Published on the 02/07/2018 | Written by Phil Kernick
Will open banking wither and die quick smart? Phil Kernick argues the case…
It’s a hot topic across the financial services sector, but the jury is still out on just how much value open banking – which was due to commence in July, but has now been delayed eight months – will deliver to Australia.
Low awareness among consumers and challenges around compliance could see the concept wither and die before it’s had a chance to bloom.
Based on a system that is now in place within the United Kingdom, Australia’s forthcoming open banking system has been essentially modelled on the success of phone number portability. This regulatory change made it possible for people to keep their phone number and switch between different carriers in search of better deals or services.
Open banking promises similar flexibility in the financial sector. It is designed to allow people to go to a different financial services company and authorise them to make an assessment of their financial standing by accessing records that are held by their existing bank.
“‘Build it and they will come’ may work in many different areas, but the chances of it working when it comes to open banking are slim at best.”
While this sounds like an interesting concept, in the cold light of day it’s really nothing more than a solution in search of a problem. It might also be described as a fashionable soundbite that is easy to say but very difficult to actually get right in practice.
The bottom line is that the vast majority of people rarely, if ever, change banks. Because of the complexity and administration involved, they tend to stick with one institution through thick and thin. Anyone who thinks open banking will change this mindset is, unfortunately, deluded.
The data aggregation challenge
A second inhibitor for the success of open banking is the systems used by the banks themselves. The concept requires that customer data be in a form that can be readily exported to another authorised party.
In reality, this will be a lot harder to achieve than you might think. As a rule, banks don’t store all the data relating to a customer in a single database. Instead, it tends to be stored in different departments, across multiple systems, and in different formats.
Indeed, a bank may not know that all the products and services purchased and used by a particular individual actually relate to a single customer. A maze of different ID numbers, account names and access channels make joining the dots rather difficult.
To participate in an open banking environment, banks will be required to centralise their customer information in a way that has simply not been undertaken before. This will take significant investments in IT to design, roll out and manage.
As well as being a costly exercise to complete, this change to the way customer records are stored also has significant security implications. Once completed, there will then be a single data store within each bank at which cybercriminals can take aim. New security measures will be required, further adding to cost and complexity.
Third-party security
Open banking’s third key challenge stems from the array of new organisations that are going to be seeking access to customer financial records. These could potentially range from very small fintech start-ups to comparison web portals and even social media platforms.
Questions need to be asked about what these organisations will do with customer data in the longer term. If an individual opts not to take up a new product or service being offered, what will that organisation do with the records that have been received?
There are also questions around the quality of these organisations. Who is going to be responsible for assessing them to ensure they are legitimate? If a criminal group established a fake fintech firm with the goal of harvesting large numbers of customers records, what mechanisms would be in place to prevent them from operating?
Here the problems are likely to stem from the fact that such organisations could be granted authorisation to access records by a prospective customer prior to there being any contractual relationship in place between. The customer then has no guarantee the records will be deleted if no relationship actually results.
It’s clear there are a range of sizable challenges ahead for any open banking system in Australia. There are also questions around exactly how much demand there is likely to be from consumers. When open banking does officially come into existence, it could quickly become a ghost platform devoid of customers or commercial participants.
The mantra ‘built it and they will come’ may work in many different areas, but the chances of it working when it comes to open banking are slim at best.
ABOUT PHIL KERNICK//
Phil Kernick is chief technology officer and co-founder of information security consultancy CQR Consulting.