Open banking is a double-edged sword for established financial institutions (FIs). Banks are required under PSD2 to develop API portals that provide their customers’ data to interested third parties, thus enabling such entities to build and offer competing products and services.
Collaborating with FinTechs means FIs can create innovative tools and consumer-facing features, but it also throws the established banking world into flux. The ways banks approach these relationships and develop new products is rapidly changing as PSD2 solidifies its grip in the EU, according to Markos Zachariadis, associate professor of management and information systems at Warwick Business School.
“The big question is how banks will be using technologies like APIs to create ecosystems and profitable business models that will benefit them in the long term,” he explained. “They are [already] being challenged by a lot of the FinTechs and the larger technology companies.”
Zachariadis predicts banks may need to adopt revenue models like those of technology companies in the future, generating earnings by providing access and taking more advantage of their users’ data. In a recent interview with PYMNTS, he explained why FIs must change their operating procedures to remain competitive with FinTechs.
Open Banking and the Customer Service Shift
PSD2 and open banking have led to something of a paradigm shift for banks, shedding light on an emerging and crucial problem: The legacy FIs that must share data can no longer trust that consumers will access bank products through their own branded offerings.
“Banks feel threatened that they’re going to lose the customer experience layer, which may gradually move to the third parties,” Zachariadis noted. “The third parties will [then] have a lot of the information that we hold [and give] to the end customers. This could be fundamentally a huge shift in how a bank makes money if they are to compete with newer firms.”
Banks still currently receive the bulk of such data, however, which puts them in a good position to start experimenting with new revenue models that are more similar to those of technology companies. These firms will then make money by competing on information and user experience rather than through pricing and interest rates, he added.
Institutions with the necessary infrastructure and license to hold the cash and value being transmitted are still required, of course, and Zachariadis believes that role will still likely be held by traditional banks — despite the opportunities open banking affords third-party providers or FinTechs looking to expand in the greater financial ecosystem. Traditional FIs are also likely to continue to be responsible for liability as open banking expands its reach, he said, an approach similar currently used in the card business.
SCA and the Future of Banking
Open banking’s growth is also creating fresh opportunities for cybercriminals to target FIs and their end customers. That means banks are still tasked with keeping fraudsters out of the ecosystem.
“That’s one of the biggest discussions right now in open banking — the security and liability issue,” Zachariadis said. “The regulation is currently geared [so] that the banks will pay for it [if a breach occurs with a third-party provider or FinTech]. The bank is kind of responsible even though the FinTech was the one who was hacked, then the bank will need to seek payback.”
Modern banks still have the large balance sheets, after all, and are thus more capable of taking that risk than their less-established counterparts.
“The question [here] is [always whether] the FinTech will have the balance sheet and the cash to pay everybody back,” he added, “and what kind of assurances can they provide to customers, i.e. having insurance, etc.”
This liability discussion is continuing as banks and FinTechs brace for strong customer authentication (SCA), which is set to take effect in September 2019, although postponing the deadline further is also a possibility. SCA will create new customer authentication rules aimed at keeping fraudsters at bay, but it also might add friction to customers’ experiences.
“Some people have raised concerns about the customer experience [with SCA], that it might be a bit too much to think that [they will be required to] authenticate [themselves] every time [they engage in a transaction],” Zachariadis explained. “I don’t know if that’s going to be problematic in the future or not. It’s a trade-off [of more steps for more security] but steps can be integrated better in the future using newer technologies to make it more seamless.”
Whatever the result of SCA, banks will need to keep close tabs on the evolving open banking ecosystem to ensure that their customer experience continues to be relevant. APIs are likely to become larger parts of future banking models, but whether FIs will keep their traditional customer relationships or become simple API custodians remains to be seen.