Open Banking: Regulatory Challenges for a New Form of Financial Intermediation in a Data-Driven Worl
Data has taken immense importance in the last years and industries are reshaping their activities into a data-driven business and the financial services industry is part of this trend. Financial institutions are creating new businesses within their existing structures that adapt and collaborate to meet the challenges of digital transformation and make better use of their enduring source of competitive advantage: their customer insight and data. Thus, financial institutions and regulators have been exploring ways to allow third-party developers to build applications and services around the financial institution, exposing either its customers’ data or its infrastructure through open Application Programming Interfaces. Regulators worldwide and financial institutions have called these initiatives “open banking,” which might mark the beginning of a real application of the concept of anything as a service frequently used in the cloud computing context, but now applied to the financial services industry: Banking as a Service (BaaS).
In a recent paper “Open Banking: Regulatory Challenges for a New Form of Financial Intermediation in a Data-Driven World”, I explain the foundations of the concepts of open banking and BaaS and why they represent a new form of intersection between data and finance that will change the way traditional products, services and customer experience traditionally work. Several factors explain why open banking will pave the way to change in the structure of financial intermediation derived from the entrance of third parties as financial services providers and banks willingness to provide BaaS, which represent both benefits and risks described in the paper. First, third-party developers are allowed through open APIs to initiate financial services and products (e.g. online payments, drawing directly from a client’s accounts, data analytics based on financial data, among others), which will lead to transforming financial intermediation. Second, open banking might facilitate the entrance of technology companies with established presence in the market for digital services (e.g. bigtechs), into the world of financial services. Third, banks will become a platform that offers products or services that reach beyond traditional banking (e.g. payments for buying goods and services). Banks can offer such a service by orchestrating its financial services and third-party providers into the platforms through open APIs. This puts the bank at the centre of the customer’s everyday lives, allowing them to manage their day-to-day needs.
The paper also analyses, from a comparative perspective, the different approaches financial, data protection and competition regulators have proposed to boost the open banking phenomenon. The paper argues that the compulsory approach for open banking – mandatorily requiring financial institutions to open the data they control - is not adequate in all cases and for all jurisdictions. Indeed, it does not necessarily capitalize on the benefits and manage the risks of open banking and BaaS. Moreover, some regulators have proposed a compulsory approach to increase competition in retail banking or in the payment systems. In contrast, this paper argues that open banking and BaaS model goes much more beyond that that, and if inadequately regulated, it might lead to more concentration, specially taking into consideration the possibility that bigtechs and systemically important banks will become the platforms of the BaaS scenario. Additionally, the lack of reciprocity of most of the models of the compulsory approach deters open banking implementation and might negatively impact the data-driven transformation in the financial industry and the move towards an open data economy. These aspects have been understated by financial regulators, data protection and competition authorities.
Consequently, the paper provides some policy recommendations regarding open banking regulations, as follows: (i) the same regulatory approach should not apply to all jurisdictions, (ii) regulators should encourage reciprocity, especially when choosing the compulsory approach, (iii) coordination among different regulatory authorities is needed at national and international levels, (iv) risk-based regulation is a correct approach, and (iv) regulators in the financial sector should start conversations towards open data.