PSE will be discussing Open Banking along with a range of current payment issues at our November Conference.
Tony will also be talking about Open banking at Sibos in London at the end of September.
The digital economy generates reams of data and also buzz words like Big Data, Machine Intelligence and AI. We need to remember that we live in a world of GDPR, which is a European construct but those principles would seem on course to apply globally to the digital economy.
The principle is that the ‘data subject’ owns the data and they can decide what to do with it. Open Banking is an instance of that principle applied to bank data. The CMA in the UK has compelled banks to open up on type of data through standard APIs, but the principle extends across the digital economy. The right of data portability is embedded in GDPR Article 20 – it says that the data subject can ask the ‘data controller’ to provide the data to a 3rd party in machine readable format. What it does not do is specify the message formats and force everyone to provide that data through APIs.
We need to get to the concept of an ‘open data’ economy where we own our own data and can direct it where we see fit. For example, in today’s world banks don’t get access to the so called ‘Level 3’ data which is the basket level data when consumers make purchases with debit or credit cards. As this data belongs to the consumer rather than the merchant, they should be able to decide where it goes. When we develop better API enabled methods for data subjects to decide where their data goes, that will create a great opportunity for banks, fintechs and bigtechs to create very interesting Cloud/Big Data/AI/Machine Learning powered services, depending on consumer consent.
Obtaining customer consent through Strong Customer Authentication (SCA) has proven a major pain point for Open Banking and that will extend if we move towards a more open data economy with full data portability. Countries seeking leadership in the digital economy need to realise that the foundation layer is a good Digital ID as the basis of digital consents across a whole spectrum of interactions.
There are two routes to achieve Digital ID – one is through a national scheme like Aadhaar (which means ‘foundation’ in Hindi) in India which has enrolled over a billion citizens. The other method is through a federated Bank ID such as those in Sweden, Norway and Denmark. It is no surprise that the countries making the greatest leaps in electronic payments are India and Sweden, because they are both underpinned by good Digital IDs. Anglo Saxon countries may not want to go the national ID route, in which case the federated Bank ID would be a good model to follow.
The need to work together on federated Bank ID is another penny has to drop in minds of the banks. If banks cede identity to bigtechs, then they will be at a severe disadvantage as the logic of the digital economy unfolds.
It is because there is potential liability that banks are in a good position to offer identity as a service to the wider economy – banks are risk taking balance sheets, after all. The higher level of KYC required by the banks should be leveraged the basis for granting an identity credential.
Digital ID is an area where banks need to subsume their individual interests to a community interest. For banks to remain relevant in the digital economy, this is the place they need to circle wagons.
When it comes to digital survival there is enough for individual banks to do to digitise their back offices and migrate from batch processing and store & forward messaging to real time, 24*7*365 availability. Banks need to work together where it makes sense: API standardization is one place, another is federated Bank ID.
For example, if the EU wants to complete the Single Market for payments then it is good to work on TIPS, SCT Inst and other developments, but getting the foundation right would mean building a Pan-European federated Bank ID scheme. Take what works in Sweden and extend it across the continent – even the British banks could join in.
The monetization model is that the party relying on the Digital ID pays a fee. In Sweden the Bank ID has wide uses – it can be used to access government services and sign any document. There is a study from McKinsey that says the presence of Bank ID in Sweden has added percentage points to GDP.
This question strikes to the heart of the matter. The Open Banking journey has started on the wrong foot, with regulators mandating that banks provide two basic services, essentially for free. No wonder banks are taking a minimum regulatory compliance approach to a service that they consider as providing an infrastructure for disintermediation.
It is for this reason that we worked with SWIFT, an association of over 10,000 banks, plus merchants, fintechs and bigtechs to develop what we call the ‘Pay Later API’. We deliberately chose to focus on a service where the banks could make money – lending. The Pay Later API enables any bank to offer simple instalment loans to consumers shopping on digital platforms, essentially providing the same service as many fintech lenders.
We call this idea ‘balance sheet as a service’ to help banks understand what it is going to take to survive in the world of platforms with embedded financial services. We are trying to show banks how they can make money from Open Banking, and that it is much more than compliance with PSD2. What is at stake is the race we talked about before – who will provide the financial layer to the global digital economy – will it be banks, fintechs or bigtechs?
This is not the end of the journey, we aim to develop standards for the full spectrum of retail and wholesale banking services in line with ISO20022 and JSON standards, and make them at global level.
We have commenced work on a ‘pre-authorisation’ API for Open Banking. Pre-authorisation is a transaction type that is absolutely essential in lots of different use cases, for example, when you check in to hotel they do a pre-authorisation because they don’t know what your final bill is going to be.
Baseline Open Banking as defined by the regulators is just a simple payment initiation, so it can never support the hotel use case or many others that require this basic functionality that is only found in cards products.
When you add our work together you get a more complete service – a pre-authorization, a simple ‘pay now’ payment initiation and a simple ‘pay later’ instalment loan origination. We are pointing towards what the banking community needs to do to remain relevant in the API economy.
Progress is slow while banks are in compliance mode. What we need to do is come together as banks at the global level to define a library of services of maybe 50 retail banking and 50 wholesale banking services where the banks can make money. This will unleash a wave of innovation and create a layer on top of which fintechs and bigtechs can innovate. It goes hand in hand with what we are calling for on federated Bank ID, because Open Banking only works on the basis of a good SCA. Since GDPR the whole of the digital economy needs to orient more around strong consents and entitlements.
The argument is that banks need to be the financial layer of the API economy or someone else will be. Furthermore, the banks need to act in concert on Bank ID and API standards. There are few smart ‘go it alone’ strategies.
By publishing these API standards we have set a major challenge to the banks which is what would you have to do to your back office systems in order to publish these APIs? As soon as they look at them they realise that they have a mountain to climb.
If you think about what banks need to do when faster payments comes into a market, there is a similar level of challenge to gear up for real time lending through APIs. It is a challenge that they should take up.
21st century E commerce is instant gratification 24*7*365 and real time. There are a host of fintechs and bigtechs building bridges between outdated banking systems and digital platforms, but we need to move the mass of legacy banking practices into the modern age.
Balance sheets are exotic entities and there are some mysteries to maturity transformation that even the most experienced practitioners can get wrong. Balance sheets are like suns – they transmute simple particles (short term deposits) into heavier elements (longer dated assets). Balance sheets are enormously dynamic entities subject to the changing interest rate environment, business cycle, regulations and a host of other factors. Traditional financial institutions have proven time and time again how difficult these things are to manage over the business cycle. That is why regulators have built capital based ‘containment vessels’ around bank balance sheets to prevent meltdown and chain reactions.
If we are looking for use cases for AI, machine intelligence, big data, cloud and other new technologies, this is the place to look. Managing a balance sheet was one thing in the age of bank branches and personal relationships. It was another thing in the age of credit bureaux. Lending will take on new forms in the digital economy, where the data sets will be orders of magnitude greater than we had access to before.
Banks will need to master real time lending to new and existing customers – consumer and business – in close to real time, and employ lots of new technologies to do this safely. There is already empirical evidence that bigtech companies, even at the current stage of development, are able to make more fine grained credit assessments than traditional credit bureaux.