In brief
- The remarkable technical challenge of realizing open banking touches every layer of the architectural stack and a Financial Data Exchange (FDX) API and protect-the-core strategy is an essential requirement
- The greatest operational open banking change is in the automated acceleration of onboarding. Starling, Revolut, Monzo and other challenger banks have perfected minimizing the time it takes to open a basic bank account. That’s something the bigger banks are now starting to really address
- The average customer has several bank accounts, mortgages and investments, each with a different quality app. Consequently, they can’t make their overall financial picture form. What they need is a single source of truth — a super-app. The super-app would be a kind of app store within an app store, and the bank could build a network of partners to help realize each customer’s financial picture
A year or two ago, I decided to upsize our home, which meant applying for a new mortgage. After logging onto an online broker site, I gave them permission to access my bank account for a limited time. The broker asked the bank for the information they needed to advance my mortgage application, which my bank promptly provided.
That was it. I had just participated in open banking.
Overcoming skepticism
I felt as if I had to surrender sensitive data which initially went against the grain, but consent management is for a specific period only. The significant advantage was being able to expedite the credit application process, allowing my family to settle into our new home with greater ease and speed.
Open banking is a key regulatory initiative designed to open the marketplace to a broader range of financial services. The United States has seen very high open banking adoption and growth:
- Consumer authorization: Over 100 million U.S. consumers have authorized third-party access to their financial data (around 9 million in Canada). The total is set to grow substantially following the 1033 ruling
- Data access volume: In 2022, there were between 50 billion and 100 billion instances of third-party data access, indicating a mature and active open-data ecosystem
- Comparison: The United States dwarfs other jurisdictions, such as the UK and Brazil, in both absolute and per capita measures of open banking adoption (UK 10 million consumers and small businesses, Brazil 17+ million users).
Technical complexity
Open banking is a major business and technical change program. It shifts the role of a financial institution in the distribution of financial services to end customers and requires a technical change program that touches every layer of the architectural stack. An FDX API and protect-the-core strategy are basic requirements. To function safely and seamlessly, the transactional process demands massive security and impeccable technical standards, so those elements are tightly controlled and regulated.
To help make things run smoothly, DXC Luxoft and partners are working together to help clients address the changing regulations taking place in the marketplace. Banks want to be compliant, customers want a frictionless experience and regulators aim to foster competition and innovation, necessitating a significant enhancement of security measures.
New rules and regulations
The tightening of security started back in 2009 with the European Payment Services Directive (PSD) and 2018’s revised directive (PSD2).
Now, in line with section 1033 under the Dodd-Frank Act, the United States is following suit with the Consumer Financial Protection Act (CFPA). And although CFPA first saw light in 2010, U.S. financial institutions (FIs) have been given a comparatively short compliance window, post-final rule (expected 2024):
- Large FIs (>$500B): 6 months
- Medium FIs ($50–500B): 1 year
- Small FIs ($850M–$50B): 2.5 years
- Very Small FIs (<$850M): 4 years
However, when we surveyed our primary U.S. user group, core banking teams knew little about the prospect; in fact, few of them had any idea this was on the immediate horizon.
This is troubling, given that CFPA will have a wide-ranging impact on them and will have a profound impact on financial institutions (probably around an increased volume of transactions), significantly increasing the volume of information requests they must fulfill.
Brokering an agreement
Lending has emerged as the critical use case for open banking, bringing new insights to support the application and underwriting processes. The broader alternative lending landscape for third-party authorized data embraces these new sources of information.
The strongly broker-led UK market is serviced by 6,000 brokers compared to the United States’ 16,000 brokers. U.S. banks and brokers have developed a mutually beneficial market relationship (brokers represent new lending opportunities for banks). That said, working together can prove difficult for banks — brokers often step up price transparency and insist on a significant cut of the proceeds, restricting bank profits. It’s possible that brokers and lenders also exploit legal ambiguities to benefit from unaware or inexperienced borrowers.
Streamline the lending process
Open banking is driven by digital natives (including Gen Z, Gen X and millennials), largely around the purchase of cars and homes but expanding into other forms of financial services, too.
A prime example is in the car loan sector, where significant aggregators have emerged. Getting immediate approval (still standing in the dealership), instead of slogging through the traditional process makes an irrefutable case for open banking. It might not seem much to some but allowing data providers* and recipients** access to your financial data so they can secure credit for your impending purchase takes the lending/borrowing experience to a whole new level.
*Data provider: A financial institution (FI) that exposes customer data to data recipients (brokers). This is either in partnership with another FI or via an ecosystem where multiple participants can access the same data via a trust framework or ecosystem (e.g., market open banking, open finance, etc.).
**Data recipient: Third-parties — either brokers, fintechs or other FIs (unconnected with the data provider) — gain customer consent, register and connect with the data provider, consuming its data via APIs.
It pays to know who you’re dealing with
The greatest operational change is in the automated acceleration of onboarding. Starling, Revolut, Monzo and other challenger banks have perfected minimizing the time it takes to open a basic bank account. That’s something the bigger banks are now starting to really address. New customer origination is a central element of maintaining growth and profitability. And these new sources of information enable banks to build up deeper and more accurate customer personas, like:
Mortgage Mia (38)
- Owns a four-bedroom home in the Seattle suburbs. She’s South Korean and recently emigrated to the United States
- Married with three children. Mia met her American husband in the UK and moved to the country to raise a family
- Mia is the managing director of a property development company, earning $102,000 annually
- She has a BA (Hons) in sociology from the UK and has cleared her student debt
Mortgage Mia’s credentials
Mortgage Mia’s incentives
Now, the big play — the branded super-app
“With properties, currencies and bank accounts/savings in various locations, I struggle to get an overall view of my worth or make holistic financial decisions,” says Mia.
Although she has several bank accounts, mortgages and investments, each with a different app of differing quality, Mia can’t make her financial picture form. What she needs is a single source of truth — a super-app — provided by her preferred bank.
The Mortgage Mia persona is a phenomenal example of the power and potential of open banking changes. The super-app would be a kind of app store within an app store, and the bank could build a network of partners to bring Mia’s financial picture together. So, what would her super-app look like?
Mortgage Mia’s super-app
The super-app makes personal financial management much more convenient for customers. I'm not into stock trading, personally, but it would be a moment’s work to add the appropriate apps to my super-app. For example, my son’s investments are with Hargreaves Lansdown in the UK. He banks with Nationwide, and they could provide their own super-app where he can view his bank account and investments in a single location. It encourages him to make his money work harder: “I've got a bit more, so I'll just sweep that over into my Hargreaves Lansdown account,” sort of thing.
It's the same deal with the many other open banking personas, just different ambitions and goals (saving for the future and so on).
Make the most of volunteered information
The more comprehensive service you provide and the more super-app information you harvest, the greater the hyper-personalization you’ll be able to execute. That can prompt all sorts of decision-making models: Is a customer financially stressed out? Should they be doing more with their money? Is there a better savings account they could be sweeping into (yours, of course)?
Suddenly, you have many more eyeballs on customer affairs, enabling you to make strides in innovation and differentiation while keeping within regulatory boundaries.
It's a unique opportunity for early adopters to create engaging, relevant and mega-hyper-personalized products. So, you aggregate your customers’ financial services landscapes. And that confers immense power, generating rare loyalty in an “account-flipping” world (populated mainly by younger customers, easily led by ill-informed influencers — friends, family, YouTubers, etc.).
And at a time when complaints against U.S. banks are at a record high, something like this is the perfect means of changing perceptions. It takes care of customers’ financial careers from “So, granny's left you some money. What are you going to do with it?” to the final investment stretch.
Three core services for open banking
Speeding up the traditional mortgage process means you become the new alternative intermediary while creating the partner ecosystem.
DXC financial services open banking solutions
There are three core components to our open banking solution:
- Registry (ecosystem): Directory (to scale) manages multiple bilateral agreements, embracing the security model
- Data provider capabilities: FIs act as data providers to enable embedded finance as well as ensure regulatory compliance
- Data recipient capabilities: FIs act as data recipients, enabling innovative use cases, improving the customer experience and delivering a competitive advantage
When the three components join together it empowers customers, and financial instutions excel in open banking when they adopt both roles. This is part of our open banking secret sauce. DXC Luxoft helps build out the “secure authenticate” element, enabling the pre-authentication and integration of those providers with financial grade APIs around a trust ecosystem.
The trust ecosystem
The ecosystem is the central control point for scaling multiple accredited bilateral partnerships.
It provides a complete self-service model that allows consumers to discover all API offerings within the ecosystem. It also provides the permissions and security credentials to enable them to register and consume your APIs dynamically.
Open banking trust ecosystem
For added security, the trust framework supports the communication without participating in the actual data flows. Once the verifications and validations are performed, all API calls are effectively point-to-point, e.g., seamless between third parties and banks and secured within Financial-grade API (FAPI) standards. The FAPI standards, developed by the OpenID Foundation, provide a security framework for APIs, particularly in the financial industry. The framework also allows for new API services to be advertised and automatically connected. That work has been done upfront, enabling you to build out the ecosystem faster in line with existing standards.
Point to point connectivity (non-aggregator)
The way banks get information to create new products aligns with things like embedded finance. They offer the initial registration of the data providers and people asking for it, and an ecosystem manager allows everybody to connect. So, we have one bank trying to get information from another or a fintech getting it from somewhere else and so on. And the whole interconnecting operation becomes a new form of aggregation.
DXC Luxoft Ecosystem Manager enables secure point-to-point sharing:
- Acts as your central control point to monitor, manage and mandate accredited participants
- Ensures security standards are met to the highest FAPI requirements
- Provides the mechanism to verify, identify, authorize and authenticate all actors
- Direct relationship between participants for greater control over innovation and data security
Alternative models shift dependencies to an intermediary who controls the connections between participants:
- Introduces risks associated with third-party holding or transmitting data
- High (or unclear) future transaction fee cost model
- Data handling and processing sensitive customer information
- Constrains innovation as products and services are dependent on third-party roadmap and connectivity
A2A adoption by U.S. banks
In the United States, A2A (account-to-account) payments, which use APIs to enable consumers and businesses to pay each other directly through accounts without using payment cards, digital wallets or other stores of value, have been slow to catch on. One reason is that, in the absence of a regulatory framework, banks have been at a competitive disadvantage in staking out a strong presence in the payments marketplace. Also, Americans love their credit cards and the rewards that come with them, so dislodging the popularity of cards is perhaps the biggest challenge to the United States’ adoption of A2A.
Source: McKinsey: Adoption of A2A payments
Start small, go large
Here’s how DXC Luxoft and its partners are developing open banking in the Canadian market before porting the solution to the United States.
With better access to financial data, businesses can simplify payment processes and generate new revenue streams. Open banking payment transaction values will exceed $330 billion globally and the open banking solutions market will reach $57 billion by 2027.
API calls volume
The number of open banking API calls, which serve as the technological bridge that enables secure data sharing, is also expected to surge significantly in the coming years. Estimates are that these calls will increase to $580 billion in 2027, signaling the rapid expansion of open banking services and their integration into various financial ecosystems.
Targeting the open banking bullseye
Some open banking players have been around for ages. Now, big intermediaries like payment initiation service provider and aggregator Plaid might have to adjust their target operating model (TOM). Many banks are having to adopt that channel rather than open up the market and create their own aggregation capability.
It’s important to differentiate between the two transactional types, data providers and data recipients, when creating the new open banking TOM. Also, you need to determine whether it’s an upgrade/enhancement of an existing model or something entirely new.
Target operating model: Data providers serving data receivers
Time to be more open with customers and the regulator
As we’ve seen, when CFPA regulations go live, large financial institutions will have until mid-2025 to comply, which is no time at all. If you're slow to market, what are the implications? Will you get a regulatory fine and lose business because you failed to embrace CFPA?
Complying, being open (not just defending the bank’s position) and providing a super-app would amount to holistic customer service, a much broader and more attractive offering than basic account management.
Open banking benefits
Competitive differentiation
- Point-to-point, thereby providing a financial organization with complete control over customer journeys
- The key competitive global battleground has been focused on owning the customer journey and making their financial flows as seamless as possible with the appropriate positive security friction
- Extensible to diversify from the purely regulatory API capabilities into broader open-data-based ecosystems
Creating embedded finance opportunities
- Can embed services across fintechs and non-financials, accessing a more diverse client base (millennial/zillenial, etc.) than is possible in today’s vertical integrations
Value-chain and new distribution channels
- Major financial role in the value chain evolves from vertical integration to network organizations
- Scale beyond open banking and diversify into open-finance/data commercial monetized APIs. This is facilitated in point-to-point connectivity where they can be brought dynamically to market rather than waiting for an aggregator, thereby unlocking the agility that is inherent in the fintech community
Costs efficiencies
- Avoid the transaction fees model from aggregators for both the publishing and consuming of data
- Retain control of the customer’s data versus the aggregator having complete access and missing out on the revenue opportunities of making aggregators pay for access to all financial information
- Reduce the rent fees inherent in aggregator models and the risks of day-two increases given a captive-market audience
- Rationalization of independent bilateral agreements into a commoditized ecosystems approach
- Significant OPEX savings for major organizations and simplification of the external API architecture and security domain
The market ecosystem
While open banking poses a lot of opportunities, traditional banks may resist adopting open banking due to concerns over losing competitive advantage and control over customer data:
The CFPB regulations and Caspian’s solution will address some of the concerns listed to drive adoption.
Open banking challenges
- Varying standards: Not all third-party services reach benchmark performance, which can rupture business continuity. Delivering substandard data can lead to expensive operational modifications
- Integrating difficulties: Meshing third-party services and APIs can produce unexpected technical issues. These cases demand specialist knowledge and time to diagnose, impacting costs and operational deadlines
- Essential consistency: A lack of blanket standards disrupts how services converse. This can require human mediation to keep systems coherent and functioning well
- Compliance issues: Regulations expand as open banking expands. Remaining on point with regulatory developments can be extremely resource-hungry, needing a committed internal/external team to keep you compliant and avoid a stiff fine, sanctions or legal challenges
- The blame game: Working out who’s at fault for an error or complex security breach can prove difficult and time-consuming, especially when several teams are involved. Determining responsibility can hamper critical thinking, leading to lengthy stoppages or tasks left half-completed
- Undeclared charges: Service subscriptions, compliance and technical modifications can incur unexpected costs. Potentially, burgeoning expenses could wipe out any cost-savings you make
- Dependency risks: Outsourcing core financial functions means relinquishing partial control. Lowering third-party standards might require you to change service provider allegiance, which can be arduous, expensive and inefficient
- Market volatility: Like all developing offerings, open banking is prey to technological advances and fluctuating customer preferences. Uncertainty can adversely affect visionary planning
- Security weaknesses: Data protection and security protocol cracks can be manipulated by bad actors. The fallout from a severe breach might result in a substantial fine, reputational erosion, loss of customer trust, or legal ramifications
- Open banking is a niche skillset, with few in NA markets having direct experience. It’s critical to work with partners to de-risk the overall compliance and help embed organizational learning for the future digital roadmap
Use cases
Open banking is not simply a single product or service; it's an ecosystem. It allows the simultaneous implementation of several distinct financial services at the same time, the scope of which is continually developing. Here are a few potential open-banking services:
- Payment initiation: No need for the usual gateway; businesses make payments straight from the customer's bank account, accelerating resolution and lowering fees. Seeing the high adoption of “pay by bank” (open banking), HMRC (the UK tax agency) found there were no errors in reconciling payments for tax, as it was a more streamlined process without manual entry/human error for payment references, etc. Also, it provided fairer access to credit, enabling those with low or no credit scores to have a holistic picture of the management of their money
- Data gathering: Financial advisors and wealth managers can increase the accuracy and personalization of their advice by collecting information from multiple sources and creating a more holistic vision of client affairs
- Automated account monitoring: Firm employees benefit from an automated system for managing spending. It grades and monitors expenditure from several bank accounts, streamlining admin and reporting
- Real-time credit scoring: The availability of real-time data enables institutions to analyze credit more precisely, expediting loan approval
- Automated reconciliation: Open banking APIs enable firms to automatically reconcile invoices and transactions, cutting admin time and refining precision
- Multiple platforms: Enterprises active in many markets can amalgamate diverse bank accounts into one dashboard, easing the supervision of worldwide endeavors
- Personalization: Investigating transactional data enables retailers to tailor promotional campaigns to match individual purchasing behaviors
- Real-time fraud detection: On-the-spot analysis of transactional data pinpoints abnormal behavior faster, cutting the likelihood of loss or disruption
Benefits for banking clients
- Embedded finance: White-label core services through fintechs and non-financials to reach a more diverse client base (zillenials, etc.)
- Cross-sell and up-sell opportunities with access to a customer’s entire financial portfolio will provide greater insights and the ability to optimize their financial health through your organization’s products
- Reducing financial fraud
- Greater control over the sharing of their financial data
- Consolidation and access to multiple financial services providers
- Financial inclusion by improving access to financial services for underserved populations
Find out more
To learn more about how DXC Luxoft and partners can help you plan your CFPA compliance and make the most of open banking, visit our website or contact us.
Duncan Alexander
Duncan leads several existing and new core banking products and services within DXC Luxoft’s Global Banking Division. He has over three decades’ experience in the application of business technology to achieve strategic goals across multiple industries, including banking, insurance, retail, travel and logistics. Duncan has provided strategic advisory services and delivered mission-critical systems as a strategic partner to clients and held senior positions within several large enterprises. His main area of focus is the realization of business benefits for our clients from digital transformation.
