The Foundation for the Fintech Decade: Account Aggregators and Open Banking (1/4)

This is the first part of our four part Open Banking series written by Aaryaman and Lars.

Foreword

The world is currently going through a big shift with regards to financial services. More and more people are coming into the formal financial system, and in doing so, they are generating troves of financial data. Each digital payment made or received, each ATM withdrawal, each stock trade – all of these actions generate some financial data about a user or business. This is highly valuable information for the user; organizing this data efficiently could really help the user do things like track her expenses or plan her taxes. When shared with a service provider, this information could also help the user get the most cheap, personalized, and timely financial services.

Although this sounds great, there is a catch – the data generated by these actions resides in certain platforms such as banks, stock brokerages, accounting software, and so on. Pulling the data out of these platforms is currently expensive, insecure, and in some cases, impossible. Given the rapid rise of fintech and financial services, there is massive demand for this data with only limited supply. Companies that can provide this data, like Plaid – recently acquired by Visa for $5 billion – are rare but valuable. Even so, the current techniques used to aggregate users’ financial data leave a lot to be desired. There is a better way to serve the demand for financial data: that way is open banking.

In this blog series, we will talk about what open banking is, how it came about, how it is being implemented in different parts of the world, and what kind of cool and innovative businesses can be built on top of open banking platforms. This topic is close to both of our hearts: Aaryaman volunteers at an Indian financial inclusion non-profit called iSPIRT and works on helping to shape India’s open banking ecosystem. Lars has worked in the open banking industry since 2014 in Germany and is currently an advisor for fintech companies in Europe, the USA, and India. 

This blog series is relevant for stakeholders from the finance industry including banks, startups, and regulators.This series will also be useful for entrepreneurs, companies, or curious minds who wish to learn more about the big trend occurring in fintech.

We know that many people worldwide are going through a hard time right now, and that open banking isn’t top of mind for most people. Nevertheless, we hope that these posts offer a welcome and educational distraction on the one hand, and on the other hand provide curious readers with a better understanding of the benefits of open banking.

This series will be broken into four parts:

Part 1: Data Empowerment, Data Protection, And The Need For Open Banking

Part 2: How Did Open Banking Come About And How Does It Work?

Part 3: How Is Open Banking Being Implemented Around The World?

Part 4: Open Banking Use Cases And Opportunities

Part 1: Data Empowerment, Data Protection, and the Need for Open Banking

Before coming to the concept of Account Aggregators (AAs) and open banking, it is important to first understand the themes playing out in the global data narrative. The first theme is of privacy and security. Consumers around the world are becoming alert to the fact that their data is not always stored safely and ethically. This is partly driven by high profile breaches such as those that occurred at Equifax and Ashley Madison. In some cases, these breaches occurred as a result of negligent security protocols on the part of the data fiduciaries. In other situations, sharing of customer data forms the basis of the service provider’s business model (eg. Google, Facebook etc.). Either way, consumers are becoming increasingly protective and concerned about their data; in one recent survey, 97% of respondents said they were concerned about their data privacy, while another RSA survey revealed that 60% of respondents say they would divest from companies that don’t take personal data protection seriously. Unsurprisingly, financial data is at the top of the list when it comes to data types that people are most protective of. 

In addition to consumers, regulators are also taking a more serious approach to privacy. The European Union’s GDPR policy is one famous example of a policy enacted to safeguard users’ privacy and online data, but it is not the only such policy out there. Brazil’s LGPD and California’s Consumer Privacy Act are two examples of data protection laws that came into effect in the last 6 months. 

So in summary, consumers and regulators are becoming increasingly concerned with safeguarding information and making sure it doesn’t get used without consent. In the same vein, there is also a growing trend towards data empowerment – the idea that data owners should be the first ones to benefit from the use of their own data. This concept can be seen in the rising popularity of companies like the Brave browser and Scroll.com. These companies essentially offer users the chance to share their data with select advertisers in return for special offers, better targeted ads, and in some cases a slice of advertising revenues. Similarly, there are many other companies trying to enable users to earn from their own data – Killi.io and Digi.me are further examples which come to mind.

It is against the backdrop of these two themes of data protection and data empowerment that our attention now turns to open banking. The idea behind open banking is to empower users with better control over their own financial data. To unpack the issues with the current data protection models in the financial sector, one need only to look at the banks. Banks are actually usually quite good at protecting your data, even if they do sometimes include terms and conditions in your contract that allow them to use your data to earn revenue from marketers and advertisers. The trouble with banks’ handling of data is that they lock it up in their own databases in much the same way that they might lock up and secure gold bullion – they stick it in a vault which restricts access to the inside but also to the outside. Precious little data is allowed to leave the vault once it goes inside, and even if it does, it usually comes out with a host of problems.

It is important for data to come outside of this vault in an efficient and secure way for a host of reasons. For starters, imagine a business owner applying for a loan. The businessman’s current bank knows that he is a good borrower, but it feels no pressure to lower his interest rate. This would change if the businessman had an efficient way to apply for loans from competing banks. This can only happen through cheap and easy data sharing. In addition to increasing competition and choice (and therefore better pricing) for customers, data sharing can also result in consumers receiving more personalized products and services. Now that we have established the necessity for easy sharing of financial data, let us examine the problems with today’s modes of data sharing.

The biggest problems with banks’ storage of your data relate to the efficiency and security of sharing said data outside the vault. If you want to share your bank activity with a third party (for instance to be qualified for a loan, or to avail of an expense tracking service), you only have a handful of tools at your disposal, and none of them are particularly efficient or secure. On the higher-tech side of the spectrum, you could choose to share access to your emails or SMSs so that the third party could retrace your financial activity from the notification messages sent by your bank or asset manager. Another efficient option would be to share your digital banking username and password so that the third party could deploy a screenscraper bot to go through your account and fetch every piece of information. Needless to say, these options might provide convenience, but they come with serious privacy and security dangers to users. The main issue here is access – in the case of sharing email/SMS/netbanking access, the customer can never be sure that the company receiving his financial data won’t use their access to read personal emails or make some unauthorized transaction using the customer’s internet banking credentials.

Coming to the lower-tech side of the spectrum, we have the trusty PDF file format in which many banks allow their customers to download their data. In most cases, banks only offer PDFs as cookie-cutter monthly statements. This means that in order to share 6 months’ worth of bank activity, users sometimes need to download 6 statements and either upload them individually or stitch them together and send them out as one document. Less fortunate users may not even have access to such a facility – some of the less technologically advanced banks in the world still make users come and fetch signed copies of physical passbooks (transaction statements) from a bank branch. In addition to the inconvenience of sharing these statements, customers also face privacy issues when sharing data via passbooks or PDFs. For instance, if a customer wished to prove funds for getting a visa, she would have no choice but to share her entire bank statement with the consulate or visa agency. There are major issues with this – what if her bank statement contained a sensitive transaction like a visit to a sexual health clinic or hospital? Wouldn’t customers be better off if they could only share the required data rather than their entire bank statement every time?

Of course, all of this talk of PDF sharing and passbook sharing says nothing about the hardships faced by the receiving party. Since bank PDFs are seldom digitally signed, verifying the data becomes a challenge; so too does structuring the data for computational analysis. In order to get your bank data in a format that lends itself well to analysis, a receiving party might have to parse through the PDF and selectively extract the relevant information. While computers can scan through PDFs without too much trouble, it is quite wasteful to run through an entire document just to extract a few lines of relevant data. Understanding the format of one bank’s PDF statement is normally not very complicated, but maintaining dozens or even hundreds of templates pertaining to the PDF formats of different banks can be a thankless and time consuming task. The same applies to SMS/email notification and screen scraping bots. Just one small HTML change on a bank’s website could break a screen scraper’s entire product!

There needs to be a better way for customers to get data out of their banks. As seen above, the current methods are expensive, time consuming, inefficient, or laden with privacy risks. Open banking is the idea that banks should offer application programming interfaces (APIs) that enable their customers to more easily access the data that lies within the bank’s vault. The way it would work is that a bank would implement these open banking APIs and would allow third parties to call the APIs when they wished to fetch data. The third party apps, which could be lenders, expense trackers, or even visa agencies, would have to prove to the bank that they possessed the customer’s consent to access this data. This consent could be provided via a secure banking page provided by the bank within the third party’s application, or it could be provided by a special consent collector entity trusted by the bank to verify the identity of the bank’s customers. Following the receipt of customer consent, the bank would package the relevant data, and send it securely to the third party in a structured, machine readable format. The third party would be able to instantly ingest and process the relevant data, saving them the hassle of verifying the data or building hundreds of bespoke screen scrapers or PDF parsers. Customers would be happy because they would be able to select exactly which data points to share with the third party, rather than giving all their information even in cases when it wasn’t required. Customers would also be spared the hassle of downloading PDFs or scanning printouts of bank sheets; all their data could flow out of the vault with just a single click of a button.

This is open banking. It is a powerful idea that places control and privacy back into the hands of the customer. It allows previously locked data to become open and to flow freely. Not only does it reduce processing costs for third parties by virtue of its more efficient and structured mechanism, it also reduces switching costs for customers. It allows customers to move their data between different service providers, and to enjoy more choice when assessing a vendor. This should lead to more personalized service offerings with more competitive rates for the end consumer, which will in turn drive financial inclusion.

All of this might sound too good to be true, but open banking is already being rolled out in several jurisdictions. At its core, open banking underscores the notion that the financial data of a customer belongs to the customer herself, not to the vendor that provides a service to her. This notion is uncomfortable for many banks and financial service providers who have sought to create a moat around their customers’ data. In some cases, banks have actively resisted open banking. However, the top-down pressure from regulators and the bottom-up demand from customers is turning the tide towards open banking and greater financial data protection and empowerment.

Now that we have established what open banking means and why it is needed, we will dive into the second blog post in which we will discuss the history of open banking and show pros and cons of the different approaches. 

This series consists of four parts:

Part 1: Data Empowerment, Data Protection, And The Need For Open Banking

Part 2: How Did Open Banking Come About And How Does It Work?

Part 3: How Is Open Banking Being Implemented Around The World?

Part 4: Open Banking Use Cases And Opportunities