What is open banking
The context
As many of us will be aware, the way that we bank in the UK had barely changed in one hundred years. While there have been technological developments such as the ATM, credit cards, chip and pin, the fundamentals have stayed the same. Traditionally, most people would open a bank account in their younger years and then use that same bank through the entirety of our adult life. Normally the decision on which bank to begin was decided in an arbitrary manner, perhaps where our parents’ banked, having a branch nearby, or similar.
When open banking launched in 2018, the nine largest banks in the UK (sometimes referred to as the CMA9) held an 80% share of all current accounts. The big nine banks were, Allied Irish Bank, Bank of Ireland, Barclays, Danske Bank, HSBC, Lloyds Banking Group, Nationwide, RBS Group and Santander.
Why?
The Competition and Markets Authority (CMA) were unhappy at this proposition and wanted to open the banking market up to external competition, lowering the barriers to entry, and offering consumers more control over their own personal data. This personal data can then be used to find propositions that could help people save money and access affordable products and services. They envisioned consumers could find an alternative current account with a cheaper overdraft, or a savings account with a higher rate of interest or a cheaper credit card.
Open banking and credit risk
Years on, however, the core use case stands as credit risk – making fast, fair decisions in a fraction of the time. As well as the ability to access more affordable products and services for consumers, open banking APIs afford financial institutions the ability to make decisions in minutes, what once may have taken hours, or even days.
This is really important to me. Ultimately, when you go to buy a house or a car, it’s not the car loan or the mortgage that’s attractive to you, it’s getting the house or car. So, if a consumer wishes to share their details with an app or FinTech via open banking, they could potentially save themselves hundreds or thousands of pounds or access products they never could have before.
Take a bank making a decision on a mortgage applicant, or an underwriter making a decision on whether to approve an application for a loan. Typically, both of these scenarios would involve bank statements having to be sent in or submitted via PDF. A process that is both arduous for the customer, and takes a considerable volume of time for the mortgage assessor or underwriter to analyse and then action. With open banking, consumers can share their bank account information quickly, securely and in seconds.
This is crucial to both financial institutions and consumer standpoint. As anyone who has applied for a loan or mortgage can testify to, having to send in paper statements and then having to wait weeks for a response is no way to carry out business. From the business’ perspective, having this information shared in seconds, categorised, with income and outgoings already populated, will allow those making crucial business decisions to do so quickly and confidently.
James Varga, Founder of Atto
How does it work
Through the use of APIs (Application Programming Interfaces) customers when buying a product or service can be directed to the login page of their internet banking. Once these details have been entered, the product or service will be granted access to certain (read-only) information through APIs. Essentially – the consumer consents using their familiar online banking experience.
Only companies authorised by the FCA can use open banking. These companies, such as Atto, are all listed on the Open Banking Implementation Entity’s (OBIE) website.
Having all the companies register ensures that all are following high standards regarding safety, and security, and if a consumer is in any doubt as to who is requesting their information, they can quickly check and see if their provider is listed.
Security
Open banking is inherently more secure than previous methods of obtaining printed or PDF bank transactions for several reasons.
- Open banking relies on standardised APIs and secure authentication processes established by financial institutions. This ensures that data access is regulated, and only authorized entities can retrieve customer information.
- Open banking minimises the need for consumers to share sensitive login credentials, such as usernames and passwords, with third-party providers. Instead, it uses tokenization and consent-based mechanisms, reducing the risk of data breaches or phishing attacks associated with traditional credential sharing.
- Open banking transactions are encrypted end-to-end, safeguarding data during transmission. This encryption, combined with stringent data protection regulations like GDPR, enhances consumer data privacy and security.
- Open banking allows consumers to revoke access at any time, providing them with greater control over their financial data. In contrast, sharing printed or PDF bank statements offers limited control once shared, making it less secure.
- As mentioned, TPPs who want to join the ecosystem, must be regulated and licensed by the FCA. This is a strict process and ensures that all firms who are offering Account Information Services (AIS) or Payment Initiation Services (PIS) are fully accountable.
UK Open Banking Implementation Entity has adopted the Financial Grade API (FAPI) Profile. Financial-Grade API (FAPI) is a specialized API security standard defined by the OpenID Foundation. It extends the OAuth 2.0 and OpenID Connect (OIDC) frameworks, and aims to provide enhanced security features tailored to the needs of the high-stakes financial industry. OAuth 2.0 is industry-recognised and widely used as a secure method for securing digital identities. OAuth 2.0 is the industry-standard protocol for authorization. OAuth 2.0 focuses on client developer simplicity while providing specific authorization flows for web, desktop and mobile applications. However, at the same time, it only supports those service providers that are regulated by the FCA.
Security has therefore been built into the heart of open banking. By only granting API access to a limited volume of actors who are all authorised by the FCA, and using OAuth 2.0 encryption, the ecosystem has been deliberately stringent in their security needs. Perhaps most importantly for the customer however, is that open banking is never opt-in, and nothing will ever happen without their express consent. This is critical to giving consumers clarity and confidence in the system.
Overall, open banking's reliance on modern technology standards, robust encryption, and consumer-centric consent mechanisms significantly enhances security compared to older methods of acquiring financial data.
Credit scoring
Now, we’re seeing the major FS firms adopt open banking, there’s a clear emergence of one pivotal use case – credit risk modelling and scoring.
Traditionally, credit scores have relied on historical data, that often leaves chunky gaps in an individual’s financial history/profile. In simple terms, this means that on many occasions lenders are declining credit lines to people because of a lack of data available – open banking plugs this gap. By using transaction data to enhance credit risk models, lenders can better predict those who are likely to repay their commitments – regardless of their occupation, financial history, or any other pre-existing possible bias.
Here's 5 ways open banking is impacting credit scoring for FS firms:
In essence, open banking injects vitality and accuracy into credit score models. It aligns credit risk decisioning with today's fast-paced, data-driven world, delivering benefits that extend beyond lenders to consumers seeking fair and accessible credit.
Wrap
Open banking represents a fundamental shift in the financial landscape, offering a secure and consumer-centric approach to managing financial data. This innovation has not only disrupted traditional banking practices but also opened up new avenues for enhancing credit scoring models, making it a valuable use case for credit risk decisioning.
Open banking's security features are paramount to its success. It relies on standardized APIs, secure authentication processes, and end-to-end encryption, ensuring that customer data remains protected during every transaction. By minimizing the need for consumers to share sensitive login credentials and providing them with control over data access, open banking surpasses previous methods in terms of security.
Credit scoring, a core application of open banking, benefits from real-time financial insights, improved accuracy, and enhanced financial inclusion. It bridges the gaps in historical credit data, allowing lenders to make more informed decisions. With open banking, lenders can better predict creditworthiness based on current financial profiles, leading to a more comprehensive evaluation process.
This innovative approach provides a competitive advantage to financial institutions, offering faster decisions, optimised portfolio management, and tailored financial products. It aligns credit risk decisioning with the data-driven world we live in, fostering fair and accessible credit for a broader range of consumers.
The marriage of security and data-driven insights is reshaping the credit risk landscape. Open banking is enhancing the accuracy of credit score models, promoting financial inclusivity, reducing risks, and ultimately benefiting both lenders and consumers. As open banking continues to evolve, it promises to be a driving force for positive change in the financial industry.
