Secure Data Access is the Key to an Open Finance Ecosystem

Financial institutions and fintechs are looking to Open Banking, and more broadly — Open Finance, to drive new value for both consumers and businesses. A new report from Aite-Novarica group, Open Banking, Open Finance, Open Economy: The New Identity of Finance, dives deep into the regulations, use cases, and challenges of an open ecosystem. 

While Open Banking is focused on sharing banking data, Open Finance extends the scope to all financial data. And, according to Aite-Novarica, an Open Economy is the end state where all data is shared among financial institutions and other companies, such as utility providers, big tech, and even, social media. It’s essentially the Internet of Things for finance — connecting all financial data across the ecosystem. 

The key to building an open ecosystem is enabling secure data access. While U.S. regulations are still forthcoming around consumer data rights, the report outlines several points that all financial institutions and fintechs should consider: 

Consumers own the rights to their data

An open ecosystem must operate on the basis that consumers own the rights to their financial and nonfinancial data. FIs and fintech firms operate “on behalf of” consumers requesting services.

Consumer consent is paramount

Today’s screen scraping approach to the majority of financial data doesn’t allow for consumers to give permission or manage consent for their data. In an open ecosystem, consumers must provide explicit consent for their data to be shared or accessed. The process should also be frictionless for consumers to give and withdraw consent. 

Consumer identity and access management needs to be strong

Financial providers should invest in consumer identity and verification solutions as a strategic business capability. Modern identity management solutions are vital for open ecosystems, but they appear lacking: The challenge is to enable a secure, convenient, and trustworthy open environment for customers.

Third-party access needs to be transparent and secure

Third-party providers must securely identify themselves to data providers (e.g., FIs) to prevent data access from malicious entities. And, third-party access, whether via API or other mechanisms, should be enabled only over secure (encrypted) channels to protect customer data exchange from unauthorized disclosure.