‘OPEN’ for BUSINESS: How financial institutions are extending data access to third parties and payments businesses to keep pace with fintech innovation
By Christine Umbrell
One of the hot topics swirling around today’s banking industry is the discussion of banking application programming interfaces. APIs are seen by some as an essential tool for banks competing in a mobile-focused economy. They have the potential to change the way banks share information with fintechs and payments businesses, allowing for faster development of innovative products and services integrated with data from financial institutions. But what exactly are APIs, and how will this transformation happen?
An API serves as a “middleman” between a programmer and an application: The API accepts requests and returns the requested data. The API also informs programmers about what they are allowed to request and how to request it.
“There is a movement at banks toward using APIs to allow for improved interfaces between clients and banks’ back-office systems,” says Nancy Atkinson, a senior analyst with Aite Group. “Banks are looking at this trend and asking, ‘What are APIs, and how can we use them to modernize our technology infrastructure and provide greater transparency to our clients?’”
“APIs enable one piece of software to talk to another piece of software,” says Kristin Moyer, research vice president and distinguished analyst in Gartner’s banking/investment services practice. “APIs provide access to data, algorithms, transactions, business processes, and application capabilities. APIs are most commonly used by mobile apps, third-party websites, and, more recently, chat bots and digital assistants.”
In the banking industry, APIs enable open banking—a platform business approach to facilitating the exchange or creation of new goods, services, and social currency, says Moyer. “We believe future value creation will come more from sharing, providing, and leveraging key assets than protecting them.” Open banking does this by making various data and other business information available to employees, third-party developers, fintechs, vendors, and other partners, says Moyer.
“Banking APIs essentially provide controlled programmatic access to select customer and account information and banking capabilities,” adds Rich Urban, president of IFX Forum Inc., an international nonprofit industry association whose mission is to develop and promote the adoption of its open, interoperable standard for financial data exchange. “Open banking APIs refers to broadening data access based on open standards or a public interface.”
There are three distinct categories of open banking APIs, says Moyer: internal APIs, used by employees inside the bank; private APIs, used by customers and partners of the bank; and public APIs, used by third-party developers and others outside the bank. As an example, Moyer cites an API that brings together current account transactions and credit card transactions. “This could be used internally at the bank, by employees,” she says. “It could be shared with customers, via a private API, so that they can log into their online banking application to see current account transactions and credit card transactions in one place. It could also be shared with third-party developers or other business ecosystems outside the bank so that they could build mobile apps that help customers better manage their finances.”
Leveraging APIs at Financial Institutions
While the percentage of banks that are leveraging APIs is currently very low in the United States, the trend is taking hold. “Banks are exploring APIs. There are many internal proof-of-concept trials going on, and limited offerings being tested” at U.S. banks today, says Urban. “They’re trying to figure out what the system boundaries need to be.”
U.S. banks like Capital One and E*TRADE are leading these efforts, using APIs to create new digital products and services, integrate more deeply with customers, and enable new types of customer experiences, says Moyer. Elavon, a processor backed by US Bank, has an API that “enables developers to write a point-of-sale application that integrates with its Converge payment platform,” says Moyer.
Atkinson notes that BBVA Compass currently offers real-time payments through Dwolla by providing the bank’s clients with single sign-on to Dwolla using open APIs. Silicon Valley Bank—a California financial institution with tech companies as its clients—also has begun using APIs to allow its tech-savvy clients to create their own user experiences, says Atkinson.
In Europe, several banks are leveraging open APIs to provide access to transactions, algorithms, data, and other business services, says Moyer, citing BBVA, Fidor Bank, and Barclays, among others. “And some banks are providing APIs that are enabling fintechs to build their own bank,” she says. For example, Fidor TecS, the technology division of Fidor Group, has an API layer called fidorOS. “It is middleware built on top of a local core banking application—Bancos—with Ruby/Ruby on Rails using MySQL,” explains Moyer. Fidor TecS performs the functions of a banking system, but can run on top of any existing core banking application. “Third parties can use the Financial Open eXchange Initiative (FOXI) to create applications within fidorOS.” Fidor TecS also licenses fidorOS as a white-label solution, says Moyer.
The U.S. banking industry is three to five years behind other developed regions of the world when it comes to APIs. “Europe has a number of regulatory-driven directives—for example, PSD2 [Revised Payment Service Directive], and the Open Banking Standard—that are requiring banks to use APIs to share things like customer data, transaction data, and payment initiation,” says Moyer. Some European banks “are using APIs to enable new mobile apps, digital products, and business models.” India also is ahead of the United States in this area: “The National Payments Corporation of India created the Unified Payment Interface (UPI), which enables things like in-app payments and proximity payments,” Moyer says.
In the United States, APIs have the potential to revolutionize the banking industry in several ways. “We have seen banks reduce the time and cost to market for new business capabilities by 50 to 90 percent,” says Moyer. “Some banks that have used APIs as a new business channel have increased their net revenue growth by up to 30 percent year-over-year.”
API development also may improve the consumer banking experience, and enable banks to innovate more quickly. “We have seen banks bring new mobile apps and digital products to market that make banking easier, more transparent, and more convenient for customers,” says Moyer. APIs can enable a rapid cycle of innovation, which can allow banks to experiment with new services and programs, she says—“many of which may fail, but some of which will create value in new ways for customers and banks.”
Banks as ‘Marketplaces’
The growing demand for APIs stems from a number of factors, says Urban. For example, bank customers are seeking creative solutions, such as mobile apps, that require financial institutions to collaborate with third-party payment providers. To cater to that demand, the banks themselves are seeking to reduce the risk of current market practices. Urban also cites the “expectations of the millennial generation” to conduct mobile transactions as a reason some banks are experimenting with APIs.
Open banking APIs allow for “user experience on steroids,” says Atkinson, granting approved clients the power to access the banking services as they choose and customize their banking interactions.
Moyer says leveraging the technology can help banks become “a marketplace of solutions”—one that offers traditional bank products and services, like deposits, loans, and payments, as well as “solutions that ecosystem partners have built using a bank’s APIs,” such as apps and new digital products and services. APIs also can be used to integrate with alternative payments solutions, such as blockchain/metacoin platforms, as well as loyalty schemes, says Moyer. “A banking customer could log into their online banking system and see current account transactions, credit card transactions, and Bitcoin transactions, all in one place.”
Having a marketplace of solutions may help banks remain relevant, because it offers one-stop shopping, where customers could “visit” a bank with a marketplace to get all their needs met, says Moyer. “Today, they go to multiple banks and also to fintechs. The risk is that banks become relegated to the back-end, holding all the cost and all the risk, while fintechs mainly control the front-end relationship.” The marketplace model has the potential to help banks remain at the forefront with customers.
In addition, the marketplace model may inspire new revenue streams. “Banks can take a revenue share of ecosystem partner solution sales,” says Moyer.
Atkinson advises banks to take a page from Amazon’s playbook. Just as Amazon progressed beyond traditional fulfillment to allow third parties to sell products to a larger audience—and take a cut of the sales in the process—banks can offer specific financial services that consumers can purchase through the portal of the bank. “The bank does not have to build or maintain these extra services, just offer them,” via API development, says Atkinson.
The possibilities for new digital products that may be developed using APIs at financial institutions are almost endless, according to Moyer. Personal data banks, digital identity services, trust brokers, and reverse auctions are a sample of products that could be developed—with or without the assistance of third-party vendors.
Payments professionals in particular stand to benefit from the proliferation of API technology as well. Moyer advises innovative payments companies to “provide APIs that make it easier for banks to use your products and services; create new digital products for banks that can be accessed via APIs—for example, new data and identity services; and use APIs from banks to create new mobile apps, digital products, and business models.” The most successful solutions will be scalable, reliable, secure, and compliant, says Moyer.
As with any evolution, the movement toward open banking APIs comes with some challenges that must be overcome if banks and their partners hope to benefit from the technology. Risk management is at the top of that list. “Banks should adopt a risk-based approach to securing APIs, taking into account the APIs’ business value, sensitivity, criticality, and the consequence of compromise,” says Moyer. Institutions will benefit from establishing responsibilities for API security “that encompass developers, enterprise security, and digital business stakeholders.”
Urban notes the importance of establishing system boundaries. When data is exposed to external partners and applications, it is necessary to establish levels of trust and security measures to ensure proper authorization and access to the data, he says. For example, a bank providing APIs to its corporate clients over a private network has a different set of boundaries than it does when providing APIs to aggregators serving thousands of individual clients. “In the first case, there is really only one boundary for the data to cross: from bank to corporate client over a trusted connection,” says Urban. “In the latter case, the bank will have to establish risk and liability agreements with the aggregator; will have to secure access to a select set of customer data for that aggregator; and must consider that the connections to the aggregator and its clients may be less secure and that the data may be in transit ‘in the cloud.’”
Regarding security concerns, Urban says the risks involved in seeking financial data without involving APIs are significant: “The lack of standardized APIs has led to the broad use of unsafe practices by consumers—practices that create risk for users and financial institutions,” says Urban. His organization, IFX Forum, is currently working to set the direction for a standardization effort. “The lack of APIs is causing consumers to use unsafe alternatives to gain access to their data, including sharing their credentials with aggregators and other third parties whose security practices are unproven.”
In addition to security concerns, “culture” is another area that must evolve before there can be widespread acceptance of APIs within the banking world. “Banks have historically focused on protecting business services like data,” says Moyer. “But future value creation is going to come more from sharing business services than protecting them. APIs make this possible, but it can be difficult to get the bank to think and act differently about creating value in new ways.” Also significant is the operational risk, in terms of security, integration, regulatory compliance, and reputation risk, says Moyer.
Atkinson says the governance model for APIs with financial institutions is in flux. “Banks won’t let just anyone see all of their data,” she says, because doing so is against regulations and risks their reputation. “Open APIs may enable corporations to gather data—but they also allow clients to move their banking relationship very quickly.” This may alarm some banks, but “you can’t be that protectionist anymore. You need to have value-added services others don’t—and APIs can help with that.” Setting clear guidelines regarding the circumstances under which banks will allow other entities to access their data is a “must,” says Atkinson.
Moyer points to yet another potential barrier: monetization. “It is hard to get monetization right. Most monetization will come through incremental revenue for existing products at first. Over time, APIs can enable entirely new digital products, like digital identity services and personal data banks,” she says, adding that it can take time for banks to achieve a return on investment for most API-enabled initiatives. “APIs are a journey, not a destination,” says Moyer.
The Start of Something Big
U.S. consumers are demanding access to their financial data, and APIs are one of the tools banks can leverage to create innovative solutions. “It’s a cultural change to open up beyond traditional boundaries, but it’s also going to be a survival imperative,” says Anita Brady, current board chair of IFX Forum.
Atkinson believes open APIs will become a more significant aspect of financial institution offerings in five years. Considering all of the possibilities that emerge when banks allow access via APIs, it is clear this trend is here to stay. It is likely that this technology will become a new vector of competition among banks. Those financial institutions that become educated on APIs and partner with vetted fintech companies and others to offer innovative products and services stand to reap the benefits of early action.
“This is just the beginning,” says Moyer. “APIs and open banking will change the way banks create value in the future. What it means to be a bank will look very different in five to 10 years than it does today.” TT