Open banking standards have been on the rise around the world. According to Platformable’s Open Banking API Trends, there were 1,578 open banking platforms globally, creating 5,564 API products as at the end of Q2 2022, along with 2,854 API-enabled fintech apps. That’s up from just 423 open banking platforms as at Q3 2020.
This growth is both shifting the way consumers interact with financial institutions and generating new technology challenges. Let’s discuss.
What is an API in open banking?
APIs enable communication, interaction and data sharing between applications. Open banking APIs do so for financial institutions and third parties. By enabling this in a safe and efficient manner, open banking APIs are delivering a fundamental shift in the global banking industry.
Regulations around the world
Europe emerged as the leader in open banking standards with the Payment Services Directive in 2007 and the amendment in 2013, called Payment Services Directive 2 (PSD2). The PSD2 standard seeks to harmonize digital capabilities, offered via APIs, for Payment Initiation Services (PIS) and Account Information Services (AIS). While most efforts have focused on these two services, some financial institutions have started to expand beyond these minimal requirements with additional digital capabilities.
Other relevant regulations around the world include the API Playbook published by the Monetary Authority of Singapore (MAS) and the Consumer Data Right (CDR) in Australia.
Other parts of the world, (significantly, the US, Japan and Canada), have taken a more hands-off approach by issuing non-binding guidelines, thus allowing industry stakeholders to pave the way forward.
Impact of open banking APIs on the global banking industry
The impact of open API banking has been rapid and wide-reaching. Open banking APIs have supported greater customer empowerment, an enhanced customer experience, the creation of new partnerships and real-time decision-making that has accelerated the pace of transactions across the financial services sector.
The best open banking APIs have also facilitated increased competition and new revenue streams, opening up a traditionally closed and rather slow-moving industry to more dynamic ways of working.
How are APIs used in open banking?
Financial institutions are finding ways to extend their services to other industries through new partnerships, thanks to open banking APIs.
APIs enable financial institutions to connect their services to consumers and partners through a variety of digital channels including web, mobile, voice and chat. They also enable workforce automation across internal and third-party systems.
We can easily see how APIs are used in open banking by looking at an example…
Many banks offer loans to finance the purchase of a new or used vehicle. Before PSD2, obtaining a loan required considerable paperwork. Now, applicants can obtain loans easily from their preferred financial institution or by consenting to share their financial data to other lenders that can compete with additional offers. Financial institutions can grow their relationship with the consumer by providing low-friction loan access.
Partnerships such as these help to differentiate banks by integrating third-party specialists. Rather than seeking partnership in name only, there becomes a more profitable union between established banks and fintech start-ups. This allows the bank to remain relevant while extending its reach.
In addition, market analysis based upon API access to multiple internal systems can help drive business decisions in real-time and spot upcoming market trends. Moreover, fraud detection is often powered using a combination of APIs and real-time data streams. When used with APIs that support push notification and freezing an account, consumers can be immediately notified of potentially fraudulent activity and take immediate action to limit its impact.
Benefits of using open banking APIs
Most consumer interactions with a financial institution involve their savings accounts. Customers have been able to quickly and easily obtain account data via a mobile app or website as a result of open banking APIs.
Meanwhile, partners are able to request permission to access these account details to power personal finance applications for budgeting, reporting and reconciliation, adding value in multiple ways.
On a practical day-to-day level, open banking under the PSD2 standard means Europeans can obtain unsecured loans to address immediate needs that range from avoiding overdraft fees to greater buying power. The burden of filling out paperwork has been replaced with digital enquiries that bridge multiple lenders.
Why is API-sharing safer than it seems?
Consumers are often nervous about how their information is being shared and used. However, banks must comply with both data protection regulations, such as Europe’s General Data Protection Regulation (GDPR), and with standards such as PSD2.
In terms of the APIs themselves, financial institutions can use API management solutions with robust security mechanisms to ensure that every API for open banking is secured against misuse, attacks, data loss and the like.
The role of API management platforms in addressing open banking challenges
APIs and open banking create plentiful opportunities for financial institutions, facilitating their expansion across multiple industries. However, financial institutions also face technical challenges when embarking on an API programme.
- Regulatory requirements – these place a heavy burden on auditing data exposed via APIs. Segmenting APIs across multiple API gateways is a common solution to address this need. APIs that offer auditable operations are segmented onto a dedicated SaaS API gateway, separate from other APIs. This introduces an additional challenge of synchronising API gateway configuration across multiple instances to prevent configuration errors. An API management layer that synchronises configuration across multiple instances can address this.
- Data access – many vendors apply role-based access control (RBAC) at the API gateway. Financial institutions are required to enforce additional restrictions on data access; many banks implement their own data entitlements, requiring additional checks. These can be managed by API gateways or API management platforms through support for customisable permissions and custom plugins.
- Outbound data limits – financial institutions must protect all outbound data to enforce privacy and limit data exposure when integrating with third parties. This often requires the introduction of an API reverse gateway to protect all outbound traffic to third-party APIs. Reverse gateways avoid sharing sensitive third-party API access tokens with developers and server infrastructure. They can also detect and decline outbound traffic if sensitive data is released.
Thinking specifically of Tyk, financial institutions can also benefit from an intuitive dashboard and a simple developer portal, both powered by an open source API gateway. In addition to the open banking API management capabilities mentioned above, Tyk also provides:
- Support for Open Policy Agent (OPA), which enables the creation of custom permissions for different user roles within the organisation.
- Dynamic Client Registration, which enables dynamic registration of clients with the organisation’s existing authorisation server. Whether the organisation is using Keycloak, Gluu or Okta as its external Identity Providers (IdPs), with Tyk 3.2’s Dynamic Client Registration (DCR) capability, they can be integrated with the Tyk developer portal without the need to overhaul the underlying authorisation mechanism.
- Multi-Data Centre Bridge (MDCB), which enables the creation of multiple local API gateways in accordance with data sovereignty requirements, managed through a central control plane.
The future of open banking APIs in 2023 and beyond
Open banking technology has come a long way in (relatively speaking) a very short space of time. Yet APIs for open banking – and open banking itself – is far from finished evolving.
The same is true for regulatory frameworks. In the European Union (EU), the Payment Services Directive 3 is already under discussion, with lessons learned from PSD2’s creation and implementation being considered carefully as part of the process.
Over the coming months and years, there will be new and evolving opportunities for new business models and for integration with emerging technologies such as blockchain, artificial intelligence and the Internet of Things. These will inevitably result in new challenges – and solutions – as well as new opportunities for innovation and collaboration.
Examples of successful open banking API implementations
With API adoption picking up in the banking industry and making it easy to access information in a simple yet powerful way, the key to success is the awareness of which standards and regulations apply in your region, as well as choosing the right tools to address the corresponding challenges.
Tools like an open banking API gateway or API management platform, coupled with a dynamic and comprehensive API program, have the potential to further drive and accelerate growth and innovation in the banking industry.
API open banking bears watching closely over the coming years. The winds of change are blowing strongly for the financial industry, with plenty more innovation on the horizon.