What Is Open Banking?

Digital Banking Open Banking PSD2 Fintech
Olga Wałkuska photo
Olga Wałkuska
03 Feb 2020
12 min read

The above question seems to be very straightforward. But when you start looking for an answer, the issue of Open Banking seems to be growing in real time. What makes matters even more complex is that it cannot be said that Open Banking already exists. It is very much the work in progress; something that is being born right in front of our very eyes. The purpose of this post is to summarize the info about Open Banking in a concise and easy to understand way.

Why do we need digital banking?

Changes in the pace of life

It is impossible not to notice that our world is gaining up momentum. Changes are happening faster than ever. What was unimaginable yesterday, is normal today and obsolete tomorrow. There had been so many changes brought by the second half of the twentieth century that it’s really hard to name the most significant one. All in all, we can say that life has become faster and we expect things to happen instantly. And still, even in this ever-changing environment, banks are pretty much the same as they used to be 50 years ago. There was no way that this situation lasts any longer. And so here we are discussing banking solution that is going to move the industry right into the second decade of the twenty-first century.

The Internet

Although it’s hard to name the one and only thing that transformed the world into what we know now, the invention of the Internet would surely open the list of options. It’s a cliche, but there is no stressing this enough that it is the Internet that made the whole world available at our fingertips.

When it comes to banking industry it seems that the potential of online banking had been recognized and taken advantage of properly. “Regular” banks had to face the competition of entirely new entities i.e. fully virtual banks that had no brick-and-mortar branches. Yet, they survived learning the important lesson that online services are the integral part of banking experience. In fact, from the Deloitte report on Open Banking in UK we can learn that more than a half banking operations is taking place via digital channels. Unfortunately, this data is not divided between web pages and mobile applications. Such division would naturally bring us to the second important revolution that transformed the world in recent years.

The Smartphone

The emergence and the popularity of the Internet was the event some people compare to the invention of the printing press. With the Internet came the possibilities we didn’t dare to dream of, but it’s the smartphone that made it possible to carry the Internet with us wherever we go. With the Internet we became connected, smartphones make us stay connected all the time. When introducing the iPhone in 2007 Steve Jobs called it three devices in one: an iPod, a phone and an “innovative Internet communicator”. Time showed that he was more than right and nowadays smartphones tend to take on more and more functions. For many people smartphone is a primary device for Internet browsing and with the growing popularity of NFC payments it is slowly replacing, or at least complementing, debit cards.

Photo by Tyler Lastovich on Unsplash

For the banking industry this trend means two things. First, online services are not limited to having the web page. The mobile application is a must. Second, money and technology are starting to come together. If you are interacting with your bank via an app on your mobile phone it doesn’t need the huge shift of mindset to trust a different app with your money.

And this particular shift in attitude towards finance is one of the foundations of Open Banking. Regulatory bodies came to the conclusion that money should no longer be the interest of renown financial institutions only. After many years of only cosmetic changes like web and mobile banking it’s time for a real revolution.

Three-fold approach to Open Banking

Open Banking can be viewed from three different yet interweaved perspectives. In the paragraphs below we are going to discuss each of them in detail, but before we start let’s see what we are talking about.

Open Banking is a notion referring to:

  1. technology
  2. legal and regulatory acts
  3. business

In a nutshell, technology behind Open Banking is mostly based on APIs. There would be no Open Banking whatsoever without them. When it comes to legal acts, the most important one in Europe is PSD2 (you can learn more about it here). And finally, all this technology and regulations are in place to make business possible delivering value to customers.

Now let’s look at each of those dimensions in detail.

Technology

In a traditional banking model customer data are owned by a financial institution. And those data should by no means be shared with anyone outside of this institution. Customer gets access to them by logging in to a banking platform or visiting a physical branch. We bet, you all know by heart the warnings about not sharing your credentials with anyone.

With Open Banking things are different. Data no longer have to be locked and available only to the bank and the customer. Now data must be available to other entities as well. This presents two main technological challenges:

  1. how to protect data
  2. how to share data

Sharing access to your bank account with third parties is exactly what we have been warned about for years. So all the architecture must be smart enough to convince people to use it.

The APIs seemed to be an obvious solution. API is an application programming interface. What it means to a non-technical person? Our developers like the metaphor of a power outlet. It is a way of connecting two systems, but only if the specific conditions are met. Also, using API doesn’t mean the systems stay connected all the time. API plugs in to perform a specific action and then it is unplugged. And every time the connection is initialized it needs authorization of the user. Apparently, here it is. The solution that allows for sharing data, but is also secure. In this way using APIs in Open Banking solved two main technological challenges at once.

APIs have been used for quite some time. All the flights and hotel searching websites are based on them. In these industries they provide exactly what is expected from Open Banking; data from different systems presented in a user-friendly form in one place.

Regulatory

Using technology to make banking easier is something most people already do. As we discussed at the beginning, most of the banking operations is taking place via digital channels. Nevertheless, letting third parties accessing our financial data is something completely different. There is a reason why the financial market is heavily regulated. There is a lot at stake; both literally and figuratively.

This is why the term Open Banking has its own legal layer of meaning. In this respect Open Banking refers to all the legislation referring to cooperation of banks and fintech companies. Those regulations state the liability of the parties, the level of privacy protection, registration and supervision of third parties. Since Open Banking is a new concept all those rules had to be created from scratch.

In European Union Open Banking is one of the main domains of PSD2 (Payment Services Directive 2). It is a document that heavily promotes the transition towards Open Banking. We will discuss it in more detail in the next section, or you can check our blog post here.

Business

The affair of IT companies and banking industry dates back way beyond the emergence of online platforms. In fact, banks were the early adopters of the novelty that was information technology in the mid-twentieth century. So it should come to nobody’s surprise that since online banking is becoming more and more popular, IT companies started to look for their share of cake.

There are two basic services named upfront in the PSD2 i.e. account information services and payment initiation services. But those are just the beginning. There are plenty of customers willing to test new financial products provided they are safe and convenient. When “safe” is taken out of the equation by the right regulations, convenience is all that matters.

Let’s have a final quick look on what does Open Banking mean for business. This graphic is taken from Deloitte report on Open Banking.

We can see that with Open Banking in place customers can interact with their banks via different third party providers. So the introduction of Open Banking opened the door for various entities hence removing the banks’ monopoly to manage our finances.

PSD2

There is no talking about Open Banking without mentioning PSD2. In fact PSD2 (Payment Services Directive 2) is what started the commotion. As we already mentioned, since the digitalization of our daily lives the need for change in approach to banking was apparent. But without the proper legislation doing innovative business at the intersection of finance and technology was sailing close to the wind. PSD2 was the first comprehensive document designed to target this troublesome area. When it comes to Open Banking, Payment Services Directive 2 has two goals: to regulate and to promote. Let’s have a closer look at them.

To Regulate

In the area as serious as finance lack of regulations is not good for anyone, or at least it’s not good for customers. It is an interesting issue whether the same applies to technology; but it’s definitely a topic for a different story.

Anyway, going back to the main issue, PSD2 introduces the notion of Third Party Providers (TPP) - those are all the fintech companies that are now so welcomed on the market. It is worth noting that when we say “introduce” we don’t mean “hello, here are Third Party Providers, enjoy the cooperation”. This introduction is tied with rules, conditions and legal requirements. Third Party Provider is now a legal concept with regulations that apply specifically to it.

PSD2 is a regulation all the member states must adhere to, but it does not give specific rules. What it provides is a sort of conceptual framework that must be translated to each country’s legal system. What PSD2 states is that TPP have to go through the process of registration, there has to be a list of all the TPPs registered in the country and they have to be supervised. There are also specific regulations concerning their liability to the clients and cooperation with banks and other financial institutions.

From the point of view of Open Banking the fact that PSD2 is the first legal document to codify the existence of fintech companies cooperating with financial institutions is probably the most significant one. But it is worth mentioning that Payment Directive regulates many other issues as well. Even if something is not stated in the document itself there are plenty of legal acts following and providing specification for implementation of the Directive. Among the most significant ones are the regulations regarding liability and security in the reality created by Open Banking.

To Promote

PSD2 introduced the environment in which Open Banking was made possible. We have already discussed the opportunities it creates for new entrants to the market; we’ve touched upon the advantages for customers. So by now we know that Open Banking is a great change for fintech companies and for customers, but what about “regular banks”? When you think about it, they don’t really have much to enjoy here.

Let’s have a closer look at this situation. Open Banking is only possible when big financial institutions make their data available to other entities via APIs. But… there is not so much to gain for them, isn’t there? They share their valuable asset - data and in return they might get a higher consumer satisfaction rating. That’s all. So, why would they do this?

The answer is very simple and, as you may have already guessed, it consists of three letters and a number - PSD2. Payment Services Directive 2 just legally obliged them to do it. In this way the entirely new reality was created. Big financial institutions lost their strategic advantage of owning all the data. The Introduction of Open Banking began a completely new game between fintechs and finance.

To make matters even more interesting much of the liability was left with the bigger players. Of course there are mechanisms introduced to protect customers from unauthorised transactions and every single use of TPP service must be confirmed by the user. Still, if something goes south much of the consequences lay on the side of the most powerful entity - in this case - the bank.

Open Banking Around the World

European Union was the first to notice the change in the world and propose the concept of Open Banking. However, similar initiatives seem to appear around the globe.

Australia

In 2019 Australia introduced the document called Consumer Data Right (CDR). This document gives customers the right to have access to data about their goods and services consumption. Under CDR consumer is allowed to view and transfer their data to the accredited third party.

When it comes to business entities, CDR requires them to make their data available in a standardised form. This is to allow customers to exercise their rights.

Consumer Data Right is meant to be a standard in all sectors of economy, but right know it was only introduced in banking, telecommunication and energy sector.

CDR is, of course, complemented with security and privacy regulations. There is not enough stressing that Open Banking and privacy protection have to go hand in hand.

Rest of the World

There are plenty of countries that already realized that Open Banking is the future of the banking industry. However, it is the European Union and Australia that codified and enforced this transition.

Canada, Israel, Nigeria and Singapore are currently researching the topic and looking for best possible solutions that would suit them. Hong Kong is one step further and has already published the intended implementation schedule. Japan’s authorities claim there should be at least 80 financial institutions making their API available by the end of 2020. Mexico and New Zealand are already working on the right legislation.

Interestingly enough, USA is not joining the movement. There had been some brainstorming around the idea, but the conclusion was made that the USA’s banking system is so very different from the European one that there is no chance for a simple transition. From this moment the topic was dropped. So US fintech companies still operate in a gray area.

Problems and Challenges for the Future

When I myself first heard of Open Banking I thought - Oh my God! This a nightmare! - then I researched the topic and the more I knew the better this whole idea seemed to me. I only mentioned this to let you know that I can very well understand people who are afraid of this novelty. This is why I think it’s so important to include this last section. What are possible problems the shift to Open Banking might bring?

How much are we ready to share?

The first that comes to mind when we think of sharing our financial data with third parties is the very basic one - Do I want to share those data? There are, of course, several others naturally following this one. How do I know my data is secure? Who gains access to my data? And finally the one mentioned in the topic of this section - How much am I ready to share?

Taking advantage of possibilities provided by Open Banking is not obligatory. If you are not comfortable with sharing your financial data with any other entity than your bank it is completely OK. PSD2 is designed to grant you more freedom in managing your finances and not the other way round. It’s also not a simple coincidence that the introduction of GDPR preceded the shift to Open Banking. In this way European Union made sure we have all the tools to better protect our privacy including the financial data.

Photo by Kelly Sikkema on Unsplash

Also the very use of APIs contributes to better security. API on the client’s side can only access specific set of information necessary to perform the action it was written to perform. API on the bank’s side only provides this specific info. We already stated that API is like a power outlet and not the master key that can access everything. Finally, PSD2 specifically states that every time you use third party services your authorization is required. This means that no one is going to use your data without your knowledge.

However, even clarifying all those doubts we are left with the question posted in the title of this section. How much are we ready to share? We believe this is always a tradeoff and it very much depends on the offers from the industry and personal beliefs. There will be people who will share as much as they can for, let’s say, better mortgage deal and those who will stay with their current accounts having no interest in technical novelties.

Common API

The problem we discussed in the previous paragraph is about human nature and the society being ready for change. Now, let’s discuss a very tangible technical issue. PSD2 is not a technical document and it doesn’t deal with technical aspects of introducing suggested solutions. This means that every country can have its own standard. And as a result, we have at least 5 different standards in Europe. We believe that if Open Banking is here to stay, the next step should be to come up with one standard API for the European market (and preferable for the entire world). This would make introducing new fintech products to the market much easier. And the more products on the market the better deals customers can get. Shifting the balance of power between banks and customers was one of the main goals behind PSD2. Hence, introducing the common API standard in the future is something that seems very logical to us.

Summary

We believe that Open Banking is a revolutionary idea. With right publicity it should easily win hearts and wallets of the public. It is not a secret that nowadays people are looking for the most convenient ways to handle their day to day duties. Open Banking can easily provide money management tools that can be hard to beat by anything else. Also, people still remember the 2008 financial crisis that cost banks their credibility. So if the bank is no longer to be trusted maybe it’s time to trust someone else?

Build your backend with us

Your team of exceptional software engineers