Open Banking has revolutionized the FinTech world with a new perspective. Its capabilities extend beyond the digital payments as innovations reveal a quicker way to do things and features that go beyond mere convenience for the customers.
Open banking brings the best of both worlds and was initially conceptualized as an outbound trade service that lifts the ceiling of traditional banking infrastructure to provide better customer services. The concept was coined as Open Innovation by Henry Chesbrough who was the Head of Open Innovation at the Haas School of Business. Its aim was to promote sharing of data, which does not belong to a single entity. Later taken up as Open Banking by financial institutions, the core ideologies remain the same, to enable better decision making for the end users.
In its current form, the concept is aimed at providing a common digital platform for various bank computing systems with a common digital language shared via an Application Programming Interface (API). These APIs are what the FinTech start-ups offer to drive innovation across several industry domains.
- Allowing third party developers to build applications and services around a financial institution, a concept around which several FinTech start-ups offer services.
- Facilitating financial transparency for end users with open and private data options
- Using open source technology that is freely available.
So, why was data sharing and customer consent prioritized? Until recent times, banks closely guarded your data and could be accessed only using specific transactions. Therefore, only authorized access could retrieve your data. However, data was still leaked and used for business promotions.
This was the era of screen scraping where data was collected illegally. It was an unsafe, risky and highly inconvenient activity that could collect confidential information and even lead to frequent account blocking. Thus began the movement of giving customers the consent to share data and revoke it whenever needed.
Open Banking APIs were then widely adopted by banks and customers wherein the transaction data is shared securely between the trusted third parties. It has managed to make ripples because it is a sustainable model that is reliable and secure.
On the other hand, with such an advancement comes the need for strict regulations and policies to control the technical aspects of open banking. In addition, there is also the need for new age security controls that adhere to data privacy.
A monumental directive in this regard has been the Payment Services Directive or PSD2 standard for data protection. It is an upgrade on the existing directives in the EU for regulation of payment services and service providers that integrates Open Banking APIs. As more countries are expected to follow suit, this landmark decision marks the beginning of the API era. Along with data sharing in retail banking, it dictates rules for third party connections, sharing information and the scope of this information. Thus, every third party provider will go through rigorous scrutiny to verify authenticity.
Similarly, back at home, India is being touted to be at the forefront of digital payment innovation with the creation of National Payment Corporation of India (NPCI). It led to the introduction of Immediate Payment Service (IMPS) and Unified Payment Interface (UPI).
While both PSD2 and UPI are based on open banking API, they have different frameworks. NPCI was built on top of the Aadhaar Payment Bridge Systems (APBS) and MobileMapper to link Aadhaar number, account number and mobile numbers together, thereby creating a unique combination of three prerequisites. This system has predefined APIs for the banks to connect to a single UPI platform, while NPCI is in charge of inter-bank routing and translation.
There is much that both systems, PSD2 and UPI, can learn from each other. PSD2 needs individual banks to open their systems to others and provide APIs to process payment. However, experts believe that this system can backfire and result in chaos as banks come up with unique security architecture and APIs. Even though these APIs will be compliant with the regulations, they may be complex to implement and integrate.
Like UPI, a central routing and translation system will smoothen the processes further in case of PSD2. The UPI system requires member banks to register with NPCI. Thus, in order to actually be open and interoperable Partner APIs, the European Banking Authority (EBA) has to create a standardized registration process and allow API access to these partners only.
On the other hand, PSD2’s Account Information Service that can empower customers can be implemented in UPI. As banks are the sole guardians of data and do not allow sharing, the PSD2 proposal to open data to third parties in a secured and authorized environment will allow customers to compare services and providers. What’s more, customers will get enhanced transparency of their financial activity.
All being said, the Open Banking APIs are, indeed, developing at a time they are needed the most. Evolving customer expectations, prevalence of FinTechs, and safety concerns have triggered a trend that is here to stay.