OBI in the U.K.
The first practical experiment in systemic open banking is currently underway in Europe under the auspices of the European Union’s Payment Services Directive (commonly referred to as PSD2) and the U.K.’s Open Banking Initiative (OBI).
In both cases, governing bodies determined they could accelerate financial services innovation by creating a clear path for fintechs to access banking data. Regulators also adopted the stance that banking data was the property of the customer, and as such should be made available to service providers with their permission.
These experiments remain in their early stages. The first phase of OBI merely required British banks to provide sortable access to nonsensitive information such as ATM and branch locations.
As the playing field expands in 2018 to include transaction data and personally identifiable information, complicating factors will rise to the surface. For instance, customers might face confusion as to whether the bank or service provider should address a support issue.
More important, some banks have expressed concern that their valued role as customers’ financial stewards could be compromised.
In theory, once a customer has issued instructions to share data, the financial institution should be absolved of responsibility. But consumers’ tendency to accept contractual terms and conditions with a cursory reading (at best) is well documented.
Consider a scenario where a consumer accepts the terms and conditions for a limited solution that, in fact, confers far greater data rights. Does the financial institution have the ability or obligation to refuse release to suspected bad actors?
Initial interpretations of PSD2 seem to leave financial institutions with disproportionate liability paired with limited power to serve as gatekeeper. One must assume these details will be worked out.
Perret suggests the risks aren’t as dire as they might sound, however. “ ‘Open banking’ is actually a bit of a misnomer,” he says. “There are no truly open APIs in financial services. Due to security, regulatory, and privacy concerns, it’s essential to properly vet each developer and use case.”
Most experts agree it’s highly unlikely the U.S. will see a regulator-driven approach such as PSD2 for several reasons. Stateside culture favors market-driven solutions over regulatory mandates. With at least 20 times more financial institutions than most countries, both paths are more complex in the U.S. Arguably, however, the endgame is similar under either scenario.
NEXT: Finding partners