Application security, Compliance Management

Security and compliance concerns limit ‘open finance’ expansion, say executives

Cash is displayed on Aug. 29, 2017, in San Anselmo, Calif. (Photo Illustration by Justin Sullivan/Getty Images)

The popular drive to embrace application-based financial services is most hindered by security risk concerns, according to a recent study by an identity management company.

While 7 out of 10 financial executive respondents to a recent survey said they plan to adopt “open banking” strategies within the next 18 months, more than 3 out of 5 (61%) financial executives admitted that compliance and security risk concerns were holding back their progress, according to research from Curity, an API identity management platform, released last week. A skills and knowledge shortage (51%) and “changing business priorities” (45%) also factored heavily into financial firms’ reticence to launch or expand open banking initiatives.

Jacob Ideskog, chief technology officer of Curity, pointed out that as technology evolves, “so do the regulations associated with its development and implementation. It’s understandable that there is a hesitancy to adopt open banking when regulations are becoming stricter and rules are continuing to be updated and changed.”

That said, the survey found that nearly half (43%) of financial firms interviewed for the report "Facilitating the Future of Open Finance" have already launched some kind of application-based “open” banking options, per Curity.

Given the fast pace of change in financial compliance, “an investment made in 2019 may not satisfy in 2022,” said Ideskog. More than 3 out of 5 (62%) of the Curity survey respondents said outdated or incompatible systems led them to admit that they’re worried their systems will not “support data sharing in a way that meets the regulatory or consumer protection requirements.”

Emerging privacy compliance presents concerns, as well.

“Privacy regulations such as GDPR, CCPA and the like are the most prominent concerns,” Ideskog said. “It’s hard to ensure compliance in large systems and the thought of exposing more data is simply introducing more risk than many are comfortable with.”

These findings coincide with the fourth anniversary of the launch of PSD2, which made Open Banking a regulatory requirement in the UK. The Curity study surveyed more than 200 financial professionals involved in open banking worldwide.

According to the Open Banking Implementation Entity (OBIE), there are now 4.5 million regular users of open banking. Open finance is expected to expand to a more than $43 billion market by 2026, according to the report published by Allied Market Research.

Virtually all financial institutions (96%) believe consumer adoption is crucial to the future of open banking, according to the research from Curity.

“Organizations must communicate with customers in simple and concise ways about data privacy without relying on jargon to overcomplicate matters, ensuring customers feel confident in the way their data is handled and managed within the open banking process,” Travis Spencer, CEO at Curity, said in a prepared release. “Understanding the deployment of modern authentication methods is key to consumer adoption, according to over half of those surveyed [56%].”

Given the emergence of “proven standards” in open finance for security, Ideskog said that adopting this application-based approach “makes a lot of sense instead of inventing new security schemes for already solved problems. Applying these standards for their own use-case sets the organization up to be able to expose APIs to third parties in the future, so it’s a double win.”

“Few organizations these days are satisfied with one-off platforms for single use,” Ideskog added. “A full omnichannel strategy requires great re-use of backend components to be successful. And let’s be honest, as customers we expect to be able to do the same thing on our phone as our laptop. So, when building an omni-channel strategy you should be looking into FAPI [financial grade API] and the related standards to secure your systems and set your organization up for future openness.”

An In-Depth Guide to Application Security

Get essential knowledge and practical strategies to fortify your applications.

You can skip this ad in 5 seconds