By James Hirst, COO & Co-Founder, Tyk
The global banking industry is witnessing the emergence of new, disruptive technology at a pace never seen before. One key trend – Open Banking – is leading the charge, changing the way we bank in both the UK and the rest of the world.
Through Open Banking, consumers can enable third-party providers to use the financial data held by their bank to develop new products and services that improve their daily lives. Open Banking ecosystems are driven by Application Programming Interfaces (APIs), a software ‘middleman’ that allows different applications to communicate and interact with one another.
To illustrate the pace of change, Allied Market Research has revealed the Open Banking market is growing at 24.4% a year, and is set to reach $43.15 billion by 2026. This comes at a time when the wider FS market is being heavily disrupted by new FinTech businesses and challenger banks like Monzo and Revolut. Large, traditional banks are now aware that the juggernaut of change is advancing and that they need to quickly embrace new technologies, such as Open Banking, to keep up.
So, what do organisations need to know about the key ingredient for Open Banking – APIs – and how can they implement them to accelerate growth?
Open Banking API capabilities
Firstly, it’s important to note that Open Banking capabilities are in part governed by regulations, which differ around the world.
Europe has emerged as the leader in Open Banking standards with the introduction of Payment Services Directive in 2007, amended in 2013 to Payment Services Directive 2 (PSD2). The PSD2 standard seeks to match digital capabilities, offered via APIs, for Payment Initiation Services (PIS) and Account Information Services (AIS).
While most efforts have focused on these two services, some financial institutions have expanded beyond these minimal requirements with additional digital capabilities, and a key focus for Open Banking APIs has been on empowering the consumer.
For example, most consumer interactions with a bank involve their savings accounts and customers have been able to obtain account data quickly and easily via a mobile app or website because of Open Banking. Partners of the bank are now able to request permission to access account details to power personal finance applications for budgeting, reporting and reconciliation tools.
In addition, PSD2 has enabled Europeans to obtain unsecured loans to address immediate needs ranging from avoiding overdraft fees to obtaining greater purchasing power. The days of manual paperwork are over, as Open Banking APIs now allow digital enquiries that bridge multiple lenders and these practical applications have been accelerated by the pandemic.
Organisations are also going beyond the capabilities offered by the PSD2 standard by using Open Banking APIs to create new strategic partnerships, and this involves extending their services to other industries.
For example, many banks offer loans to finance the purchase of a new or used vehicle. Before the introduction of PSD2, obtaining a loan would be a long and arduous process. Now, loans may be obtained easily from their preferred financial institution or by consenting to share their financial data to other lenders that can compete with additional offers.
By using APIs to integrate third party specialists, financial institutions can differentiate themselves and grow their relationship with the consumer by remaining relevant and extending their reach to new digital channels and services.
Finally, organisations can also use Open Banking APIs for real-time decision making around issues such as fraud. For example, APIs support with providing push notifications and freezing an account should an issue arise. This allows consumers to be immediately notified of potentially fraudulent activity and take immediate action to limit its impact.
The role of API management
Despite all the opportunity, there are often key technical challenges for financial institutions to solve when they embark on an Open Banking API programme.
The regulations require thorough auditing of data exposed via APIs, which organisations often look to address by segmenting those APIs that offer auditable operations onto a different API gateway, separate from others. API gateways operate as a software pattern that sits in front of the API to facilitate requests and delivery of data. However, attempting to synchronise multiple API gateways can often lead to configuration errors. This issue can be solved by implementing an API management layer (APIM), which helps to synchronise configuration across multiple instances.
A second regulatory requirement is the need to enforce restrictions on data access at the API gateway level to ensure it doesn’t fall into the wrong hands. This involves implementing unique data entitlements, which requires additional checks that can again be best managed using an API management platform. The platform extends and enhances data entitlement checks before they reach the server, meaning data can be delivered quickly and safely.
Finally, financial institutions must protect all outbound data to enforce privacy and limit data exposure when integrating with third parties. This often requires the introduction of an API reverse gateway, which helps organisations to avoid sharing sensitive third-party API access tokens with developers and server infrastructure, as well as being used to detect and decline outbound traffic if sensitive data is accidentally released.
As the adoption of Open Banking APIs picks up and makes it easy for consumers to access information in a simple yet powerful way, organisations need to be cognisant of the standards and regulations that apply to them and choose the right tools to address the corresponding challenges. Using an API gateway or API management platform will help organisations to broaden their offering, attract new customers and ensure they’re prepared to support Open Banking innovation both now and in the future.