Financial services regulators around the world are increasingly concerned with promoting competition and innovation in banking, reducing barriers to entry, and empowering consumers. Of all the strategies being employed to achieve this, the most significant and far-reaching is open banking, where consumers have the power to share banking data to chosen third parties via application programming interface (APIs).
Listed below are the key technology trends impacting the open banking theme, as identified by GlobalData.
Unbundling of the value chain drives ‘platformification’
This unbundling of the banking value chain will only gather pace amid open banking. As vertically integrated business models collapse, incumbents must decide which parts they seek to own, and how; which parts they want to collaborate and supplement capabilities on; and where they will accept that the old business and its economic model has broken and move into new areas. One clear trend for larger banks is seeking to reconstitute the unbundled model by becoming a platform itself.
For incumbent banks, a more sensible near-term aspiration is becoming a platform around lifestyle propositions linked to core products, such as buying a new home, with the bank orchestrating not just financial services but also services that help the customer insure, renovate, and furnish the new home all integrated into the bank’s platform. DBS, OCBC, and Tinkoff Bank have done much in this space already.
Legacy modernisation to support open banking volumes
A few months into the launch of open banking in the UK, a study on the performance of the open banking APIs revealed that several banks were failing to deliver adequate service-quality levels to consumers for the basic APIs required by the Competition and Markets Authority (CMA). This included availability and latency broken down into DNS, handshake, connection, upload, download, and processing times. The challenges of legacy infrastructures were noted in the report. Those that came bottom of the league were among the largest and best-resourced banks in the UK.
With APIs to become paid-for products, performance becomes critical, but with a vast ecosystem of third parties making repeated data requests, the risk of system overload becomes very real.
Performance is critical for banks given the heightened cost of downtime. Banks need to validate functionality and performance under load, often by reusing functional test cases. In many cases, banks will need to provide multi-sourced aggregation, which implies a series of tests across different APIs, and perhaps even different technologies such as server-side and client-side aggregation, to populate certain data sets at certain times.
Cloud migration to enable secure openness
Cloud is the most secure way to fulfil open banking obligations. The ability to provision low-cost computing power quickly and securely encourages experimentation with a wider array of partners, particularly less-proven start-ups, as the costs of failure are much smaller. Digital teams can set up incubation sandboxes that allow for safe experimentation, often specifically approved by regulators. Integration layers can safeguard systems of record, such as transaction or booking systems.
The cloud enables incumbents to ingest greater volumes of customer data, analyse it, and deliver highly personalised services when and where they are wanted. However, particularly in an open banking environment, customer data is often unstructured and comes in greater variety, velocity, and volume, so modern technologies – such as artificial intelligence (AI) and machine learning (ML) – are required to glean meaning insights from that data.
Incumbents and new entrants use open banking-enabled Know Your Customer (KYC) and onboarding
Onboarding is typically the most ‘high-friction’ interaction for most incumbent providers and where new entrants focus on demonstrating the vast divide in digital capabilities. Process automation can streamline the necessary customer due diligence by using open banking to source and verify customer information. This use case is particularly compelling for smaller financial institutions with fewer employees to support compliance operations.
Open banking has the potential to simplify this process by fetching hard-to-access financial information and reducing friction for end users. New digital banks like Monzo have all put open banking-enabled account opening at the heart of their digital propositions. This is part of the reason why Monzo has opened approximately six times as many new accounts in the last 12 months compared to incumbent banks in the UK, according to our 2021 Financial Services Consumer Survey.
Bank as a service (BaaS)
BaaS democratises access to financial services provision by making various elements of the technology and/or regulatory stack – banking license, anti-money laundering (AML), KYC, core banking, payment infrastructures, etc – available ‘as a service.’ On the one hand, this is an exciting new revenue opportunity for incumbents and a way to monetise otherwise fixed infrastructure costs. New digital banks like Fidor, for example, provide BaaS to telcos such as Telefonica through O2 Banking in Germany. This helped O2 bypass much of the cost and time involved in understanding local banking regulations and integrating into local tech ecosystems, which typically represent 80% of new launch costs.
Likewise, in the US, new traditional banks such as Cross River, Sutton Bank, Celtic, and Evolve have experienced remarkable growth by focusing purely on BaaS partnerships.
However, for larger banks, BaaS represents a significant reduction in barriers to entry. New entrants can offer over-the-top digital services that are ever more segmented, such as a start-up focused on the banking needs of mixed-race women aged 30 who work in banking, for example. It will become progressively more difficult for large universal banks to outperform on some dimensions of customer experience. This especially applies as and when ‘Uber becomes the bank for taxi drivers,’ ‘Netflix the bank for film workers,’ ‘Spotify the bank for artists,’ and so on. These firms have more data on their customers and continue to add other adjacent financial services, the value of which lies not so much in the intrinsic value of the banking product or service – i.e., banking – but the context. So-called ‘embedded finance.’
Open banking offers clear opportunities for enhanced personalisation across all elements of consumer interaction by giving algorithms more data to limit bias and enhance predictive power. Algorithms underpin all aspects of digital products and services, such as market algorithms in robo platforms that help novice investors navigate stock market gyrations; non-market algorithms that identify upcoming cashflow shortfalls; user-experience algorithms that reconfigure digital interfaces; or behavioural profiles that help flag potential fraud based on digital use.
The biggest single category of open-banking solutions in the UK comprises those that use access to banking data to improve an existing product or service, primarily data insight. Over time, open banking-driven algorithms can become key enablers of autonomous finance, effectively automating account management activities to make it easier for customers to stay on top of their finances.
Payment initiation service providers (PISPs)
Best-in-class online retailers use PISPs of open banking to increase security and convenience when shopping online. Canadian ecommerce company Shopify and Klarna, the Swedish online payments company, let shoppers buy items online by paying directly from their bank account. Both companies process millions of purchases a day, with Klarna offering various Buy Now, Pay Later (BNPL) options.
Heightened focus on API security
Due to Covid-19, the volume of fraudulent activity has significantly increased. Many analysts have termed it a “golden age” of cyberattacks. To help protect data, a growing number of companies store their data on cloud platforms and implement machine learning to take a more proactive approach to threat detection and identify a wider variety of attack vectors across their network and platform. Private APIs made public risk-exposing exploitable design patterns, as they typically pass lower security thresholds.
There are two critical aspects to safeguarding an API: one, preventing the keys that unlock access to API data from being stolen; and two, verifying the authenticity of the code that is trying to access the API from the application. This enables banks to monitor who can access an API, what they can do with it, and how they can do it. More tactical concerns focus on routing, throttling, and load balancing, which can have cyber considerations. Denials of service can be directed at APIs as easily as they can be directed to websites. Providers such as Apigee and MuleSoft offer API management systems that can adhere to enterprise security frameworks, as required by big incumbent banks.
Data democratisation to diffuse data and insights internally
More and more banks realise the need for a collaborative approach towards data and its availability to all users across the organisation. Distributing information across teams and business units empowers individuals at all levels to use data for better decision-making and bring different perspectives to the data. For example, Royal Bank of Scotland moved to data democratisation to sort its digital marketing initiatives. Rather than data existing in silos, it provided non-marketers with access to unified data, empowering them to provide new insights into the marketing process.
However, open data can increase compliance risk, while data analysed by non-experts is more open to misinterpretation. As a result, digital banks like Revolut work with vendors such as Exasol to apply ML tools to processes, empowering employees to self-serve more safely when running data analysis.
This is an edited extract from the Open Banking 2021 – Thematic Research report produced by GlobalData Thematic Research.