Open banking is a simple idea with its sights set on a large, innovative impact.
Adopted in 2018, open banking ensures that consumers and small businesses can share their financial data securely with providers of their choice. This was in response to the EU’s adoption of the revised Payment Services Directive, known as PSD2, which aimed to promote innovation within the financial services sector. Subsequently, the UK’s Competition and Markets Authority ruled that the nine largest banks were required to grant accredited startups access to their data for these purposes.
Consequently, consumers are more in control of their finances and organisations within the financial services industry can offer more innovative and competitive products.
For example, if a consumer wanted to use an application for financial planning, such as choosing a loan provider or managing their personal finances, open banking allows them to link their account to the application, sharing their financial data for those purposes. These third-party applications are authorised and regulated by the UK’s Financial Conduct Authority or a European equivalent, ensuring the secure transfer of data. Small businesses can similarly benefit, sharing data to tools managing their business accounts or cash flow management. Authorised third parties are listed on the FCA’s Register and the Open Banking Directory.
Similar to GDPR, open banking relies on the consumer opting-in; data cannot be shared without explicit approval. Additionally, open banking is still regulated by various data protection regulations such as GDPR, meaning that an application will only be able to access information strictly necessary for its purposes. Furthermore, the data is encrypted and its usage is tracked.
Sharing is facilitated through standardised Open Banking APIs (Application programming interface), allowing any emerging fintechs to build applications that integrate and communicate with banks and building societies. While open banking will have a profound effect on banks’ business model and innovation in the financial services sector, it does not come without risks.
The very nature of open banking creates a complex ecosystem of consumers, data providers, third-party vendors, regulators and government agencies. As of January 2020, there are nearly 200 regulated providers – this new wave of financial innovation is just taking off. Financial data is an incredibly lucrative target for cyber attackers. The data collected from transactions and balances held not only on banks’ infrastructure and servers, but the other participants in the open banking ecosystem as well, pose a significant risk to cyber security.
Open banking also raises flags for financial crime, with new risks associated with fraud, data loss, identity theft, data protection violations, money laundering and sanctions lists. More compliance concerns may arise from a proposed independent authority to oversee the open banking standards and governance and compliance requirements. Banks and other participants in the open banking ecosystem who fail to comply with GDPR and PSD2 regulations may face financial and reputational losses.
For organisations participating in open banking, it is crucial to continually monitor their third party ecosystems to identify, analyse and manage their cyber risks with tools such as CyDesk to assure compliance and avoid costly data breaches.