The Leap to Open Banking: Technology-Led, Consumer-Directed Finance
August 10, 2021
What is Open Banking?
Open Banking, also known as Consumer-Directed Finance, promises to be the next frontier in banking. The concept revolves around secure sharing of customer data residing in any financial institution with external parties via APIs.
The goals of Open Banking are to create better financial transparency for customers, provide customers with more affordable and useful services, and to promote a more competitive and innovative financial ecosystem.
Open Banking will allow organizations offering banking services (Banks, Fintechs) to augment their offerings and customer engagement, and create new channels for digital revenue. It will bring the ability to see a customer’s full financial position, and consequently improve credit decisioning and NBO decisioning. A thorough understanding of customers will allow for better return on marketing campaigns and will spur innovation as financial institutions compete in a fairer, more transparent manner to meet the emerging needs of their customers.
For consumers, Open Banking will make it easier to compare accounts at different financial institutions and understand their complete financial position and activities. Also, consumers will be able to make better financial decisions, find better mortgage rates specific to their situation, and get access to alternative sources of financing. They will also be able to easily refinance their debt with other institutions and get faster credit decisioning.
Global Developments & Canada’s Foray into Open Banking
Open Banking is already operational in the UK under the Open Banking Standard. The European Union had passed the Revised Payment Services Directive (PSD2) in 2016, and it has now been implemented. Countries like Australia, Japan, and Brazil, too, have set up standards similar to the PSD2.
In the United States, Open Banking is an industry-driven initiative, and while there are no standards or regulations, the Treasury has issued recommendations on the subject.
The Government of Canada has created an Advisory Committee on Open Banking, which sees an urgency in moving forward on Open Banking in order to keep pace with international developments and deliver benefits to consumers. The Committee envisages that Open Banking will provide secure and efficient data mobility keeping in mind five consumer-centric outcomes: Data protection, consumer control of their data, a wider range of financial services, reliable and consistent access to services, and recourse when issues arise.
The Committee proposes a hybrid model for Open Banking in Canada, with balanced roles for the industry and the government. The industry will be responsible for implementation and administration, and the government will provide oversight and ensure that the consumer outcomes and policy objectives are met. The hybrid approach will comprise of five building blocks, based on the Committee’s deliberation on meeting consumer and economic objectives:
The Committee is currently in the second phase of industry consultations. While the first phase of consultations had focused on the four major risk areas of Consumer Protection, Privacy and Confidentiality, Financial Crime, and Financial Stability, the second phase is to evaluate potential solutions and standards to enhance data protection in the financial sector.
The Digital ID and Authentication Council of Canada (DIACC) is also working on drafting a pan-Canadian Trust Framework for FSI organizations to safely authorize access to and exchange sensitive data. Meanwhile, 6 Big Canadian banks have already created a blockchain-based digital identity service called Verified.Me, which gives consumers more control over their personal data.
In May 2020, a policy lab was convened on Open Banking, bringing together stakeholders and experts from the government, academia, and industry to collaboratively design resolutions. The group debated on the resolutions and eventually, consensus was achieved on the following:
- Consumers must provide informed consent before any data is shared and must be able to retract consent at any time.
- The government, private sector, and consumer advocates should collaboratively develop mechanisms to mitigate and reduce risks, including those that are presently unknown.
- Rules around data sharing should ensure that data shared is proportionate to the stated use.
- Common standards, including Application Program Interface (API) standards, must be created to ensure inter-operability, avoid fragmentation, and drive safe adoption. These standards should be developed by the public and private sector collaboratively.
- Technical standards around authentication and data sharing should comply with ISO and global standards to match rules in other jurisdictions (since the issues are universal).
- Before rules and standards are put in place, regulators must consider the impact they will have on inclusive innovation.
- When designing rules and standards, ethical considerations of how the data can be used need to be taken into account.
- A well-designed Open Banking system puts the consumer at the centre of their information through increased transparency and the introduction of new products that will lower costs, expand options, and enhance innovation.
- The National Retail oversight model should reflect the realities of Open Banking.
Impact to Technology
Open Banking will have a significant impact on the quantum of data available for banking decisions, and without appropriate use of this data, financial institutions may run the risk of getting left behind as the banking ecosystem undergoes reform. This new way of data mobility and sharing will necessitate changes to existing technology and building of new architecture. The key requirements of the Open Banking architecture are as below:
API Specification and Security
API frameworks lie at the core of the Open Banking architecture, and banks will have to make provisions for exposing APIs, while also ensuring their security through consent management systems. Banks will need to define an API specification to ensure the exposure of internal data and services to external parties is standardized. While some datasets can be exposed via Open APIs (such as ATM locations, interest rates, branch locations, etc.), Secured APIs will be needed for data pertaining to customer account information and payment services.
Banks will also need to implement a security layer with authentication and authorization mechanisms to restrict access of exposed APIs to authorized third parties only.
Multi-factor user authentication will be required, and banks will need to rely on knowledge-based (password, PIN, ID), ownership-based (mobile device, token, smart card), and inherence-based (fingerprint, face/voice recognition) models.
The authentication approach can either redirect users from the third-party application to the bank’s authentication portal (redirect approach), or the third-party application can identify the user and seek user consent via a back-channel call to the bank (decoupled approach).
Consumer Consent Management
The Open Banking platform should be able to capture, store, and validate customer consent when sharing customer data with third parties. Customers should have the authority to manage consent, control whom their personal and financial data is shared with, for what purpose and period, and revoke consent whenever they want.
In order to use a bank’s APIs, third parties must subscribe to them and be onboarded by the bank. Some banks use a sign-up form while others use a directory service where both banks and third parties can register their credentials. The banks’ API store contains existing published APIs.
Banking System Integration
The Open Banking platform should be able to connect with any internal or external banking system, and so it must be compatible with different message formats (JSON, XML) and transports (HTTP/S, JMS, TCP).
User Store Integration
This can be of different types with different access rights (LDAP, AD or JDBC) for bank staff who maintain the platform, customers who use products/services, and third parties who consume the bank’s APIs.
Banks should be able to analyze how the exposed APIs are performing and get insights on how their performance can be improved.
Customer Analytics and Business Insights
A clear view of the bank’s customer spending patterns should be available, so that business insights on improving the business and profitability metrics can be extracted.
The Open Banking platform should be integrated with a fraud detection solution to identify abnormal patterns and behaviors and mitigate the risk of fraud.
Data and Process governance, Party MDM & RDM
A governance system needs be in place to ensure reliability of the data and the standardization and trustworthiness of the process. Master Data and Reference Data Management solutions will also be required for integration, managing, and sharing of master data, and classification and categorization of customer data, etc.
As financial institutions adopt open banking practices, new threats may emerge that banks will have to avert. This will require proper cyber security and monitoring systems to safeguard data from breaches, cyber risks, and other external threats.
Reporting is an essential component of the Open Banking platform and it should have the capability to generate reports for the bank management, third parties, and other relevant stakeholders to see how the platform is performing and make informed business decisions.
For any customer-facing platform, providing a good customer experience is essential. In the case of Open Banking, the customer authentication and consent capturing flow should allow for easy, fast navigation, provide accurate and complete information, and make it easy for the customer to communicate directly with the bank. The user interfaces, alerts, reports, and error messages of the API calls should also provide a good user experience and adhere to standards specified by the bank.
The platform should be highly available, with well-performing dedicated interfaces for third parties. It should fulfil basic operational requirements, including testing and verification prior to productionalization, testing facilities for third parties before their application goes live, and an effective problem resolution system. The bank staff should be trained to manage and fix incidents. Finally, the ability to identify and communicate the potential impact of proposed changes to third parties will be key for a successful Open Banking system.
How Adastra Can Support
Adastra’s experts can help banks extract the maximum value from the new data coming their way, while mitigating potential risks. Our experts can help organizations develop an Open Banking architecture with in-built API security, customer authentication, consent management and capability for third-party onboarding.
The platform will be integrated with the external banking system and the user stores and will have a strong data classification and security system to ensure adequate risk management, compliance, and data security. It will also make sure that data is easily trackable and can be classified and organized appropriately.
Our Azure Service Bus based inter-entity integration (API) framework comes with PCI DSS-level secure data persistency, a data quality firewall and processes for mastering of customer data. Adastra can also build data and process governance frameworks so banks can have the right checks in place to ensure that their data is clean, verifiable, complete, and without any inconsistencies or duplication issues.
We can help build and integrate capabilities for analytics and insights and real-time fraud detection and cyber-risk mitigation tools, to ensure that your Open Banking platform is in accordance with existing standards. Open Banking will allow banks to view a customer’s overall financial picture, including with other financial institutions, and this will make profitability and risk analysis more complex, but significantly more accurate. Adastra’s solution includes subscription-based anonymization and aggregation for analytics on customer data, so that banks can make better informed business decisions.
Adastra also provides real-time AI-based fraud analytics for banks to identify anomalies and patterns signifying potentially fraudulent activity before it even occurs. This will help banks monitor the risk of fraud and take timely measures to mitigate it. Similar solutions can also be built to identify and prevent cyber attacks and protect the sanctity of banks’ data.
Master Data Management is essential for correctly defining, integrating, managing, and sharing reliable metadata. Reference Data Management helps in classification and categorization of customer and product information, transaction details, and other types of information that an organization may have. Both processes are crucial components of governance, both for internal and external consumption of data, and will be essential for successful implementation of Open Banking.
Adastra has over 20+ years of expertise in the data and data management space, and during this time, our experts have worked closely with financial institutions of all sizes to plan, build, and implement customized solutions that meet the organization’s business needs and help them comply with regulatory requirements. We are industry leaders in both the Financial Services and AI & Analytics domains and can help you implement an Open Banking architecture that not only offers a great customer experience but will also keep your organization’s data safe and secure. Open Banking poses a unique opportunity for banks to gain a complete understanding of their customers and leverage that information to innovate and enhance their competitive positioning in the market. Moreover, Open Banking centres around the needs of the customers and banks that take the lead in rolling out secure, efficient, and user-friendly Open Banking offerings will be able to offer a better customer experience, provide improved products and services, and attract new customers.