The National Institute of Standards and Technology (NIST), a non-regulatory agency of the U.S. Department of Commerce, closed a public comment on March 3 on its Cybersecurity Considerations for Open Banking Technology and Emerging Standards report.
The internal report published by NIST explains what open banking is and highlights the importance of cybersecurity and privacy safeguards in the consumer financial data sharing ecosystem.
The authors have been objective, even including a disclaimer that the report does not intend to promote open banking or suggest any specific application programming interface (API) that might be compatible. between heterogeneous systems. However, throughout the document, NIST repeats the benefits of open banking for financial institutions and consumers, barely mentioning the risks associated with API security and data.
In the reportNIST spells out the benefits of open banking in its definition, writing that open banking “Ecosystems are intended to provide new choices and more information to consumers, which should allow for easier interaction and movement of money between financial institutions and any other entity that participates in the financial ecosystem.”
The report continues that open banking “also aims to facilitate the access of new players to the financial sector (for example, small banks and credit unions), has the potential to reduce the fees charged to customers on transactions and is already in use in various countries. countries.”
The benefits continue in section 5, because despite the labeling “Positive results and risks”, all items on the list – except one – are positive results. The only risk, attributed to the risk of data leakage, is associated with organizations that attempt to “hastily implement open banking”.
The document also highlights the benefits of open banking to prevent fraud, adding: “Having an open platform should boost ways to secure financial systems, for example by enabling better methods of detecting and preventing fraud. On a much larger scale, open banking could serve as a foundation on which measures of risk and stability can be built, thereby preventing or predicting potential weaknesses before they occur.
Although the document is very thorough on examples from other countries where open banking has been implemented, it does not offer too much information on the different API approaches and other security practices that could help reduce fraud and cybersecurity incidents.
It also suggests that open data standards are important when considering API access because data can be more easily aggregated with fewer errors. According to the report, “having such common data standards would help accelerate API development and promote wider adoption of these services.”
The report makes no recommendations, except perhaps the adoption of privacy frameworks, such as the NIST Privacy Framework, when designing an open banking network.
This document cannot be taken as a complete endorsement of open banking, but it does offer a positive view from a cybersecurity and privacy perspective. This could be relevant as the Consumer Financial Protection Bureau (CFPB) has considered the possibility of implementing Section 1033 of the Dodd-Frank Act to enact rules on open banking.
Read more: CFPB Lays Foundation for US Open Banking Push
In October 2020, the CFPB had previously announced a Notice of Proposed Rulemaking seeking comments to develop regulations to implement Section 1033. Most recently, in 2021, President Joe Biden urged the CFPB to promote the use of open banking.
Although the CFPB has not yet published any documents suggesting that new regulations could be published soon, director Rohit Chopra has already spoken about the benefits of open banking. This cybersecurity report could help the CFPB advocate for new data sharing rules.