Image removed.

Open Banking – Opening New Avenues in Banking (Part-3)

/ July 28, 2020

In this third and concluding part of the series, the scope of open banking in India is assessed. We are moving aggressively on the lines of digitalizing the processes to reduce manual interface as far as possible on both financial institutions and customer's fronts. Certain events like demonetization and Covid-19 spread gave a surge to the volume of digital transactions. However, in India, we are only in the initial stages of implementing open banking. With our size of the population and digital footprint created, it would only be amazing to see the scale of difference that can be brought in the way we have been doing financial transactions, something which the early adopters in the other parts of the world would not have experienced. 


Earlier people used to visit banks for checking their account or updating their passbook. However, in the past few years, with technology, things have changed. Today, people are opting for digital transactions and also using mobile applications to know their bank balance, pay their loans, or transfer money.

With evolving technology, now the banks are providing maximum services to their customers at one click. An Open Banking model, APIs, and fintech partnerships provide opportunities for the survival of traditional banks. Application programming interfaces (APIs) allow third-parties to access the financial information of the customer. With Open Banking, third-parties can help you save money, get loans easily, and pay then effortlessly as well. While Open Banking allows third-parties to access the required information from the concerned banks, the banks’ in-turn can utilize this platform as a medium to improve the service they want to offer to their customers.

India has about 565 million internet users, all generating data by the terabyte. Soon they’ll have an unprecedented amount of control over their digital financial footprints, with the ability to decide what to share, with whom, and for how long.

India’s top banks are getting ready to roll out a system that gives consumers access to a wide swath of their financial data and allows them to share it instantly. Backed by the Reserve Bank of India, it’s an ambitious approach that combines privacy protection with credit reporting: if it works, it could unlock the credit market for millions of Indians while offering new levels of data security and consumer control.

India’s effort is one of a handful of initiatives around the globe to return control of data to consumers, notably with the “open banking” movement in Europe and Australia. India’s approach is unique — it relies on third parties to mediate the often complicated process of information sharing — and so is its target population, which is predominantly poor and, as of now, excluded from the formal banking system.


The “account aggregator” system will be offered by banks and licensed by the Reserve Bank of India, which will also regulate the data collection and sharing. By logging into authorized apps, users will be able to pull together all kinds of financial data like spending patterns, bill repayment, tax returns, business transactions that they can then choose to share instantly, and temporarily in pursuit of loans, investment products or even insurance. We already see apps of private players like Cred, Razorpay, and Open going successfully operational, of course after UPI by NPCI.

A prospective borrower might, for example, release part of his goods-and-services tax filings to convince a lender of credit-worthiness. A vegetable vendor without collateral to back a loan might share a cash-flow statement or use a mobile phone repayment history to demonstrate reliability.

India’s newly established digital rules and practices lay the groundwork for this kind of system. The central bank now requires financial data to be reported in a standard, machine-readable format, which means it’s easier to automatically slice and share. India also has a history of collecting and protecting massive personal data sets, including biometric and payment information.


The RBI approved a new class of NBFCs in 2016 to act as Account Aggregators. The main responsibilities of the account aggregator are to provide services based on the explicit consent of individual clients. This primarily includes transfer, but not storing, of a client’s data.

Account Aggregator (AA) is the construct/framework that addresses the above pain points and provides a digital platform for easy sharing and consumption of data from various entities with user consent. RBI and other Financial Services Regulators (FSRs) are providing the required regulatory support and guidance for the rollout of AA.

An Account Aggregator provides data to a Customer or Financial Information User (FIU) from a Financial Information Provider (FIP) based on the user’s explicit Electronic/Digital Consent. 

No financial information of the user is retrieved, shared, or transferred by the Account Aggregator without the explicit consent of the user. 

An AA merely acts as a conduit between FIUs and FIPs and does not process the data. 

An AA is ‘data-blind’ as the data that flows through an AA is encrypted and can be processed only by the FIU for whom the data is intended. Also, an AA does not and cannot store any user’s data – thus, the potential for leakage and misuse of user’s data is prevented.

The Reserve Bank of India has provisionally licensed over half a dozen account aggregators, including Jio Information Solutions, part of Mukesh Ambani’s Reliance Group, and NESL Asset Data, an entity set up by a consortium of the country’s biggest banks. Several have completed trials on the system already.

Sahamati (DigiSahamati Foundation) is actively working to convince financial institutions to embrace the new system. It’s scheduled a demonstration to encourage tech startups to develop compatible apps. Already the State Bank of India, ICICI Bank, Kotak Mahindra Bank, and Axis Bank has signed on and are testing the system. So have the country’s leading financial regulators.

They also need to make sure people use it. India’s credit rating system is relatively new and covers only a tiny fraction of the population. The paperwork and documentation required to apply for a loan have deterred both small borrowers and prospective lenders. The account aggregators solve that problem potentially.

It is to be ensured that hundreds of millions of Indians with varying levels of education and literacy properly understand consent. 


The new system will help lenders serve millions of small Indian companies that need to borrow an estimated 1.5 trillion rupees ($21 billion) a month. Small banks can compete in this newly-leveled playing field by giving out sachet loans to businesses that have no assets other than cash flow.

Regardless, Indian users will have new, immediate access to their own financial information, and they’ll control who sees what and when. It’s a marked contrast with what happens in the U.S., where three big credit reporting agencies collect and resell a limited array of consumers’ financial data directly from the banks, with only cursory consent.

It’s also a different approach to data collection and privacy than Europe’s new General Data Protection Regulation, which strengthened consumers’ rights but still lets individual companies track users’ data.


The potential benefits of open banking in the retail services space include improving customer experience, creating new revenue streams, and building sustainable service models for underserved markets. However, the potential to develop and provide similar services for corporate banking is even bigger. Corporate banking involves integration with several Enterprise Resource Planning (ERP) systems and regulatory / compliance systems apart from the systems involved in retail banking. APIs allow seamless connectivity of the corporate ERPs with the bank’s systems, facilitate straight-through processing of data, and significantly improve the turnaround times.

Open banking initiatives worldwide have been largely focused on retail services and payment innovations. For example, Citibank in May 2018 announced six strategic partnerships with leading businesses in Hong Kong to accelerate the development of open APIs in the city and to facilitate quick and convenient banking services to address their consumers’ digital lifestyle. One such partnership is with EGL Tours. Cardholders of Citibank credit cards can offset their online purchases as soon as they checkout at EGL Tours with their reward points without leaving the shopping platform. In Japan, consumers can now use QR-code payments systems provided by non-bank groups like Softbank, in co-operation with India’s Paytm and Yahoo. 

Yes, Bank was one of the first Indian banks to launch API banking services to digitalize the B2B supply chain. Subsequently, ICICI, RBL Bank, Kotak Bank, DCB Bank, and several others have adopted this approach. When in place, APIs help a bank to do several things such as integrate with ERP systems of corporate clients, perform eKYC, PAN verification, offer currency rates, retrieve credit scores, offer lending and payment products, collaborate with third parties to create innovative products, and so much more. 

Finding the middle ground where APIs are developed without compromising data security will serve as a huge window of opportunity for those looking to serve these segments. In a recent survey by Accenture, out of the 240 large corporations and SMEs across the APAC region, 39 percent of SMEs, and 43 percent of large corporations have stated that they are already participating in open banking ecosystem platforms. Several FinTech companies are taking advantage of open banking innovations to entice banks by offering corporate-oriented value-added services. They are using real-time data to offer more customer-centric bundled solutions through platform-based ecosystems that interact with banks where necessary. Third-Party Providers (TPP) are also offering a range of platform-based services for SMEs, including view into cash flows in real-time, online invoicing of customers, and near-instant reconciliation of bank accounts. 


Without a doubt, changing customer patterns, the emergence of innovative competing elements like digital payment tools, and the advent of technologies like Blockchain, will ensure that banking in India will never be the same again. But, for Open Banking to become the way the country banks, will certainly take some doing.

One important fact also is, is there a choice? Just as the disruption to transport caused by Ola and Uber will ensure cab drives in India are never the same again, Open banking is also a necessary step forward. Mobility has all but taken over our lives, and hence, the disruptions caused are irreversible.


Beginning with Post-demonetization

As per the Reserve Bank of India (RBI) report, digital payment transaction turnover vis-à-vis GDP (at market prices – current price) had increased from 7.14 percent in 2016 to 7.85 percent in 2017 and further to 8.42 percent in 2018. The turnover in payment transactions (after including CCIL figures and paper) vis-à-vis GDP (at market prices – current price) increased from 14.41 percent in FY 2015- 16 to 14.73 percent in FY 2016-17 and further to 15 percent in 2017-18.

Mobile wallets exploded nationwide and more people from both rural and urban India started opting for digital payments for goods and services, raising hopes for sustainable growth for non-cash payments.

Catching on to this momentum created by demonetization, banks started digitalizing various processes that allowed customers to do the banking transactions on their own. 

The KPMG report states that the transaction value of the Indian fintech sector was estimated to be approximately USD 33 billion in 2016 and is expected to reach USD 73 billion by 2020. Open banking is happening, and it just might be the most optimal path to digitization. Digital technologies with mobile applications have emerged as catalysts for rapid economic growth.

Demonetization paved the way for a lot of new products like Unified Payment Interface (UPI), which has opened up the payments transaction system. With this, we opened the transaction field to various channels and fintech. We see a lot of brands offering payment systems in regional languages. This will help those who were hesitant earlier to use digital platforms.

Covid-19 outbreak gave further impetus

For the first time, in the fourth quarter of 2019, the value of the card and mobile payments at Rs 10.57 lakh crore exceeded ATM withdrawals which amounted to Rs 9.12 lakh crore. After overtaking cash withdrawals, digital payments extended its lead in the first quarter of 2020. Card and mobile payments were at Rs 10.97 lakh crore, even as ATM withdrawals declined 5% to Rs 8.66 lakh crore.

India posted the sharpest growth in digitization in this period compared to America, the UK, Thailand, and Singapore. This was mostly on the back of UPI. In December 2019, UPI saw Rs 2 lakh crore transactions versus card payments seeing about Rs 1.5 lakh crore — by May Rs 2.18 lakh crore UPI transactions versus Rs 80,300 crore in card payments.

What was unique this time was that digitization was seen across segments — retail, SME, and unorganized business sector. Many customers, who did not move to digitization for 5-6 years, moved in under 20 days. So technology had become the biggest beneficiary from this crisis while also being the biggest enabler for business continuity.

But even as people were holding more cash during the pandemic (As per RBI data as on July 10, 2020, currency in circulation stood at Rs. 26.8 lakh crore, up 21.4% year-on-year), payments handled by mobile devices are soaring in India, driven by the popularity of bank accounts as an in-app payment method. Unlike Apple Pay or other mobile wallets that allowed customers to make electronic transactions using a linked debit or credit card, popular payment apps in India promoted an alternative to cards. Mobile payments initiated by payment apps comprising account-to-account transfers and payments made from stored-value accounts rose 163% to $287 billion in 2019.


Confidentiality and data protection are the biggest priority for any bank and the nature of the relationship with the customer is of trust. 

With the emergence of new technologies, financial service providers have built suitable controls within the system. Suitable policies are being implemented and certain standards being defined when it comes to cybersecurity. New vulnerabilities are identified and rectified on a constant basis so that the institutions are able to balance security with positive customer expectations without compromising one for the other. This will hold good for any bank going in for Open Banking.

Strengthening the regulatory framework

The Indian government has increased focus on cybersecurity, especially in the financial sector. Most prominent of this is the infamous data localization norms enforced by the Reserve Bank of India (RBI). With the rise of connected technologies such as UPI, it is now important to enforce a strict framework for cybersecurity in our country.

India’s “account aggregators” are part of a broad push to comply with a 2017 Supreme Court ruling that designated privacy as a universal human right. Later this year, the Indian Parliament will renew debate on the Personal Data Protection Bill, which places new requirements on companies doing business in the country.

The biggest requirement came from the regulatory side when it introduced India’s answer to GDPR, the data privacy regulations draft - India’s Data Protection Bill in December 2019. It is likely to be passed this year.


However, it is imperative that the questions of customer transparency and control remain the focus of product design decisions. While customers can be educated about their privacy rights and duties, there is also the matter of different data categories needing different levels of security, and informed consent requires understanding the implications of sharing before approving.

In addition, to help the initiative for digital banking that ensures financial inclusion; open banking could be a tool. However, the level of awareness about basic line security in the country is so abysmally low that we may not quite be ready for a responsibility where banks lay open their APIs. The big question of preparedness stays. Some experienced technology leaders understand the criticality of this situation.

One of the key parts in ensuring that we are managing open APIs proactively is to be on our toes and continue to adapt, evolve, and implement security controls. It is always about strengthening this whole aspect of cybersecurity and making sure that we understand that this is a journey and it is not a destination. However, there is always a need for balance. Having over the top protocols and ignoring the customer’s needs will result in the customer experiencing inconvenience. Therefore, the need is to have robust protocols and safeguards in place to facilitate genuine transactions that are important from the customer experience perspective.

Dr. Alok Malhotra

Dr. Alok Malhotra is a senior mentor and leads the academic consultant team of NIIT IFBI. Alok has over 30 years of work experience, including 15 years of banking, 6 years of entrepreneurship and 9 years of training experience.

Alok brings with him rich experience across banking, entrepreneurial venture, curriculum design and training delivery in the areas of new joiner Induction, Financial management, behavioral skills, sales and customer interaction skills, and Core Banking solution. He has extensive experience working with Indian as well as International banks in all units of retail banking, new branch implementation, system migration and new product launches.