The Government has made spurring the growth of the UK's financial technology sector a priority for 2015. After reviewing the responses to its recent Data Sharing and Open Data in banking report, it is committing to delivering an open Application Programming Interfaces (APIs) standard within two years. It’s a decision savvy banks will welcome because customer demand for change has already grown to such proportions that require banks to act. Delivering an open API standard in two years is feasible, but banks must temper the speed of developing and launching new apps with both the need to protect customers’ information against cyber attacks, and overcoming technical limitations of legacy systems.
APIs allow two pieces of software to interact, and enable developers to leverage customers’ data - with their explicit permissions - in innovative ways. For instance, customers could use a smartphone application to see how much money they spend on food and how that spending fluctuates every month.
The open API for banking would allow authorised applications to access information about consumer financial data so that new applications and services for consumers can be easily developed.
This innovation can also bring significant business benefits to the banks, and in fact, some have already launched open API and app store initiatives. Sixteen UK banks and building societies collaborated to offer Paym, a P2P payments service using the UK’s Faster Payments network. Another group of banks backs Zapp, which integrates into their existing mobile banking apps to enable P2P payments, mobile online shopping and Bill Pay.
The Government opened its Call for Evidence on Data Sharing and Open Data in Banking for four weeks in late January, and received over 40 responses from stakeholders spanning the financial services industry, consumer and business groups and the fintech community. The summary report, available for download here, concludes:
“It is clear from the vast majority of responses…that the benefits of an open API standard are numerous and widely recognised… it is evident that an open API standard can be designed in a way which meets requirements around data protection and security, and at reasonable cost. The majority of respondents also said that developing an open API standard to a timescale of one to two years would not be unreasonable.”
While the proposed timeframe is not “unreasonable,” banks do face substantial monetary and technical challenges.
The primary cost for banks will come in the work required to open and connect data from their proprietary, ‘locked-down’ applications in the format the API standard demands. The new open data standard introduces new business requirements for banks to connect multiple, siloed accounting systems to serve that data standard through new connectivity and integration tools. The data would need to be cleansed and standardised, with each bank facing its own challenges since each bank’s infrastructure varies widely.
Another practical issue is the development timelines. Banks would need to budget, design, staff, develop, and test data feeds – work that can easily consume two years.
From an information security standpoint, the open API standard needs to exceed financial services industry standard best practices. The minimum standard for online banking is two-factor authentication, and I recommend adopting an approach that authenticates all three parties in an API call (bank, third-party provider, and bank customer) and encrypts data at rest and in motion.
Appropriate sharing of banking data will benefit consumers by increasing competition, transparency and the development of innovative technology tools. The first critical step is to clearly define the critical success factors, business objectives and business model for the Open Banking API Standard. Additionally, the Government should engage standards bodies such as the International Organisation for Standardisation (ISO) that has experience with financial standards, and revise current banking regulations to enable banks to participate and benefit from opening data sharing.
These are exciting times for the banking sector. By adopting an open API approach, banks have the potential to transform their businesses, to the benefit of customers and the wider financial services community alike.