Data Sharing and Open Banking
Total Page:16
File Type:pdf, Size:1020Kb
16 McKinsey on Payments July 2017 McKinsey on Payments July 2017 Data sharing and open banking Buzzwords like “big data” typically bring to mind quantitative exercises like the application of algorithms and analytics. While these are certainly critical steps to gaining insight, a more fundamental building block of the data market is access. Easier access to data has become a hot topic in all industries, none more so than financial services. For instance, the G20’s Anti-Corruption Working Group has identified open data as a priority to advance public sector transparency and integrity. From a commercial standpoint, data can serve as a catalyst for new products and business models. The EU has been proactive on this front, setting the rules of engagement through the updated version of the Payment Services Directive (PSD2). Laura Brodsky Data-sharing is often accomplished While open banking stands to benefit end through an application programming in- users as well as to foster innovations and new Liz Oakes terface (API), an intelligent conduit that areas of competition between banks and non- allows for the flow of data between systems banks, it is also likely to usher in an entirely in a controlled yet seamless fashion (Ex- new financial services ecosystem, in which hibit 1). APIs have been leveraged in bank- banks’ roles may shift markedly. It also raises ing settings for years (see sidebar “How issues around regulation and data privacy, open banking brings new relevance to which helps to explain why global markets APIs,” page 20). Given breakthroughs in have taken varying approaches to governance, advanced analytics and the market traction contributing to disparate levels of progress. of numerous non-bank fintech companies, Regardless of region, the momentum toward however, APIs are receiving renewed atten- open banking models seems clear, requiring tion as a means to enhance the delivery of banks and fintechs alike to position them- financial services to both retail consumers selves for success in a new environment and and business customers. to anticipate the likely customer impacts. Data sharing and open banking 17 Data sharing and open banking Open banking reaching a fever like Mint, examples include alternative un- pitch derwriters ranging from Lending Club in the Open banking can be defined as a collabora- United States to M-Shwari in Africa to tive model in which banking data is shared Lenddo in the Philippines, and payments through APIs between two or more unaffili- disruptors like Stripe and Braintree (Exhibit ated parties to deliver enhanced capabilities 2, page 18). to the marketplace. APIs have been used for Naturally, such advances are not quite as decades, particularly in the United States, to straightforward as our capsule description enable personal financial management soft- implies. Recent years have brought the de- ware, to present billing detail at bank web- velopment of digital ecosystems, Tencent sites and to connect developers to payments (WeChat) and Alibaba in China being prime networks like Visa and Mastercard. To date, examples. As these ecosystems mature they however, these connections have been used begin to collide, and the inability to share primarily to share information rather than data threatens to curtail innovation in busi- to transfer monetary balances. ness and operating models. Moreover, most The potential benefits of open banking are advancements to date have come from firms substantial: improved customer experience, outside the financial services realm. While new revenue streams, and a sustainable incumbents still hold the keys to the vault in service model for traditionally underserved terms of rich transaction data as well as markets. In addition to well-known players trusted client relationships, banks often view Exhibit 1 Three types of APIs API models Model type Attributes Public/open Innovation through engaging developer APIs used by external community Public partners and developers who build innovative apps Extended market reach and products Partner Partner/B2B Reduced partner costs Internal APIs used by business API monetization partners, including Enhanced security suppliers, providers, resellers and others for tighter partner integration Internal Cost reduction APIs are used by Operational efficiency developers within Enhanced security enterprise Source: McKinsey Payments Practice 2 18 McKinsey on Payments July 2017 Data sharing and open banking the opening of these data flows as more custody and protection of their clients’ data threat than opportunity. After all, it is the as a responsibility, more of a stewardship non-bank insurgents who have demon- role than an asset to be commercialized. strated market traction thus far, and gained Data-sharing in financial services tends to valuable new customer relationships—by be risk- and permission-based, with re- presenting data in new forms. quired audit trails, and subject to regulation and risk management. If done well, how- There are inherent risks in sharing data, ever, it can deliver increased security however, which is why it is critical to de- through enhanced know-your-customer ca- velop processes and governance underpin- pabilities, identity validation and fraud de- ning the technical connections. Although tection. For instance, the current version of the core API value proposition lies in PSD2’s technical standards may put an end streamlining the systems integration re- to the practice of screen-scraping, long a quired for data access, the need for point of contention for banks. guardrails to support protections for the pri- vacy and security of personal data create a At the same time, customer transparency formidable infrastructure challenge. and control must remain at the center of product design decisions. This is a more vex- The data consent/protection ing rule to follow than it appears on the sur- elephant in the room face. Even as PSD2 is advanced by Notably, banks have traditionally viewed the regulators, it could be argued that through Exhibit 2 In the EU and UK, PSD2 and the Open Banking Initiative are giving more control to the customer over personal account Global open-banking data. Digital banks such as N26 and Fidor, and digital lenders (e.g., Klarna), are seeking to reinvent banking. developments New digital finance ecosystems (e.g., WeChat, AliPay) are emerging in China, based on data-sharing capabilities. In South and Southeast In the U.S., large banks In East Africa, Asia, fintechs are are striking data-sharing new under- experiencing strong deals with individual writing models growth around APIs and partners in a departure are emerging from data-sharing. Examples from the aggregator access to alternative include mobile wallet model. Examples include sources of data, like growth in India after Chase’s partnership with mobile phone usage. demonetization, and Intuit and Wells Fargo’s Examples include formal fintech governance partnerships with Xero MShwari, Tala and at the Monetary Authority Source: McKinsey Payments Practice and Finicity. Branch. of Singapore. 3 Data sharing and open banking 19 Data sharing and open banking adoption consumers have already set the Protection Regulation), slated to take ef- agenda for services they want opened to fect in the EU in May 2018, imposes a sub- third parties. On the other hand, different stantial penalty for noncompliance— data categories warrant different levels of se- 4 percent of the offending institution’s curity, and informed consent requires un- global revenues (not profits). This “right to derstanding the implications of sharing be forgotten” significantly raises the stakes before approving—no small feat when the of data-sharing. Explicit consent is re- reflexive clicking of “I Agree” on an unread quired from the account holder. However, set of terms and conditions is standard. there exists a silent counterparty to every There is a fine line to walk: educating and financial transaction conducted by that empowering consumers without confusing, holder; does a right to privacy exist for the scaring or boring them. corresponding payor/payee? If so, the con- sent process becomes infinitely more com- Perhaps the most complex of these is educat- plex—particularly when parties to the ing end users on data permission and pri- transaction bank with different institu- vacy. PSD2 explicitly empowers account tions and there is no central repository of holders with the authority to share data, re- permissions granted. moving the financial institution’s role as gatekeeper. Further complicating matters, Market evolution varies by real-world evidence suggests consumers may regulatory approach not attach the same value and sensitivity to Ecosystem development has varied markedly certain data elements that banks and their by region, due in no small part to regulatory regulators do. Although the move to open divergence. The most programmatic ap- banking need not be a zero-sum game, there proach has been taken in the EU, through are several areas where banks harbor legiti- both PSD2 and a broader effort to foster mate concerns regarding loss of brand competition in retail banking through the recognition and reputational risk, especially UK’s Open Banking Standard. A key provi- given their own required investments to ef- sion of PSD2 aims to foster competition and fect such change. innovation for payments service provision in Further questions persist regarding the duty the European Economic Area by opening ac- to redact “sensitive data” in certain circum- count access to nonbanks. stances as well as third-party providers’ obli- The UK’s pending separation from the EU gations to delete/destroy data after a period. is not expected to alter these data-sharing Many of these details remain a work in protocols, as many of PSD2’s customer pro- progress and will be refined as the market tection provisions are already enshrined in impacts of open banking play out. Banks are UK law and both the government and fi- understandably concerned about such details, nancial community have signaled a desire as any perceived disclosure missteps will al- to preserve banking services compatibil- most certainly radiate back to their brand.