How Does Open Banking Apply to US Banks?

Posted in

Open Banking has been on our radar for several years now, with Nordics APIs first publishing a post on PSD2 back in 2016. Since then there’s been continual coverage in the financial industry press on the promise of Open Banking, with predictions of a “revolution” as FinTechs unlock the banking market and provide the tools, apps, and functionality that bank customers want yet are not provided by their banks.

Banking APIs are hitting the European market in earnest in 2019 to meet the deadline for delivering PSD2. The potential for this revolution to become a reality has never been greater. It’s no secret that Open Banking is most advanced in Europe because of PSD2, which has brought with it standardization through common API specifications developed to deliver it. This has led banks down the path from private, closed APIs to public, open APIs and allowed them to become functioning members of the API Economy.

Most commentators agree – including recent discussions in a Senate Committee — that it’s high time that the US got in the Open Banking game. However, the context of Open Banking in Europe — with regulation currently driving the market — could be met with suspicion by many US citizens. Regulation from the center has overtones of socialism, a highly divisive word in US culture, and attempts at a top-down Open Banking implementation would leave many questioning its value. Banks and their customers alike, therefore, need to understand what’s in it for them, relying on influences they understand and that resonate with the market.

Therefore, in this post we take a look at the prospects for creating such a market. Without the regulatory drivers, unlocking the potential of Open Banking in the US may be more difficult than it first appears.

Regulation in Europe

Before discussing the US market, it’s worth noting the scope of European regulations. The need for banks to provide open APIs in the European market has largely been driven by the requirements of the Second Payment Services Directive (PSD2), which concerns itself with access to payment accounts. The context for change is centralized and driven by the European Union, responsible for legislating in many areas across the 28 (lets ignore Brexit…) member states.

In this context, encouraging an Open Banking market through regulation is relatively “straightforward”, especially in a market where openness is already written in law. For example, passporting of financial services – which allows an organization authorized by the local competent authority in one member state to operate in any across the EU – is one such a regulation that allows an open market to operate across national boundaries. PSD2 introduced roles to enhance this open market, allowing third party providers (TPPs) to become regulated as either an Account Information Service Provider (AISP) or Payment Initiation Service Provider (PISP).

PSD2 is also a maximum harmonization directive. This means national law may not exceed what the legislation intends to deliver. As each member state must deliver an implementation that is equivalent to the requirements of law, standards help massively as each member state is essentially attempting to achieve the same thing. The market has been supported by standards bodies that have built API specifications for them to adopt – the Berlin Group, UK Open Banking and STET – easing the process of bringing APIs to market.

Regulation in the US

Where central legislative bodies take a less active role – or where there are several bodies with overlapping responsibilities – API-enabling banks to open the market is more difficult. US legislation is generally dealt with at a federal level, with laws set on a state-by-state basis. Top-down change is rare, with central government institutions often setting guidelines but less frequently enacting legislation aimed at wholesale, nationwide regulation.

The driver for Open Banking in this environment is Section 1033 of the Dodd-Frank Act which legislates that US citizens can allow access to their financial data. Open Banking is being “encouraged” in this context by a central body, the Consumer Financial Protection Bureau (CFPB). In October 2017 they outlined their principles for “Consumer-Authorized Financial Data Sharing and Aggregation” which, in the words of the document itself:

… recognizes that many consumer protections apply to this market under existing statutes and regulations. These Principles are not intended to alter, interpret, or otherwise provide guidance on — although they may accord with — the scope of those existing protections.
The document goes on to lay out the principles by which consumer-authorized access should be achieved, including granting access itself, the scope of access, and the means by which consent is obtained. In general, the principles are high-level and are in stark contrast to the exhaustive (although still subject to interpretation) detail of PSD2 or the Regulatory Technical Standards that govern customer authentication. The nature of the principles indicates that US government agencies are unlikely to seek centralized regulatory means to foster Open Banking.

In lieu of regulatory pressure, there are bodies that are seeking to set standards that will encourage open API adoption across the US market. For example, the National Automated Clearing House Association has released standards under the banner of Afinis with account validation and bank contact APIs. However, it is clearly early days for these efforts given key features, such as payment submission (via ACH) and transaction status APIs are still under development. The initiative also lacks the impetus that maximum harmonization offers as the CFPB principles indicate that federal law will always take precedence. The same could also be said of the Financial Data Exchange with the Durable Data API, a similar group primarily aimed at providing consolidated account access.

From an objective viewpoint, it is difficult to assess whether these initiatives serve the principles set out in the CFPB document or whether they are aimed at the interests of the participants in the groups. The immaturity of the standards and weaker regulatory drivers also means there is less impetus for banks to participate in developing and adopting common standards. On this basis, it appears that an Open Banking revolution led from the center is unlikely. Consumers in the USA are therefore likely to be more reliant on market forces to bring them Open Banking and the benefits it delivers.

The Role of the Market

When Open Banking is discussed in the context of any market there is a tendency to lightly gloss over what’s gone before. Perhaps this is down to the fact that the “Open” in Open Banking is the same “Open” in open API. In the manner of the Old Testament, Open Banking is the Word and the Word is API…

Regardless of whether open APIs should be implemented, a marketplace for sharing account data with third parties already existed in Europe. Local initiatives such as HBCI/FinTS in Germany, direct collaboration with banks (API-driven or not) or screen-scraping made it possible. The examples of successful third parties in this space are too numerous to mention. The role of Open Banking in this market – and the legislation that drives it – is to standardize the interfaces and ensure their adoption, making access for third-parties – and by proxy, banking customers – ubiquitous.

Despite the obvious advantages of open APIs that the standards brought, many protagonists in the market argued against the proposed (now rejected) ban on screen scraping in Europe, which we covered in a previous post.

If the strong regulatory drivers are missing in the US market then third parties with compelling products must fill the space in the same manner as the pre-PSD2 market in Europe. The development of Open Banking in the US will rely on the players to ubiquitously open up bank accounts for customers as it already does today. For example, Yodlee provides access to 99% of US banks, delivered to API consumers through a single API. Similarly, Plaid delivers a single banking API for third parties and connects to over 1700 banking institutions for both account access and authentication. Behind the scenes, such providers are responsible for connecting their API platform to the myriad of systems supported by the banks in order to deliver a seamless experience for customers. On the payments front, the success of players like Stripe is well documented. However, The Clearing House (TCH) is also standardizing how real-time payments are made in the US, which has historically been fragmented across multiple platforms. Whilst this platform is currently not an open API – being message-driven in a closed network – the messaging interfaces are based on ISO 20022 and could provide a basis for open payments APIs.

Organizations like Plaid, Yodlee, and TCH provide a live proving-ground for the value of Open Banking. By delivering compelling solutions in the marketplace – which many US consumers want and use – they offer a persuasive argument that providing access to account data brings positive outcomes. Such evidence mirrors that found in Europe, where providers like Figo were already delivering near-complete coverage of the German market prior to the rollout of PSD2-compliant APIs. The success of such providers is therefore critical to the success of Open Banking in the US. In the absence of regulatory-driven API standards, they will provide the de facto Open Banking APIs for early adopters.

Final Thoughts

The future of Open Banking in the US market, therefore, looks more likely to be driven by the market than regulation. However, there is still an opportunity to introduce standardization through open APIs behind the scenes. As TPPs like Plaid and Yodlee continue to increase their footprint, having a means for banks to easily offer an interface – and with that, a go-to API standard – will help increase penetration. A partnership model could develop that, with TPPs proactively working with banks and providing the interface on their behalf. In this context, it might be that TPPs can help bring standardization and open APIs to the banks and organizations like FDATA would do well in establishing a US footprint.

However, there is also equal opportunity for a BigTech to steal a march on the Open Banking market. Whilst this is equally possible in Europe, the regulatory aspect to the Open Banking market means that exceeding the provisions of an AISP or PISP to introduce the “killer” app might be difficult. In the US the constraints on what Open Banking can do are not defined by regulatory roles and the authorities are far more accepting of big business influence. In the same way as Apple influenced Visa and MasterCard to provide a solution to introduce Apple Pay, one of the FAANG group might find a way to broadside the US Open Banking market. If this comes to fruition the hype might become a reality and Open Banking really will revolutionize financial services.