The technology behind open banking with Chris Michael  

The following article is an adapted transcript of Episode 1 of the Mr. Open Banking podcast with Chris Michael. The audio version with the complete interview is available here.

At Mr. Open Banking podcast, I aim to help our audience and build a foundation to better understand open banking as a whole. To do that, we will need a fundamental understanding of what open banking is at its core.

To try to build that fundamental understanding, I am going to focus on a key question.

Is open banking a set of technologies?

In the first episode of the Mr. Open Banking podcast, I was joined by Chris Michael to explore the technology behind open banking and what it lets you do.

If you’re not a techie, don’t worry, we’ll do our best to explain everything simply. But it’s important to understand what open banking is at that basic fundamental level, as a way to chart a clear course for the journey to come.

Chris is a bit of a rock star in the open banking community. He is the Founder and CEO of Ozone API. Over the past three and a half years, he’s been leading the development of the UK Open Banking Standard, along with the Open Banking Implementation Entity (or OBIE Standard).

This organization drives a technology standard that is widely considered the most mature implementation of open banking in the world.

Chris has been immersed in this world for over three years, leading the way not just for the UK, but setting an example for regions around the world looking to take their first steps. He shared with us his basic description of open banking:

“Open banking is designed to provide a method by which an authorized third-party, like a fintech, can access a customer’s online payment account in the same way that a customer can access it themselves.” 

Simply put, open banking lets you take third-party apps from fintechs and hook them into your regular bank accounts to share information between them.

This is something customers have already been doing for 10 to 15 years, using a process called screen scraping or credential sharing. The customer gives a third-party app their username and password, and that app logs into their bank account as if it were the customer.

Although this method poses several risks, it has brought value to things like account aggregation and personal financial managers. But remember, these services are provided today using the insecure screen scraping method. Through open banking, we could replace that with a secure API that is safer for the client and the banks.

So, what exactly are these mysterious APIs?

APIs (Application Program Interfaces) are the bridges that let different pieces of software talk to each other. When your Uber app brings up a Google map or when Netflix plays on your Xbox, that’s all made possible with APIs.

Banks have been using them for decades. The goal of open banking is to standardize these APIs across the industry, laying the foundation for the digital future.

There are two main types of APIs for open banking:

1. The read API, which lets you look at your account information.
2. Payment API, which lets you move money around. In some places, regulations have even been passed that require banks to create these APIs, such as the CMA Order in the UK or PSD2 in Europe.

Let’s bring this down to earth. These APIs offer you all sorts of unique solutions to financial problems. Here’s Chris, using loans as an example:

“Rather than sending the lender a copy of their bank statements as a PDF or declaring their income and expenditure, this can now be validated through an API. That results in less fraud in lending, more responsible lending, and real-time decision making.”

That means no more lugging paper around and no more sending email attachments. You just grant access to your banking information and the next thing you know, they can offer you a loan.

Another example is payment solutions. Imagine you could pay a bill, a supplier, or your taxes without using a card or manually entering reference codes. Instead, a third-party app can take care of it all for you.

Even without any techie knowledge, everyone can appreciate seeing all their bank accounts in one place, opening an account without any paper, or getting approved for a loan in minutes.

And while that all sounds great, there is one thing most people want to know:

Is it safe? Do I have control over who has access to my financial data?

The answer, Chris says, is a hard yes. It’s ultra-secure. In fact, it is far, far safer than the mechanisms being used today to offer open banking-like services.

Today’s open banking requires customers to authenticate every payment for more than one factor. Instead of just a password, that extra factor could be an SMS code or even a thumbprint.

Okay, so open banking is convenient and safe. But how can we regulate it for everyone to use? 

The UK has probably made the most progress than any country in the world. But, like most tech revolutions, there have been some bumps along the way. Chris explains:

“The first challenge we had was that the regulations were not particularly clear about what the requirements were. So, we had to develop a standard specification for a set of requirements that were unknown.”

On top of that, the banks didn’t do a great job building or implementing their APIs. Essentially, everyone had to go through a steep learning curve. Now, thanks to working through those bumps, their hard work is paying off.

In a recent Ndgit report, the UK received a perfect score — 100 out of 100 — for open banking, standard maturity relative to the rest of the world.

What is it about the UK standard that makes it so strong?

Well, Chris gave us a pretty solid checklist of what makes a great open banking standard.

1. Make sure your standard is iterative, which means lots of versions that continuously improve the standard based on feedback.
2. Get banks on board and building the standard early, so they can raise any concerns and see them get incorporated.
3. Make sure people don’t have to share their passwords and use security tools that they already know.
4. Finally, invest in strong customer experience guidelines that ensure a clean, consistent, and friction-free experience across all providers.

The best part? Anyone can reuse the UK standard as they see fit completely for free. That’s what makes it an open standard: a standard anyone can use, but no one owns. And that’s also what the “open” in open banking means.

So, how should other countries go about reusing the UK’s standard?

For regulators, Chris suggests being clear about your goals. Ask why you’re doing this and how you’re going to measure success. Get this stuff worked out before you worry about technology.

And as for banks, he says don’t wait. Begin today. If you wait for regulation, you will risk approaching open banking as another painful compliance project, when in fact, it should be approached more like a new product.

In short, banks must learn to see open banking not as a threat, but as an opportunity. Here’s Chris, summing it up:

“At the end of the day, open banking is here now, and it’s not going away.”

What are the biggest threats for banks that don’t adopt open banking?

Expectations, Chris says. Not just from regulators, but customers, too. As open banking standards become commercialized and accepted by the general public, banks will need to adapt to consumer demands.

“I don’t think [demands are] going to be because the customer cares about open banking itself. It will be because the customer cares about the product or service that works because of open banking.” 

Well, there you have it. An insider’s look into the technology behind open banking.

Remember, at its core, open banking is about the development of a standard, common way for banks and other companies to share securely your financial data.

To find out more about Chris’ work at the OBIE and Ozone API, or to contact them about offering the Ozone API to banks or markets anywhere in the world, visit their website.

To listen to the full podcast episode and subscribe via your player, click here.