Open Banking Regulation Review in 2022

Feb 1, 2022

Banks, fintechs and other financial institutions (FIs) often have what you could call an “uneasy alliance.”

In the US, many FIs are reluctant to work with third-party fintech providers to access data. Initially, the primary concern that banks cited for this stance was data security. Data breaches have impacted a number of entities in the industry, from fintech providers to credit bureaus, exposing sensitive consumer information, account information and more.

Yet a growing chorus calls for more access, connection and cooperation. Can the industry as a whole effectively answer the call?

What, Exactly, is Open Banking?

Open banking has been defined as:

“[A] banking practice that provides third-party financial services providers open access to consumer banking, transaction, and other financial data from banks and non-bank financial institutions through the use of application programming interfaces (APIs).”

Throughout Europe and the UK, open banking has been mandated by “laws that explicitly require their banks to create [APIs] and open those…to third-party developers. In the US, however, there are no legal requirements for banks and other FIs to develop APIs that are open and available to any third parties. But, that’s likely going to change.

In July 2021 the Biden administration issued an executive order asking the Consumer Financial Protection Bureau (CFPB) to establish open banking regulations within section 1033 of the Dodd-Frank Act.

“Allowing consumers easy access and transferability of their financial data will improve consumer choice and competition and expand financial inclusion to those now shut out of mainstream credit products.”

Jason Gross
CEO and co-founder of Petal, Former member of the CFPB Consumer Advisory Board

In the U.S., the push to standardize and publish APIs for secure, consumer-consent-based financial data sharing continues to gain steam. Organizations like the Financial Data Exchange (FDX) continue to establish ties and engage individuals from a number of stakeholder companies to determine how to best facilitate open banking.

There are existing agreements between established entities and newer fintech companies, like the data exchange agreement between Wells Fargo and Envestnet Yodlee. These formal agreements are usually undertaken by two specific organizations rather than broadly in the industry and rely on specific APIs rather than universal standards.

What Are the Benefits?

The perceived benefits of open banking depend on who you are.

For consumers, the primary benefits are “services that make financial management easier, such as being able to compare bank services, integrate financial data, and personalize budgeting tools. But consumer opinion is largely split along generational lines; a Deloitte survey found that younger demographic groups (18-36 years old) see much more value in open banking than older groups (37+ years old).  

For fintech providers, the benefits can be significant.

They can:

  • more easily access consumer data, which banks have previously held.
  • streamline the implementation of their products and services for consumers.
  • readily and quickly increase their potential customer base by inking partnership agreements with banks.

It’s a potent triple play for fintechs, helping explain their desire to truly open up banking services.

For traditional banks and credit unions, the benefits are less clear, although there is increasing positive sentiment about the potential of open banking. These financial institutions stand to benefit by meeting customer demands for these new products and services, which can improve customer experience and loyalty if properly implemented. The Deloitte survey overview notes that “[o]pen banking provides banks with an unprecedented opportunity to serve customer needs more holistically and become even more relevant in consumers’ lives.”

So, in theory, open banking could be win/win/win. Are there any drawbacks?

What Are the Concerns?

The primary concerns surrounding open banking, whether stated by consumer, fintech or traditional FI, focus on data security and its associated costs.

Consumers are most concerned with identity theft and misuse of data. Fintechs and FIs cite data security and customer privacy as their top areas of concern, followed closely by loss of control of customer data. All that personal financial information is an extremely attractive target for malicious actors, and companies are right to be concerned about the potential for breaches.

Some of the key questions that come up include:

  • How vigorously do banks and third parties use security measures to monitor APIs and data everywhere they go?
  • What controls are in place to enforce consumer decisions on how, when and by whom their data is accessed?
  • How are financial institutions validating third parties to make sure rules are being followed?
  • What are the penalties for violations?

What is the Cost?

Feedback to the CFPB has varied. The Credit Union National Association (CUNA) drew attention to the cost division (if any). “CUNA is concerned about the cost of market failures if a rule develops that requires credit unions to give free access to its financial data or other proprietary intellectual property,” the comment reads. “In this particular instance, financial services providers invest significant resources in time, money, and continued upkeep for their databases, online access, and organized details about transactions. If third parties can access and use this data without paying their fair share, these third parties are free-riders.”

“Companies’ access to this financial data could put the burden of cost on banks and credit unions, without fintech companies paying their share.”

Credit Union National Association

Another concern, albeit much less prominent on the radar of banking and fintech executives, is the potential to get left behind as competitors establish connections and data-sharing agreements with fintechs and other service providers.

The CFPB Fall 2021 Rulemaking Agenda includes “Availability of electronic consumer financial account data.” The agenda period is from 11/1/21-10/31/22 – most likely pushing any firm answers or planning into 2023.

Is There a Better Way?

While the potential benefits and drawbacks of open banking loom large, there are other ways financial institutions can approach the concept without having to throw their data out into the wild. One model that works today – and works well – is to partner with an organization that allows your bank to centralize all of its connections to other organizations.

This “hub and spoke” model can provide a beautiful blend that gives traditional banks and their customers the best of all worlds. Using a third party to build, manage and maintain API connections can free up organizational resources while still providing access to the products and services that your institution and your customers desire. And with the right partner, your company still maintains complete control over your internal data and has no need to share or expose it to other companies.

In this context, the right partner will have existing connections that your company can quickly and easily integrate into your existing services. The right partner will also have a tremendous breadth and depth of pre-built connections to give you the best advantage when identifying and implementing the right products and services for your unique customer base. Finally, the right partner will be able to launch those connections immediately, letting you beat competitors to market and immediately meet customer demands.

For the last 30 years, that partner has been Zoot Enterprises for many of the largest banks in the country. If you’re thinking about taking a step forward, let’s talk. We can help you make the connections you need with our nimble, powerful solutions while keeping you and your customer data safe and secure.

Ready to incorporate a Zoot Solution into your stack?