APIs are the Key to Open Banking
As 2018 rolls in, we are seeing governments around the world mulling increased regulation in the financial space. European Union (EU) has been at the forefront of this with the second payments services directive (PSD2), which dictates banks to open customer data for third parties and to let third parties directly transact with banks without middlemen.
What is Open Banking?
Open Banking is the idea of breaking the monopoly of a few big banks by letting smaller players get access to customer data, so that they too can provide value added services.
What’s happening in the EU is the case in point, as it is a result of years of concern around data protection and the lack of a level playing field in the banking space. Increasingly, regulators have tried to break the lock-in of data with a few big businesses and encourage participation of smaller companies and startups in the financial sector. With the current regulation, governments in the EU have laid down clear rules of what big banks need to do to comply. They have also worked to assuage concerns of end users around privacy and security by laying down strict technical guidelines on implementation.
Open Banking is now being talked about in all markets, even in the US where there is no indication from regulators yet around enforcement.
Why Open Banking?
Open Banking will have a long term positive net effect for all the players involved.
For end users like you and me, it’s going to bring more and better services around financial data. You will be able to see a consolidated view of all your spending across all bank accounts. Although a few third-party services, like Mint, already provide similar services by partnering with specific banks, these partnerships depend on the willingness of the bank to participate. With enforced Open Banking regulation, banks will have to invest in and make integrations available for third parties. This will enable better and more holistic services for consumers and due to standardized integrations (APIs) more third-party providers will jump into the fray as the frequent headaches these service providers have around integrations will be gone.
For third-party service providers, this will provide a golden opportunity to expand their current set of offerings to all the banks and enable them to get creative with the type of services they are offering. As the integrations with banks will be standardized they will experience lower operational costs due to less brittle integrations. More importantly this will encourage new players and startups to enter and provide services. People will start more companies around financial services. Hence increasing competition in the market (read better service and lower costs) and more choice for end users. This will throw open a very traditional, walled market to the broader forces of market demand and supply.
For banks, this is an opportunity to reassess their business models, question how exactly they are making money, and how can they leverage the data and services more to their advantage. This is also a chance for banks to finally get on the bandwagon of transforming themselves from a legacy business to a next generation platform, that brings customers and partners together to generate immense value that a two (or more) sided platform brings. Banks can do this by accepting the reality of Open Banking and building bridges in the form of APIs to the outer world, this is not a bad thing as these API integrations will in-turn help strengthen the banks own offerings and banks themselves will be able to create better services using these brand-new APIs.
Who is going to be impacted?
Well the answer to this question depends a lot on the geography you are in, for instance if you work in or with a financial entity in EU, then the changes are already upon you. You might already be seeing the changes bought by the PSD2 regulation in your organization. If you work in or with a financial entity in other parts of the world, including US, then the changes are yet to come, as there is no indication that there will be regulation in the US around Open Banking soon. This does not mean that change will never happen. As soon as banks and financial institutions in EU become more competitive due to Open Banking, regulators in US will recognize the benefits of Open Banking and will be under pressure to introduce similar legislation.
Inside banks broad changes will come in the way banks think about services, what strategic choices they make in terms of offering their customers as services and what they decide to charge for and what they provide for free. More granular changes will come in the way banks implement applications. There will be increased focus on building more APIs and ensuring security of user data.
Third party service providers who till now have been collecting user data through screen scraping will now be able to create more functional and scalable applications on APIs and will be able focus more on building rich applications, rather than figuring out and fixing operational challenges.
What to expect?
If you are an end consumer of financial services, you will gradually see changes on two fronts:
- Better service by your bank through enhanced portals and applications
- More service providers in the market offering financial services
You will also see increased security around your bank accounts, more and more features like two factor authentication will be implemented to enhance protection around your data and transactions.
As a person working for, or working with a bank or a third-party service provider, you will see increased implementation of APIs and integrations. Banks will expose their data through mechanisms like API gateways and third-party providers will build integrations with these APIs from multiple banks, and build their own value-added services on top of them.
Why APIs are the right way to go?
APIs are an interesting piece of this puzzle and a little bit controversial too. There is an interesting debate going on in the EU around the merits and demerits of using APIs vs. screen scraping (third parties pulling data off your login to a bank, with your permission of course). Third party services resorted to screen scraping as there was no other way to get access to end user’s data inside their bank accounts. Screen scraping is more of a workaround and is very unstructured (no standards exist around screen scraping) and can be insecure. Screens are controlled by banks and the user interface changes frequently, requiring updates to the third-party applications. There are lot of third party providers which are already deep in to the screen scraping quagmire and are not interested in switching to APIs. However, going with APIs (which are more standardized) is the right way of doing standardized and secure Open Banking. APIs are defined by standards like Open API Specification. Hence changes to design can be easily managed by all parties and are easier to manage. Extensive tooling is available specifically around API design, development and testing to enable practitioners to evaluate, create and operationalize APIs for their Open Banking initiatives.
If you wish to have even more robust technical and functional understanding of Open Banking, on the functional side, I recommend reading more about the ever-changing landscape of the financial industry in EU, which is currently being shaped by the PSD2 regulation. On the technical side, learn more about financial data and how it can be exposed and consumed through different APIs. Open Banking project is a good place to start learning about the importance of APIs to the Open Banking movement.