How to Survive Open Banking
By Alex Johnson
A rip current is a strong, localized, and narrow current of water that moves directly away from the shore. It occurs in places where there is a break in the sandbar or reef separating the beach from the ocean; waves come crashing in, and all the water gets sucked back out through that gap.
According to the United States Lifesaving Association, rip currents cause roughly 100 fatalities in the United States each year and are the proximate cause of 80% of rescues carried out by beach lifeguards. The danger comes not so much from the current itself, which is fast but relatively short and narrow. Instead, the danger comes from the reaction of the swimmer caught in the current — if they panic and try to swim directly against the current, they will quickly exhaust themselves and drown.
I mention all of this because I see a powerful current forming in the financial services industry:
Last year , 42% of people said they started using fintech to aggregate their accounts in order to gain a holistic understanding of their finances. This year , three-quarters of people said the ability to connect their accounts is not just a priority, but an expectation when choosing their bank (76%). In fact, nearly seven in ten value it so highly that they would consider switching banks if they could not connect their financial accounts to fintech apps (69%).
Today 79% of people value the ability to share their information with the financial apps and services they use. And 83% say they prefer to choose where they share their data (e.g., with fintech apps), instead of having companies share their data for them (e.g., credit scores).
And I see signs that those getting caught in this current are too focused on struggling against it to realize that they are only putting themselves in greater danger. Case in point — this quote from Michael Bilski, CEO of North American Banking Company:
I truly believe it is my data and I don’t have to share it, and I don’t have to give it to my customers if I don’t want to.
So, in today’s essay, I want to examine what open banking is and provide some guidance for banks and fintech companies on how they can survive it.
My thinking on this topic has been significantly shaped by a research report that Ron Shevlin and I worked on during my time at Cornerstone Advisors — Selecting an Open Banking Data Aggregation Vendor. I’d encourage you to download this report, as it contains a lot of valuable insights.
What is Open Banking?
Let’s start with a simple definition.
Open banking is the trend of making consumers’ financial data portable with the intention of unlocking data-driven innovation and increasing market competition.
It is important to note that while open banking is a global trend, it is playing out very differently in different countries.
In countries like the UK and Australia, financial institutions are required by regulators to provide API-enabled access to their customers’ data and API-enabled facilitation of specific financial activities (like payments) to authorized third parties that have acquired the customers’ permission.
In other countries, like the U.S., the ability for consumers to share their financial data with third parties isn’t enforced by regulation. Instead, fintech infrastructure companies (data aggregators) build services that enable this consumer-permissioned data sharing, predominately through screen scraping technology that leverages consumers’ digital banking credentials to acquire and aggregate the banks’ customer data.
Open banking (ushered in by either regulatory requirements or private market workarounds) has been a critical enabler of fintech — from transaction aggregation, which drove the proliferation of personal financial management apps like Mint.com, to account verification, which was a vital customer onboarding feature for neobanks like Chime, to cashflow underwriting, which has enabled fintech lenders like Petal to serve credit invisible consumers. Indeed, today, open banking data aggregation is generally seen as one of the core pieces of infrastructure that every consumer-facing fintech startup needs.
And, as the bank CEO quote above colorfully illustrates, fintech usage of that infrastructure has generally happened over the objections of the banks and credit unions that hold most consumer financial data today.
And while most of the analysis and news coverage of open banking tends to focus on the public tussles between banks and fintech companies, the most important lessons for how to survive in the era of open banking (for both banks and fintech companies) aren’t widely known or discussed.
It’s time to change that.
Let’s start with some big-picture advice for banks.
Advice for Banks on Open Banking
- It’s not your data. It seems obvious, but it’s important to emphasize this point — never argue that it’s not the customers’ data. Don’t do it. Not ever. Even if some of the data in question is, arguably, proprietary. As the consumer survey findings above indicate, your customers expect to be able to share their data. It’s important to them. And it’s also important to your regulators, as this quote from the Director of the CFPB makes clear:
- “We can only accrue the benefits of competition if customers can vote with their feet. Unfortunately, switching bank accounts isn’t easy. It involves new account numbers, new debit cards, updating direct deposit, updating auto-debits, and much more. If America can shift to an open banking infrastructure, it will be harder for banks to trap customers into an account for the purpose of fee harvesting.”
- Security is important but can’t be an excuse. One talking point used by banks early on in their arguments against open banking was that it wasn’t secure and that it put customers’ data at risk. This is a valid argument in the world of screen scraping, and customers do care a lot about the security of their financial accounts and data. However, data security cannot be an excuse for blocking or restricting customers from sharing their data. Remember, 69% of consumers would consider switching banks if they could not connect their financial accounts to fintech apps. So if you have concerns about scrapers (and you should!), build APIs.
- Open banking is about your customers, not you. Almost every time I ask a bank executive about their open banking strategy, they assume that I am referring to the opening up of their bank’s products and infrastructure via APIs and the modernization of their core systems rather than the process of making their customers’ data portable. This is classic incumbent thinking — define a new trend in terms that most benefit you (banking-as-a-service) rather than in terms that most benefit your end customer. Having a BaaS strategy and building more modern core systems that external developers can build off of are important, but they should never be confused with open banking.
- Primary account status is meaningless. It used to be a reasonably safe assumption that if you had a consumer’s checking account and direct deposit, you would (eventually) end up with most of their financial services business. This is no longer a safe assumption. According to research from Cornerstone Advisors, 35% of banked consumers in the U.S. have more than one checking account. And if you ask a Millennial or Gen Z consumer which of those accounts they consider their primary, you are more likely to get a blank stare than a crisp, confident answer. Today, consumers’ financial lives are split across many different products and providers, which means that banks are increasingly likely to see only fractions of their customers’ financial lives. If you want to see more (and you should!), you’ll need open banking.
- There are new customer problems that can only be solved with open banking. Here are two interesting stats (again, from research conducted by Cornerstone Advisors):
- Of BNPL users who were late with a payment last year, 66% were late because they lost track of the bill due date.
- Among the 45% of Millennials with more than one checking account, about half overdrew on those accounts in 2020.One side effect of consumers’ increasingly polyamorous approach to financial relationships is that it has become increasingly easy for them to lose track of things like account balances and payment due dates. Banks should leverage open banking to build new personal financial management capabilities to help their customers solve these problems.
- Screen scraping will be with us for a while, so play nice. Banks and data aggregators are saying the right things about APIs and the importance of moving away from screen scraping. We’re headed in the right direction, but we’re not going to be rid of scrapers anytime soon. As such, banks need to accept the reality of screen scraping and try to work with data aggregators to coordinate website upgrades and other technical changes that might negatively impact the performance of scrapers and, consequently, the experience for the end customer that is relying on them.
- Pressure fintech companies to share their data. We constantly hear about banks dragging their feet on building integrations with data aggregators to enable open banking. We hear very little about fintech companies doing the same thing, even though many established fintech companies with large customer bases continue to not enable open banking for their customers (this is particularly true in the BNPL space). Banks should make this point, loudly and repeatedly, to regulators and consumer advocates. After all, it’s the customer’s data.
Now let’s hand out a couple of pieces of advice for fintech companies. Note — my advice here will be a bit more tactical regarding how fintech companies should utilize data aggregators. This is because, unlike banks, fintech companies don’t need to be convinced that open banking is strategically crucial for their business.
Advice for Fintech Companies on Open Banking
- Don’t build data aggregation into your MVP … unless you absolutely have to. This advice feels blasphemous. How could you not offer data aggregation for account verification during new customer onboarding? It’s table stakes! And yet, many fintech founders I have spoken with have told me that they regret building data aggregation into the earliest versions of their products. The main reason is that for many fintech products, data aggregation is nice to have but not critical. However, once it’s in and customers use it, it becomes nearly impossible to pull it back out. And data aggregation is expensive!
- Focus on a pricing model, not price. On a related note, it can be challenging when negotiating with data aggregators to know if you’re getting a fair price. They all use different pricing models (per user, per transaction, per login, etc.), and deal-by-deal pricing tends to vary widely based on the intense competition between the aggregators. One suggestion for overcoming this challenge, courtesy of a crypto infrastructure startup that Cornerstone Advisors spoke with, is to build flexibility into the contract with the data aggregator:
- “Our approach is to try to make pricing equitable for both sides. We obviously want a low price if we’re successful and can drive volume. However, we don’t expect the aggregator to take that on faith up front. We know we need to prove it. So, we try to build flexibility into our contract to allow that pricing to come down if we are able to grow and deliver higher volumes.”
- Prioritize redundancy. Open banking breaks … a lot. Connections go down. Data aggregators get into fights with financial institutions, and APIs get temporarily turned off. If your product relies on data aggregation to function (picture a PFM app), you need to plan for this. The best way to mitigate this downside risk is to evaluate, select, and integrate with multiple data aggregators so that you can be prepared to switch customers over in the event of performance issues. Some aggregators will try to lock you into an exclusive contract. Resist this pressure.
- Prepare for a customer service avalanche. Related to the point above, when data aggregation stops working, you can expect to hear about it from your customers. One neobank executive that I spoke with said that more than half of all of their customer service interactions for the entire company were related to data aggregation. Be prepared for this. Build the necessary internal processes and tooling to efficiently transform customer complaints into actionable support tickets for your aggregator(s).
- Only ask for the data that you absolutely need. In the early days of data aggregation, it wasn’t uncommon for fintech apps to scoop up a lot of data from customers, even if all of that data wasn’t necessary to fulfill the specific job to be done for the customer. Those days are long gone. Today, you need to be honed in on exactly what data you need from your customers (and how long you need to keep that data), and you need to communicate that to your customers clearly.
- Think about the compliance implications. Open banking involves sensitive, highly regulated data. You must ensure that you understand the compliance requirements involved in accessing and holding this data and how those requirements change depending on how you use the data. For example, if you are using bank account data to underwrite a consumer for a loan, the Fair Credit Reporting Act (FCRA) will apply. Some data aggregators support FCRA use cases, and some do not.
- Prioritize building APIs to share your data. I know, I know. You have bigger fish to fry, and this isn’t a priority for your product roadmap. Plus … [whispers softly] … you don’t actually want to share your customers’ data with banks or other fintech companies, right? Despite all of that, you need to make building integrations to the data aggregators a priority. The same consumer pressure that applies to banks on open banking — 69% of consumers would consider switching — will apply to you too. To say nothing of the eventual regulatory requirements. Get ahead of it.
And let’s wrap up with a few pieces of advice that apply equally to both banks and fintech companies.
Advice for Banks & Fintech Companies on Open Banking
- Control over the UX is critical. Despite the growing usage of data aggregation to connect bank and fintech accounts together, consumers still don’t really know what open banking is. Just 45% of Americans said they’ve heard of open banking, according to a Morning Consult poll from last year. That will eventually change, and it is enormously important for both banks and fintech companies to take an active role in shaping that awareness. This will require exerting some control over the data aggregation user experience. It might look a little like Wells Fargo’s Control Tower concept (see where your bank data is being used), or it might look more like an in-the-moment educational experience (here’s how this data aggregation process works). Aggregators will likely have a strong viewpoint on the UX for the end consumer, so this may require some creative negotiation and contracting.
- Think beyond checking account data. Regulation-led open banking initiatives tend to be narrow in scope. For example, in the UK, the nine largest banks are required to allow licensed startups direct access to their customers’ data, but this requirement only applies to checking accounts. In market-led data aggregation (like we have in the U.S.), companies can acquire any financial data that consumers are willing and able to provide access to. This tends to produce a more comprehensive picture of consumers’ financial lives and enable a broader set of innovative use cases. Banks and fintech companies should embrace the breadth of data aggregation opportunities they have.
- Pressure big tech companies to share their data. If there is one thing that banks and fintech companies should be able to agree on (and pool their resources to lobby in favor of), it’s that big tech companies operating in financial services should be subject to the same ‘it’s the customer’s data’ expectation that they are. Given the increasing interest big tech companies like Apple and Google have in financial services, this is just basic competitive common sense. Plus, the CFPB — which is working on some new rules around open banking — is led by a guy who isn’t a big fan of big tech.