Open banking is the idea that UK banks will have to shift from being one-stop-shops for financial services to open platforms where consumers can start to embrace a more "modular" approach to banking.
This isn't some far off possibility as regulators in the UK and EU are forcing the banks to open up customer data to third parties in the form of secure APIs this year, creating more choice on where and how consumers manage their money. However, concerns remain around security and data privacy issues created by the new rules (detailed in the 'data sovereignty and security concerns' section at the end of this article).
The Competition and Markets Authority (CMA) issued its final order in February and the Financial Conduct Authority (FCA) finalised requirements in September to formally implement open banking. Alasdair Smith, chairman of the retail banking investigation, said: "Open banking will make a transformational change to banking for personal customers and small businesses.
"For the first time innovative and secure apps will provide personalised services and information to cover all financial needs in one place, and make it easy for people to find out what bank account is best for them."
So, instead of doing all of your banking through one or two firms, customers would have their current account with one provider and then bolt on other financial services like an insurance policy, ISA, mortgage and investments through other providers, all under the user interface of your choosing. This approach is also known as banking as a platform (BaaP).
Open banking: Regulatory requirements
In order for this to happen the banks will have to open up their data through application programming interfaces (APIs). Fortunately for consumers the CMA is forcing the banks to adhere to open banking standards by January 13 2018.
The new rules state that banks must create open APIs so that customer data can be shared between organisations and be incorporated into third party applications in a common, consistent format.
The first stage will be open APIs for what the CMA calls product and reference data. This will allow developers to create price comparison services, or include ATM locations on their maps, for example.
This is something of a test run for the more confidential customer transaction data being opened up by January 2018. This data will allow developers to securely view things like transaction history when applying for a mortgage, or to alert users that they are at risk of becoming overdrawn, for example.
AIB Group, Bank of Ireland, Barclays, Danske, HSBC Group, Lloyds Banking Group, Nationwide, RBS Group and Santander are all currently working together to create that open API standard. In practice this should look like a set of documentation, development code and reference implementations that anyone can use, dramatically bringing down barriers for participation in financial services.
The advantage of this, as the CMA itself defines, would be: "Reliable, personalised financial advice, precisely tailored to your particular circumstances delivered securely and confidentially."
This, presumably, will lead to a massive land grab from the big banks and from smaller challenger banks and fintech companies in order to provide customers with the best possible banking experience.
Matt Cox, head of insight and innovation at Nationwide Building Society is a tad sceptical. Speaking with Computerworld UK, Cox said: "So when this thing launches do I think there will be an explosion of people using it? No.
"Traditionally you see a relatively consistent take-up profile, with early adopters and 5-10 percent of users waiting to consume this. There will be an adoption curve and the steepness of that will come down to how we as an industry get trust and security right."
This view is backed up by some research from Accenture, which found that two-thirds of consumers in the UK won't share their financial data with third-party providers such as online retailers, tech firms and social media companies.
The research, which surveyed 2,008 UK consumers during August 2017, found that 69 percent of respondents would not share their bank account information with these third-party providers. More striking still was that 53 percent of the consumers said 'they will never change their existing banking habits and adopt open banking'.
"Open banking has the potential to transform consumers' relationships with financial products, but it hinges on consumers' willingness to embrace it," said Jeremy Light, a managing director at Accenture as part of its Payment Services Practice in Europe. "Until new entrants to the financial services sector can earn consumers' trust, banks can draw on their extensive heritage to secure an important early advantage."
As well as the CMA's new rules, banks are having to reckon with the overlapping European Commission's Revised Payment Service Directive (PSD2). This, similarly, forces European banks to open up customer data via a standard set of APIs.
The applicability of PSD2 post-Brexit remains unclear but commentators expect it to proceed regardless. The directive requires all member states to comply by 13 January 2018, a timetable the CMA is looking to match.
Bank of England
Mark Carney, the governor of the Bank of England made a speech at the Deutsche Bundesbank G20 conference in January, where he spoke about the impending benefits and risks open banking could bring to the UK market.
He said: "Fintech's true promise springs from its potential to unbundle banking into its core functions of: settling payments, performing maturity transformation, sharing risk and allocating capital. This possibility is being driven by new entrants – payment service providers, aggregators and robo advisors, peer-to-peer lenders, and innovative trading platforms."
"Aggregators, making use of banks' Application Programme Interfaces (APIs), are providing customers with ready access to price comparison and switching services. New pro-competition policies are reinforcing this competition."
Carney recognises that open banking will bring with it a series of risks though for the market. "Specifically, while fintech may make conventional banking more contestable, improving efficiency and customer choice, the opening up of the customer interface and payment services business, could, in time, signal the end of universal banking as we know it," he said.
Open banking: What the banks say
The banks tend to be positive about open banking, in public at least, despite it posing a potential threat. A recent report by McKinsey titled 'A Brave New World for Global Banking' estimates that banks in Europe and the UK currently have $35 billion, or 31 percent, of profits at risk because of digitisation in general.
The report reads: "More severe digital disruption could further cut their profits from $110 billion today to $50 billion in 2020, and reduce returns on equity in half to one to two percent by 2020, even after some mitigation efforts."
HSBC UK has proved itself to be an early mover when it comes to PSD2 after announcing on 28 September that it will allow customers to see all of their accounts on one screen, even if they are with a rival bank. The bank will do this through a new test and learn mobile banking platform ahead of introducing a new app for customers in early 2018.
Read next: How HSBC is preparing for open banking
Within the HSBC Beta platform, customers can add current, savings and mortgage accounts from up to 21 different banks, including Santander, Lloyds and Barclays.
HSBC says this is the starting point ahead of the launch of a range of new open banking-enabled features. This includes Safe Balance, which shows customers how much disposable income they have before the next payday, and a Spend Analysis tool, which categorises spending, adds tags, notes and photos to transactions and analyse patterns for more informed decision making, much like customers of Monzo would be accustomed to through its mobile banking app.
Becky Moffat, head of personal banking at HSBC said at the time of the announcement: "We want to provide customers with greater control and make their lives easier. Through our Beta app we want to give our customers a complete and joined-up view of their financial life and make it easier for them to choose confidently, taking the hassle out of checking dozens of statements and manually calculating what's left."
Kevin Hanley, director of design and services at RBS has said that the bank wants to position itself as "the bank of APIs" during a roundtable event last year. He explained: "You see the disaggregation of banking services, the disintermediation of banking services, banking becoming more unbundled, more modular."
"We are moving from an era of physical banking to a connected bank of digital services. This starts to re-frame banking and our role in it as much more of a composite where we both provide services and link to other services. So we become a platform for our customers to navigate around."
Although Cox from Nationwide admits that the next 18 months poses a "challenging regulator agenda" he believes that "the regulations are well intended to drive the right customer outcomes."
These include the ability to "provide our members who have transactions data with us and money held with us to easily and securely get access to that data to use with whatever provider they choose," he said.
Finally, David Beardmore, commercial director at the Open Data Institute (ODI) raises the concern that open banking could become a "compliance exercise" where banks "agree to do what they are told to do and parking it and forgetting about it."
"I don't think all nine banks think that way and I know for sure some fully embrace the spirit of open banking," Beardmore said.
UK Challenger Banks
UK digital challenger banks like Atom and Monzo are well placed to thrive in this new open banking ecosystem. They have both acquired their banking licenses (Monzo is still on a restricted license) and both CEO's have spoken about becoming the open platform of choice for consumers.
Atom CEO Mark Mullen told our sister publication Techworld in December that its intention is to provide basic banking products for its customers -- like current accounts, mortgages and small business loans -- "and present them on an open platform."
Tom Blomfield, CEO at Monzo started the bank with this strategy in mind. He wrote in an early blog post that "the bank of the future will be a marketplace." The post reads: "This is why [Monzo] has a singular focus— to build the best current account in the world—rather than selling dozens of different financial products. We can focus on what we know best, whilst offering our customers access to the best products and services from across the market."
Monzo has exposed its APIs to third parties since February. Chief technology officer Jonas Huckestein wrote in a blog post: "We'll allow developers to build applications that can request access to other customers' data on an individual basis, using OAuth 2.0. For example, in the future you could make an accounting app that connects to [Monzo] and customers could authorise you to access their account to extract their expenses."
Data sovereignty and security concerns
Matt Cox also confronted some of the interesting questions around customer data which will have to be assessed in the open banking era. "In a world where the data is freely available and the consumer chooses where to do their digital banking, this raises some interesting questions around accountability...This is something we will have to decide upon collectively as an industry," he said.
He added: "Practically we need to ensure security of that change of data...GDPR rightly ensures the way we get consent for sharing and securing that information is in line with what members [customers] expect."
Monzo CTO Huckestein is similarly aware of potential issues around data, writing: "There are several important questions around data security and privacy that need to be answered before we can allow developers to publish apps that can access other people's data."
A major concern for the banks here is around accountability and liability in the case of a hack. Beardmore at the ODI also voiced these concerns, asking: "Who is liable if you hit the button and it goes to a scammer, where is the right of redress?"
In short, consumers will have to be very trusting that the APIs are working in a way that doesn't allow for criminals to embed themselves in-between the banks and the trusted third party apps.
There are already plans to 'whitelist' third parties that have appropriate security in place to protect against fraudsters. However fintech companies have already raised concerns that the banks may impose unrealistic criteria for whitelisting in order to limit the number of approved third parties accessing customer data.
The Open Data Institute has published some of these concerns, and suggests that "an independent authority should be established to ensure standards and obligations between participants are upheld. This authority would govern how data is secured once shared and the security, usability, reliability and scalability of APIs."
Individuals, businesses and governments must have an awareness of their rights and responsibilities when sharing or handling data. We need to be clear on what informed consent means in our ubiquitously connected world, and the responsibility for this falls on everyone."
So where 2017 may not be the year that open banking becomes widespread, it will be the year that we start to see if the technology works. Due to the strict timetable set by regulators this year will see banks reckoning with open APIs, the proof will be if the transition is a smooth one and if developers truly embrace these new data streams and create applications that consumers actually want to use.
Traditionally UK consumers have been extremely difficult to convince to switch things like bank accounts, 2017 will be the year we see if open banking can convince them otherwise.
Unfortunately it doesn't seem like the regulators, nor the banks, have any concrete targets in place from which to define the success of open banking. How many people do they want to switch accounts? How much money do they want consumers to save? These are important measures of success that would drive everyone involved beyond simple regulatory box checking, hopefully that is the next step after the technical steps have been taken.
Find your next job with computerworld UK jobs