Too much of today’s Open Banking narrative is focused on the promise of delighting customers with individualized financial services, rather than a balanced understanding of the hazards involved. Are corporations doing enough to detect all of the potential Open Banking risks? And are they taking the appropriate precautions? In the early phases of the Open Banking movement, this is a difficult task. Customers’ involvement will also be necessary as vital elements in the success of Open Banking, because they are anticipated to have more authority about the use of their data.
As a result of the growing volume of data as well as the speed with which it is consumed through Open Banking, new vulnerabilities develop. Non-banking ecosystem partners will not necessarily share the very same level of concern for client data as regulated banks. They will be blind to the hidden costs of compliance, risk, and security standards that are required to preserve data and, more broadly, the validity of Open Financial transactions. So, how can a company take proactive efforts to avoid hazards that don’t even exist yet? Open Banking must be viewed as a “system” with major components such as participants, technologies, operations, and data that are continually growing and inherently risky.
Risk for the Player
Fintech companies, digital financial institutions, data integrators, credit bureaus, payment networks, and third-party providers are all part of the Open Banking ecosystem, Companies from the telecommunications, healthcare, and retail industries have also jumped on board. The instant data is exchanged, there is a risk. Noncompliance with conventional privacy measures, industry-specific legislation governing healthcare data, and the unintentional use of consumer data are all harmful practices. Ecosystem services be disrupted momentarily or permanently as a result of partner additions or exits, prompting one to consider ecosystems as an offshoot of a typical company. Furthermore, there are regulatory and reputational risks, including the risk of failing to establish good legal agreements on sharing data among partners and the reputation hazard of poor partner selection.
Now we’ll look at Process Risk. The complexity of services raises the risk of the process. There are several risks in the most basic purchase or sale a customer, a bank, and a third party (shown below), including TPP misusing customer data, a lack of process steps controls, fraudulent TPP access, absence of track and trace of customer data use, risk of responsibility by all parties, and data security across devices. Transactions may remain “open status” for several days for complicated lifestyles events, such as a client business trip involving services from multiple suppliers, requiring large number of data transmittals as well as scores of algorithms designed to support.
Data Security Threats Aside from security concerns, what happens when data from many businesses — such as retail, healthcare, and others – is combined must be considered. Will HIPAA, ECOA, and the rest of the alphabet of industry-specific rules be applicable? And when is it appropriate to do so during a client interaction? Will a primary bank’s document preservation policies extend to all ecosystem players? Which party should be responsible for credit losses caused by inaccurate credit data utilized in an offering? These are extraordinary new issues arising from data, which, unfortunately, is the same data that allows Open Banking to exist.