From Panic to Profit:

How CFPB's Proposed Data and Privacy Rules for Open Banking Can Increase Financial Institutions' ROI

‍

The Consumer Financial Protection Bureau’s (CFPB) proposed 1033 rule (which, according to American Banker, received over 11,000 comments before the December 2023 feedback deadline) requires financial institutions to share bank account transaction data with fintechs at a customer's request. This requirement would allow financial institution customers to share their banking data with third parties and give consumers control over their financial data by restricting the data companies can collect, retain and sell. The rule also provides consumers the opportunity to know who has their data and how it is used. This rule creates new possibilities for Open Banking in the US, and it’s a good thing.

Open Banking is not new to the global community. The EU and many LatAm countries, especially Brazil, have already incorporated open finance into banking, insurance and payments. In the US, big banks are moving at full speed and small to mid-sized community banks and credit unions are taking baby steps to incorporate safe, agile, open options for their customers.

Embracing this form of finance requires some knowledge, so first, let's understand the basics of Open Banking. Next, we'll consider its hidden opportunities, especially for community banks and credit unions in the United States, and look at success stories from other countries. Finally, we'll look at predictions for Open Banking in the US in 2024 and why it should matter to financial institutions of all sizes.

‍

What is Open Banking?

Open Banking allows financial service providers to share financial data between institutions like banks or credit unions with third-party service providers such as apps and payment processors through the use of application programming interfaces (APIs). Historically, financial institutions kept customers' financial data within proprietary closed systems. Access was only available directly from the institution. As customers demanded greater and easier access to their sensitive data on phone apps and for third-party payments and loans, financial institutions began to work with fintech partners and their own development teams to find ways to grant this increased accessibility.

Early attempts to share sensitive data involved a less secure process called screen scraping, which is still in use across the US financial sector. Screen scraping collects data from a screen display and allows the gathered data to be shared from one application to another. It also requires users to input sensitive information, such as banking credentials, into third-party applications to retrieve information from financial institutions. Unfortunately, while screen scraping permits cost-effective, quick, and efficient data sharing, it also makes it easier for data to be stolen and used unethically. Screen scraping technology has significant risks to consumers and institutions still implementing this data-sharing method.

APIs have become the answer to secure open finance. When properly designed APIs are in place, the protocol to exchange financial information between institutions happens through the API and user-authorized consent to share the information. The API offers proper security governance and all the mechanisms to protect user information in one place and can be strategically configured to allow secure, compliant access and sharing only to necessary parties. We're already doing this in other countries, and the opportunities for new business models, strategies, and innovation will create better customer experiences and increased revenue for financial institutions and fintechs in the US.

‍

Opportunities Abound with Open Banking.

The mention of potential new rules and regulations instills immediate panic in organizations impacted by these upcoming challenges. How will we comply? How much will it cost? How will it affect our ability to serve customers and run our business? Instead of creating additional stress for your institution, consider these regulations an opportunity to open new doors - imagine going from a flip phone to the latest smartphone. The services, products, and innovations are endless because APIs, when implemented strategically with the help of experienced providers like Sensedia, can help companies connect and scale more securely with less effort in the long term.

The words "long term" are key when considering adapting to new rules like those proposed by the CFPB. Your organization's first instinct might be to choose the cheapest, easiest way to comply with new rules, check off the box, and continue business as usual. From our experiences in Brazil, this action is often the most expensive option.

Many of our Brazilian customers chose compliance solutions without considering how they wanted to scale their businesses later or how future opportunities to join forces with other financial service providers could create new revenue streams. The quicker, cheaper and easier option eventually had to be scrapped in favor of switching to a modern digital strategy that allowed for more agility within a flexible, secure architecture.

Prepare to evolve and expand as rules and regulations change. Get expert advice and learn from past mistakes of other organizations so yours doesn't have to make them. Build a secure, scalable architecture from the start using experienced developers and proven platforms to incorporate all your compliance needs without compromising future opportunities. A wise investment in the right API platform and strategy now will pay off in the future for your organization and your customers.

‍

Companies Who Have Capitalized on Open Banking

Take, for example, Sensedia customer Banco BMG. The Brazilian bank provides accounts, loans, insurance, and investment products to individual, corporate, and wholesale clients, along with retail management support. Banco BMG needed to align with Open Banking regulations and required its API infrastructure to effectively store consented data analyzing customer behavior. The bank also needed to establish secure communication channels with other banks while meeting compliance requirements. BMG effectively safeguarded customer data, and leveraged open APIs to develop innovative payment and credit solutions such as securely supporting digital accounts through WhatsApp using voice recognition, AI and Interactive Voice Response technology. BMG was able to automate all processes, anticipate needs and create new business opportunities for 1.9 million account holders. BMG also uses a biometric security-based tech-touch model to reduce fraud and has been considering new franchise formats, products and services, focusing on a greater use of intelligence and data analytics. Focusing on innovation and API strategy, the company grew 28.2% over 12 months and increased active account holders by an incredible 240.5% to 4.6 million. The bank opened its APIs to third parties, establishing a robust foundation for future Open Finance initiatives.

‍

What could 2024 hold for CFPB and Open Banking in the US?

‍

Changes are coming, and new CFPB rules will be determined in 2024.

‍That much is perfectly clear. These rules benefit consumers by encouraging competition and protecting their data privacy rights. Financial institutions will need to find a responsible way to comply. But beyond necessary compliance, we've seen Open Banking implementations around the globe create pivotal and revolutionary change within the financial, insurance and payments industry. In the US, as rules and regulations take shape and screen scraping becomes obsolete, we can look to other parts of the world to learn how to create change that benefits us all.

FDX will continue to lead Open Banking API initiatives for the US.

‍The Financial Data Exchange (FDX) is a nonprofit organization dedicated to unifying the financial industry around a common, interoperable and royalty-free standard, the FDX API, for the secure access of user-permissioned financial data. FDX's international membership includes financial institutions, financial data aggregators, fintechs, payment networks, consumer groups, financial industry groups, utilities and other permissioned parties in the user-permissioned financial data ecosystem.

FDX promotes, enhances and seeks broad adoption of the FDX API technical standard and is dedicated to five core principles of user-permissioned data sharing: Control, Access, Transparency, Traceability and Security. Sensedia has been a member of FDX since 2021 and recognizes FDX's incredible work. FDX standards will likely shape new rules and regulations in the coming year.

Business models will evolve.

Expect new products and services to transform your offerings and increase ROI. Like the examples above, urgency combined with a solid API strategy opens new doors and brings in more funds. Credit unions and community banks may act more like fintechs as fintechs offer similar banking services.

Partnerships and highly connected business ecosystems will extend the ability for banks and credit unions to offer more services without the need to invest in additional staff and technology. An Open Banking structure sets the stage for more ways to securely connect business offerings, making innovating and launching new products and services easier.

Resources will be allocated to comply with new rules.

Administer your limited resources wisely. As discussed above, quick, cheap fixes aren't always the best option. Choose partners that understand the power of API management and strategy. Find companies with experience in APIs specifically for Open Banking that offer a proven roadmap to ensure your organization is fully compliant with a solution that results in a flexible modern architecture that enhances your legacy systems and increases your opportunities to scale.

Customers will demand more data control and privacy.

They want easy, secure access to more products and services through third parties. Customers will require knowing where their data is used, how it is being used and that it remains secure. They also want to be able to grant data permissions, set limits to their use and revoke them, controlling every aspect of their financial data. New rules will likely require this level of control and access, and customers will expect it. Strong API strategy and infrastructure allow flexible permissions and secure sharing, making it easier to delight customers within a stricter compliance framework.

Privacy is also top of mind for every buyer consumer out there. With the constant exchange of information, Whether AI, Fintech, or Insurtech, customers and regulators will expect higher levels of data privacy in the coming year. Today, with risky screen scraping, applications retain user-shared login information to authorize a payment or transaction. Once information is shared, the application has all the information needed to access everything in the user's bank account, a model often used by US financial institutions.

Companies like Sensedia can provide a better and standardized way to transact data that gives users control through a highly governed, secure API. Users can provide consent, authorization, and explicit access to only the information they agree to share and for the time period they choose. APIs offer privacy and security a screen scrape alternative doesn't. API and financial grade consent and authorization management are the keys to providing the control and privacy consumers need.

Financial Institutions will become more transparent.

‍To share data within the bounds of rules and regulations, financial institutions must make processes more open and ensure the trail of data sharing is available for audits and customers. Legacy systems can no longer be closed, and APIs hold the key to unlocking these systems safely without compromising security.

‍

It’s time to Embrace Open Banking

Open Banking is more than a "nice to have.” Open Banking is here and financial service providers need to consider how to adopt it in a way that works for business. How can it benefit credit union members or bank customers? How does it help other companies in the ecosystem, and how can we work together to provide a secure experience for customers? Beyond compliance, Open Banking will become an innovative business model disruptor for credit unions and mid-tier banks to compete more ferociously with larger banks.

Sensedia has supported this evolution in Brazil, where Open Banking was mandated years ago and is now adopted across all financial services. The success stories belong to financial institutions that embraced Open Banking early and found exciting ways to reinvent their business models.

One example is Sicredi, Brazil’s first cooperative financial institution. The organization embraced open banking, knowing products and services alone were no longer differentiators. Associates who shared their data with the cooperative received exclusive offers through Sicredi’s app, resulting in more than R$3.5 million in credit limit increases on cards and over R$7.3 million in credit granted via Open Finance. When financial institutions evolve into a bank-as-a-service or improve how they embed their technology to grow markets and improve customer experience across the globe, these innovations, spurred by Open Banking, create incredible growth.

Open Banking in the US is not just for the big banks.

Soon, it won't be optional. Now is the time to lean into it and use it to disrupt positively. Open Banking will change how we've been doing business and, more importantly, drive banking customers and credit union members to better experiences and better control of their data. It's a really interesting and exciting time for the financial services industry.

‍