing of their banking data to make it easier to get credit, pay bills, manage finances, and save for retirement. In the past, your banking data was "owned" by your bank, trapped in their systems, shared only at their will, and then only with their choice of partners. Today, banking data (and other personal data) is moving steadily toward being owned by you, portable and shareable with any provider only on a secure, permissioned basis. Whether this is happening because of regulation (as in the U.K. and E.U.), free-market initiative, or a combination of both, it's inevitable—and ultimately a good thing.
It's no surprise that businesses want the equivalent to pay and get paid faster, manage cash flow, and minimize their financial risk across the global banking system.
No matter where it resides, open banking shares common goals, including:
- Opening up centuries-old banking infrastructures to enable more competition
- Delivering more choice and value for customers
- Bringing more consumers into the banking system
- Expediting the global digital economy
What differs is the approaches that are taken.
The United Kingdom (CMA Open Banking), European Union (PSD2), and countries like Australia, Japan, Brazil, and Hong Kong (HKMA) have taken largely regulatory-driven approaches. Others, like the Republic of Singapore (considered to be one of the most advanced in Asia-Pacific in open banking), have taken more laissez-faire approaches.
Meanwhile, the United States appears to have taken a mostly free-market-driven approach, perhaps by default (due to its complex regulatory environment and the many overlapping government bodies involved). There may also be a natural bias away from regulation and toward industry collaboration (for example, industry standards like NACHA/Afinis, BIAN, and FDX) and "coopetition"/partnerships (bolstered by some help if not mandates or hands-on restructuring from the Federal government.) This is the same approach that is currently being taken to real-time payments: no single way to do it, nor a mandate to do it at all.
For example, the U.S. Department of the Treasury called for all open-banking-affected agencies to "align behind an interpretation of Section 1033 of the Dodd-Frank Act, which asserts the ability of Americans to permission their financial data," according to American Banker. The Consumer Financial Protection Bureau (CFPB) is and has been the lead agency promoting this concept. It released its principles for consumer-authorized data sharing by financial institutions in October 2017.
In September 2018, the United States Senate Banking Committee held a hearing on "FinTech: Examining Digitization, Data, and Technology," Witnesses addressed the power of data aggregators like Facebook and Google that amass consumer data and the implications of extending and protecting similar aggregation for financial institutions (to ensure a level playing field). They also discussed the use of APIs as a standard access method and the need for new federal legislation regulating data-breach notification. Some committee members were sharply critical of Treasury's perceived "hands-off" approach to consumer data protection.
At the time I write this, there is no GDPR-equivalent law for United States citizens. However, GDPR-like legislation is making inroads at the state level (including California, Colorado, and New York, the last of which failed to pass—for now—in July 2019), albeit slowly and arguably not as sweeping as GDPR.
Big Stakes, Many Stakeholders
What's even more evident is that the stakes are significant for open banking in the U.S., and go beyond consumers. Although open banking intends to level the playing field, there are also some clear beneficiaries.
With API-driven open banking, corporates could benefit from less friction and cost in payments, more choices in borrowing, and more-efficient corporate treasury operations. Small and medium-sized enterprises (SMEs), many of which traditionally dealt with local banks ("the bank you know"), could enjoy more freedom of choice in banking providers and services. Businesses large and small would presumably deliver trickle-down benefits to their customers in the form of better products and services.
For traditional financial institutions, open data equals power. Open banking creates a power-play ecosystem opportunity for big banks and other F.I.s, such as by sharing branded or white-labeled services via open APIs. Players such as BBVA and Visa are taking advantage of active open API marketplaces targeted at developers. Commercial banks and savings institutions/credit unions can participate in these larger bank ecosystems and/or innovate on their own by assembling services from various sources accessible by APIs, creating differentiation in their markets.
Fintechs of various sizes and specialties can also participate in these ecosystems by offering their services up via open APIs. Technology giants—the so-called GAFA and FAANG—of course, are well on their way toward making their moves.
Click here to read part 2 of Open Banking in the U.S.: Ready for Business?
And for further insights into the payments industry and beyond, subscribe now and stay up-to-date on the latest tips, trends, and topics. You can also check out The Payments Podcast, where experts weigh in on the real-time factors impacting the payments industry.