If banks wait for APIs to be mandated, it will be too late

When I talk to most bank CEOs in the U.S. about the European Union regulation that requires financial institutions to make consumer data available via application programming interfaces, I hear fear.

Many executives believe the U.S. will get a similar PSD2 mandate, and they fear that the U.S. version of the regulation will force them to give up unilateral ownership of a treasure trove of data and cause further erosion to their bank’s bottom line. To them, designing, building, securing and maintaining an API for consumers, fintechs and others to use is a scary, losing proposition. The reality, however, is that the data-sharing model is essential for customer retention. Instead of fearing potential regulation, banks should embrace the open banking model now.

I will point to two examples of past business innovation to illustrate the necessity of embracing an open banking concept.

Scott Eells/Bloomberg

First, with the flood of technological change hitting financial services, there are compelling reasons APIs will soon emerge as a truly transformational innovation that makes consumers want to stay with their bank. In banking, these types of innovations do not come along that often. The last one arguably was electronic bill payment. It not only rewrote the book on making things convenient for customers, but it also strengthened bank-user ties; a customer would have to invest in re-entering bill payment data at another institution. APIs will have the same effect on retention while improving the consumer’s experience to a larger degree; they make managing their financial lives easier. If a customer can get that convenience through his/her bank, it will be an even greater incentive to stay with that bank.

The second example relates to the steps Facebook took to emerge past social media competitors.

When Facebook first came out with its API in 2007, I couldn’t imagine why a business that was already seeing significant success (Facebook was the sixth most-visited site in the U.S. at the time) would risk it all by giving third parties near unfettered access to the company’s proprietary user data. But as I mulled it over, I began to see the genius of the model. It allowed other websites to let their users easily log in to their sites using Facebook credentials. In time, applications began to favor a Facebook login over a proprietary one so the apps could pull data about you and your friends from the Facebook API — marking the moment when Facebook became an inextricably woven part of the internet.

If you have ever used Facebook to create an account on another website, you know deleting your Facebook account would prohibit you from accessing that independent website unless you recreated your account. It is no coincidence that MySpace, the now defunct Facebook competitor, took the opposite approach and prevented third-party apps from integrating. MySpace failed to create a sticky relationship with their users; Facebook mastered it.

U.S. banks and credit unions face a similar dilemma today. The banking relationship has become less sticky, and financial institutions are at risk of seeing increased churn. In fact, millennials are two to three times more likely to switch financial institutions than other demographics.

Users want more control over their financial data and more seamless integration with the tools they prefer to use to budget, file taxes and pay friends. U.S. banks and credit unions cannot wait for a regulation like PSD2 to enable that control and integration. While the recent dearth of de novo institutions gives current incumbents a free pass from worrying about competition from new banking entrants, it is only a matter of time before a challenger bank — which by design relies on digital systems — rises in the U.S. And when it does, you can bet that that a challenger bank will embrace the development of third-party applications with an open API.

Banks and credit unions need to get ahead of this threat by becoming inextricably woven within the financial lives of their customers. They need to encourage and empower the creation of third-party applications so that their customer experiences are enhanced. Sure, there is a lot to consider in regard to privacy and security in the API model, but thankfully U.S. banks and credit unions can look to their European counterparts for the playbook. Strong customer authentication using something that the user knows (like a password), something that the user is (like a fingerprint), and/or something the user has (like a phone) is a must. And giving the user granular control over who has access to what information is paramount. These are some of the security principles underlying European banks’ implementation of PSD2.

A bank or credit union that embraces an open API platform today has the opportunity to dramatically improve the customer experience. Waiting for regulation to mandate it would be a grave mistake.