In Europe, the open banking sea change has largely been brought about by the revised Payment Services Directive — known as PSD2 — which requires European banks to share data with financial technology companies if customers request they do so. The regulation aims to stimulate competition by giving fintech companies access to customer data that they have been collecting piecemeal for years (without banks’ authorization).
There are signs U.S. regulators could take a similar approach. Last year, the Consumer Financial Protection Bureau signaled its approach for mandating that banks allow access to the sharing of financial data.
But U.S. banks should resist such a mandate because it could force them into a corner — whereby they share data for fintech companies to use in delivering in-demand payment services but lose out on capitalizing from those services. Rather than encouraging healthy competition, PSD2-like regulation in the U.S. could give fintech companies a clear advantage by helping them poach customers from established banks — without leaving room for banks to compete directly in the digital banking space.
A U.S. version of PSD2 would seek to fulfill consumer demand for simpler and more secure digital banking tools. But banks need to prevent conditions that would require regulation so traditional financial institutions can have the best shot of realizing opportunities from the digital banking transformation.
How they can seek to avoid such a regulatory response might sound counterintuitive: Banks need to share more data.
Banks should start selectively sharing financial data with third-party companies now. To embrace the new model, a good starting place is to create secure application programming interfaces such as those developed by Citigroup and Capital One. The strategy gives banks the option to give fintech companies non-real customer data on which to build apps. Banks can assess which apps in development are the most promising and therefore which ones to invest in with capital, real customer data or both.
This selective data-sharing model can help banks stay competitive by giving them more negotiating power with fintech companies. It also works in consumers’ interest by giving banks, which are better equipped to safeguard sensitive personal information than nonbanks, some ability to vet fintech security measures before sharing real customer data. Banks can even build informal standards for fintech security by sharing data with fintech businesses on the condition the fintech companies take pragmatic steps to validate the stringency of their cybersecurity measures. One such step could be for a fintech partner to voluntarily submit to federal bank regulatory requirement on cybersecurity.
Already, consumers trust banks to securely manage their personal data. Therefore, if banks pressure fintechs to strengthen their security measures, banks can help extend customer trust through new digital banking tools, help those applications scale and gain merchant support more quickly. If trusted fintech services connect to banks through an API hub, banks could become the central source for identity verification in time.
But developing this business opportunity could be diminished by a regulation like PSD2 that would allow fintechs to easily access a consumer’s identifiable information, and give consumers carte blanche to spread financial data further online.
Banks need to foster conditions that would reduce the attractiveness of such a regulation, by meeting fintechs halfway.