Risk Management & Regulatory Compliance

5 minute read

The future of open banking in the U.S.: Risk or Reward?

May 26, 2022

Written by: Alison Reagan

In banking, as in life, if you resist change, you will eventually become obsolete.

If you accept, even embrace change, it becomes less scary, and you can adapt, evolve and influence new ways of doing things.

 Fintechs are not new; they are new-ish. Think of PayPal. It’s not new. You probably wouldn’t even think about it as a fintech. Yet, that’s what it is … or was. Although many payments are now made via PayPal, it has not destroyed any banks. In fact, traditional banks that have adapted to and adopted these new payment paradigms (as a result of PayPal) still handle most payments.

Everybody wins, especially consumers.

Let’s liken the relationship between banks and fintechs to the relationship between sharks and pilot fish. The shark, much bigger and more powerful, protects the pilot fish against predators while the pilot fish, smaller and more focused, protects the shark against parasites. Each brings skills and capabilities that make their relationship mutually beneficial. Can one live without the other one? Absolutely. But they would have to figure out for themselves how to deal with predators and parasites. Some would succeed in doing so; some would not.

Now, applying that example to today’s financial services, banks and fintechs can coexist and interact because open banking provides that interactive relationship between the two. Each brings its own skills and capabilities that enhance and benefit the other to forge a banking experience like never before.

Open banking uses APIs (application programming interfaces) to allow developers to build applications and services that a bank desires or a fintech has developed to sell to the banking industry. These APIs are interfaces (or codes, if you will) that connect various computers or computer programs. Through these connections, developers can access a bank’s financial data that is needed for the product or service they are creating or implementing. In other words, it’s the go-between that lets computers talk to each other and share data.

Through APIs, open banking has “opened” (pun intended) a new world of products and services. The sky is the limit for products and services that can be created when banks partner with fintechs. But what are the risks?

Delicate Relationship Based on Customer Data

Fintechs create the financial management products banks need. According to Tipalti, a financial solutions provider, “60% of consumers want to transact with financial institutions that provide a single platform, such as social media or mobile banking apps.” With the concept of open banking and their knowledge of how to interface with an application, fintechs have unlimited potential to use this highly protected data in ways once considered futuristic.

Customer Experience

Everyone is looking to provide the best experience for customers, who want simple, easy-to-understand applications that assist in managing all aspects of their financial life – right there in the palms of their hands. Financial tools, such as digital wallets, money management and payment platforms, must be quick and easy to use. The more fine print and hurdles customers have to jump through to set up or for verification, the more likely those consumers will pass and move to the next option.

Tapping into financial solutions of various fintechs that are targeted to the needs of your customers can be a game changer when it comes to competition. According to a January 2022 Forbes article on “Top Ten 2022 Fintech Predictions:”

  • 65% of banks and credit unions entered into at least one fintech partnership over the past three years.
  • 35% of those institutions invested in a fintech start-up, with the average investment increasing from $2.3 million in 2019 to nearly $10 million in 2021.
  • In 2019, banks that partnered with fintechs averaged 1.3 partnerships per institution. Last year, that practically doubled to 2.5 partnerships.

 So, where is the risk? Well, for starters, many fintechs fall just outside the line for regulatory oversight, making it critical to know where they stand on their commitment to compliance. It’s important to ensure they aren’t just smoke and mirrors when it comes to the regulations that apply to your bank. Do they really know the requirements necessary for the product or service for which you are partnering to create or implement? A simple risk assessment of what is being shared and accessed with an open banking relationship will highlight the areas of potential concern.

It’s important to note that the same partnerships that can take you to the next level can also place you on a platform with significantly higher risk. After all, fintech interfaces might seem simple to the user, as intentionally designed, but the complexity of the algorithms and data resources necessary to fuel these “must-have” products are just that: complex. A small hiccup in an untested interface can send the process off the rails, meaning you’re looking at a potential consumer harm issue.

Privacy and the Risk

There is a renewed effort to enhance data security for personal data shared between the European Union (EU) and the United States. This is a perfect time to consider just who the gatekeeper of financial data is, within the realm of open banking with fintechs. Are customers aware of who has access to their personal financial data that is maintained by their bank and shared through open banking relationships with fintechs? Sure, we acknowledge the sharing of data when we sign up for the latest and greatest financial management tool. But, as consumers, have we stopped to consider just what might be being shared? Have we stopped to think about how that shared data can be used beyond just the typical bank app and the financial management tool we downloaded to our phone?

As bankers, we often consider and refer to peer data. We depend on it for benchmarking our progress, and our regulators love to use it during our exams to compare us to an expected standard. Again, as consumers, have we thought about how our financial data could be shared, creating a honeypot of data that can help us benchmark ourselves as consumers? Shared financial data could allow a fintech to compare similarly situated bank customers across multiple banks, leading to an enhanced product or service and providing a great customer experience. With financial data sharing and fintech product offerings, we can see this benchmarking at the personal financial level now.

Bringing It All Together

With the large number of fintechs competing for banks’ attention, it’s interesting to note the dependence on the API referenced earlier. If there isn’t some level of consistency within the programming of these interfaces, there may be a gap that could create exposure. If each product and/or service a bank offers operates off of a different set of factors, you can imagine the integration problems when trying to connect new offerings as a bank continues to grow.

The Financial Data Exchange (FDX)  is looking to bring common ground to data sharing necessary to manage open banking. Under the umbrella of a nonprofit, it has developed core principles with the intent to drive the creation of a standard data-sharing framework. Those principles are control, access, transparency, traceability and security.

As consumers continue to demand products and services that require financial data sharing between banks and fintechs, our industry likewise must demand a standard that is agreeable to both parties. FDX’s adoption rate has accelerated at an unexpected level. The number of consumer accounts using FDX API standard grew from 12 million in the fall of 2020 to 28 million in the fall of 2021, more than doubling, according to its website.

So, what’s the risk? As we asked earlier: Do customers really understand fintechs and data sharing? Has the risk of storing data with a non-regulated fintech crossed anyone’s mind? Or does the convenience or sparkle of the latest financial app make it worth the risk? As banks consider partnerships with fintechs, a key consideration must be the risk. The Federal Reserve highlighted in its recent report, Conducting Due Diligence on Financial Technology Firms, that risk must be the key consideration of any bank partnering with a fintech.The report lays out the Fed’s expectations for banks to consider when performing their due diligence on a new fintech. You can be certain this should be used as your checklist with documentation maintained for each step of the way.

Let Spinnaker help you navigate the risk of open banking.

It’s critical to assess the risk associated with fintechs and the opportunities they bring to the table. Let our team of risk and compliance experts assist you in assessing the risk associated with fintechs. Every institution should have a risk assessment that includes a vendor management component. The risks for fintechs and open banking are different from traditional vendor management considerations. Spinnaker Consulting Group can partner with you to identify and develop your institution’s fintech risk management program.

This blog was co-authored with Spinnaker consultant, Laurent Robert.