In the Middle East and many parts of the world, open banking regulations do not exist yet.
Many banking establishments in the region are currently considering open banking as a new revenue generation model without the regulatory boundaries as well as enhanced customer experience in the region and hence banks here in the region must prepare for its arrival.
Having said and while Open Banking is still in its infancy in the region, traditional banks face a serious challenge as their enterprise IT was historically designed to protect data, with lack of sharing capabilities and hence a future of massive change.
The new potential directives, however, compel them to open the ‘secure data fortress’ whilst still maintaining tight security of their data.
On the other hand, if data security is too rigid, it defeats the purpose and benefits of the revenue potentials and enhanced customer service that open banking brings.And of course, only data that is meant to be exposed and only to accredited and verified third parties should be permitted.
Therefore, banks have to assess the value they deliver in the present times else risk becoming disintermediated from customers and will get relegated as a backend utilities provider compared to the nimbler customer facing digital tech competitors mentioned earlier.
For banks to succeed in open banking, the key aspect is utilisation of ‘data’.
Contrary to popular belief that ‘Open banking is all about APIs’, although true to a certain extent, it is imperative to achieve the internal order first, even before you get to the API management stage.
In continuance to getting internal house in order, a unified strategy approach is key.
This, however, will become the norm, where banks will be ready to adapt to multiple frequent iterative changes and requests from third parties and will need to be agile to adopt to changes.
As witnessed from PSD2 experiences in Europe, one aspect of fraud prevention under PSD2 is authentication for transactions over a certain limit.