What is Open Banking?
Open banking is a collaborative model in which banks and other similar regulated financial institutions are required to share their customers’ financial data with third parties upon the request of their customers. To secure the data, the customer information is transferred through application programming interfaces (“APIs”) that facilitate the secure transmittal of information across unaffiliated parties. The APIs provide a secure way to give regulated third-party service providers access to financial information in a standard format. In jurisdictions that have adopted open banking regimes, service providers are regulated and must meet certain security and privacy standards. Consumers ultimately control the sharing of their data and can opt into and out of the information sharing ecosystem. While the United Kingdom and European Union have adopted open banking, there has been relatively little push in the United States for a similar system. But, as businesses and consumers are able to assess open banking abroad, its adoption in the United States may become a front burner issue.
What is the Effect of Open Banking on the Landscape of Financial Data?
Enabling the flow of financial data in a secure standard format allows consumers to share personal data about themselves with a wider range of financial service providers and promotes the development of new technologies and services by allowing third parties to access this financial data efficiently. By reducing both the cost and complexities associated with accessing financial data, open banking encourages innovation in data-driven technologies and gives consumers greater access to and control over their data. This could create a broader spectrum of market participants, who, with access to individualized financial data, can develop products and services that are specifically tailored to better meet consumer needs. Additionally, open banking could expedite financial analyses required for transactions like mortgages and loans.
Open banking and an open-API ecosystem could shift the balance of power in the banking and fintech spaces. On one hand, easy access to financial data lowers barriers to entry for new fintech companies seeking to develop tools and technologies that utilize the personal financial data of their customers. On the other hand, an open banking regime may allow large institutional banks to better leverage customer relationships by encouraging customers to provide access to data about their finances, spending habits, and wealth possessed by other financial institutions. The more comprehensive picture of a customer’s finances so obtained by the large financial institution may encourage customers to consolidate their financial needs in one place. Financial institutions that offer a broad array of services can organize themselves around consumer outcomes and their own platforms. In addition, the open banking mandate that financial institutions share personal data at the behest of their customers gives consumers much greater control over their financial data. Proponents of open banking in the United States tout these benefits to financial institutions, service providers, and consumers.
While open banking may have significant benefits, there are substantial risks in transmitting personal financial information among multiple parties. A workable open banking regime requires strict privacy controls and clear guidelines for both consumers and service providers. Since an open banking regime necessarily increases data sharing and contact between service providers, it raises the specter of new or increased risks for cybersecurity breaches or use of personal data beyond the scope of the consumers’ permissions. Additionally, increased access to customer data may create an opening for financial service providers to profile their customers. Large financial institutions already use the data at their disposal to adjust pricing to individuals based on the behavioral biases and financial sophistication that customer. As new service providers have access to more data, there may be an increased risk that this data is used to take advantage of unsophisticated customers.
What is the Status of Open Banking in the United States?
The European Union and the United Kingdom have already implemented comprehensive open banking legislation. The Second Payment Services Directive (“PSD2”) requires EU and (pre-Brexit) UK banks to grant licensed third-party payment service providers access to bank infrastructure and account data. PSD2 also specifies regulatory standards for data sharing through APIs. However, the United States has not yet embraced an open banking model, due in large part to its complex and divergent approach to data management. Europe and the United Kingdom each have a consumer-centric data protection framework that focuses on personal rights to privacy. The EU’s General Data Protection Regulation is an all-encompassing regulatory scheme that harmonizes data privacy laws across the continent and aims to both protect sensitive data and grant consumers more control over their own personal information. On the other hand, the United States approach to data protection has avoided such an all-encompassing regulatory regime and most U.S. data protection regulations are industry-specific (e.g., Health Insurance Portability and Accountability Act, which governs protected healthcare information; Gramm-Leach-Bliley Act, which protects personal information of consumers stored in financial institutions) and focus on record holders’ responsibilities to enact adequate data security and protection. These divergent approaches to data security and privacy regulation result in different levels of opportunity to implement an open banking system.
In the United States, there is currently no regulatory or legislative framework mandating open banking. The only express statutory provision regarding access to a consumer’s own financial account and transaction data is Section 1033 of the Dodd-Frank Wall Street Reform and Consumer Protection Act. Section 1033, requires covered financial services companies to make certain financial account and transaction data concerning a product or service obtained from that company available to a consumer upon request. However, there is no obligation that financial institutions make consumer data available to third parties.
The United States has been hesitant to embrace the PSD2 framework adopted by the United Kingdom and European Union. In a 2018 report (the “Treasury Report”), U.S. Department of the Treasury asserted that significant differences between the United States and United Kingdom with respect to the size, nature, and diversity of the financial services sector and existing regulatory challenges dictate that an equivalent open banking regime was not readily applicable to the United States. Indeed, where only two regulatory agencies were required to implement open banking in the United Kingdom, at least eight federal regulatory agencies (from bank regulators to the National Credit Union Administration) have jurisdiction over a portion of financial data access in the United States.
While the Treasury Report acknowledged the need to remove legal and regulatory uncertainties inhibiting secure and efficient methods of data access, it concluded the U.S. market would be best served by a private sector solution, with the involvement of federal and state financial regulators where appropriate. However, the Treasury Report does recommend that the Consumer Financial Protection Bureau affirm that, for purposes of Section 1033, third parties that have been properly authorized by consumers fall within the definition of “consumer” for the purposes of obtaining access to financial data. Such a clarification could be the first step in creating a more hospitable environment for the open and uniform exchange of financial information in the United States.
Ultimately, technology and the marketplace may have a bigger say in bringing open banking to the United States than any regulatory body. Technology has provided opportunities for new companies to disrupt and transform entire industries, as seen in the effects of ride sharing applications on taxi services. With estimates that approximately $9.2 billion of revenue opportunity created by open banking by 2022 , it may be inevitable that market forces and technological innovation demand similar opportunities in the United States.