Open API banking: A ‘How-To’ Guide

  • Satya Swarup Das, Senior Solutions Architect at Virtusa

  • 30.10.2017 09:00 am
  • Open Banking , API Banking

With the advent of open API banking, professionals across the banking world are steeling themselves for dramatic changes to their value chains and partner ecosystems. These changes call for a radical rethink of the status quo, and highlight areas where the banking industry needs to improve if open API banking is to be a success. As it stands, the banking industry has mixed views on whether open API banking should be welcomed – largely because there’s no clear direction on how to go about it.

Amidst this uncertainty, the EU’s impending PSD2 ruling has offered the closest thing the banks have to an open banking blueprint, making Europe a pilot project for the rest of the world. Yet while there’s plenty of column inches dedicated to the implications of this new ruling, there’s still a great deal of uncertainty around how to make a success of it.

How to get the most from open banking

So while there’s no ‘one-size-fits-all’ approach to open banking, there are a number of key considerations that the banking industry needs to consider if it’s to get the most from open banking:

Data sharing: Given that data sharing sits at the heart of open banking and the PSD2 ruling, banks need to be able to anticipate what kind of data needs to be shared with a mix of different third party entities, Account Information Service Providers (AISPs) and Payment Initiation Service Providers (PISPs). To help prepare for this requirement, banks should consider exposing a layer of their data via a 360 degree customer view, extracted from various sources within the bank to a group of third parties.

Data security: Security is at the top of the agenda for most industries, and banking is no exception. To comply with PSD2’s requirements, banks will need to critically examine which security protocols to implement, while creating a policy to govern how and when data should be shared externally – all while considering a mix of data protection regulations.

Management of APIs: Banks need to have an organised API management strategy in place. Under API banking the world is moving from SOAP based APIs to REST APIs. This is a significant change in API protocol that impacts how data is represented, and will require input and oversight, including tools to convert existing SOAP APIs into REST APIs. Bigger banks may have their own in house solution for APIs, some other banks may opt for API management provider.

Testing and publishing: As ever, testing is a crucial aspect of the compliance process. Banks should consider the value of ‘sandboxing’ the APIs they’ll use to expose data – in other words, experimenting with APIs for a specific project in a pre-production environment can help banks predict how well the project is likely to fare, without risking any data.

New business avenues: Open banking and the use of APIs doesn’t just apply to the banks’ existing services. Banks must keep looking for new opportunities to apply their open API strategies – this might even lead to new channels for customer service, or even new business options.

API Monetisation: The successful and frequent usage of open APIs will bring forth new monetisation opportunities. As banks expose their data through APIs, a range of various third-parties will have the opportunity to develop their own services using the banks’ data. For example, retail websites may begin to offer customers the chance to check their bank balance before making a purchase – all without leaving the retailer’s website.

Open banking will portend the next great leap in banking services. While there’s still a good deal of fear among banks that the ability for third parties to build their own services using the banks’ data will relegate banks to mere utilities, open banking should instead be seen as an opportunity. Will the banks really allow themselves to become utilities, or will they embrace a new type of service provider role? The answer rests on how well the banks can prepare themselves – and PSD2 provides the perfect test.

 

Other Blogs