Open banking is the digital initiation of payments and sharing of financial information, based on expressed customer consent.
As simple as this sounds, it represents a fundamental shift in the finance industry. Previously, banks did everything possible to safeguard the personal and financial data of their customers. With open banking, the client will be able to share these data with third parties, enabling use cases which were previously impossible.
From a technical perspective, open banking requires financial institutions to create specific APIs from scratch, or expose existing APIs to the outside world. In both cases, strong authentication and authorization mechanisms are key. Despite the potential benefits, sharing financial data is a delicate matter and client adoption of open banking is directly linked to very strong security.
A global view
Payment Services Directive 2 (PSD2) came into force in January 2018. It ensures that consumers can authorize a third party to make payments on their behalf, or give that party access to their financial data. As PSD2 left implementation details to the market (mostly), the NextGenPSD2 of the Berlin Group emerged as a European quasi-standard, adopted by about 75% of European banks. On the other hand, the UK mandated their nine largest banks to define a common standard and build their APIs accordingly. Having an API enforced by the regulator allows the UK to spearhead open-banking activities in Europe.
United States and Canada
Open banking is an industry-driven initiative. In North America, the Financial Data Exchange (FDX) — a non-profit industry standards body — was founded to develop a consistent open-banking framework and intercept emerging inconsistencies. While there’s no binding political decision in place, political activity aimed at establishing a regulation is on the increase.
New Payments Platform (NPP), an open-access infrastructure for fast payments, was launched in February 2018. They chose a regulatory approach, with the first phase of its Consumer Data Right act (CDR) going live in 2020. In contrast to PSD2, CDR is a data-policy initiative, which allows consumers to share their data with authorized third parties. Also, it aims to be applicable to non-financial industries in the long run. Similarly, South Korea’s MyData initiative from 2019, focuses on sharing client data across industries.
The Unified Payments Interface (which evolved into the so-called, “India Stack”) was introduced in 2016, while the Hong Kong Monetary Authority (HKMA) published its open API framework for the Hong Kong banking sector in July 2018.
The Mexican central bank published its fintech law in March 2018. It requires electronic money institutions, fintech startups and crowdfunding institutions to apply for a license from the National Banking and Securities Commission.
In early 2019, Brazil began a four-phase initiative to ensure the entire, individual financial footprint is available with consumer consent.
Open banking has the potential to simplify today’s credit-card payment process, as shown in figure 1 below. At the checkout (online and offline), the client’s card details are sent to a processing company for authorization. The company forwards the request to the respective card network, which ensures the client has enough funds at the card-issuing bank. Depending on security protocol, the client is asked for further authentication, like 3D Secure 2.
Once the payment is authorized, the issuer sends money to the processor who completes the payout to the merchant’s account during end-of-day batch processing. At the end of the month, the issuer sends the card bill to the client.
PSD2 introduces regulated third-party providers (TPP), which can be either payment initiation service providers (PISP) or account information service providers (AISP).
So, if the shop is registered as PISP, it only needs to collect the client’s account number and send a payment request to the client’s bank. Once the client approves the request on their phone, the money is transferred directly to the merchant’s account.
Registering a PISP and integrating APIs for each bank is unfeasible for merchants, in general. Most businesses will rely on TPPs which provide the bank connectivity. With open banking, TPPs replace the payment processors and bypass the card companies. See figure 2 for a conceptual overview.
Additional use cases
With process digitization, cloud computing, data analytics and AI penetrating the banking sector still further, APIs will become the backbone of the entire banking infrastructure. Once available, they can be made accessible to TPPs and enable use cases beyond the regulatory base cases of single payment authorization and account overview. For instance:
Combining payments and customer identification
Online pharmacies or tobacco stores need to identify their customers before shipping products, whereas banks must gather and verify customer-identifying data during their onboarding process. Therefore, providing an API for payments coupled with customer identifying services (e.g., confirmation of the client's age) would streamline the checkout process. Compliance is assured with a single API call
Automated solvency check
Open banking enables real-estate portals to streamline their matching process. Once potential tenants approve access to their financial data, proving solvency is just a single API call away
Automated advisory and investment
Open Banking APIs allow the creation of saving and investment apps like, Moneybox and Plum in the UK. They create an up-to-date overview of the client’s assets, and combine this with automated savings and investment schemes
While SFTP interfaces or CSV exports allow for a certain degree of automation, matching payments with open orders in the ERP system still involves manual intervention. With TPPs combining open-banking account information with ERP interfaces and matching algorithms, this process can be fully automated
Open banking adoption
While market penetration of open-banking services is still in its infancy, statistics for Europe show strong market growth. The number of registered third-party providers shown in figure 3, shows a fivefold increase over the last 3 years. The data also show the strong ecosystem in the UK, as 40% of all TPPs registered by the end of 2021 originated from the UK.
API-based payments in the UK (figure 4) increased more than tenfold between February 2021 and February 2022, with a total of 31.6 million payments executed over this period. Comparing these numbers with the 35.6 billion payments of all kinds done in 2021, gives an indication of the potential for further adoption in the market.
Regulatory initiatives provide a level playing field for open banking, lower market-entry barriers and greater competition. We’ll see enterprises further streamlining their financial processes by fully digitizing payments and account overviews. They’ll achieve this either by connecting directly to their banks or leveraging the services of TPPs and finding ways to offer existing services more efficiently.
While the number of TPPs continues to rise, established players will also try to gain a foothold in the new market. Recent acquisitions by Visa and Mastercard are two of the more prominent examples. Visa bought the Swedish fintech, Tink, connecting more than 3,400 European banks, while Mastercard took over Denmark’s Aiia, connecting more than 300 banks. These investments secured both investors a piece of the open-banking pie, which challenges their business models.
Banks, on the other hand, must move away from a purely vertical sales model, where banking products are sold via their own sales channels. Instead, their products will compete directly on national or international platforms. Here, the key to success is establishing new business models and partnerships based on user-centric banking processes. Simply fulfilling regulatory base cases will not be sufficient for banks to benefit from a growing market.
Increasingly, the future of banking will rely on open finance and open data, where the customer holds the data and dictates how it can be used.
Ongoing activities, ranging from B2B solutions to new banking solutions, provide a foundation for mass adoption of open banking. According to a study from Juniper Research, the global value of open banking payments will rise from $4 billion in 2021 to $116 billion by 2026 — Europe leading the way with a massive 75% share. This goes hand-in-hand with customers better understanding the benefits they get from sharing data which increases trust in, and acceptance of, open banking.
For banks, the pressure to provide open-banking APIs beyond regulatory requirements will increase. They’ll have to be attractive to customers, to whom they can sell high-value financial services. However, it will allow them to offer their products more efficiently to more customers, too.
From a financial institution standpoint, open banking is the continuation of a successful client-centric digital transformation. Done properly, advanced digital banking services can be provided by enhancing and exposing existing APIs to the public. It also enables banks to partner with TPPs and push their new services onto new consumer platforms.
In short, open banking should increase competition and innovation, ushering in a wealth of new products that can help customers manage their money better. Which means banks must actively shape their digital offering and create new partnerships, while placing client needs and digital habits at the center of their activities.
If you’d like to find out more about open banking visit luxoft.com/banking, or contact us and one of our banking experts will be pleased to discuss the adoption of open banking and what it means for your financial institution.
Director, Technology and Strategy Advisory, Luxoft
Originally a numerical physicist, Martin has been working in the insurance, automotive and banking industries for over 20 years. Having a proven track record as enterprise architect, head of IT architecture and interim CIO, he enjoys working
hands-on with new technology and optimizing business processes.