Open Banking – Learning from past successes

11 September 2018


Open Banking is transforming the financial services market. There is no doubt about that. Financial services providers are quickly building the same types of ecosystems that we’ve become familiar with from the likes of Amazon and Facebook. As a result, the new scenery is starting to appear more interconnected and interdependent, promising to bring financial services more in line with these hugely successful consumer sites.

The media has been heavily focused on Open Banking and there has been some negativity about the lack of progress and the slow journey to an open landscape. However, banking systems perform a very different job to consumer systems – they look after people’s money. They have been built over the course of decades to do this job efficiently and securely and it’s this level of resilience that makes the difference. The post-Open Banking market will be built on distributed, interlinked services built on systems that are susceptible to failure in different ways to legacy systems. The industry must accept that the resiliency built up in traditional banking systems will need to be reinvented.

These old market infrastructures are battle-hardened. They have processes and controls in place to make them extremely resilient and able to compensate for the unavailability of individual service providers. However, they are old, hard to join, hard to change and expensive to run. All of which discourages innovation, hence the move to a more open or, at least, decentralised model driven by regulation such as Open Banking and PSD2. We’re effectively seeing a clash between open and closed systems that will result in fundamental changes to a bank’s technology architecture.


Entering uncharted waters

This has not been lost on the authorities, and the Bank of England has released a discussion paper on ‘Building the UK financial sector’s operational resilience’. One of the most pressing considerations surrounds system failures – when one system used by multiple providers and supplied by (for example) a bank fails – and the potential domino effect these presents.

Open Banking has effectively created a porous system. An open environment creates potential points of failure and exposes systems to security breaches. By expanding the number and type of organizations offering financial services, the surface area open to attack or failure is greatly increased.

This isn’t to say that we should cling to the old way of doing things, far from it. Just as the IT world has recognised that hosting solutions on open source technologies has transformed the pace of innovation, so too can an ecosystem of suppliers in the banking value chain.

The new architecture does, however, bring a new set of problems. The old system had gone through its teething troubles, had become hardened, and was largely secure and stable. Banks owned all of the “moving parts” and could resolve problems relatively quickly. In transitioning to a new system this stability is lost. The new world of Open Banking means that responsibility is distributed, and it is not clear how well individual service providers will work to resolve issues. While we’ve learned lessons from the past and applied them to system development, we’re entering a new world with new challenges that have not been encountered before. Indeed, migration alone will present an unknown set of resiliency and stability issues. Who in the industry has done a migration on this scale before?

The answer is no one. We are in truly uncharted waters.


Avoiding a single point of failure

Ensuring resiliency is about robust validation and monitoring to make sure that no service provider introduces a systemic risk, and agreeing actions for when unforeseen systemic risks do hit home. We have the opportunity to bake in resiliency now and ensure that the safe functioning of the institution is not reliant on any one system.

The Bank of England paper makes it clear that resiliency is the responsibility of both the service provider and the service consumer, and that the end customer – the public – must ultimately be protected from the negative effects of system failures.

While there is no simple answer, it is up to everyone in the industry to ensure that Open Banking brings the benefits it promises to, and not the difficulties it could. Getting it wrong once will mean that the market and consumers could lose trust and faith in Open Banking. The financial services sector simply cannot afford for this exceptional opportunity to be stigmatised in this way.


Categories: Banking Blog PSD2

Carl Bones