The U.K.’s governmental Open Banking initiative, which began rolling out in January, has been moving slowly, says the buzz at some fintech conferences. But consultant Christian Ball isn’t surprised.
“It’s opening up with a whimper, rather than a bang,” says Ball, who is head of retail banking at GFT Group, a +5,000-person international digital financial engineering firm. This comes as no shock to Ball because open banking, as implemented in the U.K., is not as simple as flipping a switch. The effective date was more of a beginning of a new era, not an overnight transformation.
Open Banking—Ball suggests capitalizing the phenomenon in the U.K. to distinguish it from the broader concept of open banking as applied elsewhere—began as a measure to return power over personal data to consumers and to inject further competition to the financial services marketplace, he explains.
Nine financial services organizations in the U.K. that provide “current account” service—we’d say checking accounts in the U.S.—agreed to the framework. (Officially referred to as “Account Servicing Payment Services Provider,” these banks are Barclays plc, Lloyds Banking Group plc, Santander, Danske, HSBC, RBS, Bank of Ireland, Nationwide, and AIBG. The data involved is that of both consumers as well as small and mid-sized business.)
The third parties that want to access customer data at the nine bank providers can’t just walk in the door and demand data, so to speak, even if they have customer permission. Open Banking is meant to be a secure process and they must obtain certification before they can begin to offer customers the opportunity to authorize them to obtain their data. The idea is that allowing a third party to do so will bring the customer some benefit, through data aggregation, a streamlined payment method, or otherwise. At present there are 18 certified third-party firms, according to an official U.K. Open Banking document, regulated by the U.K.’s Financial Conduct Authority or a European equivalent.
Ball points out that while it’s early days for the third parties and those yet to come, it likewise is for the organizations opening their systems to such parties via secure API (application programming interfaces). Right now, he explains, many of the banks and building societies are providing the standard regulatory approach to providing APIs. They are feeling their way and pondering various business cases for going beyond this level of complying with the law.
“So, in a sense, why would we expect rapidity?” says Ball. “It’s going to take a period of ramping up. Like all innovation, it takes time to start.”
At this stage, Ball continues, most organizations are in what he calls the “me-too” stage, getting systems to the point of smoothly permitting aggregation of data, via APIs rather than through the cruder method of “screen scraping.” At the same time, most organizations are also working on compliance with the European Union’s somewhat broader PSD2 law, as well as pending expansion of European data protection regulations, the General Data Protection Regulation.
What’s over the horizon
“All the banks are doing regulatory compliance,” at this point, says Ball. What he says he will find more interesting will be expansions on the basic Open Banking framework.
“At the highest levels, banks are debating whether they are banks or whether they are brands,” explains Ball.
Banks have a long-term choice in an Open Banking world, says Ball. He characterizes this as choosing to offer banking as a platform or banking as a service. To illustrate the difference, in banking as a platform, a bank is a shopkeeper, stocking its shelves with the offerings of multiple financial players, offering those wares to it customers. Banking as a service is the opposite—the bank’s services become an item that other financial companies stock on their shelves.
Ball explains that the options for sharing customer data, in the long-term, also require some decisions from the top of the banks. Granting basic free access to third parties is one choice. Monetizing access to data in some form is another. Building partnerships through bank-sponsored portals for independent developers is another.
Much interest, and some investment, has been seen in the third option, according to Ball. The portal concept represents a place where banks can open up to cooperating developers where new ideas can be experimented with for potential public release. Ball calls this a sort of “sandbox,” not in the sense of the special regulatory status offered to some pilot projects by the FCA, but a place to try things out “in an agile, dev ops focus.” (“Dev ops” is a term used to describe an agile working relationship between software developers and IT operations.)
The possibilities once banks begin to figure out their paths are broad, according to Ball, and the possibilities can go in both directions.
On the one hand, for example, there is Divido. This U.K.-headquartered firm offers instant retail financing through mobile, online, and in-store channels. The company says it is working with over 750 retailers, banks, and other partners, including Mastercard. Divido will license its technology to other organizations and allows partners access to its own merchant network, essentially driving relationships from the point of sale end.
He says that some banking leaders understand the decisions facing their organizations as Open Banking—and, in the U.S. and elsewhere, “open banking”—moves forward. Some aren’t quite on the same page.
“Some banks embrace innovation,” says Ball, “while other banks have a department called Innovation.”
But Ball says that while technologists are driving much of the thinking in this area, they don’t know everything, and it takes the business side of organizations to fully realize its potential.
In the end, as banks adapt to open banking, “they really have to understand what they want to be.” Ultimately, that decision has to be driven by more than customer experience, he adds. He says “they have to ask, what will differentiate us in the market?”