HOSTED BY: Ryan McEndarfer, Editor-in-chief at PaymentsJournal.com with Aaron McPherson, Vice President, Research Operations at Mercator Advisory Group
While some of our listeners may be familiar with the concept of open banking, for those who are not, can you give us a brief overview of what open banking means? And also what are some of the applications and services that open banking is addressing?
Mark Atherton, Group Vice President of Financial Services, Global Business Unit at Oracle
Sure. Open banking is rooted in the idea of data sharing between a bank and basically an unaffiliated third party. The concept isn’t entirely new, but some of what we’re doing in open banking is new. The key enabler is all around API, which is an application programming interface. And again APIs aren’t necessarily new. They’ve been used for decades in banks but typically to move banking information like a balance between a bank and accounting software. What’s new now is we’re using APIs to actually do banking activity like payments. APIs have been around for a long time. That’s pretty well established. Some of the earliest adopters were eBay or Google Maps when Google was creating mashup applications, leveraging Google Maps. But these were closed APIs, and the terms were defined by Apple, eBay, or Google. Open APIs, or open banking, the terms around the APIs are really established more by the regulator and have a common set of terms that banks are being forced to conform with, as opposed to banks pushing their own terms for the APIs out there. The European regulators spurred a lot of this effort. They started with the Payment Services Directive in the early 2000s and then came out with the revised directive, which is known as PSD2, in 2015. Again, the idea was really to spur Innovation. And PSD2 really was a launch point where we saw this really take off. It drove the banks to have to open up their banking capability and allow innovators outside of banks to create services that consumers could use and then actually reach their funds and use that through third-party services.
Aaron McPherson, Vice President, Research Operations at Mercator Advisory Group
Yes, and I think in some of the research we’ve done at Mercator one of the opportunities we’ve seen is that banks who have spent a lot of money on things like identity verification services and fraud scoring can use open APIs as a way to monetize those services outside of their regular ecosystem. So if you look at what these as done with their authentication API portal, they’re actually combining solutions from a number of different vendors and making that available. I think that’s a model that we’ll see some banks adopt if they’ve got some specialized capabilities in-house.
What is behind this industry push toward open banking, and how do you anticipate the shift toward open banking will impact the relationship between traditional banks and fintechs?
Mark Atherton, Group Vice President of Financial Services, Global Business Unit at Oracle
The initial push again came from European regulators. The UK in particular probably had the strongest push, and it was rooted in the sense that banks are holding their customers hostage. Banks were slow to innovate, but consumers really couldn’t do much about it. Some interesting services were available to consumers, but if you couldn’t connect them to the bank, it didn’t really matter. And so the banks saw them as competitive and they held them out, and that’s where that friction was in the market. Today you have a case where you’ve got applications like Mint here in the U.S. that have really strong money management service including electronic bill pay. That service isn’t very interesting if you can’t actually do the electronic bill pay. So now we can actually connect those applications to the banking services and create some pretty interesting capabilities. Early players tried to get you to transfer your money from the bank to the new service, but that really never took off. So now through APIs we can actually connect and embed these services directly into a banking application and pull banking services directly into a third-party service. Zelle is an example where you see this going both ways. Many banks embed Zelle into their online banking applications. But you can also use Zelle as a stand-alone and connect bank data so that you can do real-time payments out of Zelle.
Aaron McPherson, Vice President, Research Operations at Mercator Advisory Group
Yes, I think one of the things that people have started to understand is that banks have understood is that fintechs often have an advantage in terms of customer intimacy and their ability to respond quickly to changing market needs, whereas fintechs have realized that banks have the scale that they need and that it would be very expensive for them to build on their own. So there’s kind of a complementary set of needs here, which is why there’s more interest in working together and that’s why there’s more interest in creating open APIs that make it easier to work with fintechs. It doesn’t have to take years to get up and running with them.
Now Mark, as you pointed out, regulations and rules mandating open banking were enacted in the U.K. earlier this year. How are U.S. banks addressing open banking, and do you expect similar regulations to be passed here in the U.S.?
Mark Atherton, Group Vice President of Financial Services, Global Business Unit at Oracle
So right, it was rooted in EMEA, in the U.K. in particular with the regulators and that has started a movement that has pretty much taken hold globally and certainly in the U.S. U.S. banks are responding, you can see this today, with lots of services that are available through and connect to your banks. So I gave an example of Mint. There’s examples of Zelle. Venmo is used widely by young people that do payments and so it’s out there. It’s real. It’s taken hold. You probably wouldn’t necessarily see regulations to push the movement here in the U.S., especially because we are going into sort of a negative reaction to increased regulation right now in the U.S. But you could see regulations start to come up as you get into data privacy fraud and some of those issues. The initial impetus to actually to drive it and push the banks to open up, a lot of the bigger banks are able to respond to that and have done so. Some of the smaller banks — just from costs, investment, and others — you think of community banks, credit unions, they’re probably more challenged. I don’t know that regulation is actually going to push them to do it. There’s probably a different issue.
As banks open up to third parties, they face a challenge of managing the exposure of customer data. How can banks address the potential cybersecurity challenges of open banking?
Mark Atherton, Group Vice President of Financial Services, Global Business Unit at Oracle
Well, banks invested a huge amount in data privacy and fraud [management] in particular. today. It’s pretty well managed and as they open the APIs, there’s significant testing that’s done. If you’re going to connect to those APIs, you’ve got to prove data security abilities of your applications to the bank so that those connections are made. It is interesting question, and I think this is going to evolve, is where is that line around fraud drawn today? If somebody gets into your banking application for whatever the bank is and commits fraud, usually the bank is going to back you up and cover the fraud liability. If somebody gets into your bank account through a third-party application, the bank is probably going to push back and say, “Hey, as a third-party developer you created an application. The consumer was tricked into opening the application. That way fraudulent payments were made. That’s on you not on us as the bank.” Probably that’s an issue out there certainly that everybody’s thinking about.
Aaron McPherson, Vice President, Research Operations at Mercator Advisory Group
I think one of the challenges is that consumers may hold their banks responsible even if legally they aren’t because they’re accustomed to their performing that role. All of you’ve seen some of that with Zelle, where people have used the service in ways that it wasn’t intended, got burned, and then found that their bank was not willing to cover them.One of the things that you’re giving up perhaps unwittingly when you use a real-time payment service versus a card is you’re losing that zero liability guarantee. So I think communication is important and consumers need to understand who’s responsible if something goes wrong. It’s a challenge for banks to communicate that, especially when working with third parties, and it may be something that the banks want to consider actually charging for. One of the things you can do when you’re making an agreement with a fintech is to charge them for insurance essentially so that if something goes wrong, you will cover it, but they have to pay a fee for that. And that’s another way to leverage the fraud management capabilities that banks have invested in.
As we look forward, what are the other challenges that will be present with open banking to banks?
Mark Atherton, Group Vice President of Financial Services, Global Business Unit at Oracle
Well, it’s interesting to categorize, if you start to segment the banks, that’s when this question starts to become interesting. If we think of the four largest U.S. banks and then the super regionals, they have very sophisticated IT teams, very sophisticated security teams, lots of capability in technology. Most of them are on the forefront of all this. Now they have API strategies and the rest. Now when you get into community banks and the credit unions, that’s where this probably becomes a bigger challenge. In many cases they’ve actually outsourced a lot of their technology to third-party providers and their internal technology capability is incredibly limited. So they already see some challenges just in digital banking and the kinds of digital services they would offer as a bank because really they have very limited capability to build those on their own. And so now if they have to invest in infrastructure and capabilities around open banking, it becomes that much more of a challenge because many of the platforms that are run today by the big third-party providers in the U.S. aren’t API enabled. And they’ll go back to the banks and say, “Look if you want APIs and this stuff, then you’ll have to pay to build it out as you would expect, and it’s very expensive.” We already know that the community banks and credit unions are under a tremendous amount of pressure. We lose 200 or 300 every year in the U.S. This is probably another big heavy log on the load that they’re trying to pull and survive. I think that the smaller banks are probably the ones that have the biggest challenges with this.
Aaron McPherson, Vice President, Research Operations at Mercator Advisory Group
Well, I know that some of the processors that we talk to who work with credit unions actually see this as a business opportunity that they can work directly with some of these fintechs and provide an integrated turnkey service to their credit unions and to community banks. I think there’s a big role for processors and technology companies to digest this and make it available and provide a lot of the support for it so that smaller institutions can take advantage of it.
That leads us to the million dollar question: How can banks embrace open banking and make it work for them and for their clients?
Mark Atherton, Group Vice President of Financial Services, Global Business Unit at Oracle
You’ve got to get into it, and you’ve got to get started. A lot of banks are probably going to be slow to the move because nobody wakes up in the morning like “Hey, I really want to change my bank today,” right? I want to resettle my cards, my accounts, my balances, my bill pay, all that stuff. So it’s easy to get complacent around this. For the large regionals obviously, accelerate the path toward APIs and getting the applications API enabled. There’s services firms that can help build those APIs. Oracle has an entire set of over 1,500 banking APIs, and we have supporting services in managing APIs, running APIs in order to support things like that. We see a lot of traction around that in the U.S. And then the second point is, get back to innovation because the APIs open those channels, but at the same time, there’s nothing that prevents you as a bank from doing a lot of the same things that fintechs are doing. I think there’s an interesting question here, and Aaron brought this up earlier, is the battle between a third-party provider and a bank of who’s going to be responsible for fraud. If you’re using the banking application, the banking capability, the bank’s going to stand behind you. You can use a third-party service, but if you unwittingly open that up and you’re a victim of fraud, the bank probably isn’t going to stand behind you on that. We know in the U.S. that there’s 10 to 15 million victims of bank fraud every year. The cost associated with that, estimates range $8–15 billion a year. Banks would love to see some of that move on to somebody else. And that’s what’s out there. I think banks continue to be in a really good position to innovate and provide these services. Back their customers with the standing of the bank, and they are positioned to weather through all of this.
So before we close out this conversation, is there anything that you’d like to add?
Mark Atherton, Group Vice President of Financial Services, Global Business Unit at Oracle
No, I think that, it’s an interesting and very exciting time in banking. And the move toward fintech, and investment in fintech, is significant. A lot of it is going into lending. A lot of it is going into payments. Banks have certainly taken notice. I think this has spurred banks to do more to innovate probably than we’ve seen in the last 15 plus years. This is an interesting time in this market. And you can see the banks putting out a lot of really interesting services. You see them investing in fintechs, like the Wells Fargo investment in Zelle. Then you see some really cool third-party applications come up that benefit consumers. Banking has been pretty slow to innovate. You think of the things that you could do online, you know with an airline ticket, or even with your cable provider you can do things from a set-top box or from a phone, and yet it’s really hard to just get to manage and move money. This market is finally going through its transformation and you know, obviously we’ve got a framework now to do it through the open banking efforts.
Aaron McPherson, Vice President, Research Operations at Mercator Advisory Group
I think in Europe one angle that we’re seeing that is a little different from the bank and fintech angle is that banks are actually using the APIs themselves to communicate with each other. One of the challenges that banks have traditionally had, which is getting a good picture of their customers’ total financial activity, is now becoming easier because they can access that information such as balances through these open APIs. I think it’s enabling banks to provide better service and they might not even be a fintech involved at all. Or again, banks might if they have a particularly strong capability, try to sell that through open API. So I think we’re going to see a lot of interesting models coming out in the next couple of years as standards get resolved and as pilots get completed. It’ll definitely be interesting to check back and see how things have developed.