Like many ideas to emerge in the digital era, open banking has its boosters and its skeptics. By enabling third parties to link to a financial institution, open platforms can spur the development of new applications built around banking data. But for many banks, the worry is that this will unleash opportunities for new competitors and even threaten customer relationships. Why should a customer go to a bank’s site, the argument goes, when a third-party aggregator can pull all of the customer’s accounts, from all of his financial providers, and display them in one central place?
Fueling the debate are emerging regulations—in particular, Europe’s Payment Services Directive 2 (PSD2), which requires banks to provide third-party access by 2018. Like it or not, the platforms will be open.
One bank that does like it is Italy’s Banca Sella. It’s been a longtime advocate—and practitioner—of open platforms, and it sees the model as an opportunity to better serve existing customers and to attract new ones. In an interview with BCG’s Filippo Scognamiglio, Banca Sella Group’s CEO, Pietro Sella, discusses the potential, the challenges, and the changes that open banking brings and how banks can make the model work to their advantage.
At a Glance
Born in Biella, Italy
Year Born: 1968
Master’s degree in business engineering, Politecnico di Milano (Polytechnic University of Milan)
2004 to present, CEO of Banca Sella Group
2002 to 2004, CEO of Banca Sella
1999 to 2002: Head of internet division at Banca Sella (launched the bank’s e-commerce, online-banking, and online-brokerage services)
Chairman, Pri.Banks (Association of Italian Private Banks)
Chairman, Endeavor Italy
Banca Sella has been increasingly focusing on digital in recent years. What’s the company’s strategy with respect to creating competitive advantage through technology and, more specifically, through open platforms?
We’ve always looked to be a first mover in adopting new technology because it’s a means to serve the customer better and, in turn, a basis for competitive advantage. We were the first bank in the country to have a real-time connection between branches, back in the 1970s. In the 1990s, when the internet arrived, we saw new customer needs; to meet them, we created new businesses. Today we are a national leader in payment platforms, with more than 40% of merchants using our technology. But we also made the decision, in 1999, to switch from our legacy IT architecture to an open-platform architecture. I consider open platforms a necessity. They facilitate technological development, as customers don’t just connect to the platform but can contribute to it. In effect, the needs of the customer are solved mainly by the customer itself. It’s now roughly 19 years that we have been serving customers this way with a lot of server-to-server connections. But this is still the early stage. With a wider library of APIs, you can create not only a payment gateway but a banking gateway, enabling customers to interact directly with the bank and a whole array of services.
You mentioned merchant connections as a use case that you are pursuing today. But looking broadly at open banking, where do you see the major use cases going forward? Where do you expect to find the traction, the growth, for open platforms?
I would say that the main driver for open banking is the sharing economy. All of the business models based on some kind of crowd contribution or distribution of services—from crowdfunding to B2B2C to the digitalization of the supply chain—require a new way of connecting to financial and banking services. You need many-to-many connections; you need new kinds of payments. For the past ten years, traditional e-commerce has been the major driver for fintech solutions. But that’s changing. Now you need solutions that work for the sharing economy.
Cybersecurity is increasingly a topic of focus, for both regulators and bank executives. What has been your approach to ensuring that data security in an open environment has the same high standards that have historically applied to closed systems?
Hackers are usually good enough to hide behind any kind of connection, so the kind of cybersecurity protection we had in place before, such as fraud protection and anti-intrusion solutions, works very well no matter if a transaction is coming from an API or from a browser or mobile application. Where an open platform does introduce new risk, however, is in the software the customer uses to connect to the API. We do some education with the customer, and we have a checklist that gives us some control so that they don’t make big mistakes in using the software. But in the end, you cannot fully control the customer’s solution. So, we added a layer of protection on our own end. We adopted a new kind of fraud protection to understand when a transaction is fake or unintended or stands out from previous transactions. One thing to keep in mind is that when you have an individual connecting from a mobile app or laptop, he could be doing something different each session, so it is not so easy to tell what is fake or unintended. But transactions coming via an API tend to be much more regular in nature, so it’s easier to spot strange things.
And your approach to compliance? This is an area where a lot of regulation is just getting off the ground—if even that.
On the compliance side, our approach is to be as strict as possible. That means to follow regulation but it also means that when regulation is not clear, to not take advantage of an unregulated environment. The risks in banking are the same no matter what channel the transactions come to us through, so we must manage those risks. For open banking, the regulations are not yet so clear. But in Europe, we have PSD2 as a reference. The EU directive will introduce this kind of connection next year, but all the work behind its adoption has been in place for five or six years. Our approach is to always look at what regulators are thinking about adopting and to act in compliance with those technical standards—even before they are formally in place.
What process, if any, do you go through before you allow a customer or third party to work with you on these open platforms?
At this particular stage, we don’t have a completely open, straight-through approach. We always meet with customers and talk with them about the use they have in mind, the final result they intend. The approach is to listen to them, know them, and try to work together to get the solution working—and working well.
Do you expect to go to a fully self-service solution in the future?
Yes, absolutely yes. I really believe that we have to do that. If the transaction is simple and you have a good know-your-customer policy and good security, then connecting should be simple. In the case of a complex solution, we will probably continue in the same way as now.
You mentioned PSD2 and the evolving regulatory environment in Europe. How do you view the PSD2 regulation? Is it a threat? A cost? An opportunity? A mix of these things?
It depends on your ability to adapt to it in a productive way. Certainly it is a cost. Certainly it is a threat. I consider it first and foremost an opportunity. There are aspects of PSD2, such as instant payments and API regulation, that enable so many new business models. So that certainly is an opportunity. On the other hand, by giving third parties permission to connect to banks, PSD2 means that if you don’t adopt very good solutions, very good architecture—if you remain bureaucratically complex and so on—you run the risk that others will take over the customer relationship. The threat is that third parties will offer much better service and add all the value, leaving banks in the background as merely the transaction provider. One thing is certain: PSD2 will be a new and amazing environment in which to compete.
In the US, there is a big debate raging with regard to account aggregators; in particular, their role vis-à-vis the big banks. What are your thoughts about the companies that perform this kind of service? Do you see them as partners, competitors, or something else? How do you expect to interact with them?
They are competitors, certainly. But they are partners, too, because there are so many new use cases or solutions that a bank cannot tackle or is not interested in tackling. So while there is a bit of danger that you can be substituted in the customer relationship, there are also business spaces where third parties may fit better than banks, and if you work well with them you could see new kinds of transactions and benefit from that. So, our approach is to compete but not to be completely against them, because we can create some win-win solutions.
Open banking is an area that will affect all types of banks: smaller and larger players as well as midsize institutions like Banca Sella. Do you see different kinds of banks as having different advantages—or challenges—in this space?
A simplistic answer would go like this: If you are small, you are quicker. You listen better to the customer. You don’t have legacy IT behind you. You can more easily solve customer problems. And if you are big, you have the competencies to manage a big platform. You have the capital to create something very strong and solid. Yet while the category you fit into—small, large, or medium—is a competitive factor, it is not the most important one. What really matters is your strategy, your ability to manage technology, and your ability to organize in order to meet customer needs. If you are a medium-size bank that has technology, it is a perfect moment. You may not be so prepared to scale up, but you don’t have the complexity, the organizational and regulatory problems, or the legacy IT systems that slow down the bigger banks and make them less able to meet customer needs. So I believe that medium banks, if they operate wisely, could do very well.
Are there specific areas where the industry—the collective aggregate of small, medium, and large banks—should cooperate when it comes to open platforms?
Yes, there are many, but let me do a parallel with the telecommunications industry. Think about WhatsApp and similar services. When they took control of the contact list on smartphones, they took the entire SMS market from the telcos. The mistake the telcos made was to not move forward in a legacy area; to not create the synergies that are possible when everyone has the same kind of platform or solution. Banks could cooperate in order to save costs in areas where there is no longer competitive advantage and to create platforms that let them compete in new areas and capture new customers.
How is product development in the open-banking space different—if, indeed, it is different—from traditional digital product development?
There are two main differences. First, in the open environment it’s not only your employees who put their hands on the solution. Now there are external people, too. Second, there are higher expectations when it comes to software delivery speed. You need to organize your development environment so that you can be quick and can have a huge contribution from your customer or from the community. Our approach was to create a fintech accelerator where we can do rapid prototyping with our customers via agile methodologies. When the solution requires a deep modification to the core banking system, we are obliged to adopt a waterfall approach, but this doesn’t happen so frequently. In effect, we created a sandbox in which we do prototyping, and when the prototyping is good, we put it into production. The process typically takes one month for an evolution to an existing service and three months for a new service. If we go back to waterfall development, it takes maybe six or nine months, but again, that’s quite rare.
Let’s talk about the infrastructure you put in place to actually manage this whole open architecture. What API do you use to connect with your partners, and with the world, if you go more broadly? It is something you built yourself, or are you working with a more or less off-the-shelf solution?
We bought a product from Axway and used that to create our environment. Our group has quite a large engineer community, part of which is based in India. We had a training period for our technicians so that they were able to use it. By doing it this way, we had a shorter time to market. We aim to nurture our competitive edge and go beyond the achievement of being the first Italian bank to expose its own APIs. Our vision is to build a fintech API platform that hosts Banca Sella APIs as well as third-party solutions.
You’ve talked about Banca Sella’s strategy in this space and how the company will work with its partners, its clients, and its peers. But how will you measure success?
In the long run, technology brings value via augmented, high-quality customer relationships. With new kinds of transactions emerging, I would look at how many of these transactions we are able to manage, at the market share we will have. That will represent my success.
Finally, let’s fast forward five or ten years and imagine that you’ve increased your revenue by a billion dollars through some combination of open-platform use cases. Where would that revenue come from? What kind of clients? What kind of services? Where do you see the money in all of this?
When e-commerce started, we had an idea of the kind of customer and the kind of transaction that would create value—and it turned out to be completely different from what actually proved the case. My view is that it’s better not to make those kind of predictions because not doing so leaves you more able to listen and to follow new trends. That said, I do think that the Internet of Things, the sharing economy, and fintech will be driving new transactions, new needs, and new ways of serving customers—and will, as a result, help drive our mission.
Thank you, Pietro. That covers all of the questions we had for you, but is there anything you would like to add?
Yes, there is one thing. In theory, you can now meet many financial and banking needs without a bank. But banks should have a big competitive advantage based on their ability to manage risks, compliance, and customer needs. We must leverage that advantage in this new kind of environment. This is really a disruptive moment. And what you do now could determine whether you have a future or not.