Ultimate Guides > The Ultimate Guide to Open Banking

White Paper

The Ultimate Guide to Open Banking

Looking for a quick way to understand open banking? You’ve come to the right place. In this guide we define open banking, address the benefits that come with it, show why it matters now, explore how it can be rolled out across nations and institutions, and list principles for you to follow along the way. We also show how MX can be a partner and guide as you integrate open banking where you work.

This guidance will become increasingly critical as data literacy becomes more valuable. We believe that just as digital literacy was a critical banking skill in the late 1990s and early 2000s, data literacy will be essential in the 2020s and beyond. To amplify your career in financial services, we advise that you learn all you can about using data effectively. Knowing the essentials of open banking is a great place to start.

More than anything, open banking represents a way to shift from just selling to customers to truly helping them and advocating for them. This is increasingly essential in a world where consumers have more choices in financial services than ever before.

Introduction: Open Banking as Data Sharing

If you’ve heard of open banking, you know it can mean a lot of things to a lot of people. For some, open banking refers to direct payments; for others it refers to direct transactions with third parties.

In this piece, we’ll primarily focus on open banking as data sharing — the ability for people to give consent to share their financial data (including transaction data, investment data, credit data, and more) with third parties of their choice. Other names for this are open finance and consumer-permissioned data sharing.

In the past, data sharing was done solely via screen scraping, which is a process whereby a person inputs their username and password so a third-party aggregator can scrape that information off a webpage for use elsewhere. It’s a process that has been around for more than 20 years and is used by financial advisors, tax advisors, mortgage underwriters, payment servicers, personal finance apps, and point-of-sale services.

Although screen scraping serves a legitimate purpose and hundreds of millions of account connections currently rely on it, the process has been limited by concerns over five key issues:

  1. Lack of Comprehensive Oversight. Regulatory rules differ from country to country, and there are widespread disagreements between agencies even within countries. For instance, in the United States a range of regulators — from the FDIC to the SEC to the CFPB — have a say in how regulations play out, making comprehensive oversight difficult.
  2. Unnecessary Risk. Data sharing carries risk, as evidenced by certain data breaches in tangential industries. Some companies don’t have enough safeguards in place to prevent fraud and data breaches.
  3. Sharing Credentials. While there are trusted and secure aggregators in the industry, sharing credentials can carry risks. Whenever usernames and passwords are shared, there’s a chance of hacking and theft. It can also be very difficult to trace where credentials end up, potentially putting the customer’s information in peril.
  4. Lack of Traceability. It’s difficult to control whether the intermediary in screen scraping keeps accessing customer data after logging in — especially if the intermediary has a profit motive and sells customer data to other firms (a practice that has at times resulted in data breaches).
  5. Impact on Technical Platforms. Because of the points mentioned above, financial institutions sometimes don’t have sufficient control over technical platform issues. In such cases it’s possible for consumer credentials to be used over and over again, which creates a huge technical burden for financial institutions when bots repeatedly ping a set their servers.

In contrast to screen scraping, the industry is now moving toward sharing data via APIs, which gives greater data parity and control to customers.

As the industry makes this transition, there is still a need for screen scraping — particularly because in many cases there are certain data fields that financial institutions refuse to release and because of the time and money required to set up APIs. This means that as the industry transitions to APIs, regulators will have to revisit liability issues so financial institutions don’t have to bear the responsibility for data breaches in all instances, especially when the breach is caused by a third party. Data parity, customer control, and liability — it’s all part of the conversation about what’s in the best interest of customers and financial institutions.

This brings us to open banking.

What Is Open Banking and Why Is It Important?

Open banking is the structured sharing of data via APIs between financial service providers, based on the needs of and consent by their mutual customers. With consent, consumers and business clients can affirmatively grant access to a trusted third-party provider of their choice.

Think of open banking as a new paradigm that benefits individuals, financial institutions, fintech companies, and nations.

Benefits for Individuals

To understand the benefits of open banking for individuals, think of your own financial life. You likely have a couple of credit cards, a primary and secondary financial institution, insurance products, retirement accounts, and more. There’s a lot going on. Open banking and open finance enable you to enjoy a single view across your accounts and even make direct payments from these accounts.

Open banking also lets you choose services from a wide competitive set and access new financial products. You can link bank accounts to loyalty programs, share data with accountants and advisors, and even speed up the loan process by automatically and safely transferring data into application forms.

More than anything, open banking puts the power in the hands of financial services companies and their customers.

If you're looking for an analogy, look to something like Amazon or LinkedIn where you can connect your account to multiple third-party businesses. That’s the vision of open banking.

Benefits for Financial Institutions and Fintech Companies

Open banking also brings enormous benefits for financial institutions and fintech companies. To start, many people mistakenly believe that data sharing for open banking is mono-directional — that it merely consists of financial institutions giving away all their data. However, in reality customer-permissioned data sharing is bi-directional, meaning that financial institutions and fintech companies also receive data from the sources they connect with via API. This sets them up to use that data in creative ways to best serve their customers.

Open banking also provides insights into held-away accounts, allows customers more control over what information goes into the ecosystem, enables an omnichannel experience by making it easy to share data across silos, aggregates data to provide a holistic view of customers’ financial lives, implements a more unified approach to digital identity management, and reduces data resale and data exhaust issues. Taken together, these benefits pave the way for financial institutions and fintech companies to thrive in the future of banking.

The single biggest benefit of open banking for financial institutions and fintech companies might be the added security in the form of tokens, consent and privacy, and transparency.


Open banking brings a higher level of security because it replaces sharing credentials (including username and password) with anonymized, single-use digital tokens. This means that bad actors can’t access the personal information of end users during a transaction. Tokens de-identify user data, greatly increasing the chances that personal data will not be subject to risk.

Compare sharing credentials with using tokens via open banking. With tokens, bad actors can’t access user’s personal information.

Consent and Privacy

With open banking, all customers have to give consent and permissions before their data is shared. These permissions are set on a case-by-case basis by the customer, so each customer is empowered to choose what they do and don’t want people to see. For example, if you’re setting up a budgeting app, you can grant permission for a particular set of data that allows you to get to your goals rather than share all of your data out in the world.

We at MX believe that there is room for increased disclosures around consent, and we also believe the industry could even go a step further and disclose intent as well. If someone has consented to have their data accessed for a new budgeting app, they should also know what the company intends to do with that data.


Transparency is fundamental to open banking. Customers know which companies have access to their data and which companies don’t. If they don’t give permission for a particular company to access it, that company can’t access it — and certainly cannot sell it. In short, open banking is an open ecosystem. The customer sees all of the data that goes in and out.

Open banking can also require third parties to register their use case for their fintech business, as happens in the UK. Each business must go through a governance process to get registered as an authorized third party. We don't have any such thing in North America right now, but it’s being worked on with industry groups such as the Financial Data Exchange.

Benefits for Nations

In addition to enjoying the benefits of individual flexibility and added security, open banking brings innovation at the national level. As nations roll out open banking and as consumers share their data with companies they choose to share that data with, savings rates, deposit rates, loan rates will increase. After all, if a lender is able to see a 360-degree view of a user’s financial life, the lender’s algorithm will more confidently be able to pinpoint whether that user is credit worthy. Those who deserve credit will get it. Those who don’t, won’t. In light of this, default rates will decline and healthy lending will go up, making the entire financial system across the nation a better oiled machine. As this success feeds into itself — coupled with citizens who have a better sense of their personal finances — nations that leverage open banking will have the advantage in innovation and collaboration over those that don’t.

Win-Win Outcomes of Open Banking

For Customers:

  • Increased privacy, security, and controls through permissioned sharing
  • Streamlined processes such as loan applications
  • Increased ability to assess competitive offers

For Institutions:

  • Reduced risk through increasing security and privacy
  • Increased ability to engage with hyper-targeted advice and offers
  • Amplified value-add services to engage and retain customers

For Fintechs:

  • Improved engagement models with non-personally identifiable data
  • Increased opportunities for data services
  • Better availability for predictable data

For Nations:

  • Stronger financial health for citizens
  • More efficient lending, based on a 360-degree view of account holders’ lives
  • Increased innovation as banks and fintechs find new ways to use data

Why Now? An Inflection Point in Banking

The digital revolution has changed the way financial institutions engage with their customers, putting the industry at an inflection point of increased competition and increased opportunities to engage with customers. Open banking augments this inflection point on both of these fronts by making it easier for consumers to choose the services they want most — an essential move in an era where customers no longer stay at a financial institution for loyalty alone.

What this means is that the customer is increasingly the center of the financial services ecosystem — having the ability to pick and choose the combination of services they personally want most.

How Do the Other Players in the Ecosystem Fit In?

Online banking providers, which have traditionally worked with financial institutions to manage the flow of customer data, will continue to have a large role as data storehouses among other things.

Industry working groups, such as FinancialDataExchange.org and FDATA.global, have been and will continue to be the most active in terms of moving both interoperability forward from the FDX perspective as well as policy discussions forward from a financial data perspective. These industry working groups were created because federal and state government regulators in the US have said they want the industry to come up with industry-led solutions. These industry working groups are taking a lot of the heavy load that in other countries has been born by government groups, which means that smaller institutions in particular must get involved if they want to remain relevant.

Consumer advocacy organizations are split on this topic. Some consumer organizations are very much onboard with the idea that customers should own their data. Others believe that privacy will become the right of the rich only. So there is still a lot of education and advocacy that needs to happen on behalf of consumers around this specific issue.

To summarize, the financial services ecosystem under open banking is complicated, with a lot of parties involved. More than anything, we believe that the more voices at the table, especially through the industry working groups and advocacy organizations, the better.

Learnings From Around the World

So, now that we’ve looked at the benefits of open banking and the general ecosystem, what’s the best way for countries to roll out open banking?

Here are seven best practices that will work regardless of whether the country takes a centralized, government-led approach (like Australia and the UK) or whether the country takes a decentralized, industry-led approach (like the US).

    1. Implement customer data rights. As we’ve shown above, many countries have taken many different approaches to get started from ground zero with open banking, but most have started with consumer data rights. They’ve generally started by rolling out these rights first in financial services and then rolling them out to energy and telecommunications and other industries.
    2. Ensure the customer can give and revoke consent. If a customer can give consent by agreeing to share their data, they should also be able to revoke that consent, which is a much bigger sort of technical and policy level discussion than just being able to grant consent. This idea of giving and taking away consent is something that should be baked into the process early and often.
    3. Consider liability. At the moment, financial institutions bear the brunt of a lot of liability for downstream risk. The US is working through how this risk is shared through the ecosystem via bilateral bilateral agreements, while in other countries there have been clear guidelines on how liability works. More than anything, liability is still very much an open conversation.
    4. Put in place a regulatory framework. Finding a regulatory framework is complicated in the United States, given that there are so many different regulatory bodies that open banking could potentially sit under. By contrast, it’s immediately clear in other countries such as Canada where this responsibility falls. In any case, the regulatory framework must address things like access, liability, government governance and the core issues that everyone can then follow rather than trying to figure things out on an agreement-by-agreement or institution-by-institution basis.
    5. Discuss technology specifications. How can data be shared between institutions? How can data be shared with fintechs? These tech specifications around interoperability are critically important — though it’s essential that these considerations come after the first four steps listed above. After all, by letting tech specifications drive the conversation in the US, the other pieces of the solution have taken a lot longer to catch up.
    6. Set up an implementation capability that considers governance and funding. By establishing broad rules for governance, we can avoid governing on an institution-by-institution basis. In the US, this requires creating a funding model for such governance, which currently doesn’t exist. Institutions are setting up APIs and creating agreements because it’s the right thing to do for customers and because they can reduce the technical load while increasing privacy and security, but the funding model hasn't yet been made clear across the industry.
    7. Explore the implementation journey and monitor success. It’s a lot of work for each institution to take on the transition to open banking. How do we share best practices? How do we monitor success over time? How do we ensure that the data that was accessible through scraping is accessible through APIs? These are all questions that must be answered and monitored in the implementation journey.

In addition to these seven best practices, countries should also plan for ongoing engagement with consumers and regulators. It would be ideal, on this front, to implement some level of global interoperability and standards so there are consistent rules on how data is shared, how consent is given, and how countries implement governance and reporting.

How to Get Started at Your Institution

Of course, you don’t have to wait around for government agencies and industry working groups to get started with opening banking where you work. Many institutions (a few of which we look at below) have already gotten started.

If you want to be an advocate for open banking and data sharing within your organization, you should know that there’s already a lot of activity going on in the marketplace. Many of the largest financial institutions are jumping in early and granting access via APIs, so if you haven’t moved already, you’ll likely be a fast follower rather than a leader in the industry. And yet it’s better to start now instead of later, especially because people are already overwhelmingly choosing digital channels over traditional channels (indicating consumer demand to optimize digital channels). APIs and data sharing must be a strategic imperative, not a regulatory check box.

Highlight: BBVA Open Platform

BBVA Open Platform offers APIs that help financial services companies verify identification, move money, originate accounts, issue cards, receive notifications, and more. For instance, if a fintech company is looking for a simple way to identify the customers they add to their platform, they can connect with the BBVA Open Platform API, which searches public and private databases, social media posts, watch lists, and sanctions — all in one API call. In this way, fintech companies don’t have to build this process from scratch. Companies such as Digit, Xero, and Wise are already making use of BBVA Open Platform. While BBVA hasn't yet fully embraced data sharing in the sense we’ve been talking about in this guide, they are setting the stage for big moves in open banking.

To get a competitive edge, it's best to play offense. This means that successfully implementing open banking is not just about focusing only data leaving your organization. It's also about using your customers’ incoming data to actively provide better insights. After all, you can’t give the right advice if you only have access to your customers’ held accounts. You also need to see held-away accounts. Data aggregation and open banking enables you to have a better view of your customers.

The Journey to Open Banking

Let’s explore what this journey looks like for financial institutions through the lens of the MX mission to empower the world to be financially strong.

To start, note that financial strength is not financial literacy. It's not about checking boxes to offer the “right” financial products to your customers. Financial strength is about giving customers the option to withstand financial hardships and take more risks. For many people this means moving from living paycheck to paycheck to saving, investing, and eventually even reaching the Holy Grail of living off of interest and returns.

Highlight: Citi

Citi’s Developer Hub enables developers from various digital companies to connect to Citi via API. Notably, Intuit uses this connection to authorize data sharing with Quickbooks and Mint, Quantas uses it for their credit card offerings, and SingSaver uses it for instant account verification with Citi cards. The offerings in the developer hub vary by country, but Citi allows account aggregation, access to transaction data, authorization, and reward information in many places. By creating this developer hub, Citi is positioning itself for flexibility and stronger connections for their customers who use third-party apps, resulting in customer satisfaction and retention.

Financial strength plays out differently depending on the individual, but at the end of the day, the tools that people need to get there are really not that significantly different. They want to know information such as, “Am I on track?” or “Am I meeting my goals?” or “What does my cashflow look like?”

So how do you, as someone in financial services, help customers on this front?

First, you need clean data. It's impossible to empower people to be financially strong if data isn't cleansed, categorized, classified — or if it’s living in silos across different business units. Regardless of what you want to do to empower your customers, you won’t get far without first creating a foundation of clean data.

Second, you need to create a couple of key programs with the perspective of both the financial institution and the individual in mind. In the past, you may have done what many companies in financial services have done, which is to try to drive up sales and revenue by telling customers what you think they need. But with open banking and (clean) data sharing, you have the ability to present personalized information and tools to help customers change their behavior. This way you’re not telling customers what you think they need. You know what they need.

For instance, you might create a hyper-personalized offer for a savings account or a credit card or home loan with a better rate than the one they have because you can see you offer a better product than the one they have. This represents a huge opportunity to provide contextual advice and present tools that can help people change their behavior.

It’s something that customers are hungry for. In fact, we found that 77% of customers said they would value such a feature.

In addition, consumers expressed interest in having the ability to see all their recurring subscriptions at a glance, with 79% saying they would value such a feature — a feature that’s possible by making use of the data available via open banking initiatives.

You might also minimize risky behavior such as predatory lending. With open banking and clean data, you can use algorithms to scan transaction-level data, searching for patterns and outflows that indicate whether someone is paying down a high interest loan. Once you’ve flagged these instances, you can educate the customer, present them a lower interest debt consolidation loan, and then follow up with guidance on how to avoid any sort of future debt pitfalls.

In other words, you’re not just blasting your entire customer base with a message that you offer an 8% debt consolidation loan. Anybody can do that. Instead, you’re reaching out with empathy and a timely message around the true cost of high interest lenders. This way you deepen the relationship and show that you value each customer's business.

In this same vein, you can help customers redirect spending into investing accounts to change long-term outcomes. For example, you might track a customer’s progress toward a savings goals, showing them ways to save money by the end of the month for their upcoming trip by adjusting their habits.

Highlight: Capital One’s DevExchange

Capital One launched DevExchange with the motto, “Use our stuff to build your stuff.” Like BBVA, they offer the ability to verify identity and move money via API calls. They also let third parties connect customers with a view of their Capital One accounts and transactions via tokens rather than credentials. In addition, they give third parties the ability to create accounts with Capital One directly within these third-party products. Use cases include integrating wedding registries with a Capital One account and opening a savings account directly within a money management app.

When you start to roll out these projects, you might get confronted about ROI. Someone might ask, “What is the business case for this?” or “What are the business objectives?”

The truth is that your customers are demanding these solutions. When we asked customers if they wanted their financial institution to tell them if they could give them a better deal on a financial product than what they currently have, 94% of them said yes. They’re looking for you to put their data to use in ways that benefit them.

The ROI from these initiatives comes in three ways.

First, and most importantly, you build trust and long-term loyalty with your customers, setting you up for success through the coming decade and beyond.

Second, you best position yourself to sell your products to the right person at the right time. No more mass blasting shiny mailers to your entire customer base.

Third, you put more money in the accounts of your customers and thereby increase deposits. Take the ROI on things like a predatory loan reduction program, for instance.

When you successfully implement a plan like this, you’re immediately decreasing outflows so people are holding onto more of their income and increasing your loan portfolio in the process. On this note, if you could pick just one metric, you might ensure that every one of your customers has $400 in an emergency savings account by the end of the year.

As we wrap up, consider these four steps to implement this shift in your approach to your customers:

  1. Start with clean data. Make sure that you know essential information about your customers, including who they are and what they need based on a 360-degree view of their finances.
  2. Get tools that help your customers succeed. It’s not enough to gather data. You also have to be able to put that data to use and help your customers.
  3. Create a culture of customer obsession. Many companies say they’re customer obsessed, but how many have leaders who are specifically tasked with advocating for their customers? How many have built a culture of obsession from top to bottom?
  4. Build systems that deliver on data-driven customer obsession. To do this, analyze your technology infrastructure and see if it mirrors a data mindset. Build a plan that can actually bring programs to life that can improve the outcomes of your customers.

The end goal of open banking should not be to check regulatory boxes, or control data ownership – but to take advantage of the new landscape and truly engage customers with new waves of data-driven innovation along the lines of how Lyft reimagined transportation or how Amazon reimagined shopping. You could be a small credit union that figures out completely new ways to capture market share from the big banks. Or you could be a big bank that finds markets that financial services haven’t yet tapped into. It’s not often that the financial services industry gets an opportunity to reinvent customer engagement, but that’s what open banking means. If you can change the conversation from only selling products to identifying and meeting needs in new ways, you’ll enjoy a huge differentiator in the competitive landscape.

MX and Data

At MX, we uphold 9 principles around data sharing on the basis of customer ownership:

  1. Portability. Regardless of where a customer has their money and data, if they choose to change, they should be able to take data with them.
  2. Intent. Beyond just giving consent, people should be clear about the intent and implications of data sharing. Fintechs and financial institutions must therefore disclose their intent when collecting data.
  3. No resale. Personal data should not be resold without the express approval of the data owner. People should be able to access a list of companies to whom their data has been sold or shared.
  4. Real-time. Critical decisions are being made based on data in real-time. Institutions need to commit to real-time accessibility at industry standard up-times.
  5. Compliant. When people share data, they should be advised if the ecosystem they are sharing into is compliant with existing and next generation regulation (e.g., GDPR, FCRA), Institutions should have governance in place to fix bad actors.
  6. A la carte. People should be able to share the data points that they believe are important — not a prescribed list of attributes.
  7. Private. Personal data is personal. Personally identifiable information should not be shared with 3rd or 4th parties, and systems should be in place to delete or revoke access. Until token usage is widespread, credentials should be handled with the highest security protocols.
  8. Secure. Financial institutions and fintech companies must commit that their data is secure, in easily understandable language, with clear implications for breaches.
  9. Governance and remedy. The ecosystem must agree on reporting, oversight, and actions for bad actors.

Above all, MX believes that the world is moving toward giving customers full control over their data, which is good for the customer and good for financial institutions. In fact, FDATA has declared, “The first step towards an open finance ecosystem must be the assertion by policymakers of a consumer’s financial data right – the legally binding notion that the end user – not the financial institution – is empowered with control over their own financial data.” The CFPB adds that their bureau “advocates strongly for consumer control of the consumer’s data and transparency.” This is the direction the industry is headed, and we believe this is an essential component of making finances as they should be and empowering the world to be financially strong.