Taming Risk Factors in Open Banking

The open banking system, which mandates banks to open up their Application Programming Interfaces (APIs) to Fintechs to access financial information needed to develop new apps and services, is beginning to pose some regulatory risk factors as perceived by the Central Bank of Nigeria, writes Emma Okonji

Last week, the Central Bank of Nigeria (CBN), organised the maiden edition of the Community of African Banking Supervisors (CABS) Fintech forum, with the primary objective of contributing to the strengthening and harmonisation of banking regulatory and supervisory practices in Africa. 

The Fintech forum, which was held as an hybrid event and hosted from Abuja, attracted Financial Technology (Fintech) players and heads of Central Banks across African countries. The forum focused on the risk factors emerging from open banking system and how best to tame them. 

The emergence of Fintech firms, coupled with developments in telecommunications across Africa, have resulted in the rapid growth of digital payment platforms, as major emerging markets in Africa such a Nigeria, Kenya, Ghana and Egypt, key into more efficient tech-enabled solutions. 

In 2021, the interest in African Fintech start-ups exploded, with Fintech start-ups in the continent raising $3.03 billion in disclosed funding rounds. This accounted for 62 per cent of total investment inflows into Africa, according to the latest Africa Investment Report by research and intelligence firm, Briter Bridges. While the growth in Fintechs has come with its attendant risks, the capacity of regulators across Africa to supervise these firms has sadly not kept pace with the growth and complexity in risk management. Until recently, the Fintech space was largely unregulated, which underscores the need to bring together Fintech players and regulators within Africa with the aim of understanding the industry players, building the capacity of the regulators, with a view to taming the risk factors associated with open banking system. 

About Open Banking

One of the buzz words in the global Fintech ecosystem today is open banking, which was extensively discussed by a team of panelists, anchored by the Head, African FinTech Foundry, Mr. Daniel Awe, at the just concluded Community of African Banking Supervisors (CABS) Fintech forum.

The buzz word, Open Banking is a system under which banks open up their Application Programming Interfaces (APIs), allowing third parties to access financial information needed to develop new apps and services and providing account holders greater financial transparency options. According to Awe, the notion of open banking has been central to financial services dialogue for a few years, fueled in part by the build-up to the European Union (EU’s) revised Payment Services Directive (PSD2).

Awe explained that the global open banking market currently worth a massive $10.39 billion, and is forecast to reach as much as $37.8 billion by 2026, growing at a compound annual growth rate (CAGR) of 23.98 per cent. 

“Several economies around the world are opening up their finance service industries to embrace Open Banking, being led by the PSD2 directive in 2016 and followed shortly after by the UK Open Banking Legislation in January 2018. In the same vein, we must acknowledge the works of the Apex Bank of Nigeria (CBN) which issued a Regulatory Framework for Open Banking  in early 2021. The CBN framework details the method of financial data sharing in the country and is in line with CBN’s mandate to promote financial system stability in the country,” Awe said during the panel session. 

Opportunities 

Industry experts have revealed that about 82.8 per cent of finance executives believe that Open Banking is revolutionary, after being tried and tested. This is because Open Banking brings about the new opportunities, as listed by financial experts to include: Enhancing customers’ operation; Centralisation of services; Increase in the financial market; and Key driver of financial inclusion.

Analysing the opportunities, Awe said in enhancing customers’ operations, all operations are automated and time spent is reduced due to the vast array of APIs that already exist and the new ones that emerge. All the customer needs is access to technology.

In the area of centralisation of services, he said with open banking, banks once again have full control over the various services their customers need, such as advice, loans, transfers, and financing. Thus, everything is done with greater visibility and under a single administration.

For increase in the financial market, Awe explained that with the arrival of more clients in open banking, the diversification of APIs and services will be greater. In this way, there will be numerous offers adapted to the needs of everyone, he said.

He further explained that with key driver of financial inclusion as another opportunity, Nigeria’s Financial Exclusion rate dropped from 46.3 per cent to 36.8 per cent, representing a 10.2 per cent reduction in 2020, even though the target of 20 per cent was not reached, after the introduction of FinTech companies and other financial services innovations.

“Through open banking, micro, small and medium companies can access a larger pool of relevant tools and services targeting their needs. For customers, open banking can bring access to more personalised and affordable financial products,” Awe said.

Leveraging the Opportunities 

Awe described how the African Fintech Foundry (AFF) and Access Bank are leveraging the opportunities of open banking to enhance customer’s experience, despite its regulatory challenges as identified by the Central Bank of Nigeria.

According to him, from the API economy, Access Bank was able to identified, standardised, secured, published, productised, and deployed over 183 APIs to third-party consumers. The API economy creates a digital banking ecosystem that offers consumers more services than ever, provides banking information and capabilities in more useful and convenient contexts, expands the market reach of ecosystem participants, and boosts financial participation among the unbanked and underbanked, Awe said.

In the area of Open Banking Sandbox, Awe described sandbox as a virtual, isolated testing environment, which developers could use to run programs or execute files without affecting the application or platform on which they run. “At Access Bank we already have an online sandbox environment that allows developers to test our APIs, by replicating the end-user operating environment,” Awe said.

Challenges of Open Banking

In the area of online banking security, open banking is perceived as a disadvantage, as customers fear that their data will be shared with outsiders. This concern also exists within some banks themselves. There is a growing fear that customers information will be exposed to cyber-attacks. In any case, the solution to the problem of security in online banking is the development of software and APIs with appropriate structures and controls to ensure their operation. In this way, both banks and customers can be rest assured that there will be no unnecessary risks. Experts are of the view that the challenge can be addressed through multi-factor authentication (MFA), biometrics technology and proactive cybersecurity.

In the area of API performance and reliability, banks can create public APIs to enable open banking, but that doesn’t guarantee the APIs will work reliably, especially across the various third-party applications and end-user configurations that they need to support. Based on this fact, Awe argued that this could be one reason why the ability for developers to test third-party APIs is more important than ever. “If you’re creating an open banking application, you need to be able to ensure that whichever APIs it relies on will remain available and high-performing for your users. Otherwise, you risk letting API performance problems undercut the seamless experience that open banking is supposed to deliver. This challenge can be addressed through API monitoring across three key metrics; API uptime, API performance and API response,” Awe said.

In the area of identity management, there has been no effort to build any kind of universal identity management framework for open banking. 

According to the panelists, “That’s a problem because it means that developers lack a reliable way of identifying and tracking users across Open Banking applications. Public APIs make it possible to pull data from banks, but they don’t provide a means of keeping track of which accounts belong to which customers in each bank, for example. Developers simply have to do the hard work of building their own identity management and integrating them with the APIs that banks offer. This challenge can be addressed by leveraging the digital identification systems, automated integration with third party providers, and finally developing a central database for Open Banking identification.”

Risk Management Framework 

The Fintech forum stressed the need for a holistic risk management framework for open banking that should cover the five crucial components, which includes: Cybersecurity, Regulatory Compliance, Data Privacy, Contract Management and Product Management.

For cybersecurity, they were of the view that cybersecurity becomes more critical when talking about Open APIs over the internet and building an integrated platform to consume and deliver banking services.

Awe stressed that for regulatory compliance, responsibilities to ensure compliance would remain with bank, be it for Know Your Customer (KYC) acquisition, or anti-money laundering, explaining that robust consent management framework is essential for data exchange between two parties, with open APIs.

In the area of contract management, the panelists said risk management framework needed to look at contract management between parties, not only at partner – services level but also at the API level of the contract too.

For product management, they said open banking would throw innovation wide open to allow banks and Fintechs to experiment. “So, it is also vital to build a robust procedural framework to allow product innovation,” Awe said, adding that the Central Bank of Nigeria also stipulates some risk management implications of open banking such as: the need to designate a chief risk officer, maintain up-to-date API catalogues, agree with partners on risk management processes, provide the CBN with a risk assessment report and ensure regulatory compliance with data privacy laws. 

According to Awe: “After all that has been said, the truth is that risk management in an open banking environment requires an organisation-wide approach. It is not something for the chief risk officer or the chief technology officer alone, and neither is it strictly a management issue. In promoting an organisation-wide risk management culture; establish board expectations on risk management, make sure organisational values and risk culture interact, integrate risk management into decision making, structure incentive programs to promote your risk culture, share mistakes and lessons, employ a preventive approach to risk management, and build engagement with leadership and stakeholders.”

Future of Open Banking

Experts at the forum were of the opinion that open banking has the ability to support the Nigerian economy and promote financial system stability. Through innovation, open banking will lead to more disruptive solutions in various areas in the financial services industry. In terms of payments, open banking leads banks to open their systems and data to third-party providers. This will cause banks to reinvent their payment business models and build ecosystems of services, the financial experts said at the forum. 

Awe however said regulation would be central in controlling the risks that come with open banking integration into the financial system. When open banking becomes mainstream in Nigeria, it will be accompanied by an avalanche of innovation in the financial services industry. The availability of more innovation may expose the public to risk, hence the need for efficient regulation.

“Beyond Africa, open banking has the potential to bring the United Nations closer to achieving its Sustainable Development Goals (SDGs) by 2030. Open banking is a critical success factor when pursuing financial access and inclusion, and this is important because financial inclusion itself has been cited as an enabler of at least seven out of the 17 SDGs, especially to reduce extreme poverty, boost shared prosperity, gender equality and the promotion of good health and well-being,” Awe added. 

Related Articles