Why Banks Will Have to Share Customer Data with Fintech Companies

Google made an unwitting attempt to summarize the problems, fears, and hopes of traditional banks in their pitch to become partners, which they issued last year:

“You’re lagging in technology. Your current vendors are years behind. Consumers think you’re irrelevant. We’re hip, we’re cool, we have all the latest technologies, and boy have we’ve got data! Come partner with us on our new checking account!”

The funny part is that 75% of their first partners didn’t seem to even know which app they were talking about! It was Google Plex, by the way — part of a revamped Google Pay with features like cashback incentives, special offers, and personalized financial advice.

This example clearly shows the crisis of the familiar model of “bank-client” interaction. Both sides feel that a link is missing in this chain. This link is fintech.

I have been working with banks for several years now. Below is my subjective interpretation of ​​the importance and possibilities of banks’ collaboration with IT companies, as with external independent developers. The statistics and links to sources can be found throughout the article.

We won’t be discussing cases of customer data being transferred for the sole purpose of resale (which decent banks don’t do anyway), but rather to improve customer service and only with explicit consent from the customers themselves. Sometimes the banks even pay extra for the latter.

Banks are forced to open access to fintech

Consumers’ preferences have changed since the pre-corona era. Last year’s study by Ernst & Young showed what customers expect from their banking services:

1. Transparency and the ability to trust the bank
2. Maximum personalization
3. Data protection and security
4. Instant inquiry resolution
5. Help in achieving personal goals

In other words, what agile fintechs can already do and old-school dinosaurs can’t.

Accenture, in turn, analyzed the behavior change that people went through as a result of lockdowns. The trends were confirmed and the banks’ customers were divided into four user groups:

1. Pragmatists — appreciate the usefulness of services regardless of the implemented channel
2. Traditionalists — prefer to communicate with people face-to-face, rather than online
3. Pioneers — love innovation, and are the first to try new things
4. Skeptics — well-versed in technology, but often dissatisfied with the quality of services provided

Here are some takeaways:

• trust in banks is falling, regardless of customer group (including the trust in data security)
• banks’ use of all digital communication channels is growing (including instant messengers, social networks, video calls, etc.)
• the “price to quality” ratio is the customers’ main criterion for choosing financial services
• pioneers and pragmatists are more likely to seek financial advice
• pioneers and pragmatists under 44 are moving to neobanks to receive new services

Let’s remember (or find out for the first time) about the PSD2 directive, which obligates European banks to open secure access to their customers’ data for financial service providers.

The US Consumer Financial Protection Bureau is also considering a similar initiative. Given the scope of the overall trend, it is most likely just a matter of time before it goes through.

Thus, traditional banks are forced to open up to external partners, essentially turning into a platform for third-party development. Moreover, pressure is coming from two sides simultaneously — from the demand side and the side of regulators.

In light of these circumstances, it is more efficient for banks to look for new opportunities, rather than vulnerabilities.

They have to let fintech into their lives. However, this is not at all like Uber’s invasion of the taxi fleets. Both parties need each other to stay in the market, which is why…

Banks have problems

1. Security

Banks have serious security problems. This observation came from ImmuniWeb, an international application security company. Analysis of websites and applications belonging to 100 banks from different continents showed that:

• 85% of web applications do not comply with the GDPR standards (General Data Protection Regulation)
• 49% of web applications do not comply with PCI DSS (Payment Card Industry Data Security Standard)
• 92% of applications have at least one medium-risk vulnerability
• 100% of sites have vulnerabilities associated with forgotten subdomains (see “they are creating comfortable conditions for phishing”)

This report focused primarily on large banks. There is no doubt that smaller banks do not have enough resources to provide even this level of security.

To make a secure IT product, first and foremost, you need smart people with the appropriate hard skills.

But it’s impossible to find IT specialists right now. The existing corporate culture does not allow banks to compete with startups, which are more attractive to talented youth (for example, fintech startups), and giants like Google, Apple, and Facebook. At the same time, experienced IT specialists want a monstrous amount of money for their work.

2. High-tech innovation

Banks are spending an abundance of resources to introduce new technology into their existing infrastructures. After all, this tech needs to somehow integrate into current business processes and make friends with the legacy code that has accumulated on a massive scale. This is impossible to fully comprehend, let alone undertake, by a single person, and sometimes even by a small team of specialists.

Fintech companies are free from this legacy aspect; they are more flexible in choosing a path and introducing innovation into their processes. Additionally, it is cheaper to partner with them than it is for a bank to develop internally or buy an entire startup.

3. Overregulation

The activities of financial and credit institutions (aka banks) are regulated by a very complex system of laws, rules, and regulations that must be followed.

Requirements reduce the willingness to take risks, but they impair opportunities for innovation. However, the driver for development in such conditions may be someone whose solutions are not limited by a banking license.

Although fintech companies without a banking license still have requirements that they must follow, they aren’t as rigorous.

Fintech has problems too

1. Trust

No matter how “trendy” and “cool” fintechs may look, they have plenty of problems themselves. One such problem is customer confidence. Still, traditionalists and skeptics prevail in most markets, including the European and Russian ones.

According to Accenture, 20% of consumers are not ready to entrust their financial well-being to neobanks. While 45% are sure that such startups will not even last a year on the market! (in their defense, this is partly true)

2. Profitability

Despite the explosive client growth rates, neobanks are not always able to turn a profit. Case in point, British stars Monzo and Starling doubled their losses in 2020.

One of the first neobanks in the world, Moven, shut down for the very same reason. The most notable thing about Moven’s case is that the company did not leave the market — it was transformed into an IT company that services credit institutions. After which, it immediately signed a contract with STC Pay, a digital wallet from Saudi Arabia, once again confirming that fintechs are more effective when they’re in an alliance with a bank.

In the end, Starling is once again in the black. However, the rule of thumb remains: stable profitability is not what innovative fintechs are about. Even brand representatives themselves do not mention profitability as being a top priority.

3. Lack of a banking license

The lack of a banking license is both a gift and a curse for fintechs. On the one hand, it is easier for them to use new technologies and develop new types of services without having tight control hovering over their heads.

On the other hand, without a permit to conduct banking activities, most of these services simply cannot be provided to customers. Regardless of how you twist it, fintechs are (for the most part) an appendage of a bank and not a full-fledged banking institution.

But together, they have successful collaborations.

So, traditional banks and financial IT companies need to find an appropriate model of cooperation, one where banks are responsible for accounts transactions and provide their partners with their brand, credibility, and access to the customer base.

In turn, the IT companies develop technologies to generate demand, receive the necessary resources and investments, and reduce their risks. At the same time, they cut down the expenses and headaches of their “bigger brothers”. Similar partnership schemes can already be found on the market:

1. Westpac, Australia’s second-largest bank by market capitalization, is partnering with UK cloud provider 10x Future Technologies. Together, they are creating a BaaS (Banking as a Service) platform that will allow other brands to offer banking services to their customers.
2. In Russia, Modulbank launched a platform for the Hice fintech service, while Otkritie Bank and QIWI launched a platform for Tochka. Working through the platform of a lending institution allowed Tochka and Hice to call themselves banks when in reality, banks they are not.
3. German Commerzbank is working with one of the leading European systems for remote identification and electronic signatures IDnow. It allows customers to connect to their bank from anywhere and at any time with a verification method that’s convenient to them, such as by video.
4. Ak Bars Bank partnered with the technology platform APIBank to issue a new type of LetyBank cards.
5. It can also work the other way around: in the USA, the fintech LendingClub bought a bank from Boston — the Radius Bank. The main reason for the deal was to gain access to cheaper and more convenient funding.

Will banks lose their clients?

Being open to external partners means that access to customer data will no longer be the banks’ prerogative. This is the primary hurdle that stops corporations from engaging in new collaborations.

PriceWaterhouseCoopers statistics show that 88% of market players are afraid of losing money through partnerships with fintechs (up from 83% five years ago). They believe that by doing so, they would risk an average of 24% of their earnings.

On the other hand, this is just as good for the clients as it is bad for the banks.

If this trend intensifies, traditional banks will eventually have to abandon development strategies that are based on data exclusivity (upselling, aggressive lending, and the like) and will need to look for other growth points. It would be useful for fintechs to think about what these growth points may be so that they can help potential partners.

I would say that the role of a bank acting as a processing center for IT companies currently seems to be a very realistic model — one that allows both parties to do what they do best.

But to accomplish this, they will have to share their data, and in much larger volumes than what is being shared right now. I will mention an important caveat here — this sharing must be done only after receiving explicit permission from the users, who must be able to choose what kind of data they want to share.

For example, the way Google services does it is a good option. They allow external developers to have limited access to mail, documents, calendar, etc. after the user ticks the necessary checkboxes when trying to access a particular feature.

It would be great to hear your opinion. Should banks open some of their data to external companies if it meant better service for their clients?

The author of the idea and editor-in-chief is Denis Elianovsky. The article was written by Stanislav Lushin. Editor — Tatiana Kitaeva. The translation into English was done by Pavel Chernetsov.