Open Banking: advancing customer centricity by putting the customer in charge

The power of putting customers at the centre of the corporate business strategy has been a well-known concept for decades. Many organisations across various industries have followed such a customer-centric approach to differentiate themselves and build a competitive advantage. However, in the digital era, the customer-centric approach is evolving to the next level, in particular with regard to customers’ financial assets, personal data and digital service experiences, as well as service options.

As a result of accelerating digitisation, the next level of customer-centricity allows both private and business customers to move from being only the focal point (‘customer-centricity 1.0’) to being increasingly in control of the product/proposition and channel dimension of their financial services (‘customer centricity 2.0’). Customers will be able to more effectively manage their financial assets and data based on their specific needs and anytime, anywhere, on any device (ATAWAD). This transition is depicted in the figure below:

Figure 1: Transition from product centric to next level customer centric

For banks, this next level customer-centric approach manifests itself in the rise of the Open Banking development, in which banks have the opportunity to work in a scalable fashion with innovative technologies and players resulting from the growing fintech community. This major trend opens avenues to put customers more in control as to

1) which products and services they consume in relation to their bank accounts (product perspective); and
2) from which service providers they wish to buy the respective product or service (distribution perspective).

Putting customers ‘in control’ reflects a response to customers’ desires to take advantage of the opportunities offered by an increasingly connected digital ecosystem. For digital banking, these opportunities may include the following:

1) Connect third party apps directly to a bank account and vice versa, e.g. for initiation of payments;
2) Connect bank account data to apps, e.g. for financial planning and lending;
3) Login (identification and authentication) at third party websites (public and private) with existing banking credentials;
4) Share with or confirm personal attributes (e.g. name, age, email address) to third party websites after authorisation with existing banking credentials.

The Open Banking business model provides a promising basis for banks wishing to respond to the requirements and expectations of their customers by delivering ‘customer in control’ value propositions.

Regulation also drives customer control

Aside from customer expectations, regulation is another strong driver of Open Banking: the push by regulators for more openness in banking is very much reflected in the “access to account” provisions of the revised Payment Services Directive (PSD2) and in the General Data Protection Regulation (GDPR, coming into effect on May 2018).

For PSD2, the planning is defined by the still to be published agreement on the strongly debated Regulatory Technical Standards (RTS) on strong customer authentication and common and secure communication. These RTS need to be implemented at the latest 18 months after their publication by the European Commission. It is expected that these RTS will need to be applied from the second quarter of 2019 at the earliest.

PSD2 will enable private and business customers to connect third party services to their payment accounts upon their explicit consent, allowing for payment initiation and retrieval of account information. GDPR equally enables customers to obtain active control, via verifiable consent, of the following:

1) Which personal data is stored with which (kind of) institution;
2) What data is processed for what specific purpose;
3) What data is shared with other organisations.

In addition, customers will be able to take along their (historical) personal data upon their request and will have the ‘right to be forgotten’ by a given organisation, i.e. they will be able to demand that their personal data is deleted when the business relationship between the customer and that organisation ends. In essence, this implies that institutions (including banks) must provide customers with ‘tools’ to exert such control over their financial assets and personal data. This offers an opportunity for innovative (data-driven) propositions beyond mere compliance to PSD2 and GDPR, and a major threat (including fines of up to 4% of revenue and the risk of reputation loss) if banks fail to comply with or implement GDPR compliance in a proper manner.

Digital identity and APIs are becoming crucial assets

Another key factor driving the Open Banking success story is the rapid extension of the use of Open API (‘Application Programming Interfaces’) technology in the financial services domain. A pioneer initiative in this field is the UK Open Banking project (www.openbanking.org.uk) focusing on the development of standard banking APIs, starting with information services. This is planned to go live in January 2018, coinciding with but separate from PSD2.

The Open Banking business model will require crucial developments not only in relation to APIs but also with regard to digital identity capabilities, in order to provide customers with the tools they need for their control.

Key aspects of APIs are the functional scope (possibly going beyond what is required by regulation such as PSD2), effective business and operating models, and the scope of standardisation in terms of technology, legal and operational matters.

Digital identity is a concept banks are already familiar with. Notably ‘Know Your Customer’ (KYC) and Anti-Money Laundering (AML) requirements have led banks’ need to know who exactly their customers are.

Over the years, the management of customer-related data has become digitised and extended with (mobile) authentication and authorisation services available for use with banking services. The increasing need for customer control is extending the use of these digital identities outside the bank’s domain. It enables customers to create and manage dedicated access rights to personal data and financial assets, i.e. ‘consent or authorisation management’. This is comparable to re-using social media logins at third party websites where a user authorises which personal attributes (e.g. name, friends list, email) a third party may access for delivering its service. Examples of this user experience:

Figure 2: Examples of customer control through digital identity tools

Thus, the user experience of customer control propositions is likely to be very much defined by the possibilities and implementations of digital identity tools (authentication, authorisation) at financial institutions, making digital identity capabilities crucial assets in any digital bank, next to the importance of digital identity in cybersecurity. Technological advancements in biometrics and fraud control are likely to make the customer control experience even smoother in the years to come. At the same time, customers collectively need to get used to these new possibilities of safely connecting ‘other’ applications to their bank account for exercising control over financial assets and personal data. Here lies a communication and education task for industry stakeholders at large.

The article is based on a recently published Open Banking report by the Euro Banking Association (EBA) on advancing customer centricity. The full document can be found here. More on EBA’s Open Banking Working Group here.

For similar stories, please check out our Open Banking and APIs Report, to get insights into the nascent landscape of Open Banking in Europe.