Whether you’re on the side of deregulation or tougher oversight of financial services, there’s no denying that the latest regulatory requirements are going to have a major impact on retail banking.
Three pieces of legislation in particular are set to transform retail banking as we know it:
- The CMA order for retail banking organisations to encourage more competition (Open APIs)
- The EU payment service directive (PSD2) – effectively a regulatory requirement to provide access (on customer consent) to customer data with authorised incumbent providers (PiS & AiS)
- General Data Privacy Regulation (GDPR) focusing on allowing customers to take back control of their own data.
This raft of new regulations is about stimulating collaboration and innovation via API-connected communities of existing and incumbent providers of financial services.
While banks will be obligated to share their data to enable third parties – such as Google, Amazon, Facebook or Apple – to build the next generation of financial services, this should never be at the cost of poor security. In fact, security is an issue closely linked to customer loyalty, as Peru recently highlighted.
Although it may seem the traditional banks are at a disadvantage, actually they are uniquely placed to take advantage of this disruption by:
- Becoming a “Bank Channel” using APIs to deliver traditional banking products
- Leveraging the app market and exposing their own services through Open APIs to third parties
- Distributing integrated/bundled financial services combining own services with third parties
- Aggregating data and multiple financial service providers data through a single owned API
- Offering banking as a platform to other financial institutions
The danger in creating financial ‘mash-ups’ – as witnessed by the telecoms sector – is that incumbents don’t see the benefits in collaboration and try to hinder any meaningful cooperation to protect their market position.
On the up
According to the Open Banking Working Group (OBWG). which has recently launched The UK Open Banking Standard, services may be affected in six main areas:
- Current account comparison services
- Personal fiscal management – budgeting and financial history
- Access to credit – best loan rates
- Affordability checks – speeding up loan process
- Online accounting
- Fraud detection
For UK banks and challengers, this standard will roll out in phases across 2019 to cover Data, API and Security standards and younger customers who expect more flexibility and fluidity from service providers will undoubtedly seize the opportunity to move.
The main challenge to data security is in data consumption, particularly via web and mobile applications. While the Open Banking initiatives will force banks to develop new APIs to allow transfer and access to customer data, hackers will be hard at work seeking vulnerabilities and entry points.
As regulations become more widely understood, banks must provide a balance between openness and security by hardening existing web and mobile applications and defending new APIs to the same level as legacy back office systems. A complete API review and assessment, combined with appropriate controls, will stand banking organisations on a firmer footing.
In addition, strategic sourcing and identification of the right technologies and partners; the design and development of appropriate and scalable architectures; and clear integration governance will all be crucial in delivering robust, flexible and future-proof digital retail banking.