As banks work to fortify their cybersecurity defences amidst a growing number of data breaches, they are also exploring the promise of so-called “open banking,” a concept that could finally disrupt the staid financial services industry.
Customers have increasingly moved away from physical branches towards online and mobile apps, but banking has yet to reach its “Uberization” moment, one that breaks down traditional models to usher in new innovations, as Uber has done for the taxi industry.
Open banking — granting third-parties like financial technology startups access to bank data to develop innovative apps — could be such a “game changer,” according to Toronto Dominion Bank’s chief information officer, Jeff Henderson.
All but one of 100 payment executives at major banks globally said they were planning major investments in open banking by 2020, according to an online survey by consulting firm Accenture released last month.
But even as Canadian financial institutions toy with the idea, they’re concerned about the looming risk to consumers’ personal information amid the growing threat of cyberattacks.
The Accenture survey also showed that 50 per cent of respondents said that implementing the emerging concept increases risk.
“There’s no question this is a trend,” TD’s Henderson said.
“(But) I want to make sure that any time we exchange information externally, that is done so in a very controlled and understood manner.”
In these early days, the exact nature of the innovation in the open banking landscape is unclear, said Bob Vokes, managing director of financial services at Accenture in Canada.
“What we’re trying to do in open banking is to create new sets of services off of the banking data, or alternatively, allow you to manipulate your banking information in a different way,” he said.
Open banking allows consumers to share their banking data, which proponents say will spur the creation of new apps and platforms that will make financial transactions easier or develop new use cases.
For example, a consumer could log into one app and see all their financial accounts, from various banks, to get a full picture of their net worth and move funds in real time. Or, geolocation data could be layered over payment data, allowing a consumer to analyze exactly where their money is being spent, while also allowing merchants to offer them location-based rewards.
The buzz around open banking is building just as concerns about cybersecurity mount.
Most recently, Uber announced earlier this month that hackers compromised some 57 million user accounts and Equifax Inc. disclosed in September a cyberattack that compromised the personal information of half of Americans and some 19,000 Canadians.
It also comes as the Bank of Canada once again listed cyber threats as a key vulnerability for the Canadian financial system in its semi-annual review released Tuesday.
“The high degree of financial and operational interconnectedness among financial institutions means that a successful cyber attack against a single institution or a key service provider could spread more widely within the financial system.”
Meanwhile, various jurisdictions are pushing ahead with legislation that would see financial institutions become even more interconnected.
By January 2018, banks in Europe will be required to share proprietary data, in a regulated and secure way, under the U.K.’s Open Banking Standard and Europe’s PSD2 legislations.
Canadian institutions are also jumping on board.
The Competition Bureau said in a report on fintech earlier this month that it is early days “but the potential impact on competition and innovation is promising.”
The Ministry of Finance said in August it is “examining the merits of open banking.”
“Open banking holds the potential to make it easier for consumers to interact with financial service providers and increase competition,” the ministry said in a consultation paper as part of a review of the federal Bank Act.
The Canadian Bankers Association responded to the ministry that while its members are proponents of innovation, they are also concerned about the potential impacts on safety, soundness and stability in Canada’s financial system.
“Canadian banks have devoted very significant resources to creating well-established information security and data warehouses that meet the highest standards worldwide, the CBA said.
“Any initiative that could undermine this trust would be very problematic for Canadian consumers, financial market participants and the broader economy.”
Vokes says these concerns — as well as questions about whether the bank or the third party is liable if something goes awry — will need to be addressed in legislation.
If additional layers of security protection are put in place, open banking should not raise the level of cybersecurity risk, he said, adding however, that cyberattackers are becoming more sophisticated as well.
“Innovation isn’t just the purview of fintechs,” he said.
“As we continue to innovate, fraud and criminal enterprises are also innovating.”