With the advent of open API banking, professionals across the banking industry are preparing for dramatic changes to the traditional value chain and partner ecosystems. These changes call for a radical shift of the status quo if open API banking proves to be a success. As it stands, the banking industry has mixed views on whether open API banking should be welcomed, mainly because there's no clear direction on how to go about it.
Amidst this uncertainty, the EU's PSD2 ruling has offered the closest thing banks have to an open banking blueprint, making Europe a pilot project for the rest of the world. With this new ruling, there's still a great deal of uncertainty around how to make a success of it.
While there's no one-size-fits-all approach to open banking, there are many key considerations that the banking industry needs to consider if it's to get the most from open banking.
Data sharing: Data sharing sits at the heart of open banking and the PSD2 ruling, so banks need to be able to anticipate what data needs to be shared with a mix of different third-party entities, account information service providers (AISPs), and payment initiation service providers (PISPs).
Banks should consider exposing a layer of their data via a 360-degree customer view, extracted from various sources within the bank, to a group of third parties to prepare for this requirement.
Data security: Security is at the top of the agenda for most industries, and banking is no exception. To comply with PSD2's requirements banks must critically examine which security protocols to implement while creating a policy to govern how and when data should be shared externally ‚ all while considering a mix of data protection regulations.
Management of APIs: Banks need to have an organized API management strategy in place. Under API banking, the world is moving from SOAP-based APIs to REST APIs. This is a significant change in API protocol that impacts how data is represented and will require input and oversight including tools to convert existing SOAP APIs into REST APIs.
Bigger banks may have their own in-house solution for APIs, and some other banks may opt for an API management provider.
Testing and publishing: Testing is a crucial aspect of the compliance process. Banks should consider the value of sandboxing the APIs they'll use to expose data. In other words, experimenting with APIs for a specific project in a pre-production environment can help banks predict how well the project is likely to fare without risking any data.
New business avenues: Open banking and the use of APIs doesn't just apply to banks existing services. Banks must keep looking for new opportunities to apply their open API strategies, which might even lead to new channels for customer service or new business opportunities.
API Monetization: The successful and frequent use of open APIs will bring forth new monetization opportunities. As banks expose their data through APIs, a range of various third-parties will have the chance to develop their own services using the banks data.
For example, retail websites may begin to offer customers the chance to check their bank balance before making a purchase all without leaving the retailer's website.
Open banking will portend the next great leap in banking services. While there's still a good amount of fear among banks regarding the ability for third parties to build their own services using the banks data, degrading banks to utilities, banks should instead view open banking as an opportunity. Will the banks really allow themselves to become utilities, or will they embrace a new type of service provider role? The answer rests on how well the banks can prepare themselves, and PSD2 provides the perfect test.
The article was originally published on Financial IT and is re-posted here with permission.
Subscribe to keep up-to-date with recent industry developments including industry insights and innovative solution capabilities
Financial institutions, enforcement agencies, and regulators have been trying to evolve mechanisms at global, regional, and local levels to offer better collaboration while combating compliance issues with low code framework.
Unlock cost-friendly and unrestricted data quality checking