A new world of open banking will see innovation blossom, but where does it leave the traditional banks? Sanne Wass reports.


“Sign in with Facebook.”

It’s familiar, the blue and white button. Whether it’s Airbnb, Tinder or Candy Crush you are trying to access, you will likely have seen it pop up.

One click, literally, and you have not just created a dating profile (to take just one example) – you have also given the dating site permission to access the huge universe of data that Facebook has been gathering about you over the last decade, and to use that data to accurately match you with your soon-to-be one-and-only.

Welcome to the API economy. An acronym for ‘application programming interfaces’, APIs are the technology that enables different platforms, apps and systems to easily connect and share data with each other. They are everywhere – and are here to stay.

As the open banking movement grows stronger around the world, APIs are starting to infiltrate your everyday banking experience too. “Login with your bank” may well be the next familiar button when doing your last-minute Christmas shopping on Amazon, or applying for a trade finance loan.


Innovation thrives on open source

The concept of open banking is not entirely new – some banks have been exploring the use of open APIs over the past couple of years – but upcoming legislative changes mean that financial institutions operating in Europe now have a formal deadline nearing, as the EU’s second payment services directive (PSD2) and the UK’s open banking standards come into force in January 2018.

While the two pieces of legislation vary slightly, the idea is the same: they force banks to be more open. Soon, financial institutions will have to open up the hub of customer data that has historically been kept under lock and key. As the technological tool that allows the data to be shared easily and securely, APIs will play a crucial role.

Elsewhere in the world, too, the open banking phenomenon is drawing interest. In Australia, for example, the government has commissioned an independent review on how best to implement an open banking regime in the country. Meanwhile, the Monetary Authority of Singapore has announced plans to make its own data available via an open API.

The whole idea is to put the ownership of account data – be it transaction or loan repayment information – back into the hands of the owner: the customer.

“Banks have got your data, which is your data as a consumer or business. They park it, they house it, but they have hidden it and refused to look at it. So they haven’t used that data about you to your benefit,” says Louise Beaumont, co-chair of the open bank working group at techUK, a trade association for the UK tech industry, and who sits on the UK’s Open Banking Implementation Entity. “Now the regulators have worked out the value of that data. They are saying ‘if you banks don’t want to use this data, that’s fine, we’ll liberate it, so companies can start to deliver value on it’.”

And so, with the customer’s consent, trusted third parties will be given the ability to access customer account data or initiate payments on the customer’s behalf under PSD2 and the UK’s open banking regulation.

It is expected to encourage a wave of fintech firms, e-commerce companies, developers and alternative financiers to build new and innovative applications and resources around the banks, all with the purpose of improving customer experience.

For one, an open API infrastructure is expected to promote independent account aggregators that will combine customers’ various financial holdings into one single digital dashboard – something that will be especially beneficial to multi-banked consumers or corporates – making financial management easier, and, more importantly, driving clients towards the best products on the market.


The case for small businesses

Ultimately, the legislators’ aim is to boost competition and choice, something that will be driven across the whole banking sector, impacting individual consumers as well as SMEs and large corporates.

On the business side, small companies in particular are set to benefit – these being historically underserved by the incumbent banks, explains Chris Gorst. He works at Nesta, a UK innovation foundation, where he heads up the foundation’s Open Up Challenge, a contest for fintech firms to take advantage of the new opportunities that the UK’s open banking initiative will enable.

“Small businesses are not a small market,” he says. “In the UK alone there are 5.5 million of them, with quite diverse needs, and it’s not clear that those needs are reflected in diverse propositions from the largest retail banks at the moment. So open banking is an exciting opportunity to see what we can do to change that.”

Nesta’s competition had 150 submissions, which Gorst says is far more than expected. Their proposals ranged from helping businesses with the administration of finances to solutions for carrying out due diligence or credit scoring, and in the lending space ideas covered everything from unsecured loans to trade and invoice finance. Some applicants have prided themselves on their ability to provide funds within minutes.

What they all have in common is the desire to use transaction data and advanced technologies like artificial intelligence and machine learning to provide better products to small businesses. In July, Nesta’s competition shortlisted 20 participants, which are now competing for a £1mn prize. The foundation is providing support, including a development grant, as well as access to a customer data sandbox, supplied by five large UK banks, where the fintechs can test their technology.

One of the finalists is iwoca, a UK-based fintech firm that offers small business credit facilities. When open banking is implemented, iwoca will be able to ask businesses for consent to digitally “plug in” their bank account to its lending facility, giving iwoca access to past and current cash flow data.

“In real time, we will be able to take all of the data from their bank and give them a lending offer completely automatically,” says James Dear, the company’s CTO.

Today, business lenders like iwoca have various, rather old-fashioned, ways of getting this information. Screen scraping methods, for example, involves companies having to share their online banking login credentials, a method that is not only inconvenient, but also insecure, and which neither businesses, banks, nor regulators like. With the sharing of data via an API, on the other hand, applying for a loan will be convenient and the data sharing more secure.

What’s more, the sharing will become more dynamic. A PDF from a bank only gives a one-off view of a business’ finances at a given moment of time, oblivious to any changes that may occur going forward. Through an API, weakening of trading cash flows and working capital ratios could be immediately visible to the lender, allowing the lender to make an accurate and ongoing assessment of a company’s risk and creditworthiness.

“If you become less risky, then you’d expect the rate you pay to reflect that, because it should be real-time and dynamic,” explains techUK’s Beaumont.

Luke Scanlon, head of fintech propositions and a senior technology lawyer at Pinsent Masons agrees. “To me it’s comparable to what’s happening in telematics with black boxes in car insurance, where you get cheaper insurance if they monitor how you drive,” he says. “Why? Because they can price the risk much more accurately than with all this old data. It’s the same with any lending decision.”

While open banking may lead to a range of new offerings on the market, for Dear at iwoca the opportunities are currently more about perfecting the existing product – making it “more slick and compelling for small businesses”, encouraging more to start using it. He believes this will create more trust in alternative lending.

This will further be strengthened by the formation of an independent authority in the UK, which will be launched later this year and charged with publishing a ‘whitelist’ of vetted and approved third parties. “This provides an extra level of confidence for customers that we aren’t just a cowboy outfit, we’ve actually been granted access to the banking database,” Dear explains.


Banks as financial utilities?

As open banking encourages more competition in financial services, it leaves one particular question wide open: what role will incumbent players play in a more open ecosystem?

According to an analysis by Capco, a business and technology consultancy, the products and services of major banks will likely continue to dominate the market after PSD2 and open banking in the UK come into effect, albeit they will “quickly find their portfolio of products under competitive strain”.

The analysis notes that the emergence of account aggregators will create better visibility in the banking market and guide customers towards the best products. This levelled playing field will give specialised providers much better exposure for their offerings.

“If you are a bank and come from the perspective that your customers are yours and you have a natural right to be able to do what you want in terms of user-interface and product offering, you will be left behind,” says Dear, who believes that, overall, the banks have more to lose than they have to win.

The challenge faced by financial institutions can be compared to those encountered by the telecommunications industry in the 2000s, when alternative providers such as WhatsApp, FaceTime and Skype began to take market share from traditional mobile network operators.

Drawing that parallel, Beaumont at techUK says banks will face the risk of becoming mere financial utilities – providing only the essential infrastructure that enables high-value experiences offered by others – just what happened to the phone companies.

“There is a very real risk that those banks which do nothing other than minimally viable compliance find themselves as a high-cost utility,” she says. “And being a high-cost utility is not a smart place to be. There isn’t too much space for those in the marketplace.”

While the banks GTR spoke to for this article all say they welcome the legislative changes in the UK and EU, it is unclear whether they would have embraced open banking without lawmakers’ intervention. After all, it’s not for nothing the regulation was introduced. Yet, there is general agreement amongst various sources that open banking also means the opening up of new opportunities which will allow banks to thrive.

Beaumont, for one, is hopeful that the changes will push traditional banks to rethink and improve their products and services.

“It’s changing their mentality to recognise that data has value and to do something with that data to the benefit of their customers,” she says. “The innovation in terms of new services will filter back into the banks and they will be able to deliver modern real-time flexible services, rather than push old-fashioned products.”

And better products will be rewarded: in its analysis, Capco notes that just like specialised financial providers will get more exposure with independent aggregators, so too will the traditional banks where they have market-leading offerings.

At Lloyds Bank, the group’s head of payment strategy James McMorrow agrees that the upcoming legislative changes have given them another chance to look at how they optimise client relationships. “It provides us with an additional opportunity to evaluate how we serve our clients’ needs, what solutions they may want in the future and how we can optimise our existing or new solutions,” he says, although he would not give specific details or examples of what this could involve.

The most exciting outcome, however, could be the opportunity for old and new players to drive innovation together.

Dear explains: “If you are a bank and you don’t provide an unsecured working capital line like iwoca, you could actually release that as a feature through iwoca, even though it’s not yours. And it’s very easy for you to do that because iwoca already has the access to API data. It means that partnerships like this are much easier to do in the future.”

The same suggestion is made by Natalie Willems-Rosman, head of payables and receivables, Emea, at Bank of America Merrill Lynch: “By the industry adopting a new way of sharing data – through APIs – it ultimately speeds up and increases the sharing of information and facilitates the opportunity to work with other parties in the chain – this could be fintech companies, new entrants or other banks.”

She adds that while the legislative changes will mean more competition, she does not fear the bank becoming a financial utility. “We have very strong relations with our clients, and that’s because ultimately we are able to provide them a full end-to-end product suite, tailored advice and thought leadership. That’s really where we think we play a very strong role and we see that role absolutely continuing.”


Fragmentation or standardisation?

It is too soon to tell what the future open banking ecosystem will look like exactly.

Industry players emphasise the importance of being a first mover, not just for fintech firms, which are now given a new opportunity for growth, and for the banks, which have the advantage of having the customers in the first place, but also for governments. In this respect, the UK appears to have taken an important step ahead of the game.

The UK’s open banking standard is PSD2-compliant, but unlike the EU directive it specifies a protocol for what the APIs and sharing of data must look like. The standards are defined in a collaborate effort through the Open Banking Implementation Entity, which is funded and steered by nine mandated banks, with the participation of challenger banks, fintech firms, consumer groups and other parties.

“In the UK, we’ve made a specific choice, and I think generally it is one that is good for innovation and competition,” says Gorst at Nesta.

Without such common standards, he expects to see a more fragmented implementation across the EU, with banks figuring out individually how they are going to comply with PSD2.

“For fintechs it will be much more difficult to learn a hundred different ways of interacting with banks. So we are really on the front foot in the UK when it comes to PSD2 implementation and making it fintech and innovation-friendly,” he says.

Banks, too, are concerned about the way in which the EU market may decide to adopt PSD2 as a result of the more vaguely defined legislation.

“There is continued uncertainty under PSD2 regarding the standards that we will be required to meet, and exactly how that data will be shared and the security that goes around it,” says McMorrow at Lloyds Bank. “Clearly our preference would be to have a similar way of working to the UK open banking standards, giving consistency across the market.”

European banks are now looking closely at the UK as a robust example of how common API standards can be expanded to the rest of Europe, explains Willems-Rosman.

“If you look at how vast the banking space is across Europe, it’s not going to benefit from various parties having their own API format, for instance,” she says. “We are actively co-operating to build those standards. It’s something that is very close to our heart because we really don’t want to go down a road of fragmentation across Europe.”

No doubt, banks, fintechs and other third parties will have operational challenges to overcome as new legislation takes them into unknown territory. Some may lose out, others may find a new role in the market. Ultimately, the biggest winner will be the customer – and rightly so.

“Whether it all works in practice is a question,” says Scanlon at Pinsent Masons. “But if all the operational issues are overcome, we are going to see one of the most fundamental sectors in the world completely change over the next five to 10 years.”


PSD2 and open banking in short

  • Payment services directive 2 (PSD2) was put forward by the European Commission in 2013, and will come into force in January 2018. National governments in the EU will have to turn the directive into local legislation.
  • The directive requires banks to allow trusted third parties, with the customer’s permission, to access account information and initiate payments from those accounts.
  • The UK’s open banking standard is PSD2-compliant, but goes beyond in that it provides standardised specifications for what the API infrastructure must look like.
  • The standards are being developed by the Open Banking implementation Entity, which was established in 2016 following an order by the UK’s Competition and Markets Authority (CMA), with the aim of encouraging greater competition in the banking sector.
  • While PSD2 is a requirement for all payment account providers in the EU, the open banking standard only covers the nine largest banks in the UK. However, other banks have opted into the UK’s standard, and more are expected to join.
  • In February 2017, a CMA order formally implemented the open banking reforms into English law. The open APIs will be released in January 2018.