What Is Open Banking?
The financial services industry is undergoing a transformative shift towards an open ecosystem. This shift is sending waves throughout the economy, disrupting the way financial data is used across retail banking settings to offer consumers personalized value-added offerings.
Together, open data and open application programming interface (API) technology have become a significant driver of change. Government regulators and banking industry professionals have had to adapt to an ecosystem shifting towards principles of free, accessible, and available data. And it's gaining momentum quickly.
In the two years spanning November 2020 to November 2022, the open banking tracking site, banq, went from tracking 535 financial institutions that provide open banking services to tracking 2,938 of them. In the U.S., the market for open services is expected to grow 27.6% between 2023 and 2030, according to Grand View Research. The surge in service providers is a result of the growing open data economy and new regulations around the world.
In 2008, following the financial crisis, the U.S. government mandated open banking, although the regulation that is making it possible, Personal Financial Data Rights, wasn't passed until October 2022. The EU passed legislation allowing open banking, known as the Payment Services Directive (PSD2) in 2015. Government regulations and industry interest are accelerating open banking around the world, changing the way consumers interact with their financial data.
How open banking differs from open finance
Open banking is a subset of open finance, and both are a subset of open data, which spans public and private industry. The main use cases for open banking include retail banking services and financial support, giving consumers visibility across multiple banks and control over how and where their finances are managed. fOpen finance is more broad. It uses banking data to drive personalized offerings in mortgages, credit, loans, wealth management, and more.
In practice, open banking is when a bank allows a third-party provider (TPP) – such as an online wealth management company, a payments company, or another financial technology (fintech) company – to access a customer's data via an application programming interface (API). APIs define how software can interact with other software. In mature open banking markets, banks offer open APIs (free) and custom APIs (premium) to allow third parties to build their offerings. The move to custom APIs is a relatively new trend that creates ample opportunity for industry growth.
Financial-grade APIs (FAPIs) have become the new standard. FAPI is a technical specification, built on top of OAuth 2.0 and OpenID Connect (OIDC) – authentication and identification technologies — with higher security requirements for financial data. They enable third-party developers to build applications (apps) around financial institutions that offer more competitive and innovative services to customers.
Open banking APIs are more secure than other methods, such as screen scraping, in which a trusted TPP uses a customer's credentials to access and pull data from their banking accounts. The success of open banking relies on securely sharing data across open APIs.
Individuals and households ride the wave of open banking
Individuals and households represent the second largest group of open banking users, according to the Q3 2022 Open Banking/Open Finance Business Models and Use Cases by Platformable. When a customer accesses their banking app and gives an online budget app permission to help them track their spending or a payment app to easily transfer money, there's a complex set of events happening on the backend to secure the transfer of that data.
Ensuring the highest security standards across FAPIs is a top priority for the banking industry, regulators, and, especially, the individuals who own the data being shared. One of the most important ways to ensure that only authorized parties can access customers' financial data securely and seamlessly is to use a comprehensive and compliant identity and access management (IAM) solution. Modern IAM, with AI-driven threat protection, reduces risk and the cost of fraud.
A significant value driver of open banking is the benefit of TPPs' innovative services, but this is also one of the greatest risks. Bad actors may see third-party providers as an easier target to attack than a large bank, and, if they gain access, they'll have access to individuals' transactions and account data. One way to mitigate this risk is to use an enterprise-grade IAM provider with a deep network of trusted partners.
Small and medium enterprises propel open banking further
Small and medium enterprises (SMEs) account for the largest group of users to date. Open banking presents game-changing opportunities to the entrepreneurs and owners of these businesses. At the same time, this market segment will help push fintech services in new directions.
"The majority of these products are still fairly generic in nature. And we see a huge opportunity gap to create more API-enabled fintech to address specific customer segment needs...The range of fintech products specifically targeting women's financial needs, for instance, remains limited," reports Platformable.
Raising capital, typically an arduous and time-consuming process for SMEs, is one attractive use case for open banking. Bernardo Martinez, vice president at PayPal, understands the many obstacles facing business owners seeking a loan and suggests that open banking "…can allow alternative lenders to see a greater picture of the business's health, allowing for stronger decision-making and potentially higher eligible amounts. Additionally, open banking information can serve as an alternative credit-scoring model by leveraging the transactional flow of small-business customers to understand their capacity to pay and payment history."
Importantly, Martinez noted, for open banking to work for SMEs, users must trust that their data is secure. In addition, consumers should be able to provide consent for the organizations with whom their data is shared and for how long, and they should have the right to revoke access (which aligns with GDPR regulations). Compliance to industry standards and regulations is imperative. A solution that is focused on API security, secure API endpoints, and strong customer authentication for onboarding, consent, and access authorization will ensure safe data transfer.
Future of secure open APIs
The concepts and practices of open technology and customer-owned data used in open banking — allowing a user to authorize access directly with a bank prior to giving a developer access — extend well beyond the financial space and into other industries such as healthcare, utilities, transportation, and others. These trends indicate that we are moving toward a more secure, sustainable, and innovative future based on an API-driven economy.
Unlock the power of digital identity in open banking
Open banking is a movement that builds on global open standards, technical requirements, and trusted third-party access to customer data. By harnessing the power of open banking, organizations can leverage FAPIs, customer consent, and identity best practices to:
- Secure the financial services ecosystem
- Drive value-added revenue
- Stay ahead of the competition
The ForgeRock Identity Platform is helping financial institutions around the world provide their customers with secure, personalized experiences. Using ForgeRock, financial organizations can use a wide range of standards-based authentication, authorization, and federation capabilities to comply with strong customer authentication, FAPI, and data sharing regulations.
Learn more about ForgeRock open banking solutions.