Open Banking is intended to create more competition in the banking industry and to encourage better services and more innovation to improve the customer banking experience. A cornerstone of this is encouraging customers to give third parties access to their data to enable them to offer new services in ways that their current banks are not offering. GDPR can, at first glance, appear to be something that will work against the uptake of Open Banking.

GDPR however is not the biggest threat to open banking, customer apathy is a far greater one. Banks and Fintechs have been pouring money into getting ready for open-banking, creating open APIs and new services and offerings for customers. However if there is one lesson that the UK's Current Account Switching Service (designed to make switching current accounts effortless and completed in under seven business days) has taught us it is that the majority of customers are simply not interested in banking and see all banks as the same. Most customers would like to spend the absolute minimum amount of time thinking about their finances and see banking as a means to an end not the end itself. The volumes for the Current Account Switching Service (CASS) have been disappointing with an average of 75,228 per month in 2017. The expectation that there would be a mass move away from existing primary current account providers has not happened.

Even when customers have switched, it hasn't been to either the neobanks (Monzo, Atom, Starling) or the challengers (Metro Bank, Clydesdale Bank, Yorkshire Bank, etc). With the exception of Nationwide Building Society, the net beneficiaries have been the large, global banks – First Direct (HSBC), Santander, TSB (Sabadell) and Halifax (Lloyds Banking Group). The neobanks are becoming secondary banks for the majority of their customers not the customer's primary bank.

If being able to switch current accounts in seven days hasn't got customers excited about banking, will the offer of open banking be enough to get customers spending more with their existing banks or switching their primary banking relationship away from their current provider?

One way of improving the experience is to provide a single place where a customer can see all of their banks accounts regardless of which bank provides them. This is not a new idea. Yodlee, the best known player in the aggregator market, has been around for over 17 years providing services to over 1,000 financial institutions and fintech providers. Account aggregation, which sounds like a good idea, has not taken off in the mass market. Apart from the customer apathy described above, the screen-scraping technique deployed by many aggregator tools involves the customer breaking the terms and conditions that they had agreed with their banks. This is where GDPR, Open Banking and the EU's second Payment Services Directive (PSD) jointly provide a regulatory framework to give consumers the knowledge, should they wish to take up such services, that they are legally protected.

GDPR is about putting consumers back in control of how their data is used. GDPR from a customer's perspective is a pre-requisite for open banking as it will give them the confidence that their personal data will only be used for the specific purposes that they have had to explicitly agree to when signing up for the service.

Account aggregation is not the only new service that banks, fintechs and non-banks are beginning to offer to customers. Real-time spending analysis, the ability to split restaurant bills and lower cost foreign transactions are among the services that both existing and neo-banks are offering.

A question that the banks must answer is whether the current open banking offerings are providing an experience that is sufficiently differentiated from the competition that it will make customers actively switch to them.

Neobanks being built using cloud first, modern technologies have advantages in both complying with GDPR and offering new services as a result of open banking. They have had been able to build from the start a single view of the customer in real time using open APIs and microservices. However, they lack scale in terms of both the numbers of customers and the depth of resources.

The existing big five banks have all the advantages of the size of their customer base and IT budgets. They are however hampered by the complexity of the legacy infrastructures and customer data is spread across multiple legacy systems which were designed for batch-processing which makes building a real-time view of a customer's relationship with the bank a significant challenge. It is for these reasons that a number of the major banks have either elected to work with Fintech firms to help them address this or have designed new digital banks using modern technology.

For banks and non-banks (since the legislation was drawn up to encourage challengers from other sectors such as telcos, retailers and fintechs) GDPR increases the potential financial and reputational risks of entering the open banking market. While most people know little about the detail of GDPR almost everyone seems to know about the fines of up to 4% of global revenues for a breach of the regulation. No organisation knows how strictly it will be enforced and certainly don't want to be the test case for the first fines. The fall in the share price of Facebook following the investigation into the activities of Cambridge Analytica is evidence of the potential reputational and financial risk of a breach.

Given the risk of fines and the cost of meeting regulation, the revenue upside of entering the open banking need to be significant. Providing an aggregator service or a breakdown of expenditure in real time are good customer experiences but don't directly bring in additional revenue as the neobanks are finding. Open banking is of course about more than just providing aggregation and PFM (Personal Financial Management) and the revenue growth is forecast to come from the provision of additional financial and non-financial services. All of the neobanks have realised that offering current accounts alone is not a profitable business. To be successful they need to be able to offer other services and are positioning themselves as marketplaces. One of the most successful organisations operating as a marketplace has been Moneysupermarket, but even they are finding that competition is driving down their margins and the barriers to entry (helped by the intervention of regulators) has significantly impacted their profitability.

A key criterion to be a successful marketplace is to have scale – amazon, ebay and Ariba (in the b2b world) demonstrate this. As open banking becomes a reality then the winners will also be the ones that have the scale. For the moment that advantage lies with the incumbent banks.

The success of open banking will neither be enabled or inhibited by GDPR. The success of open banking in the retail segment will be measured by the level of switching activity significantly rising. This will only happen by providing an offering that so engages the customer that it overcomes the disinterest that most customers have about banking.