By Ng Hui Chen & Prof Dr Nafis Alam

Banks are getting transformed from branch-based banking to a digitally focused service provider driven by a low-cost, efficient and rich customer experience. Openness and collaboration amongst the banks have emerged as a new normal for the banking sector. The Covid-19 pandemic has further accelerated the digitalisation move and shifted the consumers’ perception in adopting technology in their daily life. Open Banking, a term that was viewed as ‘hype’ a few years ago, has now become a reality.

What is Open Banking and its Current Status?

Customer data are often treated as a highly confidential assets of the banking industry, partly attributed to regulatory requirements such as the Personal Data Protection Act and banking secrecy laws. However, this ‘closed’ banking model has caused inefficiencies and unsatisfactory banking experience for the consumers as they often fail to have a unified view of their financial position. The banking model needs to be adapted to deliver value and satisfy customers’ experience in the era of digitalisation.

As a result of this, the concept of Open Banking was coined. It is a mechanism that allows banks to share the financial data of their customers with the third party through application programming interfaces (APIs). This data sharing inititives has given rise to new channels for payments and wealth management services. Customers can now aggregate their financial accounts into one platform to better manage their financial transactions. Small payments can be made seamlessly between accounts at different banks.

Open Banking gained traction even before Covid-19 pandemic spread across the globe. The Financial Brand in early 2020 reported that as much as 87% of countries were offering Open Banking in some form or other, while the Open Bank Project reports that 47 countries around the world have or are considering adopting open banking policies. If we focus on individual nations, in South Korea, the regulator reported that 20 million people are using Open Banking services as at July 2020, a service which was only launched only in December 2019. The Open Banking Implementation Entity, the entity established by the Competition and Markets Authority to drive Open Banking in the UK announced in September 2020 that users of Open Banking enabled products surpassed the 2 million mark, doubling in just over six months. The conventional payment card association, Mastercard launched its Open Banking platform to facilitate Open Banking initiatives in June 2019. In June 2020, Mastercard further accelerated its Open Banking move by acquiring real-time financial data aggregation service firm, Finicity. In Europe, the regulatory standards, the revised Payment Services Directive (PSD2) and General Data Protection Regulation are driving Europe in adopting Open Banking standards. The US is also experimenting with open banking but the progress is slow as American consumers have a lot of data privacy concerns which can be a sensitive topic, among older consumers.

When it comes to the Asia Pacific region, there is a big push for Open Banking. In fact, a recent survey by Finastra revealed that close to 100% of financial institutions in Singapore and Hong Kong think Open Banking is important, with two-thirds in Singapore calling it a “must-have”.  If we focus on Malaysia, the central bank Bank Negara Malaysia published a policy document to set out the requirement for open API for open data by financial institutions on 2 January 2019. The policy document encourages financial institutions to adopt the Open Data API Specifications on selected product information developed by the Open API Implementation Groups. The growing digitalisation trend, changing customers’ perception coupled with the regulator’s support, open banking is all set to transform the banking industry in Malaysia.

What are the Opportunities and Risks?

While some banks may not seem to be in favour of open banking, open banking will bring strategic advantages to the banks.

By connecting with other APIs, banks will be able to receive additional customer information. This information will help banks to expand their offerings and offer more personalised services to their customers through a better understanding of customer behaviour. Besides, banks can also make better lending decisions as they can perform better credit evaluation with additional information. At the same times, banks can venture into underserved markets such as peer-to-peer lending, etc.

However, all those benefits come with some risks as well. The security issue is one of the greatest challenges in Open Banking adoption. Open Banking platforms, the custodian of customer data, are the popular target of hackers. Risks associated with data privacy, data loss, identity fraud are always the concern of Open Banking adoption. When there are data breaches, accountability and ownership become the issues. The parties that should take the blame or responsibility of the hacking become less clear as the data are shared across the platform.

Data sharing will emerge as the biggest roadblock in realising the full potential of the Open Banking concept. Banks may be sceptical in sharing data with rival banks, hence they could find ways and means to delay sharing/opening up the data. Data privacy issues will also be a concern for customers when they are dealing with unregulated start-ups who might be involved in sharing or selling the data with their partners and thereby misusing customer data, without consent of the customer.

Apart from that, Open Banking will also present strategic risks to the banks. Banks must deploy an appropriate strategy to tap into the new opportunities from Open Banking and find the right partners to develop the platform.

Role of Regulators

The success of Open Banking not only lies with banks and start-ups but banking regulators also have to play an important role. The biggest challenge for the success of Open Banking is data sharing and data privacy and the regulator has to put proper checks and controls in place to regulate the whole initiative.

The regulators need to make sure that sensitive customer information is not shared. It is of utmost importance that regulators set up guidelines and inform all parties about what information can be shared and what would remain confidential to the bank. If the proper checks and controls are not put in place, Open Banking can lead to increased financial fraud and even unauthorised money transfers leading to money-laundering incidences. To protect customers, the regulators have to bring in stringent policies to penalie the parties involved, which can be a bank or an intermediary, if there is any data breach.

There has been some progress towards open banking regulations. A revised PSD2 applicable to banks and digital money providers can further facilitate access for third parties to both transactional data and payment operations. Banks can choose whether to develop APIs which, although not standardised, must be approved by the regulators. While in Singapore, the Monetary Authority of Singapore published an API Playbook to encourage banks to open up their systems and services in an innovative way.

What the Future Holds?

We will see once Open Banking is implementd successfully across the region, potential changes to the business model as follow:

  • Banking-as-a-Service model: Banks will move from one-stop centre to financial platform. Banking services will be unbundled into modular based services.
  • Product specialists: As banking services are expected to be unbundled, banks will slowly be specialised in their niche areas with core products.
  • Infrastructure giants: Some companies will become back-end infrastructure providers to the banking industry, such as API providers, cloud providers, etc.
  • Front-end providers: Some companies will start to build an aggregated platform for customers
  • for access to different banking, fintech, and other services. For instance, on 8 October 2020, AirAsia revealed its super app which aggregates travel, e-commerce and fintech services.

Even though it’s a long way ahead for Open Banking to become mainstream, incumbent banks must look at their legacy business model as a service provider or to transform themselves as a platform-based ecosystem where the customer will be the king and customer data will be the new gold. Regulators have an important role to play to make sure that Open Banking remain open to the right provider and the right users. The silver lining is that 80% of the bankers feel that Open Banking is not a threat to them and they are looking forward to using this as an opportunity to increase their market share.

Ng Hui Chen is Senior Lecturer and Programme Leader of Banking and Finance at the Asia Pacific University of Technology and Innovation, Malaysia. She led the development of the first fintech academic courses in Malaysia. Prior to joining academia, she served as a credit controller and relationship manager in banking. During her career as a relationship manager, she managed correspondent banking relationship with banks from USA, Europe and South Pacific countries.

Nafis Alam is Professor of Finance and Head of the School of Accounting and Finance at the Asia Pacific University of Technology and Innovation, Malaysia. His research focuses on fintech, banking regulation, corporate finance, and Islamic finance. He is a research affiliate of the Cambridge Centre for Alternative Finance at Judge Business School, University of Cambridge, UK, and contributes regularly to a global industry report on fintech and financial regulation. Nafis previously studied Banking and Finance at Monash University, Australia.