Open API banking: A ‘How-To’ Guide

Satya Swarup Das

Senior Solutions Architect at Virtusa

Views 1763

Open API banking: A ‘How-To’ Guide

30.10.2017 09:00 am

With the advent of open API banking, professionals across the banking world are steeling themselves for dramatic changes to their value chains and partner ecosystems. These changes call for a radical rethink of the status quo, and highlight areas where the banking industry needs to improve if open API banking is to be a success. As it stands, the banking industry has mixed views on whether open API banking should be welcomed – largely because there’s no clear direction on how to go about it.

Amidst this uncertainty, the EU’s impending PSD2 ruling has offered the closest thing the banks have to an open banking blueprint, making Europe a pilot project for the rest of the world. Yet while there’s plenty of column inches dedicated to the implications of this new ruling, there’s still a great deal of uncertainty around how to make a success of it.

How to get the most from open banking

So while there’s no ‘one-size-fits-all’ approach to open banking, there are a number of key considerations that the banking industry needs to consider if it’s to get the most from open banking:

Data sharing: Given that data sharing sits at the heart of open banking and the PSD2 ruling, banks need to be able to anticipate what kind of data needs to be shared with a mix of different third party entities, Account Information Service Providers (AISPs) and Payment Initiation Service Providers (PISPs). To help prepare for this requirement, banks should consider exposing a layer of their data via a 360 degree customer view, extracted from various sources within the bank to a group of third parties.

Data security: Security is at the top of the agenda for most industries, and banking is no exception. To comply with PSD2’s requirements, banks will need to critically examine which security protocols to implement, while creating a policy to govern how and when data should be shared externally – all while considering a mix of data protection regulations.

Management of APIs: Banks need to have an organised API management strategy in place. Under API banking the world is moving from SOAP based APIs to REST APIs. This is a significant change in API protocol that impacts how data is represented, and will require input and oversight, including tools to convert existing SOAP APIs into REST APIs. Bigger banks may have their own in house solution for APIs, some other banks may opt for API management provider.

Testing and publishing: As ever, testing is a crucial aspect of the compliance process. Banks should consider the value of ‘sandboxing’ the APIs they’ll use to expose data – in other words, experimenting with APIs for a specific project in a pre-production environment can help banks predict how well the project is likely to fare, without risking any data.

New business avenues: Open banking and the use of APIs doesn’t just apply to the banks’ existing services. Banks must keep looking for new opportunities to apply their open API strategies – this might even lead to new channels for customer service, or even new business options.

API Monetisation: The successful and frequent usage of open APIs will bring forth new monetisation opportunities. As banks expose their data through APIs, a range of various third-parties will have the opportunity to develop their own services using the banks’ data. For example, retail websites may begin to offer customers the chance to check their bank balance before making a purchase – all without leaving the retailer’s website.

Open banking will portend the next great leap in banking services. While there’s still a good deal of fear among banks that the ability for third parties to build their own services using the banks’ data will relegate banks to mere utilities, open banking should instead be seen as an opportunity. Will the banks really allow themselves to become utilities, or will they embrace a new type of service provider role? The answer rests on how well the banks can prepare themselves – and PSD2 provides the perfect test.

 

Latest blogs

Javid Khan Pulsant

Using Cloud to Relieve the Compliance Burden

A recent survey of more than 360 enterprises revealed that 86% are dealing with the complexity of multiple types of data and/or data-related processes subject to privacy and security compliance requirements. Just 61% say that their organisations are Read more »

Lina Adolf-Orup Fingerprints

Fingerprint on the Pulse: Biometric Payment News

It’s quite hard to believe that we’re already entering Q4. For the biometrics industry, it’s been a unique and exciting year – one marked largely by its increasing convergence with the world of payments. For payments and biometric lovers alike, it Read more »

John Bertrand Cognizant

New Technologies create new opportunities in trade finance and working capital

At Sibos 2014 in Boston blockchain was the talk of the show and the movement towards adoption of new technologies was up and running. As Sibos 2018 opens in Sydney, APIs and open banking based on their adoption will be high on the agenda, indicating Read more »

Marten Nelson Token

PSD2: The real RTS deadline is closer than banks think

Let’s work backwards. Most banks know that the final deadline to comply with PSD2’s Regulatory Technical Standard (RTS) is 14th September 2019. Eleven months away.  Following the amendments to the RTS, however (based on industry consultation and Read more »

Alexander Peschkoff Trusted

Brex - not Brexit - is the shape of things to come

There are a lot of discussions on LinkedIn about the Brex duo - two 22-year olds who built a unicorn in less than two years. “Young and inexperienced, did not invent anything new, there are thousands of similar products, etc”. Well, it’s not that Read more »

Magazine
ALL
Free Newsletter Sign-up
+44 (0) 208 819 32 53 +44 (0) 173 261 71 47
Download Our Mobile App