“Open Banking is a secure technology, for a consumer or SME to safely share their information with an authorised third party. Open Banking also gives that authorised third party permission to execute a transaction.”
Above are the words of Imran Gulamhuseinwala, Trustee of the Open Banking Implementation Entity, the body in the UK responsible for the implementation of Open Banking.
What is it?
At its heart, Open Banking is an enabling technology. That is, it does not have a direct proposition contained within it but does allow for customer propositions to be brought to the market.
The context
As many of us will be aware, the way that we bank in the UK has barely changed in one hundred years. While there have been technological developments such as the ATM, credit cards, chip and pin, the fundamentals have stayed the same. Traditionally, most of us will open a bank account in our younger years and then use that same bank through the entirety of our adult life. Normally the decision on which bank to begin with is decided in an arbitrary manner, perhaps where our parents’ bank, having a branch nearby, or similar.
Currently, the nine largest banks in the UK (sometimes referred to as the CMA9) hold an 80% share of all current accounts. The big nine banks are, Allied Irish Bank, Bank of Ireland, Barclays, Danske Bank, HSBC, Lloyds Banking Group, Nationwide, RBS Group and Santander.
Why is it a good thing?
The Competition and Markets Authority (CMA) were unhappy at this proposition and wanted to open the banking market up to external competition, lowering the barriers to entry, and offer consumers more control over their own personal data. This personal data can then be used to find propositions that could save them money. This could come by finding a current account with a cheaper overdraft, a savings account with a higher rate of interest or a cheaper credit card.
In the future, we could see further possibilities. Utility companies are not covered by Open Banking but could be in the near future. This could open up markets such as telco, water, electricity and gas. Open Banking could also automatically switch you to a cheaper deal – with your permission – should there be a better one available.
“This is really important to me,” says James Varga, CEO of The ID Co., “Ultimately when you go to buy a house or a car, it’s not the car loan or the mortgage that’s attractive to you, it’s getting the house or car. So, if a consumer wishes to share their details with an app or FinTech via Open Banking, they could potentially save themselves hundreds or thousands of pounds.”
Convenience and ease for customers are at the forefront of Open Banking. As well as the ability to save money, Open Banking APIs afford financial institutions the ability to make decisions in minutes, what once may have taken hours, or even days.
Take a bank making a decision on a mortgage applicant, or an underwriter making a decision on whether to approve an application for a loan. Typically, both of these scenarios would involve bank statements having to be sent in. A process that is both arduous for the customer, and takes a considerable volume of time for the mortgage assessor or underwriter to analyse and then action. With Open Banking, consumers can share their bank account information quickly, securely and in seconds.
Varga adds, “This is crucial to both financial institutions and consumer standpoint. As anyone who has applied for a loan or mortgage can testify to, having to send in paper statements and then having to wait weeks for a response is no way to carry out business. From the business’ perspective, having this information shared in seconds, categorised, with income and outgoings already populated, will allow those making crucial business decisions to do so quickly and confidently.”
James Varga, CEO of The ID Co.
How does it work?
Through the use of APIs (Application Programming Interfaces) customers when buying a product or service can be directed to the login page of their internet banking. Once these details have been entered, the product or service will be granted access to certain (read-only) information through APIs.
Security has also been built into Open Banking to ensure it is at least as secure as internet banking. Only companies authorised by the FCA can use Open Banking. These companies (such as The ID Co., as well as other well-known tech companies such as Yolt, bud, TransferWise and Moneybox, as well as the banks) are all listed on the OBIE website.
Having all the companies register ensures that all are following similar standards with safety and security, and if a consumer is in any doubt as to who is requesting their information, they can quickly check and see if their provider is listed.
The Open Banking Timeline
The CMA produced its first report into Open Banking in 2014, which concluded there was a need to make the larger banks work harder to retain customers, and floated the possibility of creating “an app store for banks.”
This was followed by a further report in 2016 which paved the way for the introduction of Open Banking. This report called for the introduction of Open Banking by 2018, for all banks to begin reporting on quality of service of their websites online and in branches, and requiring banks to send out prompts based on occurrences such as bank branch closures. Another key plank of the report was to encourage bank switching. Despite the introduction of the current account switch guarantee, only 3% of customers ever switch banks. The CMA report firmly believed Open Banking would give customers more incentive to switch banks.
This was closely followed up by the disclosure in March 2017 of the location of all banks’ branches and ATMs.
Open Banking was made live in the UK on January 13th, 2018. While many were expecting a revolution in banking to commence on this date, it is important to note this was the date by which the CMA9 banks had to have the technical requirements ready. As it happened, several of them missed the deadline and required an extension.
The Open Banking Implementation Entity have been clear the January 2018 date was the very beginning for Open Banking. In their roadmap, they outlined two releases in 2018 (both of which took place) and a further two to take place through 2019.
Infographic from the OBIE illustrating the progress made by Open Banking through 2018
These releases will further enhance the functionality around Open Banking, particularly functionality on mobile sites.
As has been reported across numerous blogs and articles, the uptake on Open Banking has been muted. This following a much-vaunted launch. As well as lacking collaboration between the big banks and tech community on product offerings, the biggest challenge has been around education of the public.
For years, consumers have been instructed they must never, ever, divulge their log-ins and passwords for their bank accounts. Now, they are told, they can securely log-in to their internet banking and receive new services based on their bank data.
Public perception of Open Banking
It is unsurprising that the public at large, have to date, not yet embraced Open Banking.
As we have explored however, Open Banking is completely secure with TPPs never seeing customer’s log-ins and only receiving read-only access to their bank accounts. Some in the industry have compared this to the rise of contactless technology. While contactless is less secure than chip-and-pin, the convenience it affords, and the few seconds less that customers have to spend standing in supermarket check-outs, meant it was adopted without question.
Open Banking, by coincidence, is more secure than predecessor technology. When bank consumers begin to understand the convenience Open Banking gives them, begin to see the savings both in time and money it has directly generated, then wide-spread adoption will surely come.
As the OBIE have demonstrated above, however, there has been considerable developments throughout 2018. By the year-end, over 17.5m API calls were made.
Within fields such as account aggregation, we have seen major players such as Yolt begin to make positive strides forward. Clydesdale and Yorkshire Bank launched their “B” app, utilising Open Banking capabilities from The ID Co. to aggregate accounts within B. Barclays also, has introduced account aggregation within the realm of its mobile app. There are currently over 100 regulated players in the Open Banking ecosystem, with new services and products being launched on a weekly basis.
The ID Co. recently launched their flagship service, DirectID Insights, allowing financial institutions and lenders, allowing Credit Risk Officers and Underwriters the ability to make lending decisions based on an applicant’s banking history. As well as removing incidents of fraud, DirectID can dramatically cut the time spent on each application. It is through new services such as DirectID that the power of Open Banking will be demonstrated to the market. As we cited at the top of the article, Open Banking is an enabling technology, and DirectID is an exemplar of what can be created through it.
DirectID Dashboard
James Varga says: “Through much of 2018, criticisms in the uptake of Open Banking technology continued unabated through the media. The launch of DirectID offers the opportunity for financial firms to be up-and-running in days with bank data. We welcome the opportunity to illustrate to the industry what our market-leading technology can accomplish through Open Banking.”
Repeated surveys and studies have shown Open Banking could be transformational within the banking industry.
- A PwC report from the summer of 2018 found Open Banking could add £7.2 billion to the UK economy by 2022.
- Accenture reported that 35% of European SMEs and large businesses already participate in the Open Banking ecosystem, with 42% planning to join in 2019.
- An MIT Tech Review in conjunction with Oracle, stated that by 2020, Open Banking will make up 7% of bank’s revenues, a giant EUR 61 billion.
On digital banking generally, the MIT study found 69% consumers want their entire financial lifecycle managed on digital apps. Just recently, research by Finder has indicated around 9% of the UK population bank with a digital-only provider. While this number is comparatively small for the older generations, it is unsurprisingly, much larger for the younger generations, including millennials and Gen Z’s. As these demographics begin to make-up a larger proportion of the UK economy, it is reasonable to suggest that digital-only banks will continue to increase their market share.
Security
Quite naturally, one of the biggest concerns that we have witnessed in relation to Open Banking is whether it is a secure technology.
Speaking at a The ID Co. seminar, Imran Gulamhuseinwala, Trustee of the OBIE said:
“Open Banking is a secure technology, for a consumer or SME to safely share their information with an authorised third party. Open Banking also gives that authorised third party permission to execute a transaction.”
Imran Gulamhuseinwala speaks at the Open Banking for Investors evening hosted by The ID Co.
He went on to specify five reasons why Open Banking was a secure technology that can be enjoyed by both consumers and business’:
- It is opt-in only. No one is automatically enrolled into Open Banking.
- Customers are never asked for their log-in details. At no point does the third party see or have access to customer’s bank log-in details. When authorising a Third Party Provider (TPP), a customer is directed to the log-in page of their bank, from where they log-in as usual. The authorising bank then grants access via API once the customer has successfully entered their details.
- Open Banking works via consent only. To enjoy the benefits Open Banking APIs can bring, consumers must give their explicit consent at all stages.
- Only authorised third parties can enter the ecosystem. All parties that become authorised by the FCA must undergo a gamut of checks to ensure they are fit and proper. As mentioned, there are currently around 100.
- Customer redress system. Built into the Open Banking system is the right for customer redress. Within this system, complaints are heard by the whole ecosystem.
The UK has adopted OAuth 2.0 security to ensure transactions between banks and TPP’s are secure and cannot be hacked. OAuth 2.0 is industry-recognised and widely used as a secure method for securing digital identities. OAuth 2.0 is a protocol that allows applications limited access to user accounts on an HTTP provider, such as Facebook. However, at the same time, it only supports those service providers that are regulated by the FCA.
Security has therefore been built into the heart of Open Banking. By only granting API access to a limited volume of actors who are all authorised by the FCA, and using OAuth 2.0 encryption, the ecosystem has been deliberately stringent in their security needs. Perhaps most importantly for the customer however, is that Open Banking is never opt-in, and nothing will ever happen without their express consent. This is critical to giving consumers clarity and confidence in the system.
Conclusions
Open Banking has the potential to completely change the face of the UK financial services sector. If we think back to that CMA report from 2014 which envisaged creating a “marketplace of apps” then look at the services offered by the digital banks or major players such as Yolt, we can see how far Open Banking has travelled.
A central point to remember, and oft-overlooked by critics, is that January 2018 was only ever the starting point. Indeed, the OBIE still have future releases to implement. To that end, our current position, in feeling that we still have more to do in presenting business benefits to banks while also educating the public, is not too far behind what could be expected.
The infrastructure built by the OBIE, fully secure, and putting the customer at the heart of everything, will surely be positively commented on in future years.
As we look around us, FinTech’s, banks and tech evangelists are bringing new products to market at what feels like breakneck speed. Knowledge and understanding of Open Banking is currently low with the public at large, but as they begin to see the savings that can be made in time and money, this will only change. Our own DirectID is one example of a product successfully brought to market that saves financial institutions both in resource and expense when making credit decisions – all brought about by Open Banking.