It’s fair to say that the current noise around Open Banking is almost deafening. We constantly hear about the potential of this new market — driven by APIs — to change financial services by increasing consumer choice, crushing incumbent banks, or making a barrel of cash for a cool startup.
There is, however, more to Open Banking than hyperbole. The opportunities and challenges – for the incumbent banks and “Fintechs” alike – offer a means to reshape an operating model that has typified banking for many years. Equally, there are other reasons for entering the market, such as legal or regulatory coercion that will result in naturally cautious financially-regulated entities being forced into becoming API providers with “open” interfaces that need to be managed, maintained and protected.
Standing on the cusp of this revolution, we therefore have an evolving marketplace being shaped by both regulation and market forces. The reaction to both of these is defining how the protagonists are forging an Open Banking identity and the behaviors that go with it.
In this post, we characterize the players in the Open Banking market with 3 levels of action: Comply-first, Protectionist, and Open-first. By getting a better view of why providers are in the market and what they expect to get out it, we’ll get an idea of how it might evolve in the future – especially in view of the fact that the future state is one where every bank will be an API provider. Simply being an API provider in this market won’t be enough to guarantee a competitive advantage.
What Open Banking Really Means
Open Banking is first-and-foremost a means for increasing consumer choice in financial services through regulation. You may have thought that the phrase “Open Banking” means “open to everyone” — a field day for the geeks who have longed to have an API to populate their Warhammer budgeting spreadsheet without all the nasty downloading of CSV files from online banking. Joking aside, what it actually means in its current form is pretty far from that ideal. “Open” in this context is “open (via an open API) to regulated entities” as defined by legislation like PSD2 or the CMA Order. These regulations decree new roles in financial services, which can be summarized in the term third-party provider (TPP).
Given this context, Open Banking implies API usage, however, it supplies banking customers more rather than complete choice. More choice means we as customers can work with a variety of different companies who can help fulfill our banking needs. In the case of our aforementioned geek, they’ll need to work with a TPP to help them aggregate the data via APIs for their spreadsheet. Some of these companies will be the organizations we already know as our account providers. Others will be new companies that provide products to make our lives easier. These organizations can be characterized in one of three different ways:
- Comply-first Providers
- Open-first Providers
While regulatory deadlines like PSD2 have been approaching for a number of years, many large banking organizations are still struggling to meet their obligations. comply-first providers are the financial institutions who are being compelled to deliver on these regulations to open up customer accounts to TPPs.
Banking as an industry has historically had limited forays into the API economy, with a reticence driven by their risk-averse and project-driven corporate culture that typifies so many large banks. Their API-related initiatives have largely been piecemeal, with little cohesive drive towards API delivery and limited buy-in or sponsorship from senior leadership to make being an API provider a success.
This culture, which tends to result in delivering the bare minimum through open APIs, means that these organizations are already playing “catch-up” both in their API delivery mechanisms and in the API economy at large. The first and most important goal for comply-first providers is to meet regulatory deadlines and avoid fines, penalties, or bad press. An interesting side note that supports lends weight to this argument is a report conducted by Paysafe. In Open Banking and PSD2: A confused roadmap to innovation, they cite current impasses in the landscape and the fact that banks “…have had a mixed approach to PSD2. The majority have treated it as an exercise in minimum compliance rather than looking for customer-led outcomes.”
Examples of such organizations are not hard to find. Some qualities of comply-first providers include:
- Do not market their API.
- Have a boilerplate or no developer portal.
- In Europe only offer APIs that facilitate access to the core PSD2 roles (Account Information Services Provider or Payment Initiation Services Provider).
However, despite their false start as an API provider many of these organizations are also uniquely positioned in that they are either directly responsible or have significant influence in shaping the market. For example, the CMA Order in the UK made the 9 largest banking institutions directly responsible for the writing of Open Banking standards. The largest incumbents, therefore, have a huge amount of influence on the direction of the market.
Protectionists take a step up from Comply-first providers in attempting to seize a slice of the pie as they meet their regulatory commitments. Their motivations, however do not generally lean towards openness per se: Their goal is to protect what they already have by wooing their existing customer base. In this guise Protectionists often take up the TPP role, effectively dogfooding their own APIs while taking advantage of the availability of their competitors.
Examples of Protectionists in the market can be found in the UK. Barclays released an aggregation feature in their mobile app while HSBC introduced Connected Money in May 2018. The premise of both is simple — to offer existing customers account aggregation features via their existing banking provider — and in doing so taking some of the heat out of customer demands for “shiny new toys”.
The Protectionist provider, therefore, delivers just enough of Open Banking, safely dipping a toe in the water in a risk-averse manner while delivering on their regulatory commitments. They can also influence their customers’ perceptions of Open Banking by associating their first experience of the tools and technologies that provide it with something their existing bank provides. This perception in a nascent market might prove highly beneficial to Protectionists.
There are, of course, the players for whom Open Banking is the reason they get up in the morning. Open-first providers are the API consumers and providers who are at bleeding edge of Open Banking, looking to take advantage of or exploit opportunities in the new market. Most of the open-first protagonists carry the “FinTech” label, but that’s not to say they have to. There are the new kids on the block — the likes of the Starling Bank — who are opening developer portals to be at the forefront of Open Banking as a banking services provider. Established banks like Nordea are also taking the plunge in this market, with or without the major standards wrappers like UK Open Banking or the Berlin Group Standards.
Of course, the consumers of the APIs, the Account Information and Payment Initiation Service Providers (AISP/PISP) enshrined in the PSD2 regulation, are the big news as they directly interact with real human beings. Aggregators like Yolt, who was the first AISP to connect to CMA APIs in the UK, are making waves in the marketplace. Likewise, Zopa is bolstering their offering by using Open Banking data to help consumers prove their income when applying for a loan.
Whether an API consumer or provider, Open-first providers have some tough challenges in the market:
- As consumers of Open Banking APIs they need to deliver products that are so good they become a byword for innovation in the banking space and offer a credible, convenient alternative for customers to their existing bank. They are also — to a certain extent — at the mercy of the Comply-first providers, as they have a dependency on the availability of their APIs.
- API providers need to deliver APIs that allow them to differentiate their product set and make them attractive to consumers. It’s more than just delivering the regulatory minimum; it’s adding value by offering features that drive innovation for consumers.
Given the size of the challenge, it’s no surprise that Open-first protagonists are coalescing into organizations like FDATA, to give them greater clout against the incumbents.
Plotting the Opportunity
Looking across the players, the diagram below shows where they sit in the current state of the market in terms of both their influence and the opportunity available to them:
The ideal in this diagram (without trying to be too much like Gartner) is to be in the top-right quadrant i.e. influential, and with a great deal of opportunity. In this context:
- The Comply-first providers will need to extend their initial offerings to bring new, API-powered Open Banking products and services to the market to add competitiveness to their offerings. In doing so they should look to leverage the qualities of their organizations that make them the successful – for example, the enormous amount of collateral they hold or their ability to acquire or clear a variety of currencies.
- The Protectionists will need to leverage their position as a both a TPP and API provider to differentiate their services by offering them outside their existing customer base – holding a current account should not be the only criteria for entry. These organizations are also uniquely positioned given their duel role of TPP and API provider.
- The Open-first providers need to carry on doing what they do best: innovating, moving quickly, and delivering great products that delight their customers and enhance their reputation. By producing killer apps and experiences, they become synonymous with what’s good in Open Banking.
Open Banking still has some way to go before the market reaches anything near a state of maturity and we can pick a winner. In its current guise — with multiple technical standards being developed and APIs coming into the market all the time — it’s hard to see exactly how it will develop. The key activity for many has been all about regulatory compliance. When this is done and all the banks become API providers, what happens next?
The most likely scenario is the Comply-first and Protectionist players will realize how big the opportunity really is. By providing APIs, they have already begun the transition to becoming banking service providers. If they accept that as their raison d’etre, and accept that APIs can be used as a means to deliver on their strengths, the developments in the next phase of Open Banking could be positively seismic.