Open banking allows, and in some cases compels, banks to make it easy for financial services IT (fintech) companies to access the accounts of any customer who gives their authorisation for this to happen.
Fintechs can then use that customer’s transaction data for the purposes of budgeting advice, loan approval and various other financial and investment services.
It is also possible to initiate online payments through open banking, without the customer having to log into their bank account or use a credit/debit card. Although that may sound like a security risk, open banking is implemented in such a way that it is safer than some other forms of banking, with secure authentication for every transaction and no customer payment details retained by merchants.
The open banking interactions are handled by application programming interfaces (APIs), which, ideally, provide a standardised way of accessing transaction data and initiating payments. However, standards vary from one country to another. How well each one is set and adhered to depends on a number of factors, including regulatory oversight, incentives, technical abilities, local market forces and support structures.
It is perhaps not surprising that although the European Union (EU) is often presented as a single entity, when it comes to open banking, individual European countries differ in how well and how far they have progressed towards making open banking a success.
Kieran Hines, senior analyst, banking at Celent, said: “It is easy to forget that open banking is still a very new concept. While PSD2 has been around for many years, it has only been fully enforced since September 2019 and is very much in its infancy.”
PSD2 is the Revised Payment Services Directive, the EU regulation that underpins open banking and has existed since early 2016. However, European countries had until early 2018 to incorporate it into their national law, and even once that was done, implementation has been patchy.
PSD2 doesn’t set any specific technical standards for making banking data available through APIs, so individual countries have come up with their own. This is in marked contrast to the UK, where the Open Banking Implementation Entity specifies the API requirements for open banking in great technical detail.
Jack Wilson, head of policy at TrueLayer, a technical service provider for open banking, said: “In Europe, we are six to 12 months away from the UK. The maturity of open banking infrastructure also varies, with German banks, for example, typically using XS2A standards while French banks use STET.”
Hines added: “The situation in Europe is a little further behind [the UK], and varies quite a bit between markets. While there are several banks that are highly advanced in their open banking strategies, there remain many that are lagging.”
This is partly due to inertia. Banking is notoriously conservative when it comes to new ideas and technology, which makes sense – few customers want to see their bank taking big risks. If the banks can’t see the commercial benefit of open banking, all that’s left to push them forward is regulatory compliance – the stick rather than the carrot.
Wilson pointed out: “A lesson of PSD2 has been that when banks are asked to build and maintain APIs for compliance reasons, rather than because they are revenue-generating, the quality and reliability of the APIs suffer. It is important that data holders understand that APIs are not purely a compliance exercise, so that they build API infrastructure to a high quality for commercial use.”
There are signs that this is starting to happen in parts of Europe, as more banks cotton on to the possibilities offered by open banking. “In markets like the Nordics, customer journeys are not too far behind the UK when you compare conversion rates,” said Wilson. “In markets like Italy, on the other hand, there is still a fair amount of work to be done to improve user flows.”
Hines also sees signs of improvement, driven by third-party providers (TPPs) such as fintechs, which use open banking to provide services to customers. He said: “What is interesting to see, though, is the degree to which the number of TPPs in mainland Europe has begun to accelerate. France, Germany, Sweden and the Netherlands have all seen strong growth in their TPP ecosystems over the past 24 months.”
This growth is likely to drive the provision of open banking services by more European banks, because those that don’t make their data available in a standard way are likely to lose their competitive edge.
Even so, there are roadblocks, and some of them are cultural. Matthias Kröner, fintech pioneer and co-founder and former CEO of the Fidor Group, has experienced these first-hand. “I saw, at least in the German market, some scepticism regarding PSD2 once the application phase started,” he said. “For example, some journalists have realised that data aggregation services [TPPs] may make you an offer for a loan, which means they then have your banking transaction data. This is not considered a positive thing in Germany.”
Kröner explained that Germans are very protective of their privacy, although this is sometimes hypocritical. “We’re very happy to share our data privacy concerns on Instagram and our free speech complaints on Facebook,” he said. “This is something that I don’t understand any more. I joke that we are only innovative with our cars – we don’t notice that our cars are also sharing our data.
“German angst is hitting us here against the international competition. Seriously, I’m concerned about our engineering location – made in Germany – being reflected in industry but not in policy-making. My gut feeling is that we’re not meeting PSD2 expectations.”
Clearly, there are serious points beneath Kröner’s joking. Cultural differences within and between European countries can affect the uptake of new technology in dramatic ways. Even if the technology works perfectly, it may be rejected by customers on the grounds that it is too intrusive in terms of privacy and confidentiality.
Those perspectives may seem flawed, but they are often deeply ingrained. In the end, the success of open banking in any given European country may depend more on the mindset of that country’s population than anything that banks, TPPs and regulators may do.