Digital Banking, Open Banking and PSD2
To allow for a true digital banking experience, fundamental changes have to be made in the way banks conduct their business. Regulatory initiatives, like PSD2 in Europe and UK Open Banking have certainly accelerated this transformation process, as banks were mandated to share account data and payment functions with third parties. We now see that open banking has laid the groundwork for a wider digital banking ecosystem that benefits banks, third parties and, ultimately, the banking customer. Within this ecosystem, APIs have proven to be the indispensable building blocks to bring it all together.
Why Open Banking Matters
Open banking initiatives around the world often surpass regulation as banks realize that they need to ensure their continued significance. In a rapidly changing world where a seamless customer experience is essential, open banking allows banks to effectively collaborate with FinTech partners and others to attract new customers and excite present ones.
APIs represent the implementation essence of any open banking initiative, as they provide the means through which an external party can effectively interact with the bank's systems in a highly secure manner. Consequently, the current open banking standards as well as the ones evolving across the globe provide detailed specifications for such APIs, with an initial focus on functions around account information and payment initiation.
In general, the development of the standards has been largely driven by data privacy and customer consent concerns on the one hand and interoperability concerns on the other.
From a higher vantage point, open banking standards (like the ones listed below) typically address three important API 'dimensions': the functional interface, the necessary security requirements and any quality-of-service requirements that apply.
Core Aspects of Open Banking Specifications
The functional interface refers to the banking functions that are accessible through the API; in other words: the banking data that can be accessed or processed (for example account data, payment data).
'Open' does not imply open without constraints; these data being highly confidential by nature, they must be rigorously protected under open banking as well. Consequently, the standards put a lot of effort in specifying all measures that must be taken in order to safeguard data protection; in other words, how APIs should be managed to avoid unauthorized access and what additional API security policies should be applied to ensure data integrity and confidentiality. All of this is captured in the API security profile.
Additional quality aspects may also be specified, for example availability requirements as they apply to APIs under PSD2 to ensure access is in line with alternative banking channels.
Examples of Open Banking Standards
Currently, different standards apply in various geographical regions. In this Digital Banking Portal, we offer a sample collection of APIs that are configured in accordance with prevalent standards: