PDD#07: What is Open Banking?

Preface

The rapid advancement of digital technology has changed how consumers interact with financial services. The rise of smartphones, mobile apps, and online banking has created a demand for more convenient, seamless and personalized digital experiences. They seek solutions that provide real-time access to their financial information, easy account management, and personalized recommendations.

Regulatory bodies, such as the European Union's Payment Services Directive 2 (PSD2) and the United Kingdom's Open Banking Initiative, recognized the need for increased competition and security in the financial industry. These regulations mandated banks to open up their data to third-party providers (TPPs) through standardized APIs, fostering innovation and competition. And with that, the floodgates were opened.

This particular article does a deep dive into Open Banking, and will focus on breaking down:

• What is Open Banking
• Open Banking players
• Open Banking Information Flow

Disclaimer: The information provided in this article is for general informational purposes only and should not be considered as professional advice. The content is based on my knowledge and research, and I have endeavored to ensure its accuracy. However, please note that information can change over time, and I cannot guarantee the accuracy, completeness, or relevance of the content at all times. The views expressed in this article are solely my own and do not necessarily reflect the views of any organizations I am affiliated with.

What is Open Banking?

As we have read in the previous articles, the key blocker in any transaction is the TRUST between buyer and seller. When Banks got introduced as intermediary in the financial transactions, they lent their own trusted existence and brand to ensure people feel comfortable doing the transactions. In case of any dispute, banks put a clear dispute resolution and chargeback processes that have allowed Banks to be the central holder of trusted identity of people. So when you go to take a loan from the lender, they ask for bank statements from this trusted intermediary. If you give them copies instead of originals, they again ask for copies to be notarized from a trusted intermediary.

But you are essentially having to run to bank and at times notaries for sharing the information that is entirely your own. Most people have multiple bank accounts, so this means running around all those banks to just get the data which is your own to start with.

To avoid this friction, some lenders would make you sign an agreement, where you give them right to get copies of your statements and transactions. But then banks hate that, as it is an easy way to expose personal information and bank would have to take risk of assessing whether the agreement is legitimate and when should it expire.

What if, you could give a digital consent to this lender to go to the bank and get very specific list of information, and also tell when this consent expires? In this internet driven age, that could suddenly make things smooth and fast! And if we are making wishes, how about an ability to clearly see all these consents, and cancel or modify any of those on demand? If you like that wish, you would like how Open Banking makes that possible!

Open Banking pertains to opening up the access to your information that is held behind closed and guarded doors of these trusted entities. At its core, Open Banking is a concept that promotes secure data sharing between financial institutions and third-party providers through the use of Application Programming Interfaces (APIs). These APIs enable the seamless exchange of financial information, such as account details, transaction history, and more, while putting the user firmly in control of their data (read as awareness, tracking, ability to cancel or modify).

Open in Open Banking refers to the technology - open source tools and paradigms. There are various Open Banking standards globally (e.g. The Open Bank Project) that support the PSD2 directive, where developers have access to APIs, sandbox environments with mock-up data to sample, and documentation to aid development.

Banks and the Open Banking

Now hold on, this seems like a win-win-fear situation where it is a win for you and lender, as the loan application becomes much more smoother now. But why would banks give up that tight control on your data, which has kept them as key intermediary for anything monetary?

Many banks adopt Open Banking as a response to regulatory mandates like PSD2 in Europe or similar regulations in other regions. These regulations require banks to open up their APIs to authorized third-party providers, promoting competition and enhancing consumer choice. But Banks also recognize that embracing Open Banking can provide them a competitive edge. By offering APIs and collaborating with third-party developers, banks can deliver innovative products and services faster, meeting the evolving needs of their customers. This positions them favorably in the market.

Although the open banking movement is a global one, there are a few variations that can be categorized in 3 basic frameworks:?

1. Regulatory driven: where financial institutions have been forced to open up and provide access to their data to selected and authorized third party providers (TPPs). PSD2 in Europe and OBIE in UK are key examples.
2. Market driven: where market advanced by itself, access and connections were created by players like financial institutions and FinTechs. In the US for example, Plaid and Finicity built connectivity with almost every financial institution in the country (10,000+), and then became the main intermediary or gateway to thousands of apps, the likes of Venmo, PayPal, Coinbase, Experian, Robinhood etc.
3. Hybrid Geographies: Some countries have not introduced any formal or compulsory Open Banking policies, but either had individual measures aimed at promoting and accelerating the sharing of data or laying out some broad guidelines. This approach leapfrogs the API adoption and ensures there is a consistency when players move from vertical silos and legacy infrastructure to an open ecosystem.

Here is a view shared by Panagiotis Kriaris of how these three approaches have played across the globe:

Open Banking Players

In an Open Banking flow, there are typically three main players or parties involved:

1. User or Account Holder: This is the individual or business entity that owns the financial accounts (e.g., bank accounts, credit cards) and whose data is being accessed or utilized within the Open Banking ecosystem. Users have the authority to grant or revoke access (i.e. consent) to their financial data and services.
2. Third-Party Providers (TPPs): TPPs are external entities that interact with the user's financial data and services with their consent. There are two main types of TPPs:A) AISPs (Account Information Service Providers): These providers focus on accessing and aggregating account information, allowing users to view their financial data in one place and offering services like budgeting and financial analysis. Think of this as a Read only access.B) PISPs (Payment Initiation Service Providers): These providers specialize in initiating payment transactions on behalf of users, facilitating direct payments from the user's bank accounts. As you can expect, this is where things can get risky, so not all nations allow it yet.
3. Financial Institutions (Banks and Credit Unions): Financial institutions, such as banks and credit unions, hold and manage the user's financial accounts. They play a crucial role in the Open Banking flow by securely providing access to the user's financial data and, in the case of PISPs, facilitating payments.

It's important to note that even within regions where PISPs are allowed, the specific regulatory requirements and licensing processes can vary. PISPs typically need to obtain specific licenses and comply with security and operational standards to operate legally.

Open Banking Information Flow

Open Banking-based flow is essentially a structured process that allows users to securely authorize third-party providers (TPPs) to access their bank accounts, while data privacy and security is handled by the TPPs. Here's a comprehensive overview of the flow:

1. User Consent: The process begins with the user's consent. When a user wants to use a third-party application or service that requires access to their financial information, they initiate the process by providing consent. This may involve selecting their bank and granting permission within the application.
2. Authentication: After consent is given, the TPP initiates the authentication process. This typically involves the user's bank verifying the user's identity using secure authentication methods, such as username and password, multi-factor authentication (MFA), or biometrics. This step ensures that only authorized individuals can access the data.
3. Authorization: Once the user is authenticated, the bank prompts the user to authorize the TPP to access their account information. This authorization step is crucial, as it specifies the scope of data that can be accessed and the duration of access.

I have taken Mastercard Open Banking flow to highlight these 3 steps in that journey:

And here is the full visual flow sample when users authorize the use of their account information (apologies for big view, but LinkedIn publishing platform doesn't allow in-line images??).

Once the link has been established, it is now possible to pull the information from the bank as well as use the information to process a payment sending the funds directly into bank. I am skipping the detailed flow of the payment running on Open Banking rails to keep article length short. But if there is an ask, I can cover it in a future standalone article.

Concluding Thoughts

As people have moved from buying newspapers (bundled articles) to individual article or news, from cable TVs (bundled channels) to individual channels and shows, the banking (bundled services of retail banking, lending, payment processing, portfolio management, invoicing etc.) has also split into individual startups within each service.

Open Banking represents a pivotal moment in the evolution of the financial industry, driven by the near zero distribution cost of the internet. People are already using open banking more than they think, see the 2022 study done by Mastercard on New Payments:

With the freedom to choose from a vast array of services, securely access their data, and enjoy a seamless, interconnected financial ecosystem, individuals and businesses are set to reap the benefits. But it also brings up lot of new problems needing new solutions, especially on the security front.

It is an exciting time for the world of payments, and from the looks of it, the landscape is only going to spread wider and also deeper into the customer flows (aka embedded payments).

That is a wrap up for now. Your comments, opinions, and corrections are all much welcomed. If you enjoyed this article and think others will too, give this article a like below and share it. Thanks!