Open Banking 101
Webinar: Are U.S. Banks Ready for Open Banking?
The short answer is yes. Traditional banks can modernize, but a few major challenges stand in their way. Watch Don Cardinal, Managing Director of Federal Data Exchange (FDX) and Alex Heublein, CRO of GT Software, as they discuss the current state of open banking.
Learn More About Open Banking
As a new concept, there’s a lot about Open Banking to digest at once. We’ve done our best to break down the basics for you:
- Industry Disruption – Open banking is already proving itself to be a disrupting force in the financial services industry in the UK. As it makes it’s way to the US, can traditional banks learn from the mistakes of past companies who suffered disruption?
- Open Banking Basics – Open banking is a movement in the financial services industry that aims to give consumers power over their own data. Here’s an explanation of what is open banking.
- History of Open Banking – The open banking movement is a global construct and has taken shape in different ways around the world. Here’s a little background on the evolution of open banking.
- Open Banking Adoption – Open banking adoption has more than one driver. From legislation to consumer demand, here’s what’s bringing open banking to the forefront.
- Overcoming Obstacles – A lot about the banking industry hasn’t changed in decades, but open banking is going to change that. Here’s how to overcome to challenges of open banking from IT infrastructure to culture-wise.
Are Traditional Banks the New Blockbuster Video?
When you think about disruption in corporate history, the neon blazing, iconic blue and yellow Blockbuster sign likely flashes into mind. During its 25 year reign, Blockbuster became the poster child for industry disruption on both the winning and the losing end.
What happened to Blockbuster Video?
Before reaching its dirty 30s, the beloved Blockbuster franchise grew from absolutely nothing to one of the most iconic brands in American history; returning back to absolutely nothing.
Explaining what it was like working for the company during the height of their reign, former Vice President for Blockbuster, Tim Hicks, said: “In today’s words, it would be something that you were part of that was special, disruptive and different. When you’re on a winning team, it’s fun.”
At it’s heyday, Blockbuster was a household name, a fixture in towns across the country. It’s growth, protected by an economic buffer around the cost of video rental. However, things soon took a turn when competition finally showed up.
According to Alan Payne, a former franchisee who owned the second-to-last U.S. Blockbuster in Alaska:
“The business that they built was not built to address competition. And not just threats from technology competition, but competition from other video stores.”
As banks find themselves in an eerily similar position as Blockbuster did just before it’s decline, can they learn from its mistakes?
Disruption in banking and financial services.
Open banking is the new disruptor in the finance scene, and it has real potential to do shake things up. Whether talking about Europe’s PSD2 legislation or the start of the FedNow in the U.S., the concept of open banking is gaining traction globally.
In fact, it’s one of the most interesting times to be in the banking and finance sector. We expect to see more change to how money circulates globally in the next 3-5 years, than we have in the last fifty.
The perfect storm of advancing technology, legislation, and consumer demand is arming much smaller fintechs with the edge needed to finally compete on the level with large banks. How these banks position themselves in the near future has the potential to drastically affect their ability to stay relevant to consumers.
Open Banking Basics
What Is Open Banking?
Open banking grants third-party providers access to consumers’ financial data from banks and financial institutions through the use of application programming interfaces (APIs).
Giving consumers power over their data.
The main concept behind open banking puts the consumer in the driver’s seat, allowing them to choose what, how much, and to who their information is shared.
This requires customers to consent to provide bank access, usually by checking a box on the terms-of-service screen. Third-party providers can then retrieve the customer’s data, as well as data about the customer’s financial counterparts.
Open banking’s potential benefits for consumers are poised to be massive. According to this report (PDF), open banking is still in its infancy, but conservative estimates predict individuals will accrue a total €12bn financial value over the course of a year, while small businesses will gain €6bn. This value is gained through identifiable savings like avoiding overdraft fees, facilitating balance transfers, mortgage comparison, high balance sweeping, improved access to financial services advice, education on spending patterns, and personal finance management.
History of Open Banking
Here is a glance at how open banking got started.
Deutsche Bundespost and HBCI in Germany
The beginning of open banking can be traced back to 1980, when Deutsche Bundespost (or the German Federal Post Office) conducted its first screen test experiment with five external computers. This online banking experiment allowed 300 providers on the company’s side and around 2,000 private participants, to test their new online banking service.
This test allowed participants to make online transfers using the number *300#. This was considered extremely innovative in the 80’s and introduced the idea of self-service banking into the world. Though few households ended up installing the system, the interface was used through 2005, and Deutsche Bundespost is credited with kicking off the open banking movement.
In 1998, Germany created another open banking and customer self-service interface. The Home Banking Computer Interface (HBCI) provided a standard for unifying the interface between online banking and banking software, with the goal of multi-bank capability. It defined security procedures, transmission protocols, and message formats. HBCI was originally designed by two German banking groups, Volksbanken und Raiffeisenbanken and Sparkasse, who worked with German higher-level associations such as the Association of German Banks on its development. Though the first draft was created in 1995, version 2.0 was launched in 1998 and was considered successful.
In 2002, FinTS (Financial Transaction Services) the follow up to HBCI, was launched. It offered the use of signature cards and the PIN/TAN procedure. Consumers use their PIN to log in and make a transfer, and must confirm a transaction number. FinTS also used a high level of encryption, making it substantially more secure than its predecessor. 2004 brought the introduction of FinTS 4.0, which converted all data structures to XML and schemas similar to XML. It also introduced additional interfaces with HTTPS, further emphasizing the importance of security, which is a cornerstone of open banking today.
In 2004, HBCI and screen scraping were combined to create what is known present-day as SOFORT. Screen scraping is the process of collecting screen display data from one application and then translating it so that another application can display it. SOFORT used screen scraping to read information on the screen, like an account balance. Once this information was obtained, payments from outside service providers such as Payment Initiation Service Providers (PISPs) were granted access to banking data. PISPs would then log into the provider’s platform using this information.
At the time, screen scraping was seen as cutting edge, though it later would be replaced by APIs.
QFX by Quicken™ in US
The first glimpse of open banking in the United States can be traced back to 1997 and an XML standard known as OFX (PDF). Also referred to by QFX by Quicken™, this was created by leading providers of Personal Financial Management (PFM) software Microsoft and Intuit, who joined forces with electronic payments services provider, CheckFree, to create an Extensible Markup Language (XML) standard. XML is an important part of open banking. It provides a common structure for messaging systems to exchange information between applications.
By using XML, information can be described and identified accurately, and other computers and applications can easily understand. Additionally, it is free and XML documents can be pieced together from difference sources and converted to other formats without loss of information. The creation of the XML language allowed customers to manage their own accounts at major banks and to perform basic account management functions.
At the time, many were nervous about using QFX by Quicken™ because that meant exposing internal data to third parties. However, this is very similar to what PSD2 mandates today, and the creation of QFX by Quicken™ is often identified as the first attempt at open banking in the United States.
In 2009 Giropay sued Payment Network AG, who was the operator of SOFORT, claiming that they were not only unfair competition, but were also making online banking less secure. In 2011, the European Cartel Office and the Federal Cartel Office intervened on the issue, ending the lawsuit and thus preventing discrimination against competitors who were independent of banks. This increased competition in online banking and prevented monopolies in the market. It also opened the doors to additional payment service providers and further encouraged fintech innovation.
PSD1 and PSD2 in the EU
When open banking is discussed, PSD2 is often mentioned. But most people are not aware of PSD1. Payments Services Directive, or PSD1 was devised by the European Commission at the end of 2007, and aimed to grow competition and increase participation in the payments industry by banks and non-banks. It put an emphasis on consumer protection and the rights and obligations for payment providers and users.
In 2015, the European Parliament adopted a proposal by the European commission to add new rules to protect online and mobile payments. This new proposal, PSD2, would go into effect in 2018. PSD2 opened banks up to third-party providers, which meant banks needed to provide an interface and usually did this by creating APIs, which would enable third party providers to directly initiate payments or request account information. Additionally, PSD2 introduced Strong Customer Authentication (SCA), or new security requirements that involved the use of two authentication factors. PDS2 had a profound impact on open banking, as it made electronic payments more secure, it increased innovation, and welcomed a huge rise in API creation.
CMA Order or CMA9 in the UK
The CMA Order is another important step in the development of open banking. In 2016, the Competition and Markets Authority (CMA) published a report that focused on the UK’s retail banking market. This report found that the more well-known UK banks did not have to compete for business and that smaller or less known banks found it difficult to grow and gain access to the market. To counter this, the CMA Order was enacted. This ruled that the nine largest UK banks had to allow authenticated startups direct access to their data. HSBC, Barclays, RBS, Santander, Bank of Ireland, Allied Irish Bank, Danske Bank, Lloyds, and Nationwide (also known as the CMA9) all had to comply when it was enforced in 2018.
The CMA Order required these nine banks to implement APIs in order to deliver this information. In fact, the CMA created the Open Banking Implementation Entity (OBIE) in order to aid in API delivery, and the creation of data structures and security architecture that would make it easier and safer for individuals and SMEs to share financial information held by their banks with third parties. Its funding was paid for by the CMA9.
The CMA Order worked alongside PSD2 and the two are structurally very similar. However, while PSD2 saw an increase in API creation, only the CMA Order required APIs to be used. Additionally, PSD2 is universal in the EU, while the CMA Order only applies to the nine UK banks mentioned above.
Alipay in China
While major changes in online banking and payments were occurring in Europe, China also had a strong focus on innovation in these sectors. Alipay is a third-party mobile and online payment platform that was first launched in 2003 by a company called Taobao. According to The Book on Open Banking, Alipay made a deal with major Chinese banks in 2010 that would allow users to use Alipay’s authentication software to access their bank account and transfer money to merchants that had been pre-authenticated. Basically, they implemented open banking on their own. This led to an uptick in payment apps and an increase in their popularity in China.
By 2012, Alipay had integrated into mortgages, utilities, pubic services, and more. Essentially, they filled a void by creating a secure environment where users could verify identity and securely pay online. In fact, it’s estimated that Chinese banks lost as much as €20bn in deposits as a result of Alipay. Alipay was able to redefine the role of a payments app and rose above banks to cement its position as the top payment provider in China, redefining the financial landscape across the continent.
One of the main reasons that Alipay was able to be so successful is due to general attitude of the Chinese population towards online banking. In fact, 78% of China’s smartphone users have adopted mobile banking apps, which is by far the largest percentage in any country. Additionally, the attitude of the Chinese towards sharing data is much different than the attitude in western countries. Consumers view sharing transaction information with FinTechs as a positive experience and are more open to doing so.
While there had previously been few open banking guidelines in China, regulation was introduced in 2018 by the Hong Kong Monetary Authority (HKMA) to help facilitate open banking. The regulation needed to strike the proper chord of encouraging firms to continue to innovate at the quick level that customers know and expect, while also creating the proper framework for a more sustainable, secure financial sector. The framework has four phases, with Phase 1 completed on schedule and entailed 20 participating retail banks making more than 500 open APIs available, offering access to their information to a wide range of banking products and services. Phase 2 began in October 2019 and involved those same 20 participating banks to begin processing applications for banking products and services. Phases 3 & 4 are considered more complex and there is not yet a timetable for their rollouts. However, it will be interesting to see how these new open banking guidelines affect the current financial climate.
History of Open Banking
What Drives Open Banking Adoption?
Interestingly, open banking means slightly different things based on where consumers are located. For example, in the EU, the heart of open banking involves consent and is achieved through legislation like GDPR. In Australia, it starts with the premise that customers own their own data (PDF) and should be able to share it as they see fit. In the United States, open banking is being nudged forward through market competition from payments services like Venmo or Zelle, which are gaining trust by putting customer experience on a pedestal.
Regardless of location, there are three main components influencing the open banking movement.
Outside of the U.S., open banking is driven largely by regulatory mandates. However, these regions are seeing a change in industry mindset from compliance to adoption and commercialization. Open banking is shifting to a means of innovation.
Open banking legislation in Europe
The following mandates or legislative bodies have helped open banking take shape in Europe.
- Payment Services Directive 2 (PSD2) – Introduced in the UK in 2015 and went into effect in 2019. Encourages banks to open their payment services to other companies, or third party providers (TPPs).
- General Data Protection Regulation (GDPR) – A set of principles for the lawful processing of personal data for EU residents. Bank customers can decide if and how much of their data can be shared with third parties. Considered the world’s strongest data protection rules, it came into effect in 2018.
- CMA9 – In the UK, the Competition and Markets Authority (CMA), required nine of the UK’s largest banks to implement APIs to common standards by 2018.
Open banking legislation in Australia
In Australia, here are the following recommendations pushing for open banking:
- Consumer Data Right (CDR) – Legislation introducing the Australian banking sector to open banking in phases starting in July 2020, when consumer data relating to credit and debit cards, deposit accounts and transaction account should be made available.
- Farrell Report – A report containing 50 recommendations covering the regulatory framework, the scope and types of banking data that should be shared, privacy and security safeguards, the technical mechanisms for data transfer as well as proposal on implementation and more.
Open banking legislation in Japan
Interestingly, money is Japan is handled differently from the rest of the world. 80% of all consumption in Japan is cash-based, making them an outlier compared to other large economies (the U.S. is closer to 31%).
Japan’s Banking Act was amended in June 2018 to promote open banking, and roughly 130 out of the largest 140 chartered banks announced they will open up APIs by mid-2020.
In addition to regulation, another driver of open banking is the proliferation of API technology.
Our favorite explanation of an API comes from ProgrammableWeb in 2015 who said,
“An API is very much the same thing as a UI, except that it is geared for consumption by software instead of humans. This is why APIs are often explained in the mainstream media as a technology that allows applications (software programs) to talk to one another.”
As technology has advanced, more and more functions are performed by software than people. There’s a huge need for software platforms to communicate with each other. For this reason, APIs are in a unique position to disrupt and transform how data is communicated and used.
Furthermore, the use of APIs is where banks can monetize open banking and start to see a return on their investment. Through their ease of use, APIs have the potential to encourage third parties of a company’s traditional products. They can help create new value chains with business partners. For example, building data integrations can be difficult, even when the technology is simple, because of the challenges of communication between two businesses. However, an API platform can enable B2B suppliers to connect with companies in real time by consolidating each firm’s individual connectivity requirements into one place.
With improved connectivity, Banks can create new services and customer interactions through APIs, such as:
- Real-time payment (RTP): Banks rely on APIs to connect their legacy systems to modern applications to perform regulatory checks to prevent fraud instantly using anti-money laundering (AML) and Know Your Customer (KYC).
- FedNow: In 2019, the U.S. Federal Reserve announced a plan to roll out an around-the-clock payment and settlement service that will support faster payments. It will support a nationwide infrastructure on which the financial services industry can develop innovative, faster payment services for the benefit of all Americans. This is expected to launch in 2023 or 2024 and will be inclusive of all financial institutions in the U.S.
- Microloans: Microloans generally range from $500 to $100,000 and are typically used to help small businesses or entrepreneurs grow. Larger lenders in the United States do not like microloans as they usually do not reap much of a profit, so alternative lenders usually provide this service. Therefore, the majority of microloans are invested through online platforms and use APIs to directly send money to the borrower. Providing microloans this way allows a real-time check and balance system to be put in place. Both lenders and borrowers appreciate that the system keeps them in check, and lenders have more confidence as they feel they will be paid back.
Market Competition and Consumer Demand
In the United States, open banking is less motivated by legislation than it is a desire to meet consumer demands and differentiate. As consumers’ expectations rise, they demand real time services. If banks can’t meet these expectations, smaller startups and fintechs surely will.
However, open banking is not all doom and gloom for banks. For example, APIs can simplify lengthy processes, like loan applications. Currently, consumers must manually gather information from numerous sources to apply for a loan from a traditional bank. With open banking concepts in play, lenders can quickly aggregate the information necessary to streamline and speed up the application process. With APIs connected to artificial intelligence (AI) apps, banks can identify the best candidates for loans and make offers to consumers before they even start looking themselves.
According to RedHat, here are five major benefits of open banking (PDF) for banks:
- Revenue: APIs generate new revenue opportunities. In fact, API adoption predicts a 10.3% increase in a firm’s market value, according to a study from Boston University.
- Reach: Banks can extend their reach outside of the traditional distribution model.
- Response: Provide capabilities that you do not have to build or maintain. Respond to customer needs and quickly by adopting third party functionality into your existing infrastructure.
- Relationships: Improved customer experience with personalized offers, more frequent interactions, greater adoption, upselling and cross-selling, and higher customer satisfaction.
- Relevance: By offering services like personal finance managements, loyalty rewards, and education, banks can stay relevant with their customers in a meaningful way. Consumers can get a holistic view of all their financial behavior in one place. Apps can analyze data and help customers stay on top of spending, so that they have a positive experience with banks.
Connectivity between banks and financial institutions is big business. However, without the use of APIs, businesses rely on screen scraping to get access to users’ financial data.
Through APIs, not only can screen scraping can be avoided, but banks can offer credit monitoring and heightened security services to their consumers.
How to Overcome Open Banking Obstacles
It’s safe to say that if Blockbuster could go back in time, they would do things differently. To say that Netflix alone killed Blockbuster isn’t the whole truth. It’s also a disservice to businesses hoping to learn from Blockbuster’s mistakes. As Retail Dive points out, it ignores the monumental difficulty of transforming a large business.
After all, many things were working against Blockbuster before Netflix came along. They had not been profitable since 1997. The invention of DVDs made movies cheap and easy to ship. They were a monolithic beast with a culture that couldn’t pivot. According to Richard Gershon, a professor of communications at Western Michigan University:
“It’s not that they didn’t see what was happening—because they could see the handwriting on the wall years in advance. It’s just that, culturally, they weren’t able to make the changes or make the financial commitment to make the changes that were necessary in order to continue forward.”
In order to learn from the past and avoid making the same mistake as Blockbuster back in 2005, here’s what a large bank should do to get on the right side of disruption.
At the beginning of the year, we published our mainframe modernization survey results that show low open banking awareness across organizations. Educating employees leads to more organizational awareness.
Break down organizational silos
A major challenge large organizations face is their tendency to fracture. After all, an organizational silo is where innovation goes to die.
With the current pace and pervasiveness of technology, innovation is impossible to achieve when your IT department is removed from your business strategy.
Harness legacy technology
By far, the biggest challenge between large banks and open banking is that the majority of banks rely on mainframes and legacy applications that were designed decades ago.
When processing huge amounts of information, mainframes are still more cost-effective and faster than distributed servers. However, to achieve the demanding connectivity of open banking, legacy systems will need to integrate with modern applications. Businesses must securely and reliably open up their core banking systems to many millions more transactions a day.
Moving forward, banks need to quickly create APIs that connect their mainframes to applications such as fraud detection. More importantly, large banks need flexible APIs that can adapt to the constantly changing technology and business demands of the industry. Brittle, short lived connections are no longer a viable solution.
With over 35+ years of mainframe experience, GT Software understands how to harness the power of legacy technology. In fact, we enabled a large global bank to execute the first real-time payment in Europe. This global innovator was able to go from proof of concept to production in under 2 months using GT Software. Click here to read more.