Digital technology is driving financial services away from the traditional model of housing everything in a bank. Traditionally, the bank is where the consumer must go to resolve their needs, from loans to mortgages, to accessing insurance, brokerage and investment products.
One reason for this monolithic relationship was that banks were trusted with safekeeping customers’ sensitive and private information. This relationship is breaking down as technology makes it seamless for customer data to move, with the customer’s consent, to merchants, fintech companies, e-commerce platforms…anywhere the customer wishes it to go, in order to receive a desired service.
This new world of “open banking” is transforming financial services away from pure proprietary models to the creation of “ecosystems”, partnerships with all manner of non-banking institutions.
In theory open banking is a “win-win-win”. Customers get exposure to better, cheaper and more convenient services via a merchant or sales platform. Those partners get to do new business. And banks, by sharing their data, create new channels through which they can acquire new customers and develop opportunities for cross-selling or up-selling existing ones.
Many players in financial services are trying to lead the industry into this new world. Shweta Jain, director of cloud and digital services for both incumbent and virtual banks at Finastra, a global fintech vendor, says the open-banking revolution has transformed how the company supports its clients.
“Across all of our apps, we have identified use cases for banks, and the journeys they undertake when they open their data,” she said. “We’ve mapped this out across databases for customers, accounts, transactions, and payments.”
When technology companies like Finastra talk about exposing their apps, they do so via APIs – application programming interfaces, which allow different software and database systems to communicate. APIs have been around for decades and come in a variety of designs. They can be used for internal purposes, or with partners, or open to the public.
“The API is how you pull data to your site, with the customer’s permission, and make it readily available and consumable,” said Brit Blakeney, executive director at DBS and head of its ecosystems and innovation for Hong Kong. She spoke about this during a webinar hosted by Finastra and DigFin on open banking in Asia.
“That’s what leads to open banking,” Blakeney said, “opening the entire experience to make it invisible and seamless, integrating financial interactions in a person’s day-to-day life so they don’t have to go to a bank or log onto a banking website. Your financial needs will now be integrated with those experiences, which are created by bringing together banks, fintechs, and ecosystem partners.”
There are plenty of fintechs around the world that have aggregated customer account information, but usually through screen scraping rather than an integrated API with the customer’s banks – a practice that is not very secure.
The term “open banking” however also assumes some level of regulatory mandate or support. The best known is the European Union’s second Payment Services Directive (PSD2), which requires banks provide customer data to third-party providers via open APIs. Britain’s securities regulator has been sandboxing open-banking platforms.
Governments in Asia Pacific have adopted different stances. Australia’s parliament passed a consumer data-protection law that is broader than just open banking but resembles the UK’s system in practice. The Hong Kong Monetary Authority issued mandates closer to the European requirement, but with important differences in standards and liabilities. Singapore and other Southeast Asian countries, on the other hand, have taken a much more laissez-faire approach.
There’s predictive power if you’ve tied the data together well
Shweta Jain, Finastra
Varun Mittal, partner at EY in Singapore, says regulators in Southeast Asia have preferred to encourage developing standards to address specific problem. For example, an early example of open banking in Singapore was pushed by the ministry of health to improve citizens’ access to wealth-management services. The region’s banks, meanwhile, have released the biggest financial apps – not fintechs.
“The banks didn’t need a law to open up,” Mittal said. “Financial institutions will offer any API – but there is a price. Yes, it’s the consumer’s data, and they can take it. But if you want it in a specific format, in real time, then there’s a price for that. This is the pragmatic Asian approach.”
This is creating opportunities for virtual banks and other tech-based financial solutions providers. Arivuvel Ramu, chief technology officer at digital bank TONIK, which is launching in the Philippines, says open banking will support innovation in markets with large populations of unbanked or underserved people.
Financial institutions will offer any API – but there is a price
Varun Mittal, EY
He says there are three models a virtual bank can pursue: an aggregator, like a finance-management app; a distributor, in which the bank is a pipe into others’ customer-facing businesses; or an orchestrator, in which the virtual bank, armed with its banking licenses and an agile, cloud-based infrastructure, builds APIs into a variety of marketplaces, digital lenders, payroll companies, and consumer-facing businesses.
“Open API and open banking frameworks help us go to market more quickly,” Ramu said. “We can leverage these partnerships to acquire customers, while the product and the liability rests with us.”
That works when the bank or neo-bank is selecting the partners and the use cases. Taking on these liabilities is difficult in environments like Hong Kong, where the regulator has made open banking a blanket requirement – leaving banks liable for a data breach. In Europe, there is a government-led process to vet third-party providers, and banks there can hand off liability when one of them requests data.
“If a third party loses the customer’s data, we the bank are still on the hook, as we continue to be the custodian and steward for customer data,” said Lareina Wang, head of smart banking for Hong Kong at HSBC.
Open banking is really about “know your business”
Lareina Wang, HSBC
Banks are aware of the possibility of APIs as revenue generators, if they can charge for them. This would provide an incentive for banks to open their data. But Wang says banks can only accept open banking to a degree: “If we’re saying, in the true spirit of openness, that data is up for grabs, isn’t that a little scary? Who ensures the quality of sharing a customer’s transaction data, or that there aren’t any bad apples in the system?”
In Hong Kong, that responsibility falls on the banks. “Open banking is really about KYB, or ‘know your business’, and doing due diligence on third parties,” Wang said.
Vendors such as Finastra are moving to fill this need. Finastra has created an innovation platform called FusionFabric.Cloud, which includes a portal for fintechs to develop apps and a marketplace where financial institutions can browse those apps, as well as ones developed by Finastra.
Facilitated through an extensive catalogue of open APIs, the idea is to create a mutually beneficial ecosystem that gives fintechs access to the market while making it faster and easier for financial institutions to find solutions that address their needs.
Finastra is also creating analytics on all the data that passes across FusionFabric.Cloud, creating a new suite of products for bank clients.
“We help banks upsell or cross-sell with this data,” Jain said. “There’s a lot of predictive power if you’ve tied the data together well.”