Why APIs, Privacy Are Key To Open Banking Innovation

Open banking developments were impacting customers’ interactions with their banks before the COVID-19 pandemic. Financial institutions (FIs) and regulators in Singapore, the E.U. and the U.S. have passed laws or implemented programs over the past two years to put more focus on digital banking and data security, fundamentally changing how online transactions work. Regulators may have shifted their focuses away from these initiatives and toward making sure their customers have the financial access they need to survive the pandemic, but the long-term goals of
these programs appear to have remained the same in most markets.

The EU’s PSD2 and GDPR regulations were passed in 2018 and designed with a primary focus on interoperability between open banking systems around the world. APAC lawmakers appear to be using them as a guide in creating their own regulations, including in Dubai and South Korea.

“Similar to the U.K. and Europe, where open banking and digital banking have gained traction, we are making progress in the region,” said Evans Munyuki, chief digital officer for Dubai FI Emirates NBD. “The presence and curation of FinTechs is growing … and we are leveraging the technologies offered by FinTech players to enhance customer experience. This is made possible by [embracing application programming interfaces,] allowing systems within the bank to talk to each other, and allowing systems from outside the bank to talk to systems in the bank
with ease, control and security.”

These systems enable FIs to generate greater insights into consumers’ banking and payment behaviors, Munyuki added, and that data can create more personalized or unique services to help them compete. This also makes data security critical, though, because banks must protect growing volumes of personal information.

PYMNTS recently spoke with Munyuki and Jinyoung Choi, IT and strategy department member on the Digital Finance Supervision Team for South Korea’s Financial Supervisory Service (FSS), to understand how open banking developments have progressed in both Dubai and South Korea, why data privacy has been essential to that progression and why a focus on security is key to crafting safer interactions with international banks and FinTechs.

Consumer Trust Drives Open Banking 

Open banking in the APAC has been following a step or two behind the EU’s initiatives. Both have similar approaches when creating digital banking platforms and determining what they should do, and they share perspectives on how customer data and privacy should be treated on these platforms. Consumer trust is crucial to open banking efforts, Munyuki said, especially as initiatives such as GDPR and PSD2 shift how customers feel about and interact with their banks.

“As GDPR aims to effectively manage data consent, banks are also in a position to build trust with customers as safe and secure data holders,” he explained. “This will significantly foster the relationship with customers … because banking as we used to know it will continue to become less visible and become more integrated into customers’ lives.”

APAC banks and regulators have always felt the need to safeguard consumers’ information from potential fraudsters. South Korea’s Financial Services Commission (FSC) has amended its Electronic Financial Transactions Act, first passed in 2007, every few years to keep up with changing data trends, for example.The act has been critical to managing digital security, Choi said, and such measures have picked up as open banking development continues in the country.

“The FSS understands that innovations often lead to heightened systemic, operational and cyber risks, as well,” he noted. “[It] is focusing on enhanced, risk-based oversight and supervision in order to ensure effective consumer protection and financial stability. We will also continue to fine-tune our rules and regulations to stay ahead of the [open banking] curve.”

South Korea launched its current open banking system on Dec. 18, 2019, Choi continued. This enables FIs to employ application programming interfaces (APIs) that allow FinTechs to join their platforms and share data, thereby giving consumers holistic views of their finances through one banking app. Approximately 50 FIs and FinTechs in the country now use API-driven platforms to create ease of use for around 12 million customers. Choi anticipates that open banking will significantly alter both behaviors and cybersecurity strategies over time as consumers now largely consider FIs as guardians of their personal data and money.

“We expect open banking to not only cover banks and FinTech firms, but also expand to securities companies and other nonbank service providers,” he said. “The expectation is that consumers will be able to utilize a single app to conduct financial transactions with ever-growing ease and convenience. FIs have long been the dominant players in the financial market. Under open banking, new players will likely come to the market with new services. This will likely mean new classes of IT risks.”

Dubai has also made efforts to update digital banking and know your customer (KYC) standards to create more security for customers. Its Department of Economic Development (DED) and the Dubai International Financial Centre (DIFC) have developed KYC platforms for instant digital bank account opening, for example, and its Telecommunications Regulatory Authority (TRA) has created a federal identity solution called UAE Pass, Munyuki said. This allows consumers to share or sign identity documents and grants participating FIs access to data and customer analytics to create more personalized, secure solutions.

“We are one of the early adopters of [UAE Pass] and are currently working on instant product fulfillment and account opening using UAE Pass,” he explained. “This capability will remain as a foundational capability for all digital transformation initiatives.”

Focusing on security means banks can establish a greater degree of trust from their customers, but this is just one perk. Enabling security also means more FIs can connect to API-supported platforms, adding more data that all entities can use to provide personalized products, greater transaction speeds and better banking services.

The Interoperability Dream 

Creating interconnectivity between foreign and domestic FIs is the core of open banking and one of the main reasons why markets are following Europe’s lead on data standards. It is easier to work with banks and FinTechs when data standards match, prompting other regions to use PSD2 and GDPR as guides when developing tools to transact with other companies or FIs.

“Customer expectations are continuing to grow,” Munyuki explained. “Although we are not mandated to follow certain international standards, and while we comply with local regulatory guidelines, we are also observing and taking best practices from around the world and applying them in our day-to-day work. For instance, our API infrastructure follows open banking standards, while our cybersecurity and data infrastructure follow GDPR practices.”

The APAC’s recent moves speak to FIs’ and regulators’ desires for global data privacy and digital banking standards. Banks face many challenges before they can create options that satisfy all parties, however. These standards would dictate how data moves and is secured, but FIs will first need to decide how data is being accessed and shared in their own markets before they can debate international processes. Consolidating their domestic approaches is the first step to realizing the open banking dream.