The traditional banking landscape is about to be transformed from merely offering deposits, lending, savings and investments to being able to offer deeper financial insights and services that extend outside of the banking industry. Trusted third parties have the ability to leverage a banks’ customer data and transaction services for an enhanced customer experience. The insight powering this new platform will enable banks to build deeper engagement and potentially become a form of lifestage concierge.
The importance of open banking APIs has not been lost on the banking industry. In fact, in the Digital Banking Report, “Open Banking API” was the fourth most mentioned trend for next year. In a survey of more than 500 bank and credit union executives globally, close to one-third (32%) of those surveyed indicated that Open Banking APIs were one of the top three trends for 2017. This trend was not in the top ten in 2016.
Introduction to APIs
An Application Programming Interface (API) provides a way for developers to communicate with the provider of a service, e.g. a bank. For this purpose, the service provider publishes a precise API specification that must be adhered to when developers want to access the service.
The API describes what functionality is available, the format used to communicate, and the conditions for using the service. An API is called “open” when it can be accessed — under specified conditions — by third-party developers. An open API specification is publicly available, but the service provider may limit the functionality or data available depending on the contractual agreement.
An API is like a user interface, but with different users in mind, i.e., computer applications and their programmers. When a company exposes (web) APIs to external parties, developers can consume those APIs to access the services provided over the internet and integrate them into their applications.
Think about Google exposing its Maps API, allowing developers straightforward access to geolocation data and other features offered by Google. In this way, the internet becomes programmable, providing a virtually unlimited source of data and services that can be consumed by third-party applications. The only limit to the innovation unleashed this way is the imagination of the developer community.
The Open Banking Trend
In our digital world, the use of open APIs is common, even fundamental to the growth of companies such as Amazon, Google, Facebook, and other digital leaders. Stripe and PayPal are examples of payment companies that have a clear API strategy. But the increasing role of APIs in retail banking is quite a recent phenomenon.
Banks are beginning to expose their data for use by third parties, in particular fintech companies, through open APIs. Banks can not only make their own product data available but also allow their customers to share their bank data with third-party providers (TPPs), thus paving the way for “open banking.”
API banking allows the bank to decouple its internal environment from the customer-facing apps. The bank is much more able to flexibly distribute its products through third-party channels provided by fintech partners, facilitating innovation and reducing time to market.
Technology is a strong driving force in the trend to open banking. APIs enable banks to redesign their IT architecture and work with fintech start-ups to develop innovative solutions for their clients. Competition from peers and new entrants urges incumbent banks to develop a digital strategy. In Europe, regulations have accelerated the trend to open banking and enforces an end date for banks to provide open APIs.
Opportunities and Threats
How are banks positioned to capitalize on open banking? Compared to other market players, including neobanks, fintech companies, and TPPs, incumbent retail banks have a number of strengths they can rely on.
Legacy banking organizations have a large customer base, and the bank knows each customer’s identity as a result of mandatory Know Your Customer (KYC) processes. And these customers still trust their bank the most for keeping their money safe. Banks have ages of experience with the implementation and operational requirements of risk management, compliance, and security regulations. And banks own the banking “rails” … the infrastructure for payment processing, clearing, and settlement.
There are also clear weaknesses. Banks have to manage complex legacy infrastructures, and a transformation to open banking will require huge investments and a multiyear program to fully realize the potential. But traditional bank culture, not legacy systems, is perhaps the most important hurdle to digital innovation. Long release planning cycles, traditional development methodologies, and above all a lack of senior management affinity with API strategy and open banking are factors opposing change. Actually, PSD2 and future regulations in the US may be welcomed by some, as it forces management to consider APIs and open banking.
Bankers continue to read a lot about threats to banks. Fintech companies, neobanks, and TPPs are all said to hunt the bank’s customers, threatening to disintermediate them and reduce banks to processors and dumb pipes disconnected from the customer.
While this threat should not be underestimated, there is reason to believe that banks are strongly positioned to counter this threat. It appears that the strengths and weaknesses of nonbank players look like the mirror image of that of banks … and therefore they can—and should—work together for a stronger customer experience.
Monetizing Open Banking
Banks have the opportunity to create an ecosystem of third-party providers and charge them for the use of customer data and the provision of bank services through APIs. The new applications (which are linked to the bank’s services) will also create stickiness for bank customers.
In Europe, under the mandate of PSD2, banks have to allow TPPs free access to payment accounts for payment initiation services (PIS) and account information services (AIS). TPPs do not need a contract with the bank to provide those services, so it will be difficult for banks to charge for them, and they have to provide the “XS2A” (Access to Account) API for free.
Clearly, banks that decide to do the minimum and just become PSD2 compliant will only lose value. These banks are at risk to lose payment revenue and indeed be disintermediated from their customers. And under PSD2, they will still be owning full liability toward their customers for unauthorized transactions.
Therefore, banks should provide other products and charge for those value-added APIs. They could provide the following:
Raw data. Not only from payment accounts, but also from savings accounts, credit accounts, loans, mortgages, etc.
Enriched or calculated data. Examples include categorization of account activities, liquidity forecasts, or credit scores
Combined data. This can include identity/authorization services (KYC) , money-saving offers based on transaction history, or income tax preparation.
Payment initiation services (PIS) and account information services (AIS). Banks are in an excellent position to provide such services. Rather than allow an intermediary in the value chain, banks can develop such new payment models themselves:
- PIS services could be combined with instant (faster) payments. Consumers could be routed to their trusted bank portal for payment authorization. The payment would then be executed in real time to the merchant’s account.
- AIS products for personal financial management, bank product comparison, credit scoring across multiple credit providers, online accounting, and much more.
Of course the value-added APIs discussed here are not restricted to Europe, but can offered globally. Innovative banks are already providing such APIs, and new business models are developed to monetize their use.
The challenge is not open banking’s opportunity but its delivery. But once organizational and technological challenges have been overcome, the possibilities are endless. The creativity of the developer community will guarantee innovative customer propositions that would be hard to develop the traditional way.
Welcome to the programmable bank!