Soon the Payments Services Directive II (PSD2) will come into force and, with that, European banks will have to share customer transaction and account data with third parties, including Fintech, retailers, telco providers, payments services and financial account aggregators.
Even where PSD2 doesn’t apply, e.g. the US, the sheer number of initiatives undertaken by banks on APIs demonstrates the need for an open bank model.
While this may sound counter-intuitive - giving third parties access to core data has always been seen as weakening someone’s position in the value chain - it is the best way for a bank to innovate without having to hire an army of developers. Banks recognize the increasing challenges that Fintech and other players represent, but they also realize that partnering with them can be an opportunity to maintain a role in the new digital economy.
Shamir Karkal, head of open APIs at BBVA, said: “Right now there is some talk about [APIs], but in five to 10 years they will become a facet of doing business online that everybody has to do or end up being left in the dust.”
The API revolution is around the corner and early adopters will benefit from acquiring a footprint in the digital ecosystem before others do.
In the market today we have several types of API initiatives. Two models have gained significant traction:
- My API store: Expose your services through a proprietary app store; Credit Agricole’s API Store and BBVA’s API_Market are good examples of this.
- Common API store: Join a third party API store acting like an “iTunes for banks.” A good example of that is the Open Bank Project in the UK. A similar concept, but different approach, is stores where banks do not actively provide their APIs, but rather a third party collects them using screen-scraping techniques. Despite some concerns regarding security, Xignite in the US is proving that this model is working.
For banks to open up via APIs is not as trivial as it might sound. Banks often have a mishmash of siloed applications along with layers of “spaghetti” architecture that poses significant challenges and might deter developers to leverage their APIs.
APIs encapsulate the capabilities of underlying systems and if these systems are not performing well the API will surface that problem to its users. For this reason banks need to map the paths through the spaghetti carefully, consolidating applications and streamlining their processes as much as possible so that people and businesses interacting with them will have a positive experience.
In addition to that banks must also be able to protect their core business from risks associated with this new business model. When third parties send transactions and access a bank’s information, everything must be secured and carefully monitored. This enables the bank to stop a “toxic” event in time or offboard unsatisfactory partners as quickly as they were onboarded at the beginning of the relationship.
For that real-time insights are imperative so that your brand, which for banks today is their most valuable asset, is not eroded.
So, while connectivity with the digital ecosystem is key to remaining relevant, keeping control over your APIs and your information is critical to survive.
In a customer-centric world, making customers happy is the ultimate goal and open APIs represents a great opportunity to achieve that, but the risks should not be underestimated nor corrective actions delayed.