The UK's open banking regulations came into effect on 13 January, bringing changes to the sector that could drastically transform financial services.
Open banking forces UK banks to open up their data via a set of secure application programming interfaces (APIs). This will force banks to shift from being one-stop-shops for financial services to open platforms where consumers can start to embrace a more modular approach to banking by giving verified third-parties direct access to this data.
The Competition and Markets Authority (CMA) has turned the concept into a formal requirement for the nine largest current account providers in the UK (CMA9) with the launch of the Open Banking initiative.
Alasdair Smith, chairman of the UK's retail banking investigation, said: "Open banking will make a transformational change to banking for personal customers and small businesses."
"For the first time innovative and secure apps will provide personalised services and information to cover all financial needs in one place, and make it easy for people to find out what bank account is best for them."
In practice, this means that instead of doing all of their banking through one or two firms, customers could have their current account with one provider and then bolt on other financial services such as an insurance policy, ISA, mortgage and investments through other providers, all under the user interface of their choosing. This approach is also known as banking as a platform (BaaP).
Regulatory requirements for open banking
The new rules state that banks must create open APIs so that customer data can be shared with authorised third-party applications in a secure, common and consistent format.
They include open APIs for what the CMA calls product and reference data. These will allow developers to create price comparison services, or include ATM locations on their maps, for example.
They also cover more confidential customer transaction data. This data will allow developers to securely view things like transaction history when applying for a mortgage, or to alert users that they are at risk of becoming overdrawn, for example.
AIB Group, Bank of Ireland, Barclays, Danske, HSBC Group, Lloyds Banking Group, Nationwide, RBS Group and Santander have all been working together to create that open API standard. In practice, this should look like a set of documentation, development code and reference implementations that anyone can use, dramatically bringing down barriers to participation in financial services.
Managed roll out
The banks were set an original deadline of 13 January 2018 to release this data but, somewhat predictably, five of the UK's biggest banks were granted more time to comply.
This begun with a 'managed roll out' programme in January to prove the account data access functionality - which allows customers to link their existing bank account to a third party provider - was ready to be extended to the public. This was officially completed on 17 April 2018 and finally allowed open banking services to be offered directly to customers by fully authorised companies.
Imran Gulamhuseinwala, trustee of the Open Banking Implementation Entity in charge of the managed roll out, said it has “enabled us to introduce a vital new piece of our financial system ready for customers in just a few weeks. We have learned an enormous amount and refined the system to the point where we can be entirely confident that we can now give consumers and businesses real control of their financial data".
One of the first companies to start offering these services was Yolt, the smart banking app created by Dutch banking giant ING. The company claimed to be "the first app to successfully complete the open banking integration with one of the CMA9 providers - the RBS Group", on 23 April via a press release.
Following this the OBIE is turning its attention to payments functionality. "As regulated companies have focused on the data capabilities of open banking, it has not been possible to test the payments functionality to the same degree and, therefore, new payments-focused services will still be put through extensive proving as they engage with the system," the OBIE said in a statement on 17 April 2018.
Who stands to benefit?
This, presumably, will lead to a massive land grab from the big banks and from smaller challenger banks and fintech companies in order to provide customers with the best possible banking experience.
Matt Cox, head of insight and innovation at Nationwide Building Society is a tad sceptical about the impact. Speaking with Computerworld UK, Cox said: "So when this thing launches do I think there will be an explosion of people using it? No.
"Traditionally you see a relatively consistent take-up profile, with early adopters and 5-10 percent of users waiting to consume this. There will be an adoption curve and the steepness of that will come down to how we as an industry get trust and security right."
This view is backed up by some research from Accenture, which found that two-thirds of consumers in the UK won't share their financial data with third-party providers such as online retailers, tech firms and social media companies.
The research, which surveyed 2,008 UK consumers during August 2017, found that 69 percent of respondents would not share their bank account information with these third-party providers. More striking still was that 53 percent of the consumers said they "will never change their existing banking habits and adopt open banking".
"Open banking has the potential to transform consumers' relationships with financial products, but it hinges on consumers' willingness to embrace it," said Jeremy Light, a managing director at Accenture as part of its Payment Services Practice in Europe.
"Until new entrants to the financial services sector can earn consumers' trust, banks can draw on their extensive heritage to secure an important early advantage."
As well as the CMA's new rules, banks are having to reckon with the overlapping European Commission's Revised Payment Service Directive (PSD2). This, similarly, forces European banks to open up customer data via a standard set of APIs.
What the banks say about open banking
The banks tend to be positive about open banking, at least in public, despite it posing a potential threat to their businesses. A recent report by McKinsey titled A Brave New World for Global Banking estimates that banks in Europe and the UK currently have $35 billion, or 31 percent, of profits at risk because of digitisation.
The report reads: "More severe digital disruption could further cut their profits from $110 billion today to $50 billion in 2020, and reduce returns on equity in half to one to two percent by 2020, even after some mitigation efforts."
HSBC UK has proved itself to be an early mover with PSD2 by launching a new iOS app in May 2018 - called Connected Money - that will display current, savings and mortgage accounts from up to 21 different banks, including Santander, Lloyds and Barclays. This followed more than six months of testing an HSBC Beta app.
As well as being able to see all of your accounts in one place, HSBC is looking to add value for customers with a range of smart features layered on top. This includes spending analysis and 'balance after bills', which shows how much a user has left in their HSBC current account until payday, once their regular bills have been taken into account.
The bank is also working on a 'round-ups' feature, which rounds up a user's debit card purchases to the nearest pound and saves the difference, similar to UK fintech Moneybox. It is also working on nudges, to make savings rule suggestions to customers based on their spending habits.
Becky Moffat, head of personal banking at HSBC, said at the time of the beta announcement: "We want to provide customers with greater control and make their lives easier. Through our Beta app we want to give our customers a complete and joined-up view of their financial life and make it easier for them to choose confidently, taking the hassle out of checking dozens of statements and manually calculating what's left."
Kevin Hanley, director of design and services at RBS said that the bank wants to position itself as "the bank of APIs" during a roundtable event in 2016.
"You see the disaggregation of banking services, the disintermediation of banking services, banking becoming more unbundled, more modular," he said.
"We are moving from an era of physical banking to a connected bank of digital services. This starts to re-frame banking and our role in it as much more of a composite where we both provide services and link to other services. So we become a platform for our customers to navigate around."
Matt Cox from Nationwide believes that the regulations are "well intended" to "drive the right customer outcomes".
He said that this includes allowing customers with transaction data and money held with the bank to easily and securely get access to and move that data to other providers.
Finally, David Beardmore, commercial director at the Open Data Institute (ODI) raised the concern that open banking could become a "compliance exercise" where banks "agree to do what they are told to do and parking it and forgetting about it".
"I don't think all nine banks think that way and I know for sure some fully embrace the spirit of open banking," Beardmore said.
What UK Challenger Banks think about open banking
UK digital challenger banks like Atom and Monzo are well placed to thrive in this new open banking ecosystem. They have both acquired their banking licenses and both of their CEOs have spoken about becoming the open banking platform of choice for consumers.
Atom CEO Mark Mullen told our sister publication Techworld in December that its intention is to provide basic banking products for its customers such as current accounts, mortgages and small business loans, and "present them on an open platform."
Tom Blomfield, CEO at Monzo started the bank with this strategy in mind. He wrote in an early blog post that "the bank of the future will be a marketplace."
The post explains that this "is why [Monzo] has a singular focus - to build the best current account in the world - rather than selling dozens of different financial products. We can focus on what we know best, whilst offering our customers access to the best products and services from across the market."
Monzo has exposed its APIs to third parties since February 2017. Chief Technology Officer Jonas Huckestein wrote in another blog post: "We'll allow developers to build applications that can request access to other customers' data on an individual basis, using OAuth 2.0. For example, in the future you could make an accounting app that connects to [Monzo] and customers could authorise you to access their account to extract their expenses."
Bank of England views on open banking
Mark Carney, the governor of the Bank of England, made a speech at the Deutsche Bundesbank G20 conference in January 2017 that detailed the impending benefits and risks open banking could bring to the UK market.
"Fintech's true promise springs from its potential to unbundle banking into its core functions of settling payments, performing maturity transformation, sharing risk and allocating capital," he said.
"This possibility is being driven by new entrants – payment service providers, aggregators and robo advisors, peer-to-peer lenders, and innovative trading platforms.
"Aggregators, making use of banks' Application Programme Interfaces (APIs), are providing customers with ready access to price comparison and switching services. New pro-competition policies are reinforcing this competition."
Carney recognises that open banking will bring with it a series of risks though for the market.
"Specifically, while fintech may make conventional banking more contestable, improving efficiency and customer choice, the opening up of the customer interface and payment services business, could, in time, signal the end of universal banking as we know it," he said.
Data sovereignty and security concerns around open banking
Matt Cox of Nationwide also confronted some of the interesting questions around customer data that will have to be assessed in the open banking era.
"In a world where the data is freely available and the consumer chooses where to do their digital banking, this raises some interesting questions around accountability...This is something we will have to decide upon collectively as an industry," he said.
He added: "Practically we need to ensure security of that change of data...GDPR rightly ensures the way we get consent for sharing and securing that information is in line with what members [customers] expect."
Monzo CTO Huckestein is similarly aware of potential issues around data, writing: "There are several important questions around data security and privacy that need to be answered before we can allow developers to publish apps that can access other people's data."
A major concern for the banks here is around accountability and liability in the case of a hack. Beardmore at the ODI also voiced these concerns, asking: "Who is liable if you hit the button and it goes to a scammer, where is the right of redress?"
In short, consumers will have to be very trusting that the APIs are working in a way that doesn't allow for criminals to embed themselves in-between the banks and the trusted third-party apps.
There are already plans to 'whitelist' third parties that have appropriate security in place to protect against fraudsters. However, fintech companies have already raised concerns that the banks may impose unrealistic criteria for whitelisting in order to limit the number of approved third parties accessing customer data.
The ODI has published some of these concerns, and suggests that "an independent authority should be established to ensure standards and obligations between participants are upheld. This authority would govern how data is secured once shared and the security, usability, reliability and scalability of APIs.
"Individuals, businesses and governments must have an awareness of their rights and responsibilities when sharing or handling data. We need to be clear on what informed consent means in our ubiquitously connected world, and the responsibility for this falls on everyone."
Final thoughts on open banking
Although 2018 may not be the year that open banking becomes widespread, it will be the year that we start to see if the technology works. The impact will depend on if the transition is a smooth one and whether developers truly embrace these new data streams and create applications that consumers actually want to use.
Traditionally UK consumers have been extremely difficult to convince to switch things like bank accounts. The new rules offer a chance to convince them otherwise.
Unfortunately it doesn't seem like the regulators, nor the banks, have any concrete targets in place from which to define the success of open banking. How many people do they want to switch accounts? How much money do they want consumers to save? These are important measures of success that would drive everyone involved beyond simple regulatory box checking. Hopefully, that is the next move after the technical steps have been taken.
Additional reporting by Thomas Macaulay