I recently commented how Open Banking (OB) will transform the way people move and use money.  I described it as a ‘catalyst for change’, facilitating the exposing of data, products and services to third parties and competitors, producing new business models, products and ways for firms to engage with their customers.

I applauded the new rules OB brings; introducing a safe environment for customers to consent to third-parties accessing their account information or make payments on their behalf. But I also added a note of caution, conceding that if the majority of mortgage sector players are yet to maximise the full potential of OB, how can they possibly prepare for the next step-up from this, Open Finance (OF)?

The Financial Conduct Authority is certainly keen to move forward with an Open initiative, having closed the first stage of its OF consultation paper deadline in March. The financial services sector views Open as a new platform for customer interaction – the conduit to a more connected world.

However in order to thrive in this connected world, lenders and sector stakeholders must roll-out new business models; something they’re unlikely to do until they fully understand the fundamentals and implications of OB and its successors.

The fundamentals

When banks/building societies started to offer digital services, such as internet banking and mobile apps, these were the first steps in moving banking activity and processes into customers’ hands. Before then, organising a bank transfer from anywhere, with a mobile device, would have been unimaginable.

Fast forward to today – those embracing OB are creating new digital business and ecosystems through partners and third-party providers (TPPs) using bank-provided Application Programming Interfaces (APIs). And when banks open up their APIs (even exclusively to partners), it increases business generation.

What are APIs?

Without an API, no Open initiative will succeed. It’s the digital glue that connects different systems, enabling businesses to: better connect with partner clients and the whole ecosystem, reach new channels, monetize data and services, provide customers with digital and omnichannel experiences, develop platforms for partners, boost innovation and create viable products that reach the market quickly, enhancing the customer experience.

It moves a business from single/multi-channel customer communications (company, branch, web and app based) to multi-experience ecosystems (IoT, virtual reality, third-party online portals/marketplaces). It also ensures firms meet security, performance, governance and access-control guidelines, protecting customer data and their technology.

Data ownership

In future, consumers will be able to access banking information in apps every day. For example, expense control applications will automatically synchronize with bank accounts, accessing credit card expenses and checking bank statements etc, creating a precise control tool, while suggesting useful services.

The OB model takes ownership of customer data away from banks and building societies. In this ‘new world’, customers are now the real owners of their data, and they’re empowered to choose, from within the financial services ecosystem, preferred service providers for specific tasks. In other words, they can connect with TPPs to save money for a holiday or split the bill in a restaurant.

In practice, this decentralised model aims to bring greater innovation; more players improve the quality of their services, developing new ways to deliver a richer customer experience. So instead of using different bank apps to control finances or make payments, customers can use digital wallets and other apps to manage their finances across different bank accounts. Everything in a single fully-integrated app, consolidating financial reports, bringing greater transparency to everyday banking.

Business modelling

In order to roll out the best model for OB, lenders need to:

Understand the API value – data consumption and regulation compliance alone will not create a competitive advantage. Understanding where the API adds value and how it aligns with strategic goals/objectives will.  Lenders with clear strategies will create stronger ecosystems that better utilise data, generating greater customer insight and new revenue streams.

Identify new partners – this initiative is not about competition, it’s about creating ecosystems with fintechs, other financial services providers and third-parties.

Recognise security – companies providing data via APIs will have to comply with security and access-management regulations, demonstrating a clear understanding about who’s consuming the data and where it’s flowing to. When exposing financial data and transactions, security mechanisms such as encryption technology for authentication and authorisation, are crucial. This equally applies to third-parties, particularly security around accessing and manipulating customer data. Those who fail to comply will have their TPP access revoked.

Open data advantages

User engagement

Which company doesn’t want to be remembered as one that makes the user’s life easier? A bank’s brand, that’s well known and widely supported, can increase its customer base further by enhancing its user experience.

For example, if a bank provides an easy payment process for everyday transactions, and it then integrates with a popular financial management app (cutting through red tape), many customers will be keen to open an account with that bank, favouring the provider’s convenience and automation advantages.

Monetise services

APIs open new revenue opportunities, and even better, there are several ways to charge for service consumption. Some companies create affiliate programs, while others charge partners for levels of access, for example, limiting the number of downloads per app per day and when this is exceeded, charging an additional rate or charging partners according to use.

Innovative positioning

Being a leader for technology and innovation is a privileged position, regardless of the sector. The main banks recognise this and already declare themselves as digital (although fintechs pose a strong challenge).

Launching different services from competitors will improve any firm’s position as an innovator, and by integrating as many applications as possible (or even better, the right applications for the right audience) a business can be assured of a long and prosperous innovation journey.

Prevent impersonators

Fintechs have changed how financial services innovate and the way most people use financial services. It’s inevitable these players will release a series of APIs; there are already several companies offering some services provided by banks, but in an improved and tailored way.

This industry grows daily, yet it is not niche, but a transformation of an existing sector. Banks need to change and APIs can help them. Today, some international banks, such as Credit Agricole, already compete in this financial and technological era, offering great digital solutions in a faster and more specialised way.

What can banks achieve?

By implementing APIs, it is possible to integrate, in an agile, secure and scalable way, between legacy systems, mobile applications, cloud services and partner ecosystems.

When combining these technologies, the potential for new business generation is huge. For example: devices can perform micro transactions with crypto currency (payments, investments, loans) autonomously and directly among themselves, using smart contracts and algorithms.

Imagine a world where banks are not only integrated with partners and applications through APIs, but they’re coping with a new digital disruption, changing and improving their services.

By following the lead of fintechs, banks can use existing infrastructures to continuously improve and be competitive, providing consumers with the best interaction experience.

Security

Security is a major concern for all financial services providers, particularly open data and transactions. However, the security guidelines adopted in models such as PSD2 in Europe are strict, ensuring the data of all account holders is safe and only accessed by themselves.

One of the biggest concerns prior to launching an OB project is understandably, the security of account holder data, and how to prevent the bank being hacked. If an API is well designed, developed and structured, and there are strict controls in place governing the API Management Full Cycle, these security issues will disappear.

To further ensure safety and security, API users can implement a multi-layer control covering people, processes and technologies, and define multiple controls for the same risk, such as two-factor authentication, network segmentation and multiple firewalls.

When designing, developing and providing payment services, companies must ensure the collection, routing, processing, storage, archiving and viewing of confidential payment information is appropriate, relevant and limited to the service.

Opportunities

OB can sound like a major threat, but how a financial organisation strategically positions itself, will determine its benefits. Examples include:

• Regulatory compliance – a business wishes to comply with the rules in the most limited manner possible, in order to allow TPPs to perform payment services and have access to basic product/service information and customers’ registration/transactional data. Essentially, it meets the regulatory requirements of the Central Bank.
• New experiences and leveraging products – a business opens it data, services and products to leverage revenues or generate new value. At this level, the API is used as a new channel to increase the distribution capacity of its products, supported by a revenue-generating business model.
• Expanding ecosystems – a business positions itself as a service platform, allowing other companies to build new solutions using their API-exposed financial services.

The regulation of OB in some countries is still under discussion, however achieving the ‘new experiences and leveraging products’ position is relatively easy to achieve (low-hanging fruit). Products/services already provided by traditional financial institutions can be quickly modernised for OB exposure. Alongside leveraging additional revenue, business can prepare for future regulation, pre-empting the creation of technological, legal and security frameworks, giving them a competitive advantage (and increasing their digital maturity).

Regulations

OB is not only about the possibilities created by PSD2, it’s a format that forces financial institutions to change the way they think. In order to design and implement effective mechanisms to comply with the regulation and create new business opportunities, institutions must use APIs.

Developing manual integration flows might work, but they will not deliver the necessary scalability, and more importantly, governance will be more complex.

API Governance automation improves the workflow management by ensuring every API contains standardised security and authentication mechanisms, the right level of masking/logging and data obfuscation, as well as the required level quality in its specification. Another important aspect supported by API Governance tools is the analysis of the real impact of APIs, providing usage information and its integration landscape (end-to-end integration of an API).

In addition, Sandbox environments allow users to test integrations before going live, mitigating the risk of publishing a flawed API. An API platform protects the data and company from mistakes that can cost, literally, millions.

Bank as a Platform (BaaP)

The traditional banking model is threatened by commoditization, disaggregation and disintermediation. With pressure coming from all sides (new regulation, technologies, competitors, expectations), banks and fintechs may opt for the BaaP strategy.

Companies offering a better experience than traditional financial services providers have the advantage, as the growth of digital banks demonstrates. After PSD2, TPPs will be able to access information and trigger payments from banks’ customers to perform their services (provided they have customer authorisation).

Banks can use their enviable resources (customer base, capital, brand, regulatory expertise) to meet these challenges and position themselves as financial services platforms. However, their complex legacy systems, longer innovation cycles and tighter regulations may pose problems.

Fintechs in contrast, have more agile innovation cycles, their solutions offer a different experience and they are masters of the necessary technology. But, they do not have a broad customer base, strong and reliable brands, capital and economies of scale, or the expertise to deal with complex regulations.

Banks that collaborate with fintechs can extend their capabilities and services, enhancing their offerings, expanding sources of revenue/customer engagement and adopting shorter cycles of experimentation and learning. Conversely, fintechs that collaborate with banks have access to a wide base of clients, plus the support of a consolidated brand and economies of scale.

Joint collaboration ensures: a superior portfolio of services and channels for a consistent customer base, a more effective use of data and monetisation and the creation of new products and business models, in a more open innovative environment.

Ahead of the curve

The mortgage sector must gear itself up now to meet the changing needs of the industry and consumers. By appreciating the value of data sharing, security and transparency, and personalising products and services, it’ll be ahead of the pack in this brave new world.

Founded in 2007, Sensedia is an Application Programming Interface (API) specialist with offices in Brazil, Peru and the UK. The firm recently inputted to the FCA’s Open Finance consultation paper.