What’s Next for Open Banking
Open banking is a system that provides 3rd parties (e.g. FinTech, BioTech, LegalTech companies) access to data from a number of financial institutions via application programming interfaces (APIs). In Europe, open banking has been legislated through the implementation of the Payment Services Directive (PSD2) which came into effect 13 January 2018. The Directive’s purpose is to increase pan-European competition and participation in the payments industry from non-banks and innovative online and mobile payment service providers.
Open Banking APIs in this article are considered free and commercial (pay-per-use), where open refers to the technology (open source tools and paradigms).
There are various Open Banking standards globally (e.g. The Open Bank Project) that support the PSD2 directive, where developers have access to APIs, sandbox environments with mock-up data to sample, and documentation to aid development. The UK has also taken the lead in open banking initiatives in producing an open banking framework that can enable the open banking standard in the UK.
API aggregators such as TrueLayer and Yodlee offer startups, online lenders, personal finance apps, accounting applications software, and crowdfunding platforms access to data from various financial institutions via secure APIs.
Previously, the only option for many of these companies to get access to customer data from Financial Institutions (FIs) was to ask their clients for certified printouts from these institutions or to ask their clients to hand over their login credentials (generally frowned upon and in violation of many FIs terms and conditions) so that the 3rd party could retrieve client data by using bots and screen scraping tools.
Open Banking APIs can be consumed by service providers to support a number of ecosystems, each with their own benefits.
A financial institution can offer open banking APIs to their own channel developers, which may result in greater agility and a faster pace of development. These open banking APIs can be consumed by 3rd party solution providers that bundle the FI’s services with other 3rd party offerings to create unique and compelling value propositions. Examples in the fintech space are financial product comparison apps, personal finance management apps, and robo-advisory apps.
Aggregators also exist offering a platform with generic APIs for a number of FIs and third parties making it easier for solution developers to create bundled value propositions.
However, there are a number of concerns that Open Banking presents, particularly with regards to:
- What customer data 3rd parties have access to
- Who they share that data with
- How secure that data is from theft and misuse
- The large number of integration points required for a single 3rd party to integrate with multiple FIs
- Spoofing and phishing (fake app/site prompting a user to hand over their login details)
Customers have many reasons to be wary of open banking.
In the UK, third party service providers must be registered by the UK’s Financial Conduct Authority which aims to prevent fraudulent non-secure third parties requesting data from FIs. This has resulted in zero UK third parties leveraging open banking APIs as of 31 October 2018, as the journey that FIs require their customers to register with a third party is laborious. Open banking is meant to benefit customers, but an easy and seamless customer experience has been neglected in the implementation by FIs offering Open Banking APIs.
Incumbent banks can respond to regulations such as PSD2 hesitantly or with open arms. Each option presents itself as a different set of challenges or opportunities.
Leveraging Blockchain for Open Banking
A permissioned blockchain network could be introduced to the Open Banking ecosystem to address some of the concerns and introduce additional opportunities.
To address customer data privacy and third party usage concerns, a customer could utilize a self-sovereign identity solution where they directly control which third parties have access to their data at a granular level. An existing FI could authenticate the identity of the customer based on previous information the customer provided the FI.
E.g. An FI exposes identity management API to an SSID system. A customer submits their login credentials to a FI’s API (via the SSID system). The FI issues a token to the SSID system. The customer chooses third party services that they would like.
Open Banking as a Permissioned Consortium
Using the operating model of the UK’s Open Banking Ecosystem as a reference (which includes all elements that facilitate the operation of Open Banking e.g. API Standards, governance, systems, processes, security, and procedures) the administration and operation of Open Banking ecosystem on a permissioned blockchain platform appears highly viable.
On-chain (tech-enabled), all transactions between members are recorded on an immutable, shared, distributed ledger where activities between specific providers are only visible between permissioned parties (e.g. a regulator). Within this trustless environment, all participants can benefit from innovative capabilities built on a low-cost, high-speed platform where privacy requirements of all participants are maintained and no central intermediary is necessary.
Off-chain (institutionally enacted) consortium processes are typically governed against a constitution and legal jurisdictions e.g. which members of a consortium can add/blacklist other members, submit proposals, vote on the standards to adopt, rules to change, and on various types of disputes.
These off-chain processes can soon be effectively executed on-chain and with chosen degrees of transparency. With the upcoming introduction of innovative Governance-as-a-Service (GaaS) capabilities on enterprise Blockchain-as-a-Service (BaaS) control panels like Chainstack, weighty aspects such as governance and consortium management can be reduced to a few clicks.
Realizing the Opportunity
Currently, various building blocks such as permissioned blockchain networks, Open Banking APIs, API aggregation platforms, Open Banking API and OAuth standards, SSID solutions, and BaaS platforms exist at various levels of maturity.
Customers expect better data security, more control of their identity, and simple solutions that add value to their lives. Service providers have to adhere to multiple compliance requirements while trying to remain competitive, profitable and protect their own interests. Will Open Banking take off and converge with permissioned blockchain capabilities? Initiatives around multiple private consortiums in the banking industry are already underway. It’s just a matter of time until we hear of initiatives around the first open banking blockchain consortium.
References and Resources
Open banking: implications and risks by Sasidharan Chandran