With third-party access, who is responsible for safeguarding customer information?
By Lisa Shields
Data security is no longer optional — it’s a top priority for any stakeholder in today’s financial landscape. As even more sensitive data passes between financial institutions and the customers they serve, the looming threat of fraud and theft continues to increase. This is especially true considering the growing number of financial services being offered by third-party app developers and financial technology vendors. The demand for more innovative services requires greater access to banking data, but increased access opens the door to significant and complex security risks.
More than 25 percent of consumers use both traditional banks and non-traditional firms, and roughly 29 percent of global consumers have used at least one fintech firm. As these third-party companies are granted access to more financial data, the lines between banks and fintech firms are blurring.
The use of open application programming interfaces to securely share data is slowly but surely becoming the new normal in financial services. However, an increasingly open banking environment raises a tough question — who is actually responsible for safeguarding data? And what role (if any) do banks now play when the exchange of financial data occurs?
Opening the (Data) Vault
While banks are known for collecting and storing troves of financial and personal information from their customers, their days of acting as “data vaults” may soon be numbered. A big change to this traditional behavior is set to hit European financial institutions in early 2018 with the European Union’s revised Payment Services Directive (PSD2). The move will usher in a major shift to how financial data is handled in Europe — standardizing access to data and enabling third-party providers and fintechs to spark disruption across rapidly evolving banking markets.
PSD2 will set the stage for increased competition, allowing new players to create and deliver innovative financial services without facing significant barriers to bank-held data. It’s expected that the revised directive will not only change Europe’s financial sector but may establish a precedent other developed nations will look to follow. Banks may no longer enjoy the luxury — or burden — of a tight grip over their customers’ coveted data and how it is used. Instead, open banking concepts are changing the way data flows between financial institutions and fintech challengers. But with changes to how data is handled and stored, comes increased risk and vulnerabilities.
In a world where banks are forced to open the data vault, some fear that sharing customer financial data may open the door to a surge in cybercrime. The role banks play in financial data security and data exchange will soon be changing, and many banks are preparing for what an open banking environment will bring.
Despite the potential risks, 44 percent of European banks will look to have an open banking offering within the next five years and North American banks will have to follow suit. As the popularity of open banking continues to grow, savvy banks will act less as data vaults and more like data custodians — keeping their trusted eye on how data is used and moved, as a service on behalf of their customers, versus clinging tightly to it out of fear of losing their customers.
As data custodians, banks strengthen customer loyalty by focusing on providing permissioned, secure and audited movement of data. Custodial duties could also extend to monitoring the behavior of the parties with whom data has been conveyed, and ensuring any vulnerabilities across data flows are mitigated. We believe APIs will allow banks to reach into business client’s accounting and enterprise resource planning systems to make their clients’ lives easier both in accessing and reconciling bank and fintech services.
With elevated services including “custodially shared” data, banks can establish new lines of revenue and can cultivate mutually beneficial partnerships with fintechs, rather than working against them. Done right, collaborative custodial services will yield the ultimate prize: rich client insights arising from bank data that has been enriched with data originating from fintech partners and client applications.
The New Normal
By embracing the possibilities of open banking and the benefits that stand to come with it, banks can evolve from a reactive to proactive stance on the coming change. Breaking down data vaults and working with third parties to share client-data responsibly will soon become the new normal as will the accompanying business models to support this role. While the global banking world waits with baited breath to see the continued change open banking will bring, financial institutions can ready themselves for the shift by taking on a data custodian role sooner rather than later.
Lisa Shields is CEO and founder of FI.SPAN. For more information, visit www.fispan.com.