Open in Banking in Control

The perfect way to strengthen trust, acquire customers and guarantee the success of Open Banking initiatives is to implement an efficient internal control framework coupled with continuous assessment of the operational effectiveness of the Open Banking model. In order to limit the risks and be able to comply with strict regulations, banks and external financial service providers need to design and build strong internal control frameworks around their Open Banking environments. Open Banking is an evolution towards an environment in which both financial and non-financial services and data are integrated into complete customer pathways that are personalised and geared to the customer’s requirements. Customer service will be addressed by multiple parties concurrently. The transparency of this kind of collective approach is expected to encourage competition and innovation in the European financial sector.

As a result, consumers will have greater choice and at the same time their high expectations, inherent in the digital era, will be met. The PSD2 banking legislation will drive a much bigger Open Banking movement. The description of Open Banking can sound intimidating for banks and customers, because Open Banking can be viewed as opening the door to security and privacy risks, as well as operational and reputational risks. Precisely for that reason, it is essential that Open Banking is preceded by buy-in from the customer. We at KPMG can help banks and other companies whose business models are built around Open Banking to strengthen and retain that trust.

The Open Banking environment is a platform for different parties, such as financial institutions, external suppliers, customers, regulators and public authorities. On this platform, they come together and improve their services to consumers. If institutions want to succeed in Open Banking, they will have to address the crucial element of ‘trust’ and secure customer buy-in. Let us take a look at a few important factors that can influence customer buy-in:

• Customers will have to enter into new relationships of trust with less familiar third parties. Customers will have to give their permission to make their data available;
• New phishing techniques - Cyber criminals and other malicious parties will probably have more opportunities to threaten bank customers, at least in the initial phase of Open Banking, given the fact that customer data will be released outside the conventional banking system, endangering the security of the data;
• Exposure of personally identifiable information (PII) in the communication between older systems and APIs. If PII data are handled inappropriately, banks and external financial service providers will be vulnerable to security and privacy risks.

KPMG recognises these challenges that banks and third parties will face in the future and has developed an effective framework to limit those risks. Organisations can benefit from KPMG's expertise in the areas of risk management, privacy and security, allowing them to increase trust and encourage their customers to embrace Open Banking.

Open Banking is here to stay. Building a strong control framework right from the start will speed up your organisation’s Open Banking pathway in a controlled manner. KPMG's Open Banking in Control framework considers 10 critical building blocks of the Open Banking model (see figure 1) from a risk management perspective. By systematically addressing the controls built up around each of the 10 elements of Open Banking, banks and external suppliers benefit from a complete and strong control environment that limits privacy and security risks. Depending on which phase the Open Banking initiatives within your company are in, KPMG can help you evaluate the maturity of the internal control framework or help you build up and implement the internal control framework for Open Banking.

Traditional governance, as it has existed in organisations for many years, could impede the progress of Open Banking rather than support its development. Open Banking calls for a governance framework that aligns people, partners, technology and infrastructure. Open Banking is associated with a number of inherent risks. In order to succeed in Open Banking, a strong internal control framework is therefore vitally important. It is possible that conventional risk analyses and internal control models will not sufficiently cover all the specific elements of Open Banking, such as data privacy, security and managing the life-cycle of third parties. Due to the risks associated with Open Banking, the requirements in terms of complying with the rules will be extensive and strict. Besides, compliance is always the top priority for the financial sector in order to win and retain customer trust.