Since open banking launched in 2018, demand for real-time payments and fee savings for merchants has been fuelling adoption. Especially over the last couple of years, adoption has started to rapidly pick up, with Europe boasting the largest open banking market globally. Open banking is rapidly reshaping the payments landscape, yet one area that remains largely unhighlighted is corporate financing.

Open banking has the opportunity to revolutionise the way financial lending is assessed and approved. Traditionally, corporate financing is a cumbersome process if there are a lot of documents to be provided. In a lot of cases you have to go years back in history for annual statements. McKinsey found that the average decision time for corporate lending is between three and five weeks. The biggest advantage of open banking lies in the speed with which it can grant loans. Open banking APIs can make these decisions in less than an hour. This is good news not just for the borrower, but for the lender as well, because they are able to increase the number of financial products they’re able to sell.

Another advantage is that open banking allows for the construction of pro forma cash flow statements based on the transactions on an account, allowing the lender a better view on the actual financial situation of a borrower. While annual statements leave room for sugarcoating or certain omissions, pro forma statements analyse the financial health of a company based on access to the actual accounts with visibility of the pluses and the minuses. Does this company have issues with cash flow in the second half of the month? Are there late payment fees? Open banking APIs categorise financial data in a way that allows for greater insights into the day-to-day cash flow of a potential borrower.

How do APIs categorise financial data for the sake of approving loans?

Categorising financial data is a three-step approach:

1. Identifying the account ecosystem
2. Identifying regular incoming and outgoing payments
3. Identifying irregular payments

In the first step, the APIs identify the type of account and determine whether it’s possible to get information on other accounts (like savings or investment accounts) that are linked to the existing account. Gaining an overview of this account ecosystem already creates initial risk scoring, because it answers multiple questions, such as:

• How long has the account existed?
• What is the initial balance?
• What’s the average balance per month?

Whereas with the annual statement, the history of the company can be hard to see, this first step of the pro forma statement already gives us a rough overview of the company’s cash flow that you can immediately view and even go back in time on.

Second is the categorisation of the transfers that come in and out of an account based on keywords such as invoice, VAT, tax or loan. The APIs categorise inflow based on what kind of amounts come in. It builds revenue insights by analysing whether it’s a set of several revenue streams (showing multiple customers) or one particularly large payment (signifying one big customer). The APIs also identify whether payments are yearly fees or monthly fees, and whether monthly fees are increasing or staying fixed, in order to determine how much cash comes into an account on a regular basis. On the debit side, it's very important to see what kind of regular obligations there are. The APIs categorise the regular outgoing payments such as fees or commissions in order to calculate the net revenue from the top revenue.

And lastly, the APIs can also categorise irregular and overdue payments as well as overdraft fees. This enables the lender to quickly spot red flags and determine whether the account’s cash flow is in normal state or if there is extra input needed to make sure that the cash flow stays in play.

What are the risks associated with open banking facilitating corporate financing?

Of course, there are two sides to every coin, and while the advantages outweigh the risks, there are nevertheless considerations to be aware of in the corporate financing space. One of these considerations is a scenario I call ‘The Computer Says No.’ Imagine you are a start-up and have just signed a contract with a big customer. You’re in need of extra cash, but because your new deal is not visible in your accounts yet, the APIs could categorise your company as not stable without room for discussion or for you to defend yourselves.

From the lenders’ side, there is a risk you’re not seeing the full picture. While the APIs are able to build an overview of the main account and savings or investment accounts that are connected to it, there is of course the possibility that separate accounts could be omitted. Open banking is one thing, but it can be enriched with the APIs. In the Netherlands, our customers combine open banking with the APIs from the Chamber of Commerce to retrieve the annual statements. This allows for a more holistic overview and gives lenders the most realistic risk assessment because it takes into account both pro forma cash flow statements and annual statements.

Additionally, there is always the risk that lenders start trusting the algorithms too much. If the process is based on artificial intelligence and continuously improving models, there is the possibility it will start to deviate into a direction where you’re not aware of what your model’s algorithm is really applying anymore. It’s an inexact science to begin with, and lenders need to remain critical about their algorithms and APIs and ensure they’re being reviewed on a regular basis.

What impact will regulation have on open banking?

PSD3 is on the horizon, but from a B2B perspective I am not expecting a massive change. It will be an evolution rather than a revolution. The implementation of the IBAN name check solution is an important aspect, but especially in our corporate financing use case, PSD3 will enrich the risk assessment of lending because more data will become available. It also allows for bilateral and multilateral contractual agreements which allows banks to make available non-mandatory data for a fee. This will ensure better quality data as well as a wider reach of data, including existing loans, credit cards and investment accounts, for example.

Additionally, the corporations who want to be the lenders of the future based on open banking need to be compliant with data privacy, but it needs to go further than just GDPR. There is a whole model of trust that needs to be built toward the borrowers. The borrowers need to know what data will be used, and in which cases they will use it. What could be a key differentiator here is for the lenders to explain how their model will apply the data that is shared. This would allow borrowers to understand that the more detail they give, the better the products they need will get.   

What needs to be considered for corporations wanting to implement open banking?

Onboarding considerations and challenges can again be divided into borrowers and lenders. For the lenders, the process is more intricate. Most importantly, they need to be compliant with the regulators. Based on the regulatory requirements of the region, this can be very complex. On the other hand, if the lender doesn’t want to carry the license compliancy on their own, they can work with partners. But the partner choice is crucial. If a corporation chooses wrong, their reputation can suffer. Selecting the right partner needs to be a careful consideration, because the lender will depend on the licenced partner to get access to account information. Additionally, there are implications at the reporting and security levels. Lenders need to ensure they have secure processes in place before they open up.

For borrowers, the process is more straightforward. Because you can no longer hide any certain account information, fraudsters will be trapped easily, which is good. But in order for that to be possible, borrowers need to provide access to their accounts. That’s why it’s crucial that borrowers understand who they are giving their data to and who the partner behind their lender is in order to know there are strong customer authentication processes in place. PSD2 already proved to be secure and to have the right elements in place, so as we’re moving forward, and with PSD3 on the horizon, corporate financing is only going to get more efficient and secure.