Application Programming Interfaces (APIs) – long utilized within closely restricted environments by the financial services industry – provide a set of standardized procedures for data and applications to securely communicate in a seamless manner. The investment management industry embraced APIs early on as a methodology to import critical third-party data on fund performance. Leading digital innovators have also employed APIs as a way to build-out their user and developer ecosystems. Google, Facebook, and Uber have all published and promoted the use of their APIs in order to become central players in the digital and data-sharing economy.
Against this backdrop, the financial services industry has growing global enthusiasm for a broader use of APIs. Regulators, large digital players, FinTechs, and banks are all now championing APIs to address various industry ailments. Consider the common, but highly problematic, use of “screen-scraping” for account aggregation in the U.S. APIs offer a much safer and more efficient way for banks and FinTechs to share account data and enable innovation. This is merely the first of many potential applications of APIs in the U.S. In Europe, APIs support the concept of open banking. Increasingly broad access to customers’ banking and payments data, allowing the movement of both money and account relationships, is defining a new standard of open banking. How might open banking be relevant in the U.S.?
Where Did Open Banking Come From?
Open banking emerged from public policy debates in Europe. Two 2016 regulatory mandates fueled of the concept, the U.K.’s Competition and Market Authority (CMA) remedies and the EU’s Payments Systems Directive (PSD2):
- The CMA mandated a broad set of data access and sharing requirements to promote competition in the U.K. retail banking market. The CMA regulatory initiative was built on the theory that fuller and more efficient sharing of banking data, through leveraging APIs, will promote greater transparency in product design, usage, and pricing, and ultimately spur increased competition to benefit consumers.
- PSD2 applies to all payment accounts across the EU, requiring banks to allow access to consumer data for authorized third parties and enable the initiation of payments by authorized third parties. PSD2 mandated access and payments facilitation in a way that historically had been the domain of banks alone.
The goals of the U.K. CMA and EU PSD2 regulatory initiatives are similar. Both efforts fundamentally aim to reduce industry costs and increase competition via open banking, for the benefit of consumers.
Imagine a world in which lenders use API-sourced personal information to better control, manage, and price risk through greater insights into the actual behaviors of a specific customer.
Australia, Canada, and Singapore are now all considering mandates for API-enabled bank account access and data sharing. As in the U.K. and EU, the increasingly global public policy debate regarding open banking brings ups the free market advancement of new technological capabilities, arguments for enhancing stability and efficiency of the financial system, consumer interest in low-cost and seamless access to data-driven banking services, and the consumer desire for control of their data and data privacy.
An API-Based Scenario for the U.S.?
The open banking policy debate has yet to come center stage in the U.S., and our embrace of API-based solutions lags behind many other developed economies. Moreover, and perhaps arcanely, the U.S. debate seems stuck at the yet-to-be resolved issue of migrating account aggregators from screen scraping-based to more secure and efficient API-based data-sharing methodologies. Eager to reduce both the risks and operating costs of screen-scraping, the largest U.S. banks are promoting API-based account aggregation solutions. The incumbent account aggregators would prefer maintaining their traditional, but problematic, screen-scraping approach.
There’s no escaping the twin pressures of consumer desire for secure, low-cost, frictionless service and the relentless advance of enabling technology.
How rapidly could the U.S. move toward broader API-enabled open banking? First and foremost, the U.S. banking market is considerably more competitive than the European markets. The U.S. market is larger, more consistently innovative, has ongoing, robust FinTech activity, and evidences strong price competition. As a result, lacking the regulatory impetus seen in Europe, U.S. banks have taken a much more deliberate approach to the broader strategic concept.
The costs of transitioning to fully API-enabled technology platforms are yet to be fully understood. The long-run competitive impacts of open banking are still to be vetted and debated. But there’s no escaping the twin pressures of consumer desire for secure, low-cost, frictionless service and the relentless advance of enabling technology. In the long-run open banking, coupled with the uptake of real-time payments, feels inevitable and potentially fundamentally transformative. In the most chilling scenario, however, it could be the start of a disconnected banking infrastructure, with retail banks as we know them becoming “dumb balance sheets” and “dumb pipes,” while value is created by the players that own the last mile of connectivity with the customer. In a more optimistic vision, open banking could enable new levels of scale and price competitiveness for leading players. But the U.S. banking industry API-enabled open banking course has yet to be charted.
How APIs Could Reshape Banking Products and Services?
The open banking concept does not directly create any new products or services. Mandating API-enablement of retail banking does, however, make it much easier for new entrants to bring to market new products and services, and for incumbents to reconfigure their technology stacks and service offerings. Both moves could fundamentally change how banking and payment products work, as well as reduce the cost of delivery. Several products and service categories would be affected:
- Data Aggregation and Personal Financial Management Account aggregation often comes up first in discussions about the use of APIs. Budgeting and financial management tools can effectively answer many questions that face consumers, such as how to optimize the level of interest expense for consumer credit, or how to track spending habits. Aggregation platforms that truly add value for the customer could potentially remove the underlying banks from customer-facing activity.
- Payment Networks For the past 20 years, the payment network space has been dominated by the card networks. With the advent of e-commerce we have seen new entrants, such as PayPal, Klarna, and iDeal. While these new e-commerce entrants have become popular, face-to-face payments are more challenging. In Europe, we already see the growth of new, API-enabled, payment schemes, such as Swish, MobilePay, and Payconiq. If these new entrants can build merchant acceptance, overcome the two-factor authentication challenges, and build a low-friction consumer experience, they could become viable low-cost alternatives to the current card networks.
- Single-Site Payment Instruments Unlike the current payment schemes, PSD2 requires banks to allow authorized third parties to both have access to consumer data as well as enable the initiation of payments. Significantly, PSD2 allows merchants to build their own “single-site” payment instruments with custom solutions that connect directly to consumer bank accounts through APIs.
- Product Personalization Price comparison websites have grown in popularity for credit cards, loans, and mortgages. Open banking allows third parties to use actual consumer behavioral data to recommend and personalize products. Imagine a world in which lenders use API-sourced personal information to better control, manage, and price risk through greater insights into the actual behaviors of a specific customer, similar to how telematics are currently used for insurance.
- Privacy and Consent Management Access by third parties to customer data will elevate concerns regarding data security and privacy. Consumers will seek data privacy and consent management tools that offer control.
The potential benefits of open banking could be substantial: improved customer experience, more efficient data-sharing, lower bank operating expenses, and potential new revenue streams.
U.S. Open Banking Competitive Context
While European regulators sought to increase competition through open banking, the U.S. retail banking market is decidedly more competitive than the U.K. and EU markets. Increased transparency and pricing competition is inevitable in an increasingly digital financial services marketplace, and open banking would not necessarily increase the level of competitiveness across U.S. banks.
Other benefits, however, are potentially available to the U.S. market. The broad adoption of API-enabled product applications could allow more banks to participate in the scale economies of the industry’s largest players. Large banks could open up their product applications to other banks to “re-skin” and independently re-market those same services under a different brand. Consumers, large banks, and smaller competitors all would benefit. Such strategies are already emerging from large U.K. banks such as Barclays and Lloyds, to the benefit of the U.K. challenger banks and new entrants. All banks can potentially lever the innovative product development efforts of the industry leader, remarketing new capabilities under their own brands.
Where the industry does have an opportunity to take a differentiated position on open banking is in consumers’ data privacy and security requirements.
Where the industry does have an opportunity to take a differentiated position on open banking is in consumers’ data privacy and security requirements. Open banking without appropriate consumer controls and opt-in permissions runs the risk of a Wild West-style marketplace. The U.S. banking industry needs to balance the advancement of technological capabilities with consumers’ interests to ensure that data access supports agreed-upon benefits.
Developing Robust and Balanced Data Privacy and Security Policies
Europe has articulated a robust set of data privacy and security guidelines and regulations to usher in an era of open banking, but the current U.S. approach to data security and privacy is a fragmented patchwork of regulatory authorities and practices. This state is disturbing, considering the expected explosive growth of digital commerce.
Right now, the Equifax data security breach looms especially large. As of early October, no fewer than 10 separate bills had been introduced in the U.S. House and Senate dealing with credit reporting and consumer data privacy. Most of the proposed legislation amends the Fair Credit Reporting Act (the law under which the Federal Trade Commission is likely to assess penalties against Equifax). The legislative proposals have also sparked discussion about the potential need in the U.S. for European-style standards for consumer data privacy.
Seizing the Opportunity, Safeguarding the Future
A recent study of more than 6,000 U.S. bank consumers found that a full 77% who conduct digital activities on a regular basis are concerned about “the privacy of the information that is shared when they conduct digital activities (e.g., sending emails, Internet browsing, social network activities, shopping activities, purchases) either online or on a mobile device.” (note: A.T. Kearney Q4 2016 Banking and Payments Study (N=6,255)).
The good news is that APIs provide the means for consumers and banks to selectively share personal banking and consumer data with greater control and security than ever before. More specifically, APIs open the opportunity for banks to more actively partner with digital third parties and FinTechs that can provide the technology platforms banks need to meet rising consumer demands for greater speed, convenience, security, and privacy.
The research also strongly suggests that consumers do not trust the leading digital brands and FinTech companies with their personal data, even when the brands are established and familiar. For example, only 23% of consumers who regularly conduct digital activities and are comfortable sharing their personal information for some type of benefit said that they are comfortable entrusting personal data with their mobile carrier. Just 17% said same about Google. In contrast, 65% said they are comfortable sharing their personal data with their primary bank (Note: A.T. Kearney Q4 2016 Banking and Payments Study (N=4,364)).
U.S. banks have strategic opportunity to ensure consumer control in increasingly digitally open and data-sharing commerce environment. API-based solutions can provide great value to consumers. Banks can align with consumers by pushing for both regulatory approaches and product solutions that keep consumers at the center of data-sharing decision making. The U.S. banking industry can achieve a double win of capturing innovation benefits and safeguarding consumer interests.
Why not drive innovation while moving to protect consumers’ interest in the data-sharing world we all know is coming?