Part 2: What Challenges Will Be Faced?
So what difficulties will open banking in the U.S. pose for financial institutions and beyond?
Challenges include a relatively complex regulatory environment, with both state and Federal-level components; and differing regulations impacting the consumer and corporate sectors. U.S. institutions obviously must continue to operate efficiently as part of the global banking infrastructure for cross-border payments and borrowing. Simultaneously, the mature established banking system needs to evolve fast so that the U.S. remains competitive.
Digital transformation of the system must accelerate while being able to digest open-banking initiatives that are sure to migrate to the U.S. GDPR and its influence on the California Consumer Privacy Act (CCPA), which became effective on January 1, 2020, is a good example. In protecting E.U. residents, their privacy, and their data, GDPR also touches financial institutions, processors, and other organizations in the global business ecosystem who have access to E.U. residents' data—although to what extent seems to be a moving line. A wild card: what constitutes "permissioned-data?" On the plus side, the U.S. possesses several advantages that should serve it well in open banking. These include the large size of the financial services market, a culture of extreme innovation, the large number of fintechs and the amount of investment backing of new financial technology, government support, and a bias toward action (for better or worse).
On the negative side, a free-market approach could backfire, notes Jessica Cheney, CTP, AAP, vice president of strategic solutions for B2B fintech Bottomline Technologies.
"Not having a clear mandate [as does PSD2] means that U.S. banks and fintechs will be more creative about how they approach APIs. Because we're creative, there's no standard toward which everyone will gravitate. Five different banks will have five different ways to use APIs. Each solution provider will look for a distinctive way to solve the problem," she says.
Cheney observes that innovation to date for open-banking commercial applications in the U.S. has focused more on integration. For corporate treasury professionals, it's "How do I get access to data without having to use the front-end application of the bank and without the traditional file-transfer method? How do I interact with my bank in a host-to-host way?" It's about a more efficient and open way to access the data. The emphasis is not on making all that consumer-level data more portable, but on how to make data to corporates available in a more natural, functional way.
Another point: if U.S. consumers own their data, will financial institutions and fintechs be able to use it to create (and charge for) innovative new services for consumers? GDPR somewhat takes this opportunity off the table in Europe, notes Cheney, because consumers own their data: why would they pay for it again? For example, Yodlee, an early, U.S.-based consumer financial data aggregator (it powered the popular free Mint consumer app, now owned by Intuit) was acquired by wealth management software company Envestnet in 2015.
The Technology Exists
The enabling technology exists for the U.S. to follow this open-banking path.
Robust open APIs and platform-enabling technology are at work in the BBVA API Market and Citibank API Store, for example, as well as in proliferating fintech offerings. The former replaces current, insecure screen-scraping methods and "hard-wiring" connections with partners, a data-sharing process that's not scalable.
The cloud has become well-accepted for secure enterprise applications and data processing. Security and access technology are vastly improving, such as multi-factor authentication (mandated by PSD2). User interface (U.I.) advancements, including the use of biometrics to identify banking customers, further improve security.
Next-generation digital banking platforms built for the cloud are proliferating. These include multiprotocol, multichannel, and secure APIs for retail and commercial bank services.
Big Data, A.I. and analytics are being mainstreamed into financial services delivery. A good example is more sophisticated risk management, via better transactional analysis and applied behavioral analytics.
Last but not least, there's tremendous momentum in payments, including innovations like P2P payments (Zelle, Venmo, etc.), Faster Payments (U.K.), and The Clearing House’s Real-Time Payments system (U.S.) The latest is a significant—and emblematic—innovation in open banking. Request to Pay integrates data across formerly siloed transactional payment systems and banking channels, creating granular freedom of choice in how businesses and individuals choose to get paid. In effect, RTP converges the traditional, transactional payment channel and detailed information about the payment in a single, virtual channel—a technological first.
Not surprisingly, with opportunity comes new risks, including new fraud vectors with heightened risk. The vigilance of customer due-diligence will need to increase, although Know-Your-Customer (KYC) requirements are already benefiting from technologies like A.I. and real-time analytics. Crooks will continue to be creative and relentless: they go where the money is, ensuring lots of regulatory attention and innovation in this area.
Of course, there's also the risk that customers just won't go for it at any price. Local banks, with their physical branches, human bankers, and ATMs, have earned retail and commercial customers' trust. Fintechs are still a wild card to many consumers, although Millennials are more accepting and less terrestrial about who provides their payment, credit, investment, and other financial services, both at home and in their roles as corporate decision-makers. And non-Millennials are warming up. With so many vendors scrambling in the payments land grab, there's potential confusion, and trial-balloon product failures may undermine user confidence.
Some Advice for Banks
While some pundits are skeptical about the future of broad-based open banking in the U.S., it's inevitable at some level given its innate global footprint and all the momentum. Perhaps the more significant impetus: People expect open data sharing in all aspects of their personal and business lives, including finance. And they have a steadily growing number of alternatives to traditional financial institutions.
Where does this leave banks? Given fintech innovation, and other forcing functions happening in the U.S., U.S. banks of all sizes should get their open-banking strategies in place if they aren't already. While open banking is deploying on a country and market basis (for obvious reasons), it is the direction of the global banking system—make no mistake about that.
All banks would be advised to get their open-banking strategies in place, whether it's building your own platform (API-based open ecosystem for sharing your data and services), joining one, or linking up with a Banking-as-a-Service provider whose platform makes your institution a player, bringing it into the global open banking economy simply and painlessly.
Click here to read part 1 of Open Banking in the U.S.: Ready for Business?
And for further insights into the payments industry and beyond, subscribe now and stay up-to-date on the latest tips, trends, and topics. You can also check out The Payments Podcast, where experts weigh in on the real-time factors impacting the payments industry.
 "U.S. firms accounted for nearly half of the $117 billion in cumulative global investments [in financial technology] from 2010 to 2017." Source: U.S. Treasury analysis of F.T. Partners data
 "In a survey by Zelle, more than half of first-time P2P service users were at least 45 years old. Fifty-two percent of Generation X and 46 percent of baby boomers said they 'trust' P2P payments and are interested in using them. More than three-fourths (76 percent) of Gen X and 74 percent of baby boomers agreed that the top reason to try P2P payments would be if it were offered through a financial institution they already use." Source: Pymnts.com.