When Prophet Muhammed (Pbuh) arrived in Medina, the first thing he did was to initiate the construction of a mosque, the ‘Masjid Nabawi’. With this process, he intended that two very different sets of people, both unknown to each other, should collaborate in building this first mosque. In his wisdom, Prophet Muhammed (pbuh) foresaw that any development of use to the wider community would need to be undertaken with the collaboration of different actors. The cooperation between the Ansar autochthonous and the Muhajerrun refugees from Mecca would exemplify this spirit. More importantly, and throughout his life, the Prophet (pbuh) emphasised this notion of collaboration, particularly when it comes to trade and to the movement of money. In a reported Hadith, the Prophet (pbuh) said “May Allah’s mercy be on him who is lenient in his buying, selling, and in demanding back his money”. The Arabic word used in this Hadith for ‘lenient’ is ‘samaha’, which also has the meaning of flexibility or agility.
In today’s world, where money flows across cultures and geographic space, and between virtual accounts with ever-increasing speed; these prophetic values are more than ever relevant. The early Muslims placed emphasis on collaboration, agility and leniency. One way to foster these kinds of values in today’s world is Open Banking. Open Banking is a new and revolutionary way of using financial data by third party providers for the benefit of bank account holders. Having emerged in Europe in the early 2000s, the Open Banking concept has now swept across a large part of the world from Mexico to Australia.
Today, data has a value, and the promise of Open Banking is that by opening up their financial data and services to third-party providers, both banks and their customers would equally benefit from this openness. Banks would make the most of the enormous treasure trove of data they hold and their end-customers would benefit from a large set of innovative and added-value services, making their lives easier. Naturally, Open Banking comes with its own set of challenges and risks. Banking regulators, banks and third-party providers need to work together to overcome them and to find models that preserve security, satisfy consumer needs and unleash innovation. The prize is well worth the effort – a better, personalised, more secure and more convenient customer experience for all. This chapter explores the nature of Open Banking, why it is important and how it will change the essence of the next generation of Islamic financial services.
What is Open Banking
Open Banking is a global movement that encourages financial institutions to allow, following customer consent, Third Party Providers (TPPs) access to individual and business customer data (such as customer transactions) or access to banking services (such as payment initiation). TPPs might be telecom companies, retail businesses or Fintech startups offering personal finance management solutions, accounting packages, P2P lending apps, etc. These TPPs work together to enhance the experience of their customers.
In a post-Open Banking world, customers will no longer access one universal mobile application or online banking service provided by the bank and the same for every customer. Rather, they will access an ecosystem of apps and services from which they can choose the tools that cater to their particular needs. Teenagers might use apps that help them save automatically, visually-impaired people might have apps that speak the balance instead of showing it, SMEs might have apps that help them manage their finance and reconcile invoices, and Muslims might use apps that conform to their religious values.
Different models can lead to Open Banking. No single approach is right for all banks, but steps shown in Figure 1 constitute a good starting point for understanding how it works. Open Banking is a response to the growing pressure from the bank’s customer base, which is demanding greater access to data, and to services that respond to their rapidly changing behaviour. Banks adopting Open Banking accelerate their digital transformation journey and help focus it on their customers needs.
Is This Really New?
The fact that customers are willing to step out of the traditional ‘walled gardens’ of banking and to explore new apps that better suit their needs is nothing new. In North America, the financial technology application Mint, offering budget planning, has been operating since 2006 and had over 20 million users in 2016 (Prince, 2016). Many Fintech apps, such as Transferwise in the UK or LendingClub in the US, have emerged with varying success, particularly in the aftermath of the global financial crisis.
In 2010, people at the Open Bank Project started discussing ideas of Open Banking and developing the first technical interfaces for it. Indeed, in the years following 2010, the technology that enables Open Banking, open APIs (Application Programming Interfaces) has matured and emerged as a reliable foundation to allow banks and TPPs to interact. Today, the Open Bank Project is the leading Open Banking platform for banks with over 200 standardized open API endpoints and a community of over 10,000 Fintech developers. Despite all of this, there is still no easy and secure way for most bank customers to access the newly available wealth of innovative solutions.
As a result, innovation is hampered and many potentially life-changing applications never make it to market. This is even more acute in the Islamic banking sector. However, it is changing quickly as more and more banks are joining the open API “bank-wagon”. Open Banking proposes to initiate a virtuous cycle of collaboration between banks and the new army of Fintech startups that has recently sprung into existence for the benefits of the end customer. Just as mobile banking is today both everywhere and unremarkable, Open Banking is fast becoming the new standard for delivering the banking services of the future.
Why Open Banking is Important
APIs are now everywhere. Apart from financial services, there is a strong trend of API adoption across multiple industries (Santos, 2018). Open APIs are seen as a leverage to accelerate product development, to open innovation and to generally become more agile and flexible. In the financial services industry, a study led by Warwick University and commissioned by TESOBE in 20172 identified the following benefits of Open Banking for a bank (in order of importance):
Another key benefit of Open Banking is security. The requirement for banks to provide their own managed APIs moves away from the current widely-spread screen-scraping model of data-gathering, which in most cases is neither fully secure nor legal. Open Banking enables banks to more effectively monitor and cope with high loads on their systems.
In a fast-changing market environment, Open Banking enables banks to enhance their customer experience and to gain a competitive advantage through the use of APIs and collaboration with a large ecosystem of nimble innovators. As an example, in 2016, the Open Bank Project collaborated with a tier 1 global bank to run a series of 10 hackathons powered by an API platform. As many as 300 startups participated in these hackathons, proposing ingenious solutions to specific business challenges confronted by the bank. The event led to subsequent pilot projects, which saw real business impact for the bank.
Example of Apps
Once the bank has a selection of open APIs in place, it can foster an ecosystem of apps and services to cater to the specific needs of the bank’s customer base. The Open Bank Project community is made up of over 10,000 developers, who have used open APIs to build innovative Fintech applications spanning a large variety of use cases. Some examples are shown in Figure 2. These are just some examples of the numerous possibilities. Banks aiming to benefit from such a third-party ecosystem are well advised to adopt an Open Banking approach and to start cultivating relationships with TPP actors relevant to their lines of business.
A Global Regulatory Imperative
As a growing number of banks continue to adopt open APIs, regulators around the world are stepping in to regulate and provide guidance in this nascent space. In the UK, regulation began in 2013, when HM Treasury commissioned a report about Open Data and Data Sharing for Banks (ODI and Fingleton Associates, 2014). This report led to the creation of the world’s first body tasked with the implementation of Open Banking standards, the Open Banking Working Group. This in turn led to the UK Competition and Market Authority mandating Open Banking for the nine largest banks in the UK in 2016. The EU regulators initiated a parallel discussion about Open Banking in 2013 and 2015, published the first Payment Service Directive II (PSD2) in the Official Journal of the European Union. This draft has been reviewed multiple times and in 2018 was passed into national law in the 28 countries of the European Union. Similar initiatives have since emerged in Mexico, Hong Kong, Australia and other parts of the world.
Most regulators around the world agree Open Banking is an ideal tool to:
- foster increased competition in financial services and create a level playing field;
- accelerate innovation in financial services;
- improve the customer experience and make financial services more accessible, personalized and easier to understand and comparable;
- ensure increased levels of security for customers and businesses.
Regulators have a critical role to play in scaling (or hampering) Open Banking. The key challenge will be achieving balance between the flexibility needed to unleash customer-centric innovation and the legitimate security concerns brought by Open Banking. Luckily, there are models that are emerging and there are a number of case studies from which to learn from.
The Case of Europe
The Payment Services Directive 2 (PSD2) is a Europe-wide regulation that now requires financial institutions serving European markets to allow TPPs access to payments, customer transaction and account data, following customer consent. When a customer has given approval to a third-party provider such as an online retailer, Fintech app or payments service; those services need to be able to directly make payments from the customer’s bank account. These providers are called Payment Initiation Services Providers or PISPs. If a customer has authorized a financial account aggregator service to draw in all their financial account information into one dashboard or app product, banks must make that data available to the aggregator service (these providers are called Account Information Services Providers or AISPs).
PSD2 regulations ensure that banks will create mechanisms enabling third-party providers to be able to work securely, reliably and rapidly with the bank’s services and data on behalf of the customer. PSD2 was published in the Official Journal of the European Union on 23rd December 2015 and entered into force 20 days after its publication on 12th January 2016. The deadline for turning the directive into national legislation by each EU member state was on 13th January 2018.
The European Banking Authority (EBA) has defined a Regulatory Technical Standards (RTS) on behalf of the EU Commission, which were published as a delegated regulation (EU) 2018/389 by the EU Commission on the 13th March 2018, to be implemented by 14th September 2019. RTS define rules for strong customer authentication between banks and third-party service providers. Key measures that PSD2 introduces include the following:
1. Banks must foster an open and equal market, by allowing approved and licensed third-party providers to access customer accounts where the customer has granted permission. Banks cannot add additional fees to these providers, refuse them access (without a valid reason), or put them at the end of a priority queue.
2. Payment charges must be fully disclosed. Any charges must be declared at the time of payment transaction, and must include a detailed breakdown of why charges occurred and for what reason.
3. Banks must adhere to tight security measures that ensure the customer has given approval for payment transactions. Strong customer authentication with two-factors will be a minimum standard.
The Case of Australia
Australia’s banking sector is required to open up data from the start of the 2020 financial year, under a new Open Banking regime agreed upon by the federal government. Open Banking in Australia will be introduced in different phases. The four largest financial institutions are expected to open their first APIs by July 2019, and all other financial institutions will have 12 months after that to comply. The scope of APIs to be open include credit and debit cards, deposit and transaction accounts, mortgages and other related financial products.
Prior to this regulation and to articulate a shared vision for its members and provide strategic direction regarding Australia’s Open Banking regime, the Australian Payments Council (APC), a financial service industry-body, held a hackathon powered by the Open Bank Project, a weekend-long innovation and software creation event. The hackathon took place simultaneously in Melbourne and Sydney between the 11th to 13th of August 2017. The event was supported by 12 members of the Council. The goal was to “Improve the Lives of Australians” by leveraging bank transaction data. It was attended by over 150 participants and saw two winning teams awarded the AU$5000 cash prize.
The hackathon was aimed at showcasing Australia’s next generation of Fintech innovators and to strengthen ties between the innovators and established financial institutions. Over the weekend hackathon, 22 teams entered the challenge and built viable solutions, with over a dozen new concepts and working prototypes. Importantly, as a result of the hackathon, the Council was able to provide an informed submission to the Treasury’s Review into Open Banking in Australia, which led to Australia’s current Open Banking regime.
The Case of Malaysia
The Malaysia Digital Economy Corporation (MDEC), a government agency, is tasked with scaling the local Fintech ecosystem. Maybank, one of the largest banks in the country, has already released a sandbox environment and has organized hackathons to connect with Fintechs. There is willingness from other banks to deploy APIs. There is also a healthy Fintech community, which would ensure that Open Banking provisions would be Fintech-friendly. All these efforts have taken place in the absence of real regulatory mandates.
The regulator has put in place an “Implementation Group” comprised of representatives from the banking industry, selected Fintech firms, relevant stakeholders and the Central Bank to drive the Open Banking agenda. In September 2018, Bank Negara Malaysia, Malaysia’s central bank, published its Open Banking guidelines exposure drafts seeking feedbacks from industry players. Applicable to Licensed Banks, Licensed Islamic Banks, Licensed Insurer and Licensed Takaful Operators; the scope of these guidelines cover motor insurance/takaful, credit cards and SME financing. This implementation group has already shared some draft API specifications, available on GitHub3.
Open Banking for Islamic Financial Services
Islamic financial institutions stand to gain numerous benefits of Open Banking. Firstly, Open Banking facilitates Islamic financial institutions’ (IFIs) collaboration with Fintech companies. Traditional IFIs are generally more constrained in talent pools and budget compared to more established conventional financial institutions. Such constraints might hinder innovations and this could be addressed through collaboration with Fintech companies. By having access to customers’ data at the IFIs’ core systems, third-party providers would be able to innovate solutions that would benefit the entire Islamic finance ecosystem. Generally, Fintech innovations for Islamic financial services could be divided into the solutions to improve IFIs general process efficiencies and customer experience and the solutions to help IFIs in ensuring that their products and services are Shari’a-compliant.
Fintech For Improved Process Efficiencies and Customer Experience
To survive in this digital age, at the very minimum, IFIs need to compete with the more established conventional financial institutions in terms of service qualities and customer experiences. Basic services like account opening, balance inquiries, KYC check, fund transfers, payment and portfolio review must conform to the current consumers lifestyle of banking anywhere anytime. Consumers are getting accustomed to mobile and online services employing latest technologies such as biometric identifications, QR code or NFC payments, chatting capabilities, geo-location and social media integration. There are many Fintech companies out there providing these innovative solutions that can integrate with IFIs core systems at much more affordable cost and much shorter timeframe if the IFIs have open APIs.
Open APIs make integration easier and faster, which provides an advantage to the IFIs. While there are many third-party providers providing solutions that aim to solve similar problems, IFIs could invite a few Fintech companies to conduct proof of concept by connecting to IFIs’ core systems and demonstrate the functionalities of their solutions. With this, IFIs will be able to find the best solution that fits IFIs’ requirements in providing the best experience to customers as well as most efficient for the IFIs’ operations.
In addition, Open Banking could promote third-party Fintech innovations, which typically require access to banking information such as customer details, account balances, transaction history, product information, debt servicing behaviour and prevailing rates. For example, Fintech innovations to compute customers’ net worth would require access to customers’ assets (deposits and investments) and liabilities (financing) information in which the data could be at various financial institutions. Fintech innovations to recommend financial products would require products and prevailing rates information of various financial institutions. Fintech innovations to calculate credit score would require customers’ demographic details, accounts information and debt servicing behaviours. With IFIs publishing open APIs, Fintech companies will have access to IFIs data without having to establish business relationships.
Fintech for Shari’a-Compliance Products and Services
In addition to competing with conventional financial institutions in terms of general process efficiencies and customer experience, IFIs have additional fiduciary duty, which is to ensure their products and services comply to Shari’a guidelines. Similarly, innovation within this space requires access to IFIs’ data. For example, IFIs’ products based on the concept of tawarruq or commodity murabaha require IFIs to interact with commodity brokers as part of the workflow process in completing the transactions. There are a few companies in the market providing the commodity buying and selling services to IFIs. To automate these transactions, IFIs core systems need to integrate with these commodity broker companies. With open APIs, IFIs could integrate with multiple commodity brokers seamlessly.
IFIs could also leverage on Fintech innovations in providing value-added services to customers. One such example is integration with Islamic social finance (waqf, zakat and sadaqah) Fintech companies. With open APIs; waqf, zakat and sadaqah Fintech platforms could easily access to customers’ accounts in IFIs whenever customers want to make their contributions via the platforms. Fintech innovation on zakat calculation would require customers’ access to their saving balance at various financial institutions. If these financial institutions published open APIs, Fintech for zakat calculation could easily connect to these IFIs and retrieve the required information and therefore would be able to consolidate saving balances to compute the amount of zakat to be paid by the customers.
Another Fintech innovation that requires both asset and liability data across financial institutions is for wasiat purpose. Wasiat documentation requires access to all asset and liability information of an individual that may reside at various financial institutions. Due to the dynamic nature of the information, they need to be updated from time to time. Eventually when a Muslim dies, his or her wealth needs to be distributed according to faraid (Islamic inheritance law). Similar to wasiat documentation, Fintech innovation to compute faraid distribution would also require access to the deceased assets and liabilities data at various financial institutions. Again, with published open APIs, access to these data will be possible and this, will provide great value to the customers.
Example of Islamic Finance App
Today concrete solutions for the challenges above exists and Fintech startups from around the world are keen to work with IFIs and bring their innovation to the market should they provide open APIs. Few examples from the world of Islamic Fintech are shown in Figure 4. Many more Fintech solutions exist and are ready to help IFIs improve customer experience, drive operational efficiencies and comply with Shari’a guidelines. It is up to the IFIs to make the first step, open their APIs and welcome the wealth of innovation and convenience it will bring.
Lessons Learned
Launching a successful Open Banking programme is no easy task. The aim of any such programme is to foster a thriving ecosystem where third party developers leverage the bank APIs to offer choice and value-added services to an engaged customer base. To foster this ecosystem, banks need to keep in mind the lessons learned below:
1. Do not wait for the regulation fine print: Forward-thinking banks are not waiting for regulatory requirements before ensuring they have the architecture in place to build platform business models. They proactively experiment with APIs and build future-proof strategies to win in a platform setting.
2. Think creatively about what assets to open up: While customer’s current account transactions are generally the mandated APIs, forward-thinking banks look far beyond, to include such services as loan account information, product specifications and transparency of fees and charges. Importantly, whilst being a more sensitive issue, payment initiation is a key asset to open. Banks should consider early adoption of payments service.
3. Standardise: Rely on an existing standard with existing adoption. Home-grown API specifications tend to scare Fintech developers away. The standard should always find the right balance between trust and end-user choice.
4. Offer a Fintech-friendly experience: Think and design from a Fintech startup perspective. Effective API documentation, sandbox environments, SDKs and code samples are must-have to drive engagement as well as Fintech-friendly terms and conditions.
5. Experiment in the open: Start taking small steps leading to quick wins. Deploy a production-ready sandbox with test data, organise a hackathon and it all helps to bring clarity and build internal momentum.
6. Plan a route to production: While experimenting in the open, keep an eye on production pathways and involve both business and technical team early on.
Failure to address some or all of these aspects can lead to disengagement of customers as well as of developers and hence to the failure of your Open Banking initiative.
Conclusion
The move towards Open Banking and the adoption of APIs by financial institutions, governments, Fintech firms and other stakeholders has accelerated. As a growing number of financial institutions continue to adopt open APIs, regulators around the world are stepping in to regulate and provide guidance in this nascent space. As more players recognize the benefits of APIs, and consequently, the importance of an API strategy in their digitization efforts, the role of APIs will grow further, especially to facilitate the establishment of ecosystems and come to shape the financial services industry in the digital age. In the post Open Banking world, customers will access an ecosystem of apps and services from which they can choose the tools that cater to their particular needs.
IFIs stand to gain numerous benefits of Open Banking such as improved process efficiencies, superior customer experience and Shari’a-compliant products and services. Open Banking facilitates IFIs collaboration with Fintech companies without the need for establishing business relationships. The integration efforts between IFIs’ core systems and third-party Fintech solutions will be more cost-efficient and require lesser time. IFIs would also be able to promote third-party Fintech innovations that require access to customers asset and liabilities data.
In the end, Open Banking will become as pervasive as mobile banking. Banking customers of all walks of lives will flock to the bank that provides them with product and services that are personalized and address their peculiar requirements even if these services are built by vetted third-party providers outside the walled garden of the bank. To stay relevant, IFIs need to take notice of this rapidly growing trend and get ready for a more open world!
