Is Your Bank Ready for Open Banking? 5 Key Competencies You Need to Have

Today, the tradition-steeped Swiss banking landscape must deal with various challenges: apart from negative interest rates, growing competition, and eroding margins on established products, the customers’ demand for new digital products is also on the increase. This means more than ever that banks need to transform in order to remain relevant – and they need to do so under the pressure of the current market situation. The obstacles to bring innovations to the market by one’s own are for financial institutions both diverse and high.

A solution approach is the opening towards innovative fintechs and established software and financial services companies – known in open banking jargon as third-party providers (TPPs). At its core, open banking is about the secure exchange of customer data between these TPPs and the financial institutions. The technical basis for this consists of standardized application programming interfaces (APIs), through which companies can connect themselves and their applications with one another. However, the technical aspect and the data gained in this context are just the tip of the iceberg. To this day, partnerships with TPPs often fail due to the collision of two worlds that are characterized by different corporate cultures, market conditions, development speeds, legal and regulatory requirements, and technical prerequisites.

Banks in this country have the crucial advantage that they can help shape open banking in Switzerland themselves without regulatory pressure and can take advantage of the experience gained from international competition. The Swiss Bankers Association (SBA) has recently published an “Overview” on this subject and launched a “Blog parade” with the aim of providing banks with greater clarity about current developments and challenges in implementing open banking in Switzerland. 

However, this also requires that the banks address the topic actively and acquire key competencies. These five competencies are crucial:

Open banking is primarily a strategic issue rather than a technical one. No financial institution will be able to benefit in the long term from opening up via interfaces unless these are an integral part of its business model. Successful technology companies have always defined interfaces as part of their core strategy in order to integrate TPPs’ products and services into their own portfolio and, vice versa, offer their own products in new ecosystems. A holistic overview defines the form in which the company’s own products are to be expanded by way of cooperation with TPPs. Banks need to understand which customer segments they want to target with which products, and which specific interfaces are to be prioritized in this context.

As a bank, ask yourself the following questions:

• Which offers do I want to provide for which target (sub-)groups?
• How can I close gaps in the product range in the short term?
• With which products/cooperations can I stand out in the medium term?
   

Cooperating with TPPs enables banks to diversify and stand out with a broad, innovative product range and holistic customer service rather than with fiercely competitive prices. The bank then offers complementary services and products from third-party providers via its own digital channels, for example in the form of a shared platform or as an additional service in online banking or mobile banking. As with the popular streaming of entertainment content, the winning offering will be the one that is tailored to the customer as individually as possible and is the easiest to use. So banks certainly won’t be downgraded to just “data suppliers.” On the contrary, they too will obtain – in line with the legal framework for data protection – new data, e.g. on their customers’ spending habits. Based on these data, they can derive customized products and targeted marketing measures with additional touch points. Traditional financial institutions thereby not only secure the loyalty of existing customers, but can also gain new customers through the TPPs’ services. In addition, bank-specific services and products (e.g. compliance, regulation or KYC checks) that are more difficult for smaller companies to access can be advertised on TPPs’ platforms.

As a bank, ask yourself the following questions:

• Which products and services give rise to which added value?
• What costs can be expected for the product or service?
• How can I monetize the interfaces?
   

Security and trust are the fundamental prerequisites for open banking. Besides a technically secure and stable IT infrastructure, this also includes careful handling of customer data and reviewing TPPs. This is primarily about providing optimal protection for customers’ data. The customer always has ownership of his/her data and decides for whom and for what purposes to release his/her data by granting consent (consent management). In view of the regulatory requirements and the fiduciary duty and duty of care, it is important to ensure all of the banks’ requirements and comply with the legal conditions when reviewing TPPs. In the case of sensitive customer data, TPPs must apply the same protection criteria and security standards as the bank itself. The high requirements placed on the protection of customer data in particular, as well as the different measures adopted by banks and the lack of mutual understanding, are among the main reasons why cooperation efforts between banks and TPPs often progress too slowly or even fail still today.

As a bank, ask yourself the following questions:

• What is the contractual relationship with TPPs like – and on this basis, which criteria do I need to review for due diligence?
• How do I regulate legal aspects (e.g. liability, governance, data protection)?
• How is the customer’s declaration of consent obtained and documented (consent management)?
• Where do I set the system limit, i.e. the limit of my area of responsibility/duty of review?
  
  

Put simply, data exchange between banks and TPPs works as fully automated communication between machines. In “API calls,” the TPP calls on the bank – or, depending on the service, it may be the bank that calls on the TPP – and asks for certain data, such as a customer’s account balance. It must always be possible to rapidly implement and process the API calls and provide the requested data to the TPP via the interface. To this end, the banks need high-availability, scalable interfaces that meet current technical standards. The big challenge here is to seamlessly and securely connect the bank’s deeply rooted legacy systems with new online technology.

Another key aspect for compliance with data protection guidelines and contractual obligations is the technical rendering of consent management. The bank provides the TPP with an electronic key for this purpose (known as a “token” in the technical terminology). This key allows the TPP, for example, to fetch account information in line with the customer’s declaration of consent or deliver payments.

As a bank, ask yourself the following questions:

• Can my technology deal with the exposure of modern interfaces or should these be purchased as a service?
• Which technical specifications do I need to meet for each interface?
• How do I organize updates, particularly when there are multiple TPPs?
  
  

One major advantage of open banking platforms is that multiple TPPs can be connected to a bank at the same time and there doesn’t need to be a separate project for each connection. In view of the rather complex cooperation efforts between banks and TPPs up to now, partner management is a competency that should not be underestimated. This already starts with the identification and selection of suitable TPPs to be gained as partners for the planned new offerings. It therefore requires continuous market monitoring and corresponding resources. Furthermore, interested TPPs often lack the right contacts and thus access to the bank. Not every bank is automatically of interest to every TPP. A clear value proposition as part of the strategy is therefore a prerequisite for gaining suitable partners for the connection.

As a bank, ask yourself the following questions:

• What is my value proposition for gaining TPPs?
• How do I identify TPPs with potential?
• How do I involve TPPs in the event of security-related adjustments or incidents?