Open Banking is the true digital revolution of the financial market. With Open Banking, people authorize their financial data to be shared with fintechs or other institutions participating in the ecosystem. Canada’s Advisory Committee on Open Banking recommends starting the implementation in 2023.
Open Banking works through open APIs, which is much more secure than the screen scraping process, currently being used by most fintechs to access client data in financial institutions, whereby clients are required to share passwords and credentials.
APIs are a technology through which computers exchange information in an organized way. In the context of Open Banking this is vital: imagine that you are trying to get a loan, but you are not happy with the conditions that Bank X offers you. So, you decide to quote with other financial institutions and fintechs. For this end, you can authorize these institutions to access your data held by Bank X. This communication between Bank X and the finance institutions and fintechs with which you have quoted will take place through Open Banking APIs.
It is a business opportunity for financial institutions to create innovative products and services, in addition to improving the client experience through personalized offers or collaborations and partnerships with companies and fintechs.
Moreover, consumers have many benefits. Among them, more transparency and new products and services. A common use case is applications for greater control over financial life, for example, by consolidating multiple information about the client held by different banks.
Check this article for details on how Open Banking works and the best framework for developing an Open Banking API.
- How and why was Open Banking created?
- Use of data in Open Banking
- Impact of Open Banking
- How does Open Banking work?
- OPUS Open Banking
How and why was Open Banking created?
The discussion on Open Banking started in the UK in mid-2016, when the Competition and Markets Authority (CMA) published the regulation that would lead to the implementation of Open Banking in 2018.
There are some reasons for creating this initiative, but the main ones are the need to increase competitiveness in the money market, providing more competitive initiatives and, as a result, more technological development and innovation, in addition to being an interesting regulatory pathway.
According to a survey carried out by the digital bank Zopa, there are currently around 4 million active users in UK Open Banking, who use this ecosystem to:
• 34% – Check all bank accounts in one place;
• 28% – Track savings and investments;
• 27% – Carry out transactions among bank accounts and savings accounts.
Use of data in Open Banking
Data usage alone is a sensitive topic and demands caution. When it comes to bank details, the matter requires even more attention. After all, financial data are the great protagonists of Open Banking. Therefore, discussions about data security, privacy and usage are very frequent. Countries that implemented this initiative have already gone through this debate.
One of the main examples is the European Union, which has a legislation called PSD2 (Revised Payment Services Directive). It determines that banks must share the client’s banking information with two types of companies: AISP (account information service providers) and PISP (payment initiation service providers).
AISP companies have access to financial information and use it to analyze expenditure control, credit, and informational services. PISPs initiate payments through transfers on behalf of the user.
In European PSD2 legislation, both types of companies require client consent and access information through APIs. For this to work, banking legislation requires banks to standardize their data access protocols to make the work of third parties easier.
The Advisory Committee on Open Banking recommends that the scope of data included in Open Banking be comprehensive enough to enable access to a wide range of useful, competitive and consumer-friendly financial services. At first, the committee says the scope should be limited to “read access” activities that would allow service providers to receive data from a financial institution but not write it, so that implementation is more agile.
The initial phase should include data made available to clients through online banking applications. An expanded scope that allows this data to be edited should be included in the next phases.
For data protection, the following elements should be considered in Canada Open Banking:
• Data security: authentication, authorization, confidentiality, availability, integrity, and non-repudiation, as well as associated control measures, including encryption, audit trail, etc.
• Operational and systemic risk: IT security infrastructure, API security and standard techniques, as well as incident prevention, response and monitoring measures, penetration testing, and recovery.
Implementation of Canada Open Banking
Open Banking Digital transformation is something that´s been in the radar for quite some time. Covid-19, though, changed it from being a strategic differential to be a strong necessity for companies and consumers. Open Banking is in the middle of this scenario of innovation as a must have. Countries like the United Kingdom, Australia, United States, Mexico and Brazil all have their own projects.
Canada´s Open Banking project will have to establish and define its own model of operation, and, if the reference of other geographies is to be followed, it will probably be a collaborative way between government and industry. The industry takes on the role of managing the implementation and administration of the Open Banking system, and the government must set clear policies objectives, bring together stakeholders, and establish legal framework and timeline.
Moreover, the Advisory Committee on Open Banking recommends the appointment of an Open Banking “lead” who will be responsible for bringing together the interest of banks, industry and consumers to design the Canada Open Banking.
The committee’s plan is to divide the implementation into two phases. The first one would be managed by this lead, who would have 18 months to complete this phase. To proceed with phase 2, a formal and fit-for-purpose governance entity should be created to oversee the on-going administration of an Open Banking system.
Source: Final Report – Advisory Committee on Open Banking
The objective is that the participation of banks regulated by the federal government is mandatory. Financial institutions regulated by the provinces, such as credit unions, are allowed to join voluntarily. The others interested in joining Open Banking must comply with the defined accreditation criteria.
The Department of Finance must review these recommendations so that final decisions are made.
Impact of Open Banking
When we think about the impacts of this novelty on our daily lives, we can analyze them from three different perspectives:
– Client: beginning with the obvious, clients will be able to compare rates and services more easily in order to make better choices, better control their financial lives through apps that combine info from several bank accounts, get better credit deals, receive personalized service, and control how their financial information is used. However, it is important to know that these are only the initial impacts, as it´s hard to imagine what´s the total extent of innovation that can come from Open Banking.
– Business: as access to client data will increase substantially, institutions will act more strategically, identifying their clients’ needs in a more decisive way, and turning opportunities into profitable businesses.
– Technology: the role of technology starts with the implementation of Open Banking, in particular the development and management of Open Banking APIs, to ensure that requests are secure and data is protected. But more than that: technology is also key to the development of the multiple applications that will be created to seize the opportunity brought by this innovation.
A survey by Accenture has pointed out two possible models of Open Banking monetization based on the API economy, through which companies make APIs profitable and capable of creating value.
1) Companies can “expose their own services and data through APIs” for partners to use that information and build new offerings.
2) Companies can “use APIs to access third-party data and services” so they can add new offerings to the portfolio more quickly.
The survey also points out that those that do not build business models based on Open Banking risk falling behind due to the transformative potential of this initiative.
How does Open Banking work?
In everyday life, when searching for an address on Google Maps, there is the option of requesting a transportation service, which is provided by another company. The integration between this transportation provider and Google happens through several APIs.
Similarly, users will be able to access bank services “on the go”. A typical use case could be someone shopping online and, at checkout, being able to make the payment directly out of the shopper´s bank account, without the need of intermediaries (.e.g credit cards). Open Banking APIs will be used to exchange data between the online retailer and the bank, and access will be granted by the shopper (who owns the bank account) using the same credentials already used to access the other online banking channels.
Obviously, there are a few issues to consider for scenarios like the above. Surely an API needs to be:
- secure;
- standardized;
- scalable;
- simple;
- modern;
- sustainable.
From a technical point of view of the operation and framework of these Open Banking APIs, three items stand out:
1. Standardization and security
An API must be built in accordance with the security and standardization rules and guidelines defined by the government and industry, so that communication between institutions is agile and secure, in order to protect users, create a reliable ecosystem and quick adoption.
2. Reciprocity
Due to the principle of reciprocity, it is only possible to access data from other participants if you also share your data with the other participants. So, participants need to deploy not only mechanisms to seek data, but they also need to implement ways to share their own data, to be accessed by the other participants.
3. Microservices
The range of financial services available on the market every day is massive, but they are subject to very different demands. For example, many people use some services all the time; others are used sporadically, in lesser volume, but remain essential for institutions.
Therefore, it is common for banks and financial institutions to develop APIs based on technological standards compatible with the dynamism of that demand, such as microservices architecture. In short, this approach replaces monolithic systems, as it decentralizes a single block of services to “micro” units.
The resilience characteristics associated with the possibility of automation is an ideal solution to meet the requirements for uninterrupted availability imposed by regulation. Ideally, the solution is built to support growing demand, dynamically allocating the computing resources (and their corresponding costs) needed to meet the demands.
Moreover, the trend is for services to become even more categorized with Open Banking, as new business models and applications can emerge, and it is common – and even more advantageous – for the APIs to be independent, making it easier to update, maintain and scale them, while avoiding delays, slowdown, and change in response time, to comply with regulatory requirements.
In this manner, the services offered can be structured to operate independently, making it easier to update, maintain or adjust scalability, while avoiding unnecessary delays, slowdown, and outages.
The other benefits of microservices are:
- Easy to update;
- Better resource allocation;
- Attention to specific and strategic services;
- Service scalability;
- Modularization;
- Failure impact reduction;
- Loose coupling;
- Autonomy;
- Faster updates.
API Gateway
In theory, an API takes a request, processes it, and sends a response. An API gateway is part of the application management system that mediates between a client and a collection of backend services, acting as a gate that intercepts all incoming requests and sends them to the correct system.
An Open Banking API gateway allows the system to better handle requests, so they can go to the proper places, respond and monitor, as this is a way to decouple the client interface from the backend implementation.
Gateway functions may vary depending on the implementation, but the most common are authentication, routing, rate limiting, billing, monitoring, analytics, policies, alerts, and security.
OPUS Open Banking. Be ready to start your journey into the new financial market ecosystem.
OOB is a software middleware for Financial Institutions, Payment Institutions and other participants to Open Banking environments, allowing them to join the open ecosystem in a fast and secure way. To talk to our experts, click here.