This article has been written by Kaushik Bhattacharjee pursuing the Certificate Course in Technology Contracts from LawSikho. This article has been edited by Zigishu Singh (Associate, Lawsikho) and Prashant Baviskar (Associate, Lawsikho).

Introduction

Professor Henry Chesbrough of University of California, Berkeley promoted the term “Open Innovation” for the first time in the year 2003. This term signifies a mindset which runs counter to the classical secretive mentality of the corporate research labs. Open Innovation calls for interdependence between the research labs and benefiting out of it by sharing respective research progresses. Open banking is called a subspecies of Open Innovation. Open banking calls for a win-win situation for both the banking clients as well as the banks. It is a concept that can revolutionise the current day banking system. But in our world, there is “No such thing as a free lunch”. As every revolutionary idea comes with its own baggage, open banking also has its own Achilles’ heel of tremendous security risks.

What is open banking?

Open banking allows access of customers’ financial and personal data to third-party  providers who are also called TPPs. These service providers are typically technology start-ups and online financial service providing organisations. These people create a specific programme called Application Programming Interface; APIs in short. These Application Programming Interfaces are nothing but some computer programmes which can establish a hand shaking with Application Programming Interface programmes of another organisation and thereby establish a connection to communicate and transact data. Customers are normally required to permit some kind of consent, using which the bank allows such access to those third parties. Third-party providers’ APIs can obtain as well as use the customer’s shared data which obviously includes data about the customer’s financial character. Usage of this includes comparing the customer’s financial history to various financial service options, collecting, accumulating and aggregating data of different participating financial institutions and customers to create marketing profiles, or making new transactions and account changes on behalf of the customer.

Financial institutions previously viewed the concept of open banking as an imminent and huge threat to their business model and industry. But now, that very industry sees the same concept and involves technology as a catalyst for their business growth and as a tool to achieve digital transformation. During Think 2018 in Las Vegas, IBM CTO of Industry Platforms, Tom Eck, spoke in detail about  what exactly  “open banking” is,  and how it has become the “new face of digital transformation.”

According to a survey conducted by Ernst & Young, 41% of consumers would not hesitate to change their financial service provider for a better digital experience. Under such pressure, Banks are also looking for fast and cost-effective methods to escalate their digital transformation drive, to meet evolving customer demands and to participate in this API economy. The future of the banking industry is not just about IT modernization or creating a user-friendly mobile banking app, it’s about rethinking and restructuring banking towards new models that are open, intelligent and widely adopted between the competitors. There is a new age adage in the IT industry.- “Data is the new oil”. Financial institutions like banks are sitting on a goldmine of data from various sources such as customers account details, customers mobile and location data, all of which can provide powerful insights about a customer’s consumer behaviour and has the potential to propel different banking functions and create new revenue earning opportunities. Open banking can open up age-old systems, exposing them to modern architectural tools. Here the legacy systems work as microservices. The ultimate object is to expose these banking microservices as public APIs in the cloud ecosystem to create new channels, fintech collaborations to deliver improved customer experiences and generate new revenue streams.

The benefits of open banking

Open banking has the potential to revolutionise banking in the whole world. The days of standing in the long queues inside the bank premises will be bygone. Open banking brings multi-dimensional benefits to all concerned. If these are summarized, it will be as below:

The benefits for customers are as follows;

• Easy payment with smart devices: One does not need to carry cash or credit card to make payment. A digital wallet connected with a bank will be sufficient.Easy remittance and currency exchange: Sending money worldwide will be a piece of cake.
• Personalised service: Customers are likely to get personalised services offered by the bank regarding their investment horizons
•  Aggregation of accounts: With one app  connecting all the bank accounts with that can help customers immensely. Checking the existing bank balance will be a matter of a single click.

For banks and other financial institutions: These are as follows;

• Collaborative advantage: the bank is always in touch with  the customer  which is a benefit for the bank as well. 
• Allows banks to be futuristic: It helps bank to adopt new technologies and remain competitive in the market
• Improved Customer engagement: The easier banking becomes, more of its services are availed by customers. Which means more transactions and more business for the bank.
• Extension of service: By implementing open banking banks can extend its service hours to almost 24×7 which again contributes to its business.

The risk factors

As discussed earlier the very concept of Open Banking has evolved around an ecosystem of third-party providers. Along with that, the open banking ecosystem also involves various participants such as customers, data providers, regulators and government agencies to engage for the betterment of consumer experience and services. As many stakeholders are involved, information discrepancy due to asymmetric data flow emerges between the counterparties involved in a contract that makes use of customer data.

The Main risk factors can be described as follows

1. Data screen-scraping is widespread: TPPs do take data from the customers; sometimes with, and sometimes without, the permission of the customers as well as the banks. Often the security that they have is questionable. Chances of leakage of data to cyber criminals is big enough to cause concern
2. Disordered Market: There are many players playing in this field without any uniform regulator or any universally accepted regulation. For that reason, it is very difficult to trace and track an incident in case of any mishap.
3. Absence of Redressal mechanism of grievances: As of now there is no explicit arrangements to redress a grievance in case of a data or identity theft caused in an open banking platform. Even the law enforcement agencies are poorly trained. 
4. Number of players increasing day by day: There is a continuous increase in the number of participants in this field. Every other day a new TPP may appear offering a new set of APIs. In the absence of any mandatory “Know Your Partner” rule, the addition of these new players increases the chance of cyber fraud.
5. Exposure to crypto threats: Some open banking involves cryptocurrency exchanges. Some cryptocurrency exchanges offer anonymity and thereby attract financial criminals.³ 
6. Difficulty in assigning liability: In the absence of any well-structured framework, it is always difficult to assign responsibility of any mishap.⁴

Solution of the risks : security framework

There is no fool proof system existing in this world against security risks. Only a systematic approach and a proper framework may mitigate the potential threat. A properly installed security framework involving government regulators, banks, TPPs, law enforcement agencies can instil confidence in the minds of the customers to opt for this new trust-based relationships. Following factors may be considered.

• Standardisation and collaboration: A secure ecosystem can only be created by driving collaboration and communication between the parties involved. Along with that standardisation of process, procedures and protocols can also be beneficial.
• Mandatory encryption and Transparency: Encryption makes data theft difficult. It also boosts confidence among the customers. Apart from Encryption, Security framework must also ensure transparency. Customers should be intimated about the flow of the processes and whom to approach in case of an emergency.
• Resilient to proactive cyber security: Cybersecurity is evolving. From defensive mode to proactive vulnerability scanning and threat hunting is being incorporated nowadays. These things can detect loopholes in the system in advance.
• New and Improved technology insertion: As has been said earlier, cyber security is evolving, new technologies like secure coding, artificial intelligence are coming up which are capable of making online transactions more secure. Regulations should be made to adopt and implement such technologies by the TPPs.⁵

Conclusion

Technology has always challenged our conventional lifestyle to make it better. It has been seen that nowadays people have become immune to rapid technological changes. Those who are already in use of apps like gpay, phone pay, paytm, amazon pay life has become far smoother than it previously used to be. A cybercrime involving a financial fraud hits the news desks almost everyday yet the number of users of these apps are increasing day by day. It is only because the facility it provides outweighs its risks. The popularity of the open banking apps show that this technology is here to stay. So, it is the responsibility of the government. agencies to make it less susceptible to crimes. A properly implemented security framework can contribute well in this regard.

References

1. https://www.openbanking.org.uk/what-is-open-banking/
2. https://securityscorecard.com/blog/what-is-a-third-party-service-provider
3. https://www.mulesoft.com/resources/api/what-is-an-api-2021
4. https://www.ibm.com/blogs/nordic-msp/think-2018-las-vegas/
5. https://www.ey.com/en_gl/banking-capital-markets/four-themes-driving-fintech-adoption-by-consumers
6. https://www.wired.com/insights/2014/07/data-new-oil-digital-economy/.

Students of Lawsikho courses regularly produce writing assignments and work on practical exercises as a part of their coursework and develop themselves in real-life practical skills.

LawSikho has created a telegram group for exchanging legal knowledge, referrals, and various opportunities. You can click on this link and join:https://t.me/joinchat/L9vr7LmS9pJjYTQ9

Follow us on Instagram and subscribe to our YouTube channel for more amazing legal content.