Use open banking to become a customer-centric institution

If you knew more about your customers’ needs, how would your customer relationships change?

This is no longer a hypothetical question in banking and personal finance. It’s becoming mission-critical for banks and fintechs to know more about their customers as open banking is set to change how the industry understands and engages with clients after the Consumer Financial Protection Bureau (CFPB) finalized rule 1033. The presidential election and change in congressional power may bring regulatory relief, including rule 1033 changes. However, the rule may not be repealed, given its authorization under the Dodd-Frank Act and bipartisan political support for many of its provisions. The more likely scenario is for implementation to be pushed back, giving the industry more time to prepare.

That preparation period will be crucial to changing the status quo. At the moment, it is difficult for a bank, fintech or other third party to know a customer’s complete range of financial relationships, both outside and inside their institution. External data can often be expensive and can be difficult to access, given the onerous contractual terms of data-sharing agreements. And internal data is often disorganized or stuck in silos, limiting other departments’ ability to analyze that information or use it to help customers.

Complying with rule 1033’s provisions means many institutions will have to build data and knowledge systems. But there’s an opportunity to leverage that work to become more customer-centric. Those systems can be planned and designed to help paint a more holistic picture of a customer’s financial life, enabling banks to deliver more personalized and value-added service.

With the new knowledge that a bank or other third party could acquire under rule 1033 comes the ability to rethink and deepen customer interactions and create “stickier” relationships. Business leaders in the era of open banking will be asking:

• How are we adding value to our customers’ financial health?
• Are we using data and new technologies (such as GenAI) to help customers make smarter financial decisions rather than selling another commoditized banking product?
• With more information at our fingertips, what can our bank do for our customers that our less-informed competitors can’t?
• How can we use data to eliminate the data-entry steps that annoy customers who stop before completing an application?

With the clock now ticking toward the first deadlines to implement rule 1033, banks and third parties who want to use it for strategic advantage should focus their attention on their analytical infrastructure. The proper collection, storage, organization and retrieval of data provides the foundation for analytical capabilities that deliver value-added insights unique to each customer. Built atop that foundation will be information security, compliance, controls, digital experience and marketing that provide the trust on which a long-lasting customer relationship is built.

The new CFPB rule aims to help consumers feel confident that it is safe and secure to let banks, fintechs and other financial industry firms access and share sensitive data. Any institution participating in open banking is mandated to use standardized data formats as well as security requirements (whether that’s Gramm-Leach-Bliley Act, or the Federal Trade Commission Standards for Safeguarding Customer Information rule) when sharing financial data. With a customer’s consent, an institution could acquire more information ranging from that individual’s deposit accounts, credit cards, prepaid accounts (such as payroll cards, government benefit cards, merchant cards) as well as transaction history and pending bills.

Compiling and organizing such a trove of customer data can unearth insights that previously were hidden from view by siloed or proprietary systems. The prerequisite to make this work, however, is data cleanliness, taxonomy and architecture, regardless of whether data are internally or externally sourced.

See the Our Take publication for risk and regulatory insights about implementing section 1033 of the Dodd-Frank Act.

Make no mistake, complying with open banking regulations means many banks will have to invest management time and incur costs to meet the minimum requirements. That spending could include new application programming interfaces (APIs), information security, privacy controls and required system uptimes. Banks that do the minimum needed to adhere to rule 1033 are “compliant” operators; one of four business models that we have seen in our work with non-US banks where open banking rules are in place.

Within the four models there will be a variety of viable strategies. Be clear on where you want to play and how you plan to win. One model is to capture and leverage as much data as possible and provide personalized services. Another brings many fintechs onto your platform to provide services directly to customers. Important inputs into a bank’s decision about which model to follow are the amount of investment needed, historical competencies and strategic growth plans.

• Compliant banks mainly act as data providers to other firms and focus less on delivering new value or deriving new data points from open banking.
• Aggregators pull in third-party data and develop new products and services through third-party alliances.
• Platforms use an API-based system to be a digital banking services provider and create new competencies with the help of regulated institutions, fintechs and third parties.
• Platform aggregators aim to be innovators and create digital environments where they grow banking activities in new and unconventional ways.

Under Europe’s PSD2 regulations, we’ve witnessed a wide diversity of business models. Platform aggregator is the most popular banking model (58%), followed by aggregator (17%), compliant (17%) and platform (8%), according to a PwC Strategy& analysis.

US-based bankers may be tempted to look overseas — where open banking rules have been in place for several years — and assume what’s happened there will happen here. We would caution against that. The CFPB’s long process was deliberate. It wanted to see what did and did not work to foster financial services competition and consumer choice.
For instance, rule 1033 does not provide for an accreditation system where a regulator vets entry of certain participants into the data-sharing ecosystem. And the CFPB’s rules set a single data format standard, avoiding Europe’s multilayered approach where stakeholders had to conform to multiple standards, creating a fragmented market (regulators there are moving to a more coherent standard).

What’s more, compared to certain Asian jurisdictions, the CFPB has taken an active role with prescribed rules. This contrasts with Hong Kong and Singapore's predominantly market-driven approach.

Additionally, the policy objectives driving the development of open banking systems vary by jurisdiction. For instance, in the UK, data sharing was implemented as a remedy in response to a retail banking market investigation. In Australia, the objective was to develop a data economy and to address the significant market power enjoyed by incumbents, which were highlighted in four separate inquiries. Australia’s system was limited to read-access, meaning data is for information-gathering purposes only.

The CFPB’s rulemaking seeks to instead to empower consumer access to and control over their financial data allowing them to make better financial decisions. While promoting competition in the market is a stated goal, it is a byproduct of the authority granted to consumers and not the result of an intervention targeting select organizations.

With open banking now a reality in the US, banks should be thinking differently about how they do business. Open banking’s avalanche of data could create a “haves” versus “have-nots” competitive environment where early adopters are differentiated from institutions with homogeneous products and services and similar digital customer experiences. Banks today often battle for market share rather than focusing on growing the overall market, but the CFPB’s rule could change that.

Banks can benefit immensely from rule 1033. Institutions that become more organized and structured in their data architecture can spark an internal growth engine to drive a larger share of new markets and new segments or expand existing relationships. Some banks are concerned their role will be limited to providing data to outsiders. But that doesn’t have to be the case — proactive planning can prepare a bank to be a data recipient from other institutions, helping that bank improve their customer proposition. And by ingesting more data, a bank will be able to explore the exciting possibilities opened by the possession of a more holistic view of the customer.

For example, open banking enabled by 1033 can unlock the potential for highly personalized, data-driven loyalty programs that transform customer engagement in banking. By providing consumers with control over their financial data and enabling banks to access detailed, real-time insights into spending behaviors, banks can tailor rewards and offers to individual preferences with unprecedented precision. Imagine a rewards program that is tailored to each individual customer, rather than designing a static program at the product level (e.g., cash-back card). This new level of personalization makes loyalty programs more relevant and appealing, enhancing customer satisfaction and retention. The standardization of data access and increase in privacy and security measures as prescribed by 1033 can help banks foster trust and innovation needed to differentiate.

Outside of the largest institutions, many banks likely need technology upgrades to implement the new regulation. The most pressing technology questions surround data transformation projects and whether more computing power is needed to populate the APIs that will drive open banking. (Read PwC’s viewpoint on API banking).

How do you know your data architecture is working well?

Besides data, the other key area to work on is embedding trust into every interaction so that trustworthiness is integral to your brand. In an open banking world, consumers will be able to test firms to see if they can trust them, meaning does that firm actively support their financial health and have their best interests at heart. The possibility now exists that data-savvy institutions that synthesize many streams of information can use that knowledge to demonstrate their commitment to that client’s financial health and can show they are willing to work hard to win their business.

This spells trouble for institutions whose customers view their relationship as purely transactional or convenient, and are held there by the “hassle factor”, meaning the tedious process of setting up e-bills, automatic bill pay information and other tasks at a new institution. If the hassle factor can be removed by using open banking to seamlessly set up bills and auto-pay with a few clicks, then consumers will shop around. Shallow customer attachment gives competitors an opportunity to use data to learn more about a potential customer and then make an enticing offer (perhaps some combination of lower fees, higher deposit rates, loyalty reward points, etc.). To a consumer, personalization shows the competing institution wants a deeper, long-term relationship.

Consumers remain deeply concerned about data breaches, cybersecurity and information privacy, making it important to put privacy at the heart of all you do. Information security and privacy are areas where a bank’s brand is a benefit when fending off competition from new entrants that are still building their reputation. The shift toward open banking means your marketing messages need to emphasize both consumer empowerment and institutional trust by showcasing how your leaders and operations work together to enable a secure, seamless data-sharing experience.

Open banking is an opportunity to establish your institution as a trusted partner that prioritizes data security, transparency and customer empowerment. This trust will be crucial as customers make decisions on where to bank and which financial platforms to use.

When financial institutions are out in the marketplace, they will have to be consistent and trustworthy when delivering the customer experience, a key metric for CMOs to follow and relay back to the other C-suite executives. And when something goes wrong, protocols must be in place to bolster customer trust that the bank is prioritizing their needs and reassuring them their data is safe and secure.

We’ve touched on business models, data architecture and trust related to open banking. It should be clear that no one executive can drive open banking success. To take advantage of implementing rule 1033, we believe banks should name a C-suite executive to lead this multi-departmental effort. That executive could be the Chief Risk Officer (CRO), Chief Data Officer (CDO) or another leader. But it is important that the project be embedded in the business lines which will drive the project and allocate budget toward implementation and ongoing maintenance and upgrades. Leaving implementation to the IT or data departments alone can be strategically shortsighted.

To successfully implement rule 1033, we believe all the executives involved should change the meaning of the letter C in their title from “Chief” to “Customer”. The highest goal of these “Customer”-suite executives will be making sure that compliance is aligned across all areas, from operational excellence to risk management, but all centered in the customer. (See the accompanying graphic for the responsibilities each officer during and after implementation.) A guiding question for the “Customer”-suite during rule 1033 implementation will be, “Why would a customer want to do business with us rather than another firm?”

A tightly knit executive team is essential because the institution’s attractiveness to consumers rests on four interrelated attributes: brand loyalty, reputation, trust and, most importantly, creating value for customers. After all, open banking is another step in the unbundling of financial products that allows consumers to choose to work with many firms to find the appropriate fit.

In the age of open banking, every bank leader will be held responsible for consumer trust in their institution because it will take coordination across the “Customer”-suite to consistently reinforce your brand’s unique reputation and deliver the value that was promised.

Key questions executives should be asking about their role and organization before, during and after implementation of rule 1033

With contributions from Steve Norman, Megan Skaggs, Colleen Graham, Meredith Strokes and Abraham Tachjian.