The carrots and sticks of open banking

Jonah Crane, a partner at the financial services advisory and investment firm Klaros Group, said regulators in recent years have "woken up" to the innovating financial institutions have done with open banking, so rules and standards are now in the works.
Michael Dorman

Each American bank has an opportunity to stay ahead of the regulatory environment by adopting and building open banking systems that serve both its customers and the bank itself.

That’s according to experts who discussed the subject at American Banker’s 2022 Digital Banking Conference in Austin, Texas, last month. They also spoke about how open banking can help institutions reduce fraud, improve their know-your-customer practices, improve data security and derive additional value for banks that might see open banking as giving away data.

Leaders at banks including USAA, Evolve Bank & Trust and Regions Bank discussed why they are working more closely with data aggregators, and representatives from the industry standards body Financial Data Exchange and the data aggregator Plaid gave their takes on why banks need to adopt data sharing practices.

By way of defining the term, Jonah Crane, a partner at the financial services advisory and investment firm Klaros Group, said open banking constitutes “putting the customer at the center” of control and access to their financial data. “As a customer, open banking provides the infrastructure that connects all of my accounts to help facilitate what I'm looking for,” Crane said.

The U.S. is “further along” than other countries in developing standards and practices to support open banking, according to Crane. He said that is in part because there has not been a regulatory mandate that requires banks to do open banking.

“For a couple of decades, we've been experimenting with different ways for banks and nonbanks to partner,” Crane said. “So, open banking has evolved from the marketplace, and now the regulators have woken up in the last several years and said, OK, we better start paying attention and maybe bring some standards to the space.”

Speakers who addressed open banking and data sharing issues at the 2022 Digital Banking Conference include, clockwise starting from top left, Aaron Bridgers, Jonah Crane, Mike Holly, Ian Macallister and Raja Chakravorti.

Crane pointed out that the Consumer Financial Protection Bureau made an advance notice of proposed rulemaking in November 2020 concerning standards around consumer-authorized access to financial data, an example of regulators starting to pay attention. The bureau said in May this process “will give consumers access to their own data.”

In a July 2021 executive order, President Biden encouraged the director of the CFPB to revisit the rulemaking efforts, saying it would allow consumers to “more easily switch financial institutions and use new, innovative financial products.” In September, the Congressional Research Office argued that such a rule “could facilitate competition and innovation in consumer financial services.”

Some in the industry think of open banking as the sharing of consumers’ bank account data to fintechs and others through application programming interfaces rather than screen scraping. Aaron Bridgers, head of strategy and innovation at Regions Bank, said open banking allows banks to ensure their customers do not give away their passwords to companies that use screen scraping to access their banking data.

“You're trying to reduce or get rid of screen scraping to make sure that people aren't sharing their passwords with third parties,” Bridgers said.

In enabling its data aggregation business, Plaid has gotten in legal trouble for screen scraping and collecting users’ passwords and other sensitive data. For this and other reasons, Plaid is now seeking to get banks to support API-based data sharing.

With banking APIs, companies such as Plaid can, with a consumer’s consent, access their banking data to share with other apps, such as personal finance apps. Intuit’s app Mint is one example of such an app enabled by data aggregation, though the company collects data from banks on its own rather than using Plaid or any other aggregator. 

Enabling data aggregation can give customers the ability to satisfy niche purposes, according to Mike Holly, executive director of deposits and retail payments product management at USAA.

“It can enable our members to go and serve their needs for these niche use cases and fringe scenarios via open banking and again, ensure reliable, accurate access to their data in a safe and secure way to enable that while still maintaining the primary banking relationship at my bank,” Holly said.

Banking APIs also obviate the need for consumers to share their banking credentials with any entity besides their bank, according to Raja Chakravorti, partnerships lead for universal access at Plaid, and give the bank greater control over and monitoring of the information that data aggregators access.

Banking APIs use authorization tokens to access customer data rather than passwords. Security professionals regard authorization tokens as more secure than password sharing for a variety of reasons, including that tokens can be selectively deactivated if they appear to be compromised, thus breaking only a third party’s access to customer data rather than the customer’s own access.

Data aggregation between financial institutions also allows banks to collect more data on their customers. For a customer who consents to data aggregation, the bank can see where else that person has accounts, what their balances are, and greater insights into their credit usage history.

“That's why open banking actually enhances the lending capabilities for those institutions thinking outside of the traditional credit bureau and underwriting processes,” said Ian Macallister, head of financial institution partnerships for Plaid.

Data aggregation can also help banks improve their account origination systems. Bridgers said that as Regions makes account origination paperless and reduces the cost of searching for information about customers, data aggregators help the bank pre-fill required forms and verify the legitimacy of the applicant.

“We're looking at doing KYC and fraud checks by checking accounts at existing banks and doing all sorts of things to make sure it's not a mule account,” Bridgers said. “It's really just making it frictionless and reducing the burden around Bank Secrecy Act, anti-money- laundering and fraud compliance.”

Ultimately, each bank will have its own reasons to consider open banking, and consumers will benefit in a variety of ways. According to Holly, USAA’s support for data aggregation can be a major boon for military families.

“Imagine a deployed military member across the world trying to manage their finances with their spouse,” Holly said. “They can put their whole financial picture into one place to view and not waste precious minutes and seconds on the phone the one time per week that they get to talk, worrying about who paid the electric bill and did it get paid. That's a tremendous win, powered by open banking.”

For reprint and licensing requests for this article, click here.
Data privacy Data sharing Technology
MORE FROM AMERICAN BANKER