The UK's open banking regulations came into effect on 13 January, bringing changes to the sector that could transform financial services.
Open banking forces UK banks to open up their data via a set of secure application programming interfaces (APIs). This will force banks to shift from being one-stop-shops for financial services to open platforms where consumers can start to embrace a more modular approach to banking by giving verified third-parties direct access to this data.
The Competition and Markets Authority (CMA) has turned the concept into a formal requirement for the nine largest current account providers in the UK with the launch of the Open Banking initiative.
Alasdair Smith, chairman of the UK's retail banking investigation, said: "Open banking will make a transformational change to banking for personal customers and small businesses."
"For the first time innovative and secure apps will provide personalised services and information to cover all financial needs in one place, and make it easy for people to find out what bank account is best for them."
In practice, this means that instead of doing all of their banking through one or two firms, customers could have their current account with one provider and then bolt on other financial services such as an insurance policy, ISA, mortgage and investments through other providers, all under the user interface of their choosing. This approach is also known as banking as a platform (BaaP).
Regulatory requirements for open banking
The new rules state that banks must create open APIs so that customer data can be shared with authorised third-party applications in a secure, common and consistent format.
They include open APIs for what the CMA calls product and reference data. These will allow developers to create price comparison services, or include ATM locations on their maps, for example.
They also cover more confidential customer transaction data. This data will allow developers to securely view things like transaction history when applying for a mortgage, or to alert users that they are at risk of becoming overdrawn, for example.
AIB Group, Bank of Ireland, Barclays, Danske, HSBC Group, Lloyds Banking Group, Nationwide, RBS Group and Santander have all been working together to create that open API standard. In practice, this should look like a set of documentation, development code and reference implementations that anyone can use, dramatically bringing down barriers to participation in financial services.
The CMA says this will support "reliable, personalised financial advice, precisely tailored to your particular circumstances delivered securely and confidentially."
This, presumably, will lead to a massive land grab from the big banks and from smaller challenger banks and fintech companies in order to provide customers with the best possible banking experience.
Matt Cox, head of insight and innovation at Nationwide Building Society is a tad sceptical about the impact. Speaking with Computerworld UK, Cox said: "So when this thing launches do I think there will be an explosion of people using it? No.
"Traditionally you see a relatively consistent take-up profile, with early adopters and 5-10 percent of users waiting to consume this. There will be an adoption curve and the steepness of that will come down to how we as an industry get trust and security right."
This view is backed up by some research from Accenture, which found that two-thirds of consumers in the UK won't share their financial data with third-party providers such as online retailers, tech firms and social media companies.
The research, which surveyed 2,008 UK consumers during August 2017, found that 69 percent of respondents would not share their bank account information with these third-party providers. More striking still was that 53 percent of the consumers said they "will never change their existing banking habits and adopt open banking".
"Open banking has the potential to transform consumers' relationships with financial products, but it hinges on consumers' willingness to embrace it," said Jeremy Light, a managing director at Accenture as part of its Payment Services Practice in Europe.
"Until new entrants to the financial services sector can earn consumers' trust, banks can draw on their extensive heritage to secure an important early advantage."
As well as the CMA's new rules, banks are having to reckon with the overlapping European Commission's Revised Payment Service Directive (PSD2). This, similarly, forces European banks to open up customer data via a standard set of APIs.
The applicability of PSD2 post-Brexit remains unclear but commentators expect it to proceed regardless. The directive requires all member states to comply by 13 January 2018, the same date as the CMA rules.
What the banks say about open banking
The banks tend to be positive about open banking, at least in public, despite it posing a potential threat to their businesses. A recent report by McKinsey titled A Brave New World for Global Banking estimates that banks in Europe and the UK currently have $35 billion, or 31 percent, of profits at risk because of digitisation in general.
The report reads: "More severe digital disruption could further cut their profits from $110 billion today to $50 billion in 2020, and reduce returns on equity in half to one to two percent by 2020, even after some mitigation efforts."
HSBC UK proved itself to be an early mover when it comes to PSD2 by announcing on 28 September that it will allow customers to see all of their accounts on one screen, even if they are with a rival bank. The bank planned to do this through a new test and learn mobile banking platform ahead of introducing a new app for customers in early 2018.
Read next: How HSBC is preparing for open banking
Within the HSBC Beta platform, customers can add current, savings and mortgage accounts from up to 21 different banks, including Santander, Lloyds and Barclays.
HSBC says this is the starting point ahead of the launch of a range of new open banking-enabled features. This includes Safe Balance, which shows customers how much disposable income they have before their next payday, and a Spend Analysis tool, which categorises spending, adds tags, notes and photos to transactions and analyse patterns for more informed decision making, much like customers of Monzo would be accustomed to through its mobile banking app.
Becky Moffat, head of personal banking at HSBC, said at the time of the announcement: "We want to provide customers with greater control and make their lives easier. Through our Beta app we want to give our customers a complete and joined-up view of their financial life and make it easier for them to choose confidently, taking the hassle out of checking dozens of statements and manually calculating what's left."
Kevin Hanley, director of design and services at RBS said that the bank wants to position itself as "the bank of APIs" during a roundtable event in 2016.
"You see the disaggregation of banking services, the disintermediation of banking services, banking becoming more unbundled, more modular," he explained.
"We are moving from an era of physical banking to a connected bank of digital services. This starts to re-frame banking and our role in it as much more of a composite where we both provide services and link to other services. So we become a platform for our customers to navigate around."
Matt Cox from Nationwide believes that "the regulations are well intended to drive the right customer outcomes."
These include the ability to "provide our members who have transactions data with us and money held with us to easily and securely get access to that data to use with whatever provider they choose," he said.
Finally, David Beardmore, commercial director at the Open Data Institute (ODI) raised the concern that open banking could become a "compliance exercise" where banks "agree to do what they are told to do and parking it and forgetting about it."
"I don't think all nine banks think that way and I know for sure some fully embrace the spirit of open banking," Beardmore said.
What UK Challenger Banks think about open banking
UK digital challenger banks like Atom and Monzo are well placed to thrive in this new open banking ecosystem. They have both acquired their banking licenses and both of their CEOs have spoken about becoming the open banking platform of choice for consumers.
Atom CEO Mark Mullen told our sister publication Techworld in December that its intention is to provide basic banking products for its customers such as current accounts, mortgages and small business loans, and "present them on an open platform."
Tom Blomfield, CEO at Monzo started the bank with this strategy in mind. He wrote in an early blog post that "the bank of the future will be a marketplace."
The post explains that this "is why [Monzo] has a singular focus - to build the best current account in the world - rather than selling dozens of different financial products. We can focus on what we know best, whilst offering our customers access to the best products and services from across the market."
Monzo has exposed its APIs to third parties since February 2017. Chief Technology Officer Jonas Huckestein wrote in another blog post: "We'll allow developers to build applications that can request access to other customers' data on an individual basis, using OAuth 2.0. For example, in the future you could make an accounting app that connects to [Monzo] and customers could authorise you to access their account to extract their expenses."
Bank of England views on open banking
Mark Carney, the governor of the Bank of England, made a speech at the Deutsche Bundesbank G20 conference in January 2017 that detailed the impending benefits and risks open banking could bring to the UK market.
"Fintech's true promise springs from its potential to unbundle banking into its core functions of settling payments, performing maturity transformation, sharing risk and allocating capital," he said.
"This possibility is being driven by new entrants – payment service providers, aggregators and robo advisors, peer-to-peer lenders, and innovative trading platforms.
"Aggregators, making use of banks' Application Programme Interfaces (APIs), are providing customers with ready access to price comparison and switching services. New pro-competition policies are reinforcing this competition."
Carney recognises that open banking will bring with it a series of risks though for the market.
"Specifically, while fintech may make conventional banking more contestable, improving efficiency and customer choice, the opening up of the customer interface and payment services business, could, in time, signal the end of universal banking as we know it," he said.
Data sovereignty and security concerns around open banking
Matt Cox of Nationwide also confronted some of the interesting questions around customer data that will have to be assessed in the open banking era.
"In a world where the data is freely available and the consumer chooses where to do their digital banking, this raises some interesting questions around accountability...This is something we will have to decide upon collectively as an industry," he said.
He added: "Practically we need to ensure security of that change of data...GDPR rightly ensures the way we get consent for sharing and securing that information is in line with what members [customers] expect."
Monzo CTO Huckestein is similarly aware of potential issues around data, writing: "There are several important questions around data security and privacy that need to be answered before we can allow developers to publish apps that can access other people's data."
A major concern for the banks here is around accountability and liability in the case of a hack. Beardmore at the ODI also voiced these concerns, asking: "Who is liable if you hit the button and it goes to a scammer, where is the right of redress?"
In short, consumers will have to be very trusting that the APIs are working in a way that doesn't allow for criminals to embed themselves in-between the banks and the trusted third-party apps.
There are already plans to 'whitelist' third parties that have appropriate security in place to protect against fraudsters. However, fintech companies have already raised concerns that the banks may impose unrealistic criteria for whitelisting in order to limit the number of approved third parties accessing customer data.
The ODI has published some of these concerns, and suggests that "an independent authority should be established to ensure standards and obligations between participants are upheld. This authority would govern how data is secured once shared and the security, usability, reliability and scalability of APIs.
"Individuals, businesses and governments must have an awareness of their rights and responsibilities when sharing or handling data. We need to be clear on what informed consent means in our ubiquitously connected world, and the responsibility for this falls on everyone."
Final thoughts on open banking
Although 2018 may not be the year that open banking becomes widespread, it will be the year that we start to see if the technology works. The impact will depend on if the transition is a smooth one and whether developers truly embrace these new data streams and create applications that consumers actually want to use.
Traditionally UK consumers have been extremely difficult to convince to switch things like bank accounts. The new rules offer a chance to convince them otherwise.
Unfortunately it doesn't seem like the regulators, nor the banks, have any concrete targets in place from which to define the success of open banking. How many people do they want to switch accounts? How much money do they want consumers to save? These are important measures of success that would drive everyone involved beyond simple regulatory box checking. Hopefully, that is the next move after the technical steps have been taken.
Additional reporting by Thomas Macaulay
Find your next job with computerworld UK jobs