Open banking is already standard practice throughout Europe, as well as the U.K., Australia, and other countries thanks in part to the European Union’s (EU) Payment Services Directive. This became law in 2016, with a two-year window for parties to achieve compliance.
Some would argue that variations of open banking have already gained traction in many U.S. settings through a market-driven approach linking banks and certain financial service providers.
A proposed Consumer Financial Protection Bureau (CFPB) rule would make open banking mandatory for virtually all banks and credit unions, however. The regulator’s 299-page document certainly leaves much to be desired. Market forces are already delivering a similar—if less ubiquitous—result.
Regardless of misgivings about the regulatory approach, credit unions should be formulating go-forward open banking strategies. At this point, it’s a question of how, rather than if, these practices take hold. Managed properly, they could also prove to be a net benefit for many credit unions.
Simply put, open banking is based on the premise that consumers own their financial data, and can determine who receives access to it. It provides a mechanism for the sharing of financial data between entities—typically banks and fintech firms, but also between financial institutions as a means of lowering “switching costs” for customers looking to change banking relationships. The portability of cellphone numbers between carriers is sometimes cited as an analogy.
Fostering innovation is another rationale commonly mentioned in support of open banking. According to this logic, nonbank fintech firms are better equipped to spearhead such development, but to execute they require access to consumer data.
The proposed CFPB rule, referred to as Section 1033 for the Personal Financial Data Rights authority cited by the agency, aims to require banks and credit unions to facilitate broad access to such data.
A meaningful amount of this data sharing is already taking place today, whether through party-to-party agreements between (mostly large) banks and fintech players or via “screen-scraping.” The latter is a longstanding and perilous process in which an account holder shares online credentials with a third party, which logs in and extracts data on their behalf.
The proposed CFPB rule mandates the use of application program interfaces (APIs) for all data transfer. The elimination of screen-scraping would be a highly desirable byproduct.
Realistically, however, an industry standard will be necessary to enable connectivity across the myriad U.S. financial institutions and fintechs involved. The Financial Data Exchange, an industry consortium, is striving to create such a standard.
During a panel discussion at the recent America’s Credit Unions’ Governmental Affairs Conference, two credit unions shared varying approaches to open banking. Chad Carrington, chief information officer at $21 billion asset Golden 1 Credit Union in Sacramento, Calif., has taken a proactive approach to managing third-party connectivity, publishing APIs based on industry standards and working with vendors to establish secure developer access and avoid screen scraping.
By contrast, $685 million asset Union Square Credit Union in Wichita Falls, Texas, has disabled screen scraping, citing security concerns, while integrating Intuit’s QuickBooks into its online banking portal. Monica Davis, Union Square’s senior vice president of risk management, says QuickBooks is the most requested third-party product.
Notwithstanding valid concerns regarding informed consent, confusion over first-line support, and the cost of enabling and maintaining data access—each of which will hopefully be addressed before the rule is finalized—as well as the actions of large banks and member expectations, make clear that a sound credit union strategy should address open banking and data sharing in some form.
After all, open banking is not a one-way street. Credit unions can leverage it to ease the onboarding process of accounts won from other financial institutions, eliminating the friction that may have impeded member migration to a better experience.
And like Union Square’s example above, seamless API data exchange—even if not exclusive—can facilitate partnerships with selected third parties to build out a holistic member experience that need not require venturing to unaffiliated providers.
GLEN SARVADY is managing principal at 154 Advisors. Contact him at glen.sarvady@154advisors.com. This article does not represent the views of or an endorsement by America’s Credit Unions.