Across the world, the trend towards open banking regulation is clear – and is rapidly gaining traction and momentum. In Europe we’ve seen the launch of PSD2 for the EU and CMA Open Banking in the UK. In Asia Pacific there have been Open API regulations e.g. Hong Kong’s HKMA and Australia’s open banking initiatives – followed by upcoming activities from Japanese and Brazilian regulators.
This poses a clear question: what is the United States’ solution to open banking? The Consumer Financial Protection Bureau (CFPB) outlined principles for customer-authorized access to data as an alternative for screen scraping in 2017. In the same year, the National Automated Clearing House Association (NACHA) formed an API industry working group with more than 100 banks, associations and consultancy firms such as Accenture, with the goal of defining an API standard for sharing account information, payment initiation, fraud prevention and more. This is a voluntary, market-driven initiative aimed at easing the collaboration among banks and fintechs and improving fraud reduction. It’s important to note that – unlike with the PSD2 and CMA regulations – these NACHA APIs are not mandatory, and banks are still the gatekeepers of their customers’ data. This means they can decide which partners to share data with and which to exclude.
On August 1st, 2018, the US Treasury Department published a report aimed at fostering innovation in the lending, payments and wealth management areas, which includes guidance on open banking as it relates to sharing customers’ financial data. The report recommends that US regulators provide guidance based on market experience, with a focus on regulating the market indirectly, rather than directly. For open banking, this means focusing on “read-only” customer financial data (accessing account information) and not “write” operations (payment initiation).
In order to build compatible data aggregation capabilities, recognized and standardized interfaces are essential. The US Treasury has urged the market to move away from screen scraping, and instead use more secure application programming interfaces (APIs); however, API standards have not yet been established or agreed upon. This is where NACHA’s initiative to work with the industry to develop standards could help. Also, while the Treasury Department’s report does not require banks to open up their networks via APIs, it does recommend that regulators should do two things:
- Remove legal and regulatory uncertainties that are “currently holding back financial services companies and data aggregators from establishing data sharing agreements that effectively move firms away from screen scraping to more secure and efficient methods of data access.”
- Work with the private sector to develop best practiceson disclosures and terms and conditions for how consumer account and transaction data is provided to, and used by, financial services companies when consumers use their products and services.
Banks in US have previously argued that regulatory and security concerns have discouraged them from opening up their networks to fintechs. In the US, open banking is not required by regulators; however, the need to compete with innovations coming from fintechs and other banks may force them to adopt open banking through secure APIs.
There is no way around open banking in the US
US banks should recognize that open banking is being embraced in markets around the world and determine how they want to move forward. A good first step to embracing open banking is to build APIs, developer portals and ecosystem platforms with intelligent revenue-sharing models. Banks could gain competitive advantage as a first mover and innovator in this space and play an important role in the new era of platform banking. Those banks who take the lead will be better placed to compete with the tech giants now entering the financial services space.