The notion of open banking has been central to financial services dialogue for many months, fueled in part by the buildup to the EU’s revised Payment Services Directive (PSD2). We define “open banking” as a model in which banking data is shared between two or more unaffiliated parties to deliver enhanced capabilities to the marketplace. For more on recent movements related to PSD2, see sidebar, “PSD2 and open banking.”
Progress toward data sharing has differed by region depending on market structures, regulatory environments, and consumer attitudes toward privacy and security. Varied interpretations of the word open from both industry firms and consumers are also shaping approaches to this new model. Use cases range from new interfaces for financial data, alternative underwriting and lending, facilitating new payments streams, and the opening of ecosystems. (See “Remaking the bank for an ecosystem world,” October 2017.)
McKinsey reached out to the CEOs of three innovative fintechs—Ping Identity, Plaid, and Tink—for their perspectives on global prospects for open banking. (See “PSD2: Taking advantage of open-banking disruption,” January 2018.) While these firms address varying perceived pain points in financial services and pursue different business models, common themes emerged across the three interviews. The implications for banks and other traditional financial services firms are far reaching, and warrant thorough strategic analysis.
Although the notion of customer focus is hardly revolutionary, it is notable that two of these companies were launched with the intent of building consumer-facing products. Both pivoted when they discovered pain points in the value chain that consumed a disproportionate amount of their energy. The CEOs reasoned that addressing these bottlenecks would in turn spur greater value creation for their own companies as well as the market overall.
We found consensus among the three CEOs that while regulation can help provide structure to data sharing, a mindset that prioritizes facilitation over control and restriction will be necessary for all parties to realize its full benefit. Developing business models that foster such cooperation will be critical. Education and a focus on the benefits—along with the risks—will be important to change attitudes and build trust with providers and consumers alike.
Segmentation will likewise be essential. While there will certainly be demand for “autopilot” type solutions performing tasks in the background without consumer intervention, this model should not be imposed across the board. Some consumers will demand greater control and transparency over the process. The most important metric for success remains customer trust.
Open banking and data sharing are commonly associated with open application programming interfaces (APIs). While our interviewees see APIs as a powerful enabler, they are not the sole means through which to share data. Further, as Plaid’s Zach Perret points out, the notion of an “open API” is a misnomer in a financial services context. Given the legitimate security and privacy concerns surrounding financial data, such APIs will continue to be monitored and permissioned.
There was also consensus that the trend toward data sharing will continue with or without regulatory mandate, and that there is ample opportunity for both incumbent banks and nonbank tech-driven market entrants to thrive. Ping Identity’s Andre Durand goes a step further, seeing open banking as the “tip of the spear” leading a broader data-driven trend toward open health and open government. As Tink’s Daniel Kjellen cautions, however, many banks have been slow to enact strategies addressing this market momentum.
Open banking remains in its nascent stages across all markets—including those that have taken considered regulatory action. While it is too early to predict winners and losers, some points are becoming clear. Data sharing does not lend itself to “zero sum” outcomes; as such, achieving a win need not require inflicting an offsetting loss. As these CEOs point out, the unbundling and rebundling of financial services will likely continue for some time, and different customer segments will gravitate toward solutions with different levels of data sharing and autonomy. One sure path to a disadvantaged position, however, is to neglect to develop a data and customer strategy that reflects the ongoing evolution in open banking.
Interview with Zach Perret, CEO of Plaid
Plaid’s mission is to “transform financial services by lowering the barriers to entry for developers, spurring technical interest in the sector and democratizing access to critical services.” The San Francisco-based firm serves as a “trusted intermediary for the fintech ecosystem by securely connecting consumers, their banks, and financial applications,” reporting that more than 10,000 developers are building on the Plaid platform “to enable core functionalities that benefit many millions of people.” Plaid was founded in 2012 and has attracted funding from investors including Goldman Sachs, NEA, Citi Ventures, American Express, and Google Ventures.
McKinsey: How do you expect “open banking” to evolve? Has your own business pivoted due to its evolution?
Zach Perret: Before we dive in, it’s worth noting that “open banking” is actually a bit of a misnomer: there are no truly open APIs in financial services. Due to security, regulatory, and privacy concerns, it’s essential to properly vet each developer and use case.
Definitions aside, the concept of banks allowing increased access to developers is incredibly exciting. When we started Plaid, there was no concept of “fintech.” The infrastructure available to startups was sparse, and those who did try to build new products in financial services often struggled to get off the ground. My co-founder and I launched Plaid based on our previous experience trying to build a consumer financial application. In working on this project, we found that connecting with consumer bank accounts was incredibly difficult and—importantly—that there were thousands of developers like us who were struggling to launch financial products. We started Plaid to build the product that we had needed ourselves—by developers for developers—to help them build the next generation of financial services applications.
I’m really excited about the pace and number of innovators thinking about building great products in financial services. Seeing large financial institutions embrace fintech and build products to enable the market is incredibly exciting. The move towards open banking is a testament to the way that banks are increasingly embracing technology that allows their consumers to better control and take agency over their financial lives.
At Plaid, our mission is to empower innovators by delivering access to the financial system. We believe that consumers’ lives will be better because they’ll have more access to the tools and services they really need. It’s great to see the banks embracing this innovation and building technology to enable it.
McKinsey: How does Plaid interact differently with small versus large banks?
Zach Perret: It’s undeniable that big banks generally have more resources and larger teams to dedicate towards technology, but we’ve been encouraged at the commitment to tech that many smaller banks and credit unions have shown recently. At Plaid, we’re focused on delivering access to financial tools and services to everyone, regardless of where they bank.
On a personal note, I grew up in North Carolina, and my family banked with the State Employees Credit Union. I loved the bank, but when I entered the working world, I had to switch to a big bank because I found that my account at SECU didn’t work in the places I needed it. When building Plaid, we made a big push to ensure that small banks and credit union customers don’t have to make that same tradeoff, and can still access the financial products they need no matter where they choose to bank.
McKinsey: What role will regulation play in driving the shape of US data sharing?
Zach Perret: It’s impossible to guess where regulation might end up in a few years, but the impact of data-sharing regulations on the way we interact with our money can’t be overstated. Consumers’ right to access and use their financial data is clear, but regulation has yet to define how exactly it will be enforced. It’s encouraging that we continue to see consumers themselves speaking up and reinforcing their desire to access and use their data to live a better financial life.
McKinsey: What about PSD2? Will that come to the US?
Zach Perret: Attempting to force-fit PSD2 to the US market would be very difficult. With nearly 10,000 financial institutions in the US, applying a broad-based standard to enforce APIs and data sharing would be very difficult, both technically and logistically. I’m also not sure how necessary it is to preserve fintech. I think banks and fintechs will find ways to work together well with or without regulation to enforce it.
McKinsey: What benefits of banking APIs will prove most impactful to consumers?
Zach Perret: Though we don’t always think of it as such, the checking account is the hub of our financial lives. Everything flows through it. From receiving your income to making an investment, paying a credit bill, doing your taxes, and managing your expenses—everything in our financial lives starts and ends with our checking accounts. As things progress, the interconnectivity of our checking accounts is increasing, and we’re relying on apps and services to enable this. Banking APIs are at the core of this evolution, and are essential to allowing consumers to live digitally enabled financial lives.
McKinsey: What will the landscape look like in five years?
Zach Perret: Who knows? Maybe we’ll all be paying each other with Dogecoin.1 As better technology continues to enable better and simpler consumer experiences, I expect our financial lives to become increasingly digital, automated, and data driven. My hope is that banks, innovators, and regulators will all work together to deliver the best possible financial services products to consumers. While I can’t predict how we will save money, budget, or invest in five years, I am hopeful that our financial lives will become significantly easier by embracing digital financial technology.
Interview with Andre Durand, CEO of Ping Identity
Andre Durand founded Ping Identity in 2002 with a vision of securing the internet through identity, simplifying enterprises’ pathway to providing a secure and seamless digital experience. The Denver-based firm counts over half of the Fortune 100 among its customer base, and has partnerships with Microsoft, Google, and Amazon. Durand’s prior startup, the open source instant messaging platform Jabber, was acquired by Cisco in 2008.
McKinsey: Can you tell us about Ping Identity’s origin?
Andre Durand: In 2002, I was sailing off the coast of Venezuela and blogging for the first time from the high seas. With only ocean around me, I had time to explore topics focused on emerging business ideas—one of them was the concept of creating a global “lost and found” and the other being the equivalent of “find my iPhone.” After a few days gestating on the ideas, I realized that something profound and fundamental was missing. There was no way to connect people with things without identifying them and/or the device to the internet. In that moment, the idea for Ping Identity was born.
McKinsey: Does Ping Identity serve end users or corporates?
Andre Durand: We sell exclusively to the global 5,000. Having grown up in the cloud and mobile era, we built a modern identity platform that simplifies identity security, while helping enterprises secure and connect users and applications across their hybrid infrastructures for all identity types—workforce, partners, and customers. While we sell nothing directly to consumers, billions of consumers use our technology on a daily basis.
Our value is realized when enterprises achieve secure access to data and applications regardless of device, where the user resides, or where the application is hosted, in the data center, private, or public cloud. Ping Identity focuses on the intersection of frictionless user experiences and security and many customers leverage our technology to enable their digital transformation initiatives.
While the largest enterprises in the world across every vertical use Ping Identity solutions, financial services and banks in particular have emerged as our number one vertical. This trend is accelerating as regulation around open banking is driving an awareness of the significance of identity at a truly transformational level. We believe that open banking is only the beginning in a trend towards open business, where open data and APIs will drive transformational change in healthcare, government, energy, retail, supply chain, et cetera.
McKinsey: How was Ping Identity chosen as the identity enabler for the UK open banking initiative?
Andre Durand: Two of the largest banks in the UK are Ping Identity customers and the task force determining how to deal with the PSD2 edict didn’t want something purely bespoke. Our team was instrumental in educating the task force on the maturity of existing identity standards to meet the desired security goals of the open banking initiative. Once this initial work was completed, we had earned the trust of the group to move forward and also provide a solution.
McKinsey: What can we learn from the UK’s open banking journey?
Andre Durand: There are movements around the world right now to accelerate innovation through open APIs and data sharing. Similar initiatives are being pursued in the US and Australia, and they all share a vision of not reinventing the wheel when it comes to security and identity. One of the reasons the UK has made the first move is due to the fact that, at the start of the discussion, they delegated API security to industry best practices.
While PSD2 requires that organizations meet certain requirements, it doesn’t specify how. The beauty of open banking is that it has taken much of the ambiguity out and the resulting interoperability will be massive.
McKinsey: How do you see the landscape evolving?
Andre Durand: There are a set of market forces around who owns your personal data and what rights and controls individuals have for its use. Today we find ourselves at the intersection of personal and business identity colliding. These emerging regulations are trying to strike a new balance between companies wishing to market to end users, and end users wishing to take an active role in their privacy. Until recently, businesses have had all the leverage. They share data according to their own needs, with little regard for the end user, or their desires for privacy. With PSD2, that begins to change, and user consent and the right to be forgotten is creating a better market balance.
With regards to open banking, I expect we’ll see a whole host of new third parties emerge, and existing third parties being cut out as banks and merchants transact directly.
McKinsey: Can you envision a similar model taking hold in the US?
Andre Durand: I do believe we’ll see a similar trend in the US as banks and merchants seek to reduce costs and create more direct and efficient transactions.
McKinsey: What is the role of regulators in making this happen? Do you expect banks to get on board?
Andre Durand: Regulation is forcing institutions to become more transparent and include end users in the use and sharing of personal data. Regulation aside, there is a lot of money surrounding the entire transaction fee ecosystem that is ripe for disruption. As a result, with or without regulation, there’s a multibillion-dollar motive to make new and more efficient models work. We simply need to “follow the money,” however regulation is required to protect the individual as these new models emerge.
McKinsey: Are you surprised we haven’t seen more activity from the traditional players?
Andre Durand: Equifax and other credit companies have as much of an opportunity as anyone to disrupt in this space. So far the focus has been on the providers of account info—ASPSPs, in PSD2 parlance. We’ve heard very little from the firms consuming that data and that’s where it’s going to explode. These could be fintechs, banks consuming other banks’ data and/or payment aggregation platforms. These conversations are taking place, we just haven’t seen them bubble up to the press release stage yet.
While Google, Microsoft, Amazon, and Facebook have all laid early claim to consumer identity services, banks, mobile operators, and governments all have a role. Having a common standard for identity enables interoperability between each of them, leveling the playing field and providing choice to consumers.
McKinsey: Is the term open banking a misnomer?
Andre Durand: There is rarely a term that everyone agrees on, but I believe this one will stick because it’s disruptive and denotes a desired state of change. Many will be threatened by terms like open banking, open health, or open government, but usually it’s the incumbents that have something to protect—including business models that have been well fortified over many decades.
Interview with Daniel Kjellen, CEO of Tink
Daniel Kjellen co-founded Tink in Stockholm in 2012 along with CTO Fredrik Hedberg. Their stated mission is to “bring people financial happiness,” helping individuals to better understand their money and empowering them to make smarter choices. Tink’s direct-to-consumer app was launched in Sweden in October 2013 and has over 500,000 users. More recently the firm has begun partnering with European banks, including ABN AMRO, whose Grip app is built on Tink’s platform, and SEB.
McKinsey: Tell us a bit about Tink’s background and business model.
Daniel Kjellen: We started in 2012. As former entrepreneurs turned bankers, we felt there were missing pieces in the retail banking equation, unfulfilled needs from a consumer perspective. We saw a mismatch between the products people consumed and a true market analysis of the best possible product. We took a bet that the industry was about to change, to become data driven.
Along the way we transformed into a technology provider, creating building blocks for the future of banking. It starts with a unified API to access accounts, aggregate data, make payments, add a product recommendation engine on top of transactions. By mid 2018 we’ll be live in eight plus EU markets.
McKinsey: Tink provides tools to developers and banks as well as serving consumers directly. Which do you see as your customers going forward?
Daniel Kjellen: We started out as a consumer business and our hearts are with the consumers. But we want to be the best friend of the developers. I think Tink is successful because we do care about the consumers.
I think it’s important for us to be a product company with very close ties to the consumer. I think these two sides work together beautifully today. It’s hard to tell—I believe there will be opportunities in both these units, but we’re one product with two go-to-market strategies.
McKinsey: How aligned are you with the banks, who are currently the main delivery vehicle, in your customer-back approach?
Daniel Kjellen: I think sometimes we’re totally aligned and at other times our near-term goals are contradictory, but everyone agrees that if it weren’t Tink someone else would be doing this. If the customer wants something, you can’t disregard it in a functional market. Data aggregation brings transparency, competition, and potentially margin pressure. But good banks have an opportunity to benefit from that transparency, especially as first movers.
McKinsey: How progressive do you think the banks are in accepting this reality?
Daniel Kjellen: I think it’s changed dramatically in the six years since we founded Tink. In the first two years there were plenty of barriers—a lack of legislation, less well-formed customer behavior. Now everyone sees where the future is headed, it’s a matter of how fast we get there. I’d say at this point we’ve seen 10 to 15 percent of banks having placed their bets. Sixty percent realize something is going to happen; they may not yet want to push it but want to stay close, take a multibet strategy. And probably 20 percent don’t have a clue yet and don’t believe they have to change that much.
McKinsey: How do you think the ecosystem and partner landscape will play out?
Daniel Kjellen: We’ve seen a complete debundling of services over the past few years, and we’re now starting to see signs of how they’ll be rebundled again. I don’t think we’ll see the banks providing everything start-to-finish, but because the market will be so much more competitive you’ll need to bring your “A” game to every small product to win your niche.
McKinsey: Will there still be room for a few best-practice full suite players?
Daniel Kjellen: Today every bank is doing everything for everyone in the market from age 18 to 80. There will still be room for such players—they’ll have the advantage of not having to integrate all these component parts. Will this be 5 or 50 percent of the market? I don’t know.
McKinsey: Is regulation or customer need the fundamental driver for this change?
Daniel Kjellen: From our perspective, consumer need is the driving force but regulatory problems have gotten in the way of customer will. I think we have to accept that many of these entities are very big and extremely regulated; they don’t dare take short-term bets on small innovative parts of their business. They needed PSD2 to pave the way, to remove an obstacle to a five-year roadmap.
As I see it, PSD2 is the backseat enabler, not the driving force. Also, PSD2 covers only payments. Tink aggregates many other types of accounts as well. If you plan your business only around payments aggregation, you’re going to be left behind in a few years.
McKinsey: How do you envision the future customer experience?
Daniel Kjellen: Today, if you want to use a bank service you sign up with that bank, and they can only provide services for the accounts you have with that bank. Based on these new aggregation APIs, you can take your bank with you, based on other accounts. That’s a big mindset change.
The advisory part is where I think most providers want to be. I think this service will eventually go to autopilot. Why should I have to decide to refinance my mortgage? Let the autopilot do it for me. There’s a market niche, the 20 percent of people who want to turn on that autopilot and are willing to pay for it. As a bank you need to decide which niche you’ll want to serve.
McKinsey: One of the concerns about open banking is it could actually push more services. Absent a perfect autopilot, how do you push back on those forces?
Daniel Kjellen: It’s a very good question. It’s easy to sit here and say that will never create a problem, but we’ve seen over and over again incentive schemes that trigger the wrong behavior. It’s important for us to stick to our mission—it’s something you constantly have to remind yourself. Tink has decided that we don’t want a commission, because we don’t want the incentive to move people around, which may not be in customers’ best interests. Even if PSD2 starts with user consent, we all know how complicated that can be—what am I consenting to?
McKinsey: What challenges do you see in the market’s evolution?
Daniel Kjellen: I think we’re going to repeat the journey of the past six years. It’s going to be complicated and bumpy sometimes. In the aggregation of mortgage accounts, for example, I think we and a lot of other firms are going to be wedged into one regulated and one unregulated business.
McKinsey: How will the value chain differ in five years?
Daniel Kjellen: Obviously the big shift will be from “bad banks” to “good banks”—low competition and high barriers to switching have limited incentives for banks to produce the best products. For the first time I think bankers who produce fantastic products at low cost will have tons more customers. Other than that it’s hard to say. It’s not necessarily that the fintechs will win this. It could definitely be the banks. They have a lot of assets that will be extremely useful going forward.
McKinsey: Where do you want Tink to be in five years?
Daniel Kjellen: We want to be the unified financial API that lets everyone connect to their bank accounts and aggregate data—a service that I think most European citizens will use across multiple financial institutions and services. On top of that I want to be in data services to help end users achieve financial happiness. For me personally that would be an autopilot; for others it will be completely different, but I want to provide the building blocks for others to create those products.