Open Banking is set to launch in Europe next month. As banks and fintech firms rush to ensure compliance we wanted to explore the effects on the US fintech market. Recently the CFPB set forth data sharing guidelines for banks and fintech firms to share information. There has since been a number of articles in the news pointing to frustration among fintech companies as banks have not been forthcoming with data sharing.
In October 2015 the European Parliament adopted the PSD2 proposal to create safer and more innovative European payments. The new rules were meant to promote the development and use of innovative online and mobile payments through open banking, and make cross-border European payment services safer.
The new directive has helped to usher in a segment of fintech startups that have begun eating into the market share of banks. App only banking apps like Revolut, Monzo and Starling Bank have all had significant levels of success in reinventing the banking experience. Part of the reason these firms have gained momentum so quickly is the anticipated open banking directive.
Having such a directive has helped provide consumers with a better, more seamless experience with the added benefit that banks will be required to enable information sharing. In the US market this is not the case, banks are not bound by any legislation and so sharing data across different services is not as easy for US consumers.
The current process is clumsy and requires consumers to login many times across many different services. This has also been something banks have complained about to agencies like the CFPB. Services such as Personal Capital and Mint constantly ping bank accounts for information that users have open access to. Setting up a similar initiative in the US could not only allow for a better experience but will undoubtedly be safer for the banks and fintech firms.
After a year long process gathering information about data sharing and aggregation practices the CFPB released a non-binding set of guidelines for banks and fintech firms to follow. The principles explain that banks and fintechs should share information that is “necessary to provide the product(s) or service(s) selected by the consumer” and should only maintain that data “as long as necessary.” They recommend focusing on specific products that the consumer wants as this will limit the chances of potential security breaches.
Former FDIC Chair Sheila Bair recently wrote an opinion piece in the Financial Times about the security risks involved with sharing customer information across different services. Banks and fintech firms have varying degrees of cybersecurity protocols they are required to install, with banks being held to a significantly higher standard. As the EU and UK begin the open banking era Bair brings up many good points related to entry points for hackers to exploit. In the US this can be an even bigger challenge with no directive or unified system in place to share data.
The CFPB has started testing this out with their recent guidelines but should regulators be moving quicker to ensure the US stays safe and does not get left behind by their European counterparts? All levels of banks have started exploring different fintech partnerships in recent years through payments, wealth management, lending and more. At the same time consumers have begun testing out new services like personal financial management apps and robo advisory products that help them to invest money on a passive basis.
Consumers are beginning to take a more active role in how their financial lives are run, banks need to understand this wave of open banking is not going away. Being proactive and pushing for legislation can help banks to more securely share information and be the center point of the banking relationship. The bank doesn’t need to house all the different aspects of the experience, but they can instead be the main deposit taking entry point to the other services.