By Aaryaman Vir & Lars Markull

Foreword

More and more people are coming into the formal financial system, and in doing so, they are generating troves of financial data. This is highly valuable information for the user; organizing this data efficiently could really help the user do things like track her expenses or plan her taxes. When shared with a service provider, this information could also help the user get the most cheap, personalized, and timely financial services.

Although this sounds great, there is a catch – the data generated by these actions resides in certain platforms such as banks, stock brokerages, accounting software, and so on. Pulling the data out of these platforms is currently expensive, insecure, and in some cases, impossible. Given the rapid rise of fintech and financial services, there is massive demand for this data with only limited supply. There is a better way to serve the demand for financial data: that way is open banking.

Data Empowerment, Data Protection, and the Need for Open Banking

Consumers around the world are becoming alert to the fact that their data is not always stored safely and ethically. This is partly driven by high profile breaches such as those that occurred at Equifax and Ashley Madison. In some cases, these breaches occurred as a result of negligent security protocols on the part of the data fiduciaries. In other situations, sharing of customer data forms the basis of the service provider’s business model (e.g. Google, Facebook etc.).

In recent times, regulators have been taking a more serious approach to privacy as it can be seen with regard to the European Union’s GDPR policy. In the same vein, there is also a growing trend towards data empowerment – the idea that data owners should be the first ones to benefit from the use of their own data. This concept can be seen in the rising popularity of companies like the Brave browser and Scroll.com. These companies essentially offer users the chance to share their data with select advertisers in return for special offers, better targeted ads, and in some cases a slice of advertising revenues.

It is against the backdrop of these two themes of data protection and data empowerment that our attention now turns to open banking. The idea behind open banking is to empower users with better control over their own financial data. Banks are actually usually quite good at protecting your data. The trouble with banks’ handling of data is that they lock it up in their own databases in much the same way that they might lock up and secure gold bullion.

How Did Open Banking Come About and How Does it Work?

The biggest problems with banks’ storage of your data relate to the efficiency and security of sharing said data outside the vault. If you want to share your bank activity with a third party (for instance to be qualified for a loan, or to avail of an expense tracking service), you only have a handful of tools at your disposal, and none of them are particularly efficient or secure. On the higher-tech side of the spectrum, you could choose to share access to your emails or SMSs so that the third party could retrace your financial activity from the notification messages sent by your bank or asset manager. Another efficient option would be to share your digital banking username and password so that the third party could deploy a screenscraper bot to go through your account and fetch every piece of information. Both options come with privacy and security dangers.

Coming to the lower-tech side of the spectrum, we have the trusty PDF file format in which many banks allow their customers to download their data. There are major issues with this – what if her bank statement contained a sensitive transaction like a visit to a sexual health clinic or hospital?

Probably the first provider of open banking services on a big scale was the US company Yodlee (now part of Envestnet). Yodlee relied on screen scraping to access their customers’ accounts. This means that Yodlee took customer’s electronic banking credentials and used them to log into the customer’s bank portal. Since then, screen scraping has fallen out of fashion as the main technique for extracting information from banks. The main problem was that bugs or breaks in the scraping algorithm were very difficult to detect until it was reported by users. Another problem with screen scraping was that it was very laborious. In order to build a scraper for a page, you would first need to analyze and break down all the HTML on that page. There can often be a lot of code to parse through until you find the tidbit you want.

As seen above, the current methods are expensive, time consuming, inefficient, or laden with privacy risks. Open banking is the idea that banks should offer application programming interfaces (APIs) that enable their customers to more easily access the data that lies within the bank’s vault. This consent could be provided via a secure banking page provided by the bank within the third party’s application, or it could be provided by a special consent collector entity trusted by the bank to verify the identity of the bank’s customers. At its core, open banking underscores the notion that the financial data of a customer belongs to the customer herself, not to the vendor that provides a service to her.

How Is Open Banking Being Implemented in India?

Beyond just reliability and performance, the biggest issue with these methods of data aggregation is privacy. In order for these techniques to work, the user must share their banking login and password with the data aggregator!

In contrast, “official” open banking flows can lead to a more secure end-user experience (official flow meaning something in which the bank is in the loop and offers built-for-purpose APIs, as opposed to an aggregator cutting out the bank by finding hacks to get the data off the bank’s user interface). Consider the case of India, which is implementing a system known as the Account Aggregator framework (AA). As per the flows specified by this framework, users are not required to share their banking credentials. Instead, users must create accounts with specially certified Account Aggregators (these could be mobile apps or web apps). These licensed AAs, as they are known, allow users to discover their existing financial accounts (be they bank accounts, stock trading accounts, insurance accounts, or taxpayer profiles).

In addition to increased security for users, the use of official APIs can also result in more convenience and reliability for consumers of data. For one thing, the data itself comes from the source, oftentimes with a verifiable digital signature. This brings down the cost and burden of verifying the data. Secondly, the official APIs come with documentation and maintenance from the banks, so consumers of the data are in the loop about changes or outages to the APIs (although one must concede that some of the bank APIs in the EU and UK are unreliable and uninspiring). Lastly, the APIs might allow for richer functionality than what scraping allow. For instance, the AA framework in India specifies standardized schemas for more than 23 kinds of financial assets including bank accounts, credit cards, equities, bonds, mutual funds, insurance policies, tax returns, and electronic invoices. The consumers of these APIs know exactly the format in which they will receive the data; what’s more, the AA API specifications allow for data consumers to ‘query’ the original data. This means that users can instruct their bank to only share select information with the data consumer, rather than just sharing it however it is presented on the current mobile/web banking interface.

Use Cases And Business Opportunities Stemming From Open Banking

While looking at all the different players in the Open Banking world, you realize quickly that the space is already very crowded and Open Banking-powered services are popping up in various different industries. To just highlight a few examples:

  • Avanza is a Swedish stockbroker and onboarding has been a tricky part of their user journey. Before using Open Banking, users from Avanza had to manually enter their investment account number (Source). Most users did not know these details by heart and had to go through paper documents or a separate online portal to find these details and finish the signup process with Avanza. While using Open Banking, the user can now login into their old account, Avanza then displays the available accounts behind that login and the user can choose with which account he/she would like to proceed. Therefore, the user does not have to leave the service and can finish the whole process in just a few minutes.
  • Transaction data is quite commonly used for loyalty and rewards systems. Remember when you had to carry an additional card for each store to collect points and get rewards? Guess what. Most of our shopping data is in our bank account and can be easily plugged into various different services. One provider we would like to highlight is Drop. Drop is powered by Plaid (Details) and uses transaction data to provide rewards to their users based on their purchases.
  • Not only consumers, but SMEs too can benefit from data driven products. One of the areas for these services is cash flow analysis and optimization tools such as Agicap in France or Finux in Germany. Cash flow optimisation services are using the access to the bank account of the SME to provide insights and support with crucial decisions. There were many services out there before that supported SMEs with accounting and similar services. And they will still be used, however, especially for smaller companies cash management is important.
  • Utilizing Open Banking data for loan applications is a big trend in the industry. Very likely that we will see a similar trend in India as well. While the providers mentioned so far turned a paper or PDF process into a fully digital process, we also want to highlight a provider that takes this approach to rethink a whole industry. The startup is called Credit Kudos and the industry they are going after is credit bureaus. Incumbent credit bureaus have built their credit score often on different data sources that tend to rely on the past. However, bank accounts usually contain an up-to-date picture of our financial data and Credit Kudos is tapping into that market. Combining open banking data with other data sources could be a powerful tool to reinvent the industry of credit bureaus.

“We need Banking, not Banks” is a powerful quote attributed to Bill Gates. We believe the world will always need banks but as you have seen in the examples above, our banking activities move into a certain context. This is often described as embedded finance or contextual banking. In order to power such services, banks and other players need to offer API access to data and functionality so third parties can build these new services. Incumbent providers with big customer numbers such as banks often fear that they might lose control, customers and income when they open up their infrastructure. Especially in a country like India with a growing market, this could be a win-win for banks and new players.