Don Cardinal, CPA, CISA, CISM Managing Director Financial Data Exchange
Much ink has been spilled about open banking and the ability for consumers to fully own and securely share their banking data. Unfortunately, most U.S. open banking systems only address data held by banks. Even then, these rules typically only address current accounts, but most consumers’ financial profiles and histories are much more complex than a single account. These open banking and open finance systems also do not address the vast amount of personal financial information held by investment firms, payroll vendors, utilities, crypto exchanges and many other entities that collect this data regardless of whether the customer is aware.
Open finance, however, explicitly collects the entirety of your financial data accessible securely with your permission. It is also a decidedly customer-centric worldview.
It’s important to understand that the consumer is the center of any open banking or finance system. Consumer demand for products and innovations fueled by their own financial data (whether they know it or not) is what drives open finance. One needs to simply look at what the consumer is accessing today via current credential-based access (aka screen scraping) to guide what could—and/or should—be offered via open finance application programming interfaces, or APIs.
Looking at the nature of these open banking and open finance access types and the reasons behind them, certain themes emerge with the consumer’s role as the focal point. In October 2017, the U.S. Consumer Financial Protection Bureau published its Consumer Protection Principles: Consumer-Authorized Financial Data Sharing and Aggregation that spelled out nine principles for consumer-permissioned financial data sharing: access, data scope and usability, control and informed consent, authorizing payments, security, access transparency, accuracy, ability to dispute and resolve unauthorized access, and efficient and effective accountability mechanisms.
Having set the operating parameters, the industry got to work delivering the technological solutions to achieve them. One result we will highlight here of the control and transparency principles is that financial institutions are offering user interfaces (dashboards) that display what organizations and applications currently have permission to access your personal financial data, when that access was granted and an option to revoke this access entirely.
What does this mean in practice?
Consider the mortgage application process. Assets and liabilities determine creditworthiness. In this instance, open banking is great for verifying checking account balance, balance history, account tenure and deposits. The same can be said for credit cards. Where open banking falls short is with things like auto loans, mortgages, CD/IRA and other finance-related products. With open finance, all the personal financial data that you permission would be securely delivered to the mortgage lender with your consent via an API.
How can open finance help marginalized communities?
Open banking only works when someone is actively using their account with a bank. The ability to securely provision access to utility providers, telecom companies and payroll providers to verify payment history, employment and pay is crucial to securing access to housing funds and affordable credit. Today, a person with no active bank accounts would be considered outside of the financial system and, therefore, would struggle to access these options. Open finance eliminates this issue. Further, the ability to access payment history from prior landlords would allow for more efficient, transparent and equitable rental decisions.
We have the technology today to extend these types of benefits to those outside the financial system. We just need to connect the dots.
How do we get there?
Like many things in life, it will be a team effort. Industry members, regulators and other stakeholders must weigh in if we are to achieve a truly open, inclusive and sustainable ecosystem. Each party will play a role and bring different strengths to the table. Regulators set the guardrails of policy (the “what”), while the industry, due to their ability to innovate quickly and proximity to the consumer, can address the technological “how.” How these parties interact with each other, as well as their expectations of each other, are the responsibility of policy, whereas the development of common, interoperable technology standards, utilities and best practices belong to the industry.
The saying, “Many hands make light work,” is indeed true. A large group of diverse voices will foster an open, collaborative and consensus-driven ecosystem than can support customer choice, innovation, security, privacy and the production of technology solutions and standards as rapidly as the consumer demands.