What Is Open Banking and How Does It Work

Open banking is a relatively new concept that allows consumers to share their financial data with third-party providers, giving them more control over their money.

This means that banks no longer have a monopoly on accessing customer data, and consumers can choose which providers they want to share their data with.

The idea is to make financial services more competitive and innovative, by allowing new businesses to access customer data and create new products and services.

The first open banking regulation was introduced in the UK in 2018, and since then, several other countries have followed suit.

Explore further: New Bank of Baroda

Open banking is an open standard for secure data sharing between banks and third-party providers. This standard was created to allow customers to control their financial data.

The first open banking standard was introduced in the UK in 2018. It requires banks to provide customers with secure access to their account data.

This means customers can share their data with third-party providers, such as fintech companies, to access new services like budgeting apps or investment platforms. Customers can choose which data to share and with whom.

Open banking uses APIs to securely share customer data between banks and third-party providers. APIs, or application programming interfaces, are the building blocks of the internet.

By using APIs, banks can provide customers with secure access to their account data, while also allowing third-party providers to build innovative services around that data.

Open banking is revolutionizing the way we manage our finances, and its benefits are numerous. By connecting data from multiple accounts through APIs, open banking allows for seamless sharing between financial institutions, consumers, and third-party providers.

Digital natives entering the market expect real-time customer service from their financial providers. This means that banks need to adapt quickly to meet their customers' demands.

Open banking has the potential to drive down costs and encourage the adoption of modern technology and improved customer service. New businesses can now enter the market with smaller, more affordable alternatives to traditional financial services.

Additional reading: Banking as a Service

Firms can take advantage of new technologies to streamline costs. This can lead to significant savings and increased efficiency.

The benefits of open banking are not limited to consumers. Lenders can get a better understanding of their consumer’s situation through a comprehensive view of their finances, helping them assess the risk level and offer optimal account terms.

Here are some ways open banking can benefit both consumers and institutions:

Open banking also allows for more accurate financial assessments, helping lenders offer more profitable loan terms and consumers make informed decisions about their finances.

Open banking poses several challenges and risks, making it a complex and multifaceted concept. Banks face challenges in adapting to digital channels, as customers increasingly interact with them through smartphones, websites, and voice assistants.

Traditional banks are struggling to keep up with digital banks that offer better services, leading to a shift in customer behavior. Customers are switching to digital banks or moving their activities to them, posing a significant threat to traditional banks.

You might enjoy: Online Banking Trends

Some of the key risks associated with open banking include data breaches, hacking, and insider threats, which can compromise the safety and confidentiality of finances and personal data. Poor security, hacking, and insider threats are major concerns, and the existence of malware designed by third-party app providers to infiltrate accounts and wipe data remains an issue.

APIs are not without risk, and open banking APIs are particularly vulnerable to security threats. However, today's API security technology is advanced and robust, with capabilities such as single system management of traffic, access and security policies, and robust security standards.

The European Union has taken steps to mitigate security risks by updating its Payment Services Directive, specifically addressing open banking practices in the PSD2. Despite these risks, traditional banking is falling to the wayside in favor of open banking and non-traditional institutions.

Here are some of the key security risks associated with open banking:

Banks are facing a tough situation with their digital transformation.

Customers are no longer interacting with banks through branches, but rather through their smartphones, websites, or voice assistants. This shift has made software a key differentiator for banks.

Traditional banks are seeing customers switch to new digital banks or move their banking activities online, where they can access better digital services.

Banks are struggling to adapt to these new digital channels and meet customer expectations.

You might enjoy: Hbl Digital Bank

Open banking has its fair share of risks and criticisms. One major concern is the potential for data breaches due to poor security, hacking, or insider threats, which have become relatively widespread in the modern era.

Security risks are a major issue with open banking APIs, including the potential for malicious third-party apps to clean out a customer's account. This is a broad concern, not an extreme one.

Data breaches can lead to misuse of customers' data by tech giants, similar to what has been seen in other internet-based services like online shopping and social media. This raises even greater concerns about customers' private financial data.

The risk of phishing scams is also a concern, as malicious actors can trick banking customers and third-party companies into divulging sensitive information.

Some critics argue that open banking will lead to more financial exclusion of those with low income, as only the tech-savvy will be able to benefit from it.

There is also a risk of aggressive market practices or offering customers more expensive products based on an analysis of openly-available financial data.

Traditional banking is falling to the wayside in favor of open banking, but this shift also poses risks, including the potential for market concentration and associated pricing power.

Here are some of the security risks associated with open banking APIs:

Open banking is subject to regulations that ensure its secure and fair implementation. In New Zealand, Payments NZ supervises the payment system and has stated that the main banks will be ready by 2024 to implement open banking.

The regulation of open banking helps to protect consumers and businesses by setting standards for data sharing and security. This means that users can trust that their financial information is being handled responsibly.

Open banking supports a number of different use cases, including allowing users to share their financial data with third-party providers, such as fintech companies.

In New Zealand, the payment system is supervised by Payments NZ. Payments NZ has stated that the main banks will be ready by 2024 to implement open banking.

The payment system in New Zealand is a complex network of financial institutions, and having a regulatory body like Payments NZ in place helps ensure that everything runs smoothly.

The European Union has been at the forefront of promoting innovative online and mobile payments through open banking. The Payment Services Directive 2 (PSD2) was adopted in October 2015 to achieve this goal.

The PSD2 provisions came into force on 13 September 2019, and more than two years later, the European Commission announced the commencement of the review procedure of the Directive. The review was submitted to the European Banking Authority (EBA) on 18 October 2021, and the EBA responded on 23 June 2022.

The European Union is also working on standardising value-added services through initiatives such as the NextGenPSD2 standard, developed by The Berlin Group. This standard aims to provide a pan-European standard for value-added services.

The European Payments Council is implementing the SEPA API Access Scheme, which defines the principles of cooperation between entities participating in it. The scheme also defines standard methods of implementing selected services based on the use of APIs, billing systems, and payment systems.

The following standardisation initiatives are worth noting:

In the United Kingdom, a major milestone was reached in 2018 when the Competition and Markets Authority (CMA) direction came into force, requiring the nine largest banks to allow licensed startups direct access to their data.

This direction was the result of a ruling issued by the CMA in August 2016. The nine banks affected by this direction are HSBC, Barclays, RBS, Santander, Bank of Ireland, Allied Irish Bank, Danske Bank, Lloyds, and Nationwide.

Open Banking Limited was created to develop standards and systems for the direction, while enforcement rests with the CMA.

The Financial Conduct Authority (FCA) is responsible for protecting consumers for account information and payment initiation services under the PSD2 directive.

In 2021, president Joe Biden issued an executive order indicating the administration's desire to begin rulemaking for Section 1033 of the Dodd–Frank Act.

This move was aimed at supporting open banking initiatives in the United States.

Plaid, an open banking provider, settled for US$58M in a consumer-driven, privacy-related class-action lawsuit in 2021.

Rohit Chopra, the director of the Consumer Financial Protection Bureau, initiated rulemaking pertaining to Section 1033 in 2023.

Discover more: Commercial Banking vs Consumer Banking

Security and Consent are two crucial aspects of open banking. To gain the trust of clients, sharing financial data must be secure.

APIs for sharing data need to be secured, and all ecosystem players must be properly authenticated and authorized. This ensures that only trustworthy fintechs can access open banking data. They typically need to undergo a rigorous due-diligence process to obtain a machine-readable certificate.

Bank clients must stay in charge of their financial data, with final say over when their data is shared and with whom. Consent mechanisms are built into open banking to support this. The OAuth framework and its security profiles, such as FAPI, are used to implement the consent mechanism.

Bank clients are first identified and then actively and intentionally consent to sharing their data. This ensures that they are always in control of their financial information.

Security is a top priority in open banking, and for good reason - sharing financial data must be secure to gain the trust of clients and partners.

To ensure this, API for sharing data needs to be secured, and all ecosystem players must be properly authenticated and authorized.

The fintech receiving the data must also be trustworthy, and not every fintech can get access to open banking data.

They typically need to undergo a rigorous due-diligence process and receive a machine-readable certificate, which contains specific extensions like QWAC and QSEAL.

Banks check the validity of this certificate every time open banking data is requested by the fintech, to verify its identity and status as a qualified recipient of open banking data.

The bank also authenticates and authorizes the identity of the bank client, usually based on existing web-based or mobile authentication mechanisms.

Consent is a crucial aspect of open banking, ensuring that bank clients are in control of their financial data.

To support this, consent mechanisms are built into open banking, which ensure that customers are identified and actively consent to sharing their data.

The OAuth framework and its security profiles, such as FAPI, are used to implement the consent mechanism, providing a technological protocol for secure data sharing.

Bank customers are asked to digitally prove their identity before sharing their data, as seen in the example of Cathy's accounting software requesting access to her bank account.

This one-time setup allows data to flow periodically from the bank to the accounting software, keeping Cathy's accounting up to date automatically.

The bank also asks for consent before sharing data, as seen in the example of Cindy's bank asking her to authenticate and confirm data sharing with the fintech.

Check this out: Banking Software

Open banking relies on APIs to share financial data, and to establish trust with partners and clients, banks need to secure APIs and the data they carry according to best practices.

To establish trust with partners, banks should develop APIs according to established specifications and industry standards, and create a smooth onboarding experience. This helps partners understand what to expect and reduces complexity.

API specifications and standards are crucial for ecosystem players to agree on the shape and form of the API, formats and data structures involved, and technical standards for exchanging data and calling functionality. This reduces complexity and makes it easier for participants to work together.

In some jurisdictions, regulators prescribe API specifications, while in others, voluntary industry standardization emerges. Following established standards and API specifications signals partners that there are no surprises to be expected, and thus strengthens their trust.

Here are the key technologies required to participate in open banking ecosystems:

To combat the "data swamp" that many fintech businesses face, an efficient integration system is required. This can be achieved through physical integration or data virtualization, both of which can be used to expose data securely and directly via APIs.

Open banking has been successfully implemented in various countries, with Sweden's Nordea bank being one of the pioneers, launching its open banking platform in 2017.

The platform allowed customers to link their accounts from other banks, enabling them to view all their accounts in one place, a feature known as account aggregation. This was a major breakthrough in open banking, as it gave customers more control over their financial data.

In the UK, the launch of the Current Account Switch Service in 2013 marked a significant milestone in open banking. The service allowed customers to switch their current accounts between banks in just seven working days, a process that typically took four to six weeks before.

Latin America is home to a diverse range of innovative companies, such as Mercado Libre, which revolutionized e-commerce in Argentina.

One notable example is the Mexican company, Grupo Bimbo, which successfully scaled its business model to become a leading bakery company in the region.

The region's entrepreneurial spirit is also evident in the success of Brazilian companies like Natura, which has become a global leader in the cosmetics industry.

In Peru, the company, Inditex, has implemented a successful business model that has enabled it to expand its operations and reach a wider customer base.

The region's cultural and linguistic diversity has also led to the development of innovative products and services, such as the Mexican company, Grupo Aeroportuario del Pacifico, which has created a unique airport experience for travelers.

Overall, Latin America offers a wealth of opportunities for businesses looking to innovate and expand their operations.

Readers also liked: Bank of America Virtual Assistant

Cathy, a small business owner, uses a web-based accounting software to manage her business's finances. She spends a lot of time copying transaction data from her online banking software to her accounting software.

This tedious process is a common pain point for many small business owners. They have to manually transfer data, which is time-consuming and prone to errors.

Cathy's situation highlights the need for a more efficient and streamlined process. She wants to automate the transfer of transaction data from her online banking software to her accounting software.

The current manual process is not only time-consuming but also takes away from more important tasks that Cathy needs to focus on. She wants to use her time more effectively to grow her business.

Check this out: What Time Does Carter's Open?

Cindy is in the process of buying a home, but it's not easy to find one she really likes.

She wants an instant confirmation of the mortgage so she can lock that deal in with the seller.

Her dream house is within reach, but she needs to act fast to secure the mortgage.

Cindy can use open banking to access her financial data and get a mortgage confirmation instantly.

This will give her a competitive edge in the housing market and allow her to make a confident offer on the house.