What Do Open APIs Mean for Banking Business Models? PSD2 Points of View
As the January 2018 deadline creeps closer, PSD2 – and by association instant payments and open banking – is the hot topic in the payments industry. The impact of PSD2 will be felt beyond Europe’s physical borders, as it brings open banking to the fore. As with any global issue, ideas around how best to address the challenges of open banking are fragmented, and opinions differ between retail and corporate banking.
I spoke to two of our resident experts, Craig Ramsey (director, Product Management, Transaction Banking) and Lu Zurawski (solution practice lead, Retail Banking), to get a balanced view of how to meet the challenge of ‘open.’
Rachel Hunt: Lu, why is there so little consensus around how to best approach the open requirement of PSD2?
Lu Zurawski: PSD2 is an attempt to fix an aging banking system; to remove restrictions that throttle innovation and competition, and ultimately foster a broader ecosystem with improved financial products and services that will benefit consumers and corporates alike. But the regulation doesn't prescribe exactly how to achieve that New Payments Ecosystem, because excessively prescriptive regulation is what broke the system in the first place; regulating for a homogenous set of players. PSD2 has created a spectrum of views because it is deliberately open to different interpretations.
RH: If the regulation does succeed in opening up the market, does this mean opportunity or disintermediation for traditional banking?
Craig Ramsey: PSD2 is more than just regulation, it’s a whole new way of enabling banking, and brings with it great opportunities. But in this new environment banks are not sure whether to view Open APIs, and their new ecosystem partners, as friend or foe. Banks recognize that Open APIs - and by extension their own compliance and approach to open-enabled partnerships - can encourage more customer account activity. More account activity could be the result of new accounts; or customers switching accounts to take advantage of an exclusive service offered as part of a particular fintech/bank collaboration.
The flipside of open is that banks risk losing their position as their customers’ primary touchpoint. There is also a danger if they lose access to customer data, or the opportunity to promote new services to the customer. They need to maintain ownership of the customer relationship, even within partnership offerings, to mitigate this risk.
Banks frequently maintain a ‘foe’ attitude to fintech because they (rightly) feel that the costs of ‘open’ are squarely on their shoulders, and that the fintechs have all the opportunities. While it’s easy to critique banks for being slow to innovate, agility is partly hindered by compliance and regulation that fintechs aren't required to meet. That level of compliance plays a large role in building trust in the system.
Fintechs often have a more agile proposition for the market, so banks need to embrace this, and see the opportunity in carefully managed partnerships to generate transactions across their books. It’s a volume game in payments, and the value lies in driving more transactions across all accounts a bank owns.
LZ: I think volume has a role to play, but it goes beyond the pure volume of transactions. In my opinion, the goal is to aim beyond ‘Open 1.0’. How can we use the data from these transactions in a meaningful way to help corporate customers run their businesses better? That data might be generated as a result of increased volume, but it’s the application of the data that will be the game changer.
Winning a greater share of corporate business may well lead to an increase in transaction volumes, but the transaction mix is likely to include new, non-financial transactions such as trust-based identity and authentication functions. Banks have an opportunity to move into providing identity and credentials management as a natural extension of their current services, enabled through Open APIs.
A trend towards micro-transactions, particularly by corporations involved in a future Internet of (Payment) Things (IoT), may drive demand for handling larger payment volumes. Perhaps these micropayments made by end consumers (whether human or robotic) will not translate one-to-one into corporate activity with a bank, but there will be an opportunity to provision and fund these micropayment systems in an efficient manner.
And we mustn’t write off the fintechs when it comes to corporate banking. They are not necessarily any higher risk than the kind of profile to which US SMEs are accustomed. SMEs in North America operate under a high-risk profile, putting money into lending clubs. Although typically, safe-haven funds still sit with the bank.
CR: It’s important to remember that the ‘Goliath’ in the relationship won’t always be the bank. Most people see the bank as the big company, and view the fintech as the garage start-up. Well, what if that fintech is a tech giant? The possibility that these huge new competitors are going to get easy access to the bank’s customer data is a worrying proposition.
LZ: Talking of tech giants, I’m moved to paraphrase Bill Gates; “Banking will always be necessary, but banks may not.” Alternative lending might be a minority sport in the early days of open payments, but it will happen.
RH: Will we see the same appetite for enabling open banking outside of Europe, given the lack of regulatory impetus?
LZ: Europe is being pushed towards open banking by public policy and regulatory pressure. The drive is to make payments, and retail banking, far more competitive. Rather than looking at the lack of regulation in other markets as a missing driver, you could argue that these markets don’t need the same regulatory ‘whip.’ The US payments ecosystem is already much more open in terms of vast choice for the customer. European banks are reacting to a push for greater connectivity, with Open APIs to enable partners to connect to their services.
What banks in the US and Asia Pacific have to ask themselves is: Am I accessible enough? As European competitors are driven towards an Open API-enabled payments ecosystem they will, by default, adopt an open business model and mentality to drive revenue from the exposed services. That means US banks must consider Open APIs as a strategic move – enabling them to be agile enough to compete with European banks.
CR: Every region is tackling the open trend in its own way. We know that open payments are coming, but for countries where they have yet to address the challenge of real-time payments, the truth is being made clear; Open APIs and real-time go hand-in-hand and it is not possible to address either in isolation. When enacting real-time strategy, it is essential to consider how it will integrate into an Open API plan; how can customers more easily initiate real-time payments? How to drive up the ubiquity of the new scheme?
RH: We’ve touched on the importance of maintaining ownership of the customer relationship, and the accompanying data, but why is that so crucial to open banking success?
CR: The new real-time messaging standard ISO20022 brings with it the capability to incorporate more data than just the basic payment details, which loops back to Lu’s point about finding ways to add value through the data that a bank acquires through increased non-cash volumes. ‘Big Data’ has been a buzzword for years, but we’re only just reaching the point where we can turn big data into big bucks. Advanced real-time data analytics, machine learning, the application of data science, and the advent of Hadoop have all converged in 2017 to make data-rich seams ready for mining.
Turning that data into applicable business intelligence is now a genuine possibility. For payments, that means the launch of new tailored offerings aimed at customer segments; offerings that in turn will use the continued collection and analysis of data to improve services for customers. In today’s real-time payments ecosystem, it’s about continuous evaluation and improvement of the customer experience.
RH: So is there a business case for US corporate banking to initiate an Open API strategy now?
CR: There is a misconception that the business case for Open APIs, beyond PSD2, will become clear at some point in the future. But the reality is that the business case is global, and it is imminent. A large part of the value lies in consolidation to provide a better customer experience, and becoming the aggregator of choice for customers.
Businesses - even SMEs - typically have more than one bank to provide their financial services. Each bank wants to be the primary provider, but the reality is generally a fragmented web of providers and services. A smart fintech could provide a consolidated front-end, through Open APIs, to simplify and streamline the customer experience; this would be a strong value-add for many businesses. It would then be a natural progression for the fintech to layer on special handling, new products and services, and suddenly the bank is relegated to the back-end and payment rails.
Smart banks realize that the business case is as simple as the cost of doing nothing. The opportunity is to be the provider of improved customer experience alongside innovative services, which positions an institution as the preferred single pipe into the banking network. This drives increased value from existing customers, supporting new customer acquisition and creating the potential to enter new markets with these new services.
Many banks worry that they aren’t agile enough to take hold of this opportunity in a timely manner, and could be disintermediated by more nimble competitors overnight. The way to compensate for a bank’s own slow rate of change is to partner with those nimble organizations; in other words, turn foes into friends.
If a bank makes itself easy to do business with it can become the partner of choice for fintechs that can attract customers with their unique propositions. It may even reach the point where corporates are willing to switch their primary banking provider as a means to access fintech value-added services, if the fintech holds exclusive partnerships with banking sponsors.
LZ: I agree that forward thinking banks can - and should - become the front-end aggregator on behalf of payment system users. Proactive institutions are not viewing it simply as an obligation to open up, but they are carefully watching the European landscape and thinking about how to connect into the New Payments Ecosystem and the opportunities it offers.
This also applies to institutions that aren’t historically ‘corporate’ banks. They see the opportunity to develop cross-border business models without the need for correspondent banking relationships, thanks to initiatives like the UK Open Banking initiative from the Competition and Markets Authority. With Open APIs, they can directly enter foreign banking systems with the permission of customers and users.
RH: So, what’s the key takeaway for banks when it comes to Open APIs, and more generally, open payments?
LZ: Before your bank sets itself down a path to open payments, you need to seek a range of opinions!
CR: Open banking is part of the New Payments Ecosystem. Every conversation I have with a bank explores the impact of Open APIs and open regulation, and I believe the current nebulous concept of open will evolve into a tangible shift in the market. My advice to all banks would be to fast-track planning and embrace the fintech community as part of an open banking strategy; banks that want to make the most of this opportunity need to seize it!
LZ: If banks want to take advantage of open banking initiatives, they need to understand that the future is more than just Open APIs, and more even than open payments. The future is real-time, personalized, data-driven services. If banks can achieve this, they can help to overcome the inertia that currently exists in the industry.
Successful banks will take advantage of the new agile payments ecosystem and combine this with what they already do very well: manage access to complicated settlement systems and maintain trust in the financial system.
Find out more about leveraging the opportunities of open banking: Watch the video with Lu Zurawski
Related Blog Posts
Defense in Depth: Fighting Fraud in India with a Multi-Layered Approach
There’s a quip, albeit ironic, making the rounds as forwarded emails and messages – “Who’s driving digital transformation among enterprises: CEO or CIO? The correct answer is COVID-19.” Going beyond impacting global well-being, COVID-19 is pushing the corporate world to rapidly introduce new measures for business continuity. Diametrically opposite to continuity, the black swan event of the novel coronavirus is creating disruption in terms of exploitation and fraud perpetration – especially in the banking and financial sector.
Introducing Incremental Learning: An Industry-First Boost for Fraud Prevention
In our previous blog on machine learning, we sought to clarify its role in fraud prevention for merchants. To summarize, it can be an extremely effective way to identify patterns of fraud in a manner and at a speed that humans cannot. It is a critical tool in the fight against fraud, especially when used as part of a multi-layered fraud solution.
Machine Learning: Separating Fact from Fraud Fiction for Merchants
Machine learning is a broad discipline about which many claims, sometimes extravagant, are made. In recent years, it has often been hailed as the most effective answer to stopping payments fraud.
At ACI, we’ve been working with machine learning models to prevent fraud for over two decades – and we know they can play a critical role in improving fraud detection accuracy. Here we bring together a few insights on how models can be used most effectively.
For Financial Institutions, Community Is Critical to Fighting Fraud with Machine Learning
In November 2019, our experts predicted that democratized machine learning and shared intelligence would be among the most important fraud prevention trends for financial institutions (FIs) in 2020.
Fraud Prevention Is the Frontline of Customer Experience
Digital transformation has done more than disrupt business models. In almost every consumer-focused market – and most business-to-business ones, too – it has fundamentally re-oriented the competitive landscape around customer experience as a core differentiator.
SCA: How PSPs Can Help Merchants Stay One Step Ahead
The main objective of PSD2’s Strong Customer Authentication (SCA) is to protect customers and reduce fraud by introducing new measures that ensure that customer-initiated transactions are being made by the genuine cardholder.
The EMV Deadline Has Been Extended for U.S. Fuel Merchants – Now What?
U.S. fuel stations were originally supposed to be EMV-compliant by October 2017, but due to complications and costs at the time, the deadline for EMV at the pump was extended for three years – and it has now been pushed out further to April 2021 due to the COVID-19 pandemic.
Merchant Fraud in the Age of COVID-19: We Need to Prepare Ourselves for a “Tidal Wave” of Attacks
With millions of consumers around the world self-quarantining at home, online shopping for goods, services and entertainment has become the new normal for many. A recent analysis of our own data has shown that average transaction volumes in the retail sector in March rose 74 percent compared to the same period last year.
Predicciones de fraude para el 2020: Qué esperar con la rápida evolución del panorama de pagos en América Latina
La industria de pagos en América Latina está experimentando diversos cambios en varios segmentos a medida que la población de la región está cada vez más bancarizada y comienza a usar pagos electrónicos. Aunque el efectivo sigue siendo la forma de pago dominante, los gobiernos han impulsado los pagos electrónicos a través de la regulación. Esto ha asegurado que la aceptación y el crecimiento del pago con tarjeta hayan aumentado constantemente, han aparecido bancos digitales en diferentes países y el comercio electrónico ha aumentado significativamente.
Previsões para fraudes em 2020: O que esperar com o cenário de pagamentos em rápida evolução na América Latina
As violações de dados que envolvem dados de pagamento dobraram no ano passado por várias razões - falta de inovação em segurança, prioridades corporativas equivocadas e fraquezas nos portais de desenvolvedores, para citar alguns.