The Open Banking Rule

Bank Vault

It seems as the days go on, the “you’ve got to be kidding me” file continues to grow at a rate that far exceeds the imagination and one that is far greater than one is able to keep up with, this one being no exception.

The super geniuses of some governments around the world have decided that having an open banking system is a good idea, undoubtedly due to some people whining about being able to hook up their apps (programs) to their financial institution(s) through the use of API’s (Application Programming Interface). While the use of API’s has been a widely used form of communication between apps, servers, etc, and it’s pros are that less data needs to be transmitting back-n-forth, it does have it’s cons.

Banks and other financial institutions have been under enormous pressure in the last twenty-thirty years to insure the safety of the consumers information that is stored in the institutions network of servers. Banks and other financial institutions are a prime target for hackers. The payout of a breached bank would be in the millions, if not billions and the information that was stolen would still be in the hands of the people responsible for the breach in the first place.

It’s been reported not that long ago that JP Morgan/Chase fights off some 62 billion hacking attempts per day!

The Consumer Financial Protection Bureau’s open banking rule is set to be finalized this fall. With it, financial institutions across the US will need to provide access to customers’ financial data for checking, savings, and credit card accounts, prepaid cards, and digital wallets, at their request, to third parties like fintechs. There’s plenty of material on the opportunities and risks of this, and how FIs feel about it. But, at the end of the day, they’ll have to comply if the rule goes into effect. So the real question is, “How?”

Infrastructure is a big problem for many institutions – according to data from Forbes Insights and Thought Machine, 59% of surveyed bankers consider legacy infrastructure a major business challenge. These systems make it difficult to integrate and share data, which is the prevailing idea behind open banking. In particular, the ability to share data externally in a standardized manner via application programming interfaces is key: Per CCG Catalyst’s US Open Banking 2024 Report, “There is now broad consensus that API-based interfaces should supplant screen scraping in how consumers’ financial data is shared.”

As a result, FIs need to think about how they will get their infrastructure ready to support the data-sharing interfaces that open banking will require. Except in the cases of a few megabanks that already have the foundations for this, that will mean looking for help and knowledge to inform their strategy.

There are three primary places a bank or credit union might start:

Bank technology and digital banking providers. Core system and digital banking providers — think FIS FIS -0.1%, Fiserv Fiserv 0.0%, JHA, Q2, Alkami, etc. — all have the CFPB’s rule on their radar. And they are aware that they will play a major role in helping their clients comply should the regulation go forward. In particular, consent management, a focus of the CFPB draft rule, is expected to evolve along with the regulation in addition to data orchestration, aggregation, and data cleaning.

Third-party aggregators. Aggregators like Plaid or Tink (owned by Visa 0.0%) are working to get ahead of the rule by inking deals directly with FIs and partnering with other technology providers. For example, Tink has signed data access agreements with banks and vendors, including Capital One 0.0%, Fiserv, and JHA. Understanding the strategies behind these players could go a long way in helping institutions get a handle on how they can take more control over their open banking futures, potentially extending beyond the rule to other use cases their current technology providers haven’t yet thought of.

In-house developers. Those that have the option to turn to in-house talent will likely want to do so. While the ability to build all of the infrastructure needed for open banking isn’t available to most, any kind of technical knowledge that can inform an institution’s strategy will help to chart a path forward. This will be especially valuable for FIs that are forward-thinking and know they want to plan beyond compliance to a long-term strategy for open banking.

These sources are not exclusive. In fact, FIs should be looking to consult a range of experts as they build their open banking strategies. Ultimately, some will be focused on getting on top of this rule, while others will be several steps ahead. Wherever a bank is on that spectrum is fine, as long as there is a strategy behind it. While it is certainly possible to achieve compliance by waiting for your core provider to tell you what to do, there is a missed opportunity there. Knowledge is power, and by reaching out and getting informed, FIs can begin to think about open banking compliance in a way that works for them.

Importantly, the CFPB’s rule only covers certain types of data; there are many, many other use cases to be considered. Basic compliance is a necessary starting point, but the savviest will take things a step further and look for ways to differentiate. Whether your bank is one of those FIs or not, it’s at least worth understanding what that looks like.