The development and increasing importance of digital banking to consumers, financial institutions and financial technology suppliers revolves around the emergence of open banking systems —strongly aided by application programming interfaces (APIs). But whereas in the United Kingdom and the European Union regulation directs the transition, in the U.S. open-banking development derives it impetus from financial institution and fintech innovation initiatives.
Through APIs — a set of functions and procedures allowing applications to access the features or data of an operating system, application, or other service — open banking allows the integration of products and services that help deliver better consumer experiences. Open banking also connects financial institution and third-party vendors and fintech providers, enabling them to exchange data easily and securely.
In 2016 Gartner suggested “The API economy is an enabler for turning a business or organization into a platform. Platforms multiply value creation because they enable business ecosystems inside and outside of the enterprise to consummate matches among users and facilitate the creation and/or exchange of goods, services and social currency so that all participants are able to capture value.”
A significant advantage of open banking as opposed to closed systems is the capacity for financial institutions to offer customers enhanced financial services, share data with third-party providers and offer consumers better control over their information.
However, fintechs and financial institutions in the U.S. face a variety of sometimes archaic, legacy IT infrastructures that can impede implementation of open-banking solutions.
Regulating Open Banking
The concept of open banking continues to evolve internationally as policymakers push for consumers to have better control over their banking information.
The UK in its open banking effort outlawed screen scraping for accessing consumer payment account data; required third-party providers, including fintechs and data aggregators, to acquire regulatory consent and establish proper data privacy, insurance and security measures; and permitted participants to only collect consumer data for the product or service consumers authorize.
The European Union mandated open banking and APIs under its revised Payment Services Directive (PSD2) and General Data Protection Regulation (GDPR) to govern data protection and privacy. The EU provided regulatory framework that requires financial institutions to allow third-party providers access to customer data via open APIs; and outlines how financial institutions and third-party providers can share and protect the consumer data they collect and use.
Other open-banking frameworks around the world include Singapore’s Monetary Authority standards framework; the Hong Kong Monetary Authority’s Open API Framework; Japan’s revised Banking Act, which requires FIs to develop APIs for use by external businesses; and the Australian government, with an open banking regime that requires its four largest FIs (Commonwealth Bank, Westpac, ANZ, and NAB) to make financial data available to consumers.
However, market forces, rather than regulatory directives, drives the transition to API-based financial data sharing in the U.S.
APIs: The Safer Way for Data Travel
To date, U.S. regulators have taken a mostly hands-off approach to open banking by delivering non-binding guidelines. While the United States does not have an open banking regulatory body, the recent FFIEC “Proposed Interagency Guidance on Third-Party Relationships,” does offer a framework. The guidance based on sound risk management principles calls for financial institutions to conduct due diligence over data aggregators and the monitoring of screen scraping activities; as well as control for both credential and API-based authentication.
However, the mainly unregulated and fragmented banking industry in the United States continues to pull back from screen scraping, which dates back to the 1980s, for consumer financial data sharing. Many industry experts recognized cybersecurity concerns related to screen scraping, which enables aggregators to collect and store banking credentials, and sometimes use information beyond what the consumer needs or requests. “A cyber-attack on a data aggregator would give a hacker unprecedented capability to drain or corrupt bank accounts,” revealed a recent article on the Bank Policy Institute website.
Instead, many open banking partners choose to share customer financial information through APIs, considered more accurate and more secure, as they allow data sharing without the use of consumer credentials and with enhanced control over the type and extent of data shared.
Some industry stakeholders are paving to pave the way forward for open banking, according to a 2020 white paper, “Developments in Open Banking and APIs: Where Does the U.S. Stand?,” published by the Federal Reserve Bank of Boston.
For example, the Financial Data Exchange, (FDX) a nonprofit dedicated to uniting the financial industry around a shared, interoperable, royalty-free standard, developed a common API technical standard for data sharing through an industry consortium of banks, data aggregators, fintechs and consumer groups. Some 28 million consumer accounts now use FDX’s API for open finance and open banking data sharing.
In September 2021, Birmingham, Ala.-based NXTsoft introduced its OmniConnect standard API solution, which provides connectivity for any U.S. financial institution to any third-party system with a singular API, plus the ability for fintechs to write directly to NXTsoft’s OmniConnect platform. Its growing list of partners includes Kasasa, Abrigo, ICE Mortgage Technology, and BankPoint.
A growing number of financial institutions now seek an open-banking/fintech partnership to stay competitive. Many pursue improvement in digital banking platforms to provide real-time and same-day banking services; big data access through open banking programs to provide customers with personal and actionable insights; and robotic process automation to power existing processes.
Third party developers seeking to connect products to a financial institution’s infrastructure usually must go through a core provider connected to those systems. Therefore, partnerships between fintechs and financial institutions become mutually beneficial offering a way for financial institutions to extend market reach and customer connectivity; and fintechs to strengthen offerings.
NXTsoft, which provides API connectivity between fintech companies and financial institutions, provides its OmniConnect Platform, an open banking marketplace for all API needs with connectors built for as many as 40 different core accounting systems including those from Fiserv, Jack Henry and FIS.
NXTsoft also provides links to 44 active partners through the use of its open API platform. They have connected with financial services systems, customer relationship management (CRM) platforms and other banking systems. Its API platform incorporates five standard use cases that allow for quick integration for partners.