I trotted of to the FCA last week, because they asked me to speak on Open Banking in 2019 at their Innovate event. I covered:
- What are the inflexion points?
- Why do they matter?
- What will start failing?
- What will start scaling?
- How do you navigate?
Here are the highlights…..
1. What are the inflexion points?
This year PSD2 will be fully implemented and there are two main milestones:
14th March 2019:
CMA9 ASPSPs (banks….) must implement the User Experience guidelines and offer standardised dedicated, open banking-friendly user interfaces in live production. One of the main blockers to adoption so far has been the grim, clunky authentication flow and this will solve it by introducing even app-to-app deep linking.
CMA9 must have sandboxes available, giving FinTechs access to facilities to start testing apps.
More functionality will be available, thanks to mandatory implementation of the Open Banking Implementation Entity’s version 3 and 3.1. This include all sort of payments including recurring and future dated payment functionality.
14th September 2019:
The PSR17 and PSD2-mandated Strong Customer Authentication – Regulatory Technical Standards (SCA-RTS) comes into full force. This means that: banks around Europe will have to either offer PSD2 APIs or ask for exemption for a limited amount of time; SCA implementation makes screen-scraping untenable; and the increase of API supply will drive an explosion of new APIs and products.
2. Why do they matter?
Because the customer journey will be smooth and viable, businesses will take advantage of the countless commercial benefits that have been piling up at the front door for years!
More service providers will get regulated to provide open banking: Regulations in March and September will trigger, I believe, a huge increase in FCA permission applications and consequent open banking investment in Europe (NB the FCA will need to scale to cope with this). Service providers will be able to investigate and adopt open banking with confidence and optimism. Better UX means better use cases, so there will be a greater velocity of new services with open banking at their core coming to market.
The user consent journey will be quick and easy. Whereas before, a business or user had to tolerate the same hassle of logging into their bank account and jump through the same authorisation hoops to allow third party access (the experience we have logging into online bank accounts day to day), in a few months’ time this will be replaced by a shorter dedicated interface – with app-to-app authorisation. It’ll be secure yet only a matter of clicks. In a competitive FinTech market where people are fiddling with sort codes and losing payment cards, this is game changing.
Screen scraping will be untenable: The SCA-RTS will render screen scraping technology totally unworkable, and FinTech will become increasingly API-led. APIs will become business critical topics, and the only true channel to retrieve open banking data.
More banks will produce and consume PSD2-compliant APIs: There are 300 banks in the UK that will be under pressure to make personal and business accounts available in line with PSD2, let alone the potential 5,000 institutions across Europe. Thanks to use cases and market validation of open banking concepts, the consumption of APIs by said banks will increase, as competing technology is built and shipped to protect market share.
Global mobilisation: These changes will also define uptake globally. The increase in adoption will highlight the obvious savings from the card scheme market and engineering resources. Companies like WeChat have captured so much of Asia because it personalises finance for individuals and businesses. By proving such technology is achievable through careful regulatory rollout, success in the UK and Europe will accelerate efforts in Japan, Australia, the US and more.
3. What will start failing?
Screen scraping: Screen scraping will be untenable, and anyone who gets an exemption for not being ready in time will have an unworkable proposition – each time an account gets ‘scraped’ for data, the end user will have to be notified and to manually consent to such activity. If screen scraping is conducted 4-5 times a day per bank account, customers will become exasperated. Attempts by businesses to avoid API integrations will result in failure more generally – there are security, commercial and legal flaws associated the alternatives.
Going it alone with in-house infrastructure: Much like avoiding cloud servers, attempting to build open banking integrations 100% internally is unsustainable. Trying to build API connections with each individual bank has too many disadvantages. Your users have bank accounts everywhere, so the challenges of maintaining technology necessary for integration with inhouse resources alone is unsustainable at scale. The API aggregator market exists to automate open banking access.
Some banks: Those financial institutions that treat open banking as only a cost with no benefit will lose. If they treat PSD2 as just another loss minimisation exercise to comply with rules rather than an exciting opportunity, banks will forfeit market share. Being ‘conspicuous by absence’ has its limits in a competitive FinTech world.
4. What will start scaling?
Fast-acting, European FinTechs: FinTechs that start thinking about use cases rather than the 1s and 0s of open banking connectivity will thrive. The technology is sorting itself out, FinTechs need to focus on the customer. Organisations that have a focussed, scalable strategy – and act fast – will win.
We will see greater opportunities to passport regulatory permissions across Europe (exemplified by eIDAS, The Electronic IDentification Authentication and trust Services) and thus increase a business’ addressable market. Technology enablers will emerge, to help make integrations to open banking APIs easier and safer, so you’re able to procure ‘giftwrapped’ services to help plug and play open banking.
Europe’s early adoptors will be winners – the UK has championed open banking with the organised rollout from the CMA and OBIE, and we’re sitting in the epicentre of the global revolution. Yolt generated half a million users in 18 months. Thanks to technical clarity (the past 12 months could be characterised as series of industry consultations…) now the implementation really starts.
Banks: A controversial winner of open banking is potentially banks themselves. By producing great APIs so many great apps will be built on top of bank accounts that their customers may not see the reason to switch. Why wouldn’t you let FinTechs do the hard work for you?! By becoming API-led, it will also make it easier to commercialise extra APIs and tailored services.
5. How do you navigate?
Be focused: With the opportunities to build a global solution and the efficiencies that open banking provides, you need to take a focussed, measured approach. Open banking does not mean you have to stop thinking about your user experience. In fact, the landscape will become competitive here. It always comes back to great UX and how quickly you can get customers to engage.
Get regulated: The FCA is making it easier for businesses to provide open banking services. Getting regulated means you can build an open banking solution end to end without compromise. There’s a whole ecosystem already out there, with free workshops, meetups and hackathons to help support and guide your next steps.
Take advantage of early leaders: Some of the best innovation in open banking has been on the supply side, with API aggregators who follow open banking closely beginning to make access to bank data super simple.
In conclusion, the old gives way the new. The CMA has actually given this transition a hard timetable too! With screen scraping, financial monopolies and the old ways of self-building infrastructure drawing to an end, those service providers that take a user-first, API driven approach – and soak up the UK’s open banking scene – will future-enable their services and reap the rewards.