When it comes to open banking, there’s a clear choice in place: by fiat, which includes formal processes, or by evolution, which would imply letting the market dictate what happens.
In Europe, of course, PSD2 looms large and soon, and financial institutions have been handed a roadmap for implementation of data sharing. Here in the United States, the road is less clearly defined.
Firms such as Citigroup have announced API hubs that will let third-party developers access consumer data to develop a range of services built around everything from P2P payments to a wide swath of functions tied to account management — from bill pay to money transfers.
Along with such initiatives come the inevitable questions: Who owns the data and the responsibility for that data’s access? And how should the financial services industry manage — and, yes, even embrace and help shape — a wholesale disruption?
In an interview with PYMNTS’ Karen Webster, Clayton Weir, co-founder and chief strategy officer of FI.SPAN, revealed the promise and the peril of open banking. Until now, he said, “there’s been this period of euphoria, where anything is possible and APIs are a magic wand and the future is now.”
However, the reality is proving a bit more sobering, as banks and other FIs are starting to find challenges upon actually working with APIs. Some are technical in nature, some are reconciling problems for existing business models or even confounding go-to market strategies, as in how to work with and scale to consumer needs and desires that demand, on an increasing level, flexibility and speed.
Portability is important to consumers when it comes to their data, Weir told Webster, and being able to meet expectations means that banks must think about enlisting the help of FinTech firms.
Such urgency becomes apparent with a tradeoff that seems to be taking shape in Europe. “There’s the potential cocktail where screen scraping and direct access goes away before the PSD2-driven APIs from the banks become as widely adopted as the methods they are replacing,” Weir said. As Webster surmised, it is one thing when a service is not available in the first place, but it is another thing entirely when it is taken away.
Thus, open banking can take a cue from the Uber experience, as described by Weir, where that firm operated in what Weir termed “a gray area” at first, was shut down in some cities and then when people got accustomed to the service, they “happily lobbied for Uber to make sure they could use it in the future.”
The banking experience, said Weir, is a bifurcated one, where, on the retail side, there are 30-second online sign-up processes for mobile accounts — quick and easy for individuals. But for the mid-sized business doing $100 million in sales, there are 50 pages of an application to wade through to gain access and to open a bank account. As he wryly noted, “the digital transformation of business banking” for business onboarding purposes has seemingly been limited to adopting PDF forms.
Regardless of end user, said Weir, as an individual bank, “choosing who can consume [what data] and what you expose via API and under what conditions” are important decisions, and those decisions will probably remain within the banks’ purview for the foreseeable future. Banks, he said, will be asked to authenticate and validate the use of APIs by third parties.
That level of trust, and the sensitivity of data at the heart of that trust, exposes what Weir said is the “confusing” notion of open APIs. He said that the open API in the traditional sense has translated to a service like Stripe, where one can go on that company’s site, log-in, get a developer credential and documentation and start building an application. This is a “mass-market approach with minimal vetting,” Weir maintained, over who has credentials for these activities.
A bank would shy away from this with many APIs, but would instead want more granular knowledge of what is being done — and, if there is risk, via exposure to malware. Savvy FinTechs, he said, could capitalize on the opportunity presented here if they find avenues by which to “move the financial passport in a trusted way” and balance consumer and privacy concerns.
As for data ownership, Weir and Webster agreed that the consumer owns the data because it is tied to an individual’s account, but, as Weir pointed out, it is the bank that is the custodian of that data. The lines get blurred a bit, he said, and by allowing a third party to have access to that data, the bank is incurring a cost along with that access. It is reasonable to expect that the bank monetizes that relationship, perhaps in a way that can be likened to levying a toll.
There is no certainty of how this is going to play out, but there needs to be a “win-win” situation for all parties involved, from consumer to FI to third party to the API developer. The most immediate opportunities in open banking are there for the taking for smaller firms, alternative lenders and payments originators, he said. In lieu of the legislated model, said Weir, the financial industry can take a cue from NACHA and the API Standards Industry Group, wherein community is coalescing around data sharing, a multitude of use cases and a high degree of interoperability.
For the banks, “it is advantageous not to think so much about building your own APIs,” said Weir, but about learning from third parties without having the overhead of having to build those APIs, allowing for the benefits of “wider distribution.”