Open Banking undoubtedly going to change the way banking services are consumed through better collaboration between banking / financial institutions and Fintechs/Startups. Banks across the globe have worked on or have initiated work to open up its banking services through APIs and building new delivery models with Fintechs. The same story goes in India, also where leading banks are working on Open Platforms.
To build a scalable and sustainable business model on Open Banking, it is very critical to embed a robust risk management framework as an overall program else; it has all possibilities to derail your growth in such a competitive landscape.
Risk Management framework for Open Banking needs to be holistic and covers all crucial components such as
1. Cyber Security: This becomes more critical when you are talking about Open APIs over the internet and building an integrated platform to consume & deliver banking services.
2. Regulatory Compliance: Though banking services will be opened up for consumption by third parties to achieve through their platform, underlying responsibilities to ensure compliance will remain with Bank, be it for KYC for customer acquisition, or anti-money laundering for financial transactions.
3. Data Privacy: In addition to cybersecurity, open APIs talk about data exchange between two parties, then ensuring the protection of data shared between parties is protected. Robust consent management framework with regulatory guidelines is essential to build an open banking platform
4. Contract Management: Risk management framework needs to look at better contract management between parties holistically, not only at partner -services level but also API level of contract too.
5. Product Management: Open banking will throw innovation wide open to allow banks & Fintechs to experiment with productization. For example, Payday was innovative lending product. So, it is also vital to build a robust procedural framework to allow innovation at the product level while continuing to ensure compliance with internal product guidelines.
Let’s look at some of the prevalent risks which could emerge out of setting up Open Banking program, and adequate controls have not been put in place
– Transaction breakdown due to infrastructure failures or latency impact:
o Risk Mitigation- Build High level of redundancy at each API level
– Customer Service issues for both Bank owned customers as well as partner onboarded customers
o Risk Mitigation- Put in Integrated customer service management tool
– Information Security risks which could be related to authentication, compromise of partner/bank/platform
o Risk Mitigation- Build Information security controls such as regular security assessment, Secure applications
– Fraudulent transactions
o Risk Mitigation: AI/ML-based Integrated Fraud Management solution
– Financial risks related to reconciliation, income realization
o Risk Mitigation: Put in Strong reconciliation system
The list could go on. So, it is crucial to build a framework to
– Assess Risks across segments
– Review all products, processes, technology and partner programs
– Build Control requirements at the API level, Integration layer
– Build operating procedures for compliance monitoring, reconciliation, audit
– Regular monitoring & reviews of product & service performance
Head of Consulting, The Digital Fifth