A move to open banking is akin to letting strangers get into your data fortress, one that you have been guarding and protecting for decades.
The emerging open bank world demands that your infrastructure does just that—open up access to your customer data; transactional, demographic and more. As I said in my last blog, there are broadly three phases to digitalizing banks for open banking which involve data, services and knowledge.
In this blog we will explore Phase 1: Data Exchange. How will you seize upon this opportunity when so much of your historical infrastructure is like a fortress, designed to prevent outside agents from getting in and accessing this data?
Sharing this protected data involves developing an API strategy that includes a comprehensive platform for building, managing and delivering open bank services in a secure and well-governed manner.
There are three critical aspects to consider:
1. Building and managing well-secured APIs
- Take a product management approach to managing API and service updates against strategic plans
- Track and manage data and service demands, to ensure you are building the right APIs
- Integrate data and services rapidly, even in a broadly distributed banking infrastructure, to provide the right level of data access to your partners
- Centrally manage and update the API catalogue for a global view of your data services
2. Publishing APIs to your partner ecosystem
- Catalogue, publish and expose APIs to partners through a developer portal
- Enable developers to access your APIs and deploy their own innovative solutions rapidly
- Encourage the adoption of your APIs by building and nurturing an ecosystem of partners and other 3rd party developers
3. Enabling authorized access to data and services
- Provide a secure API gateway for run-time authentication
- Expose APIs selectively to different partners
- Secure service gateways against unauthorized use including mechanisms for triggering alerts and automated responses to a wide range of threats and out-of-bounds conditions
- Monetize access according to business strategy (for more on monetization see Bikram Saha’s blog and Aite Group’s report)
- Find flexible mechanisms through which you can monitor to ensure security and performance
Banks are old hands at using APIs internally to integrate systems. The largest current offerings of open APIs at leading banks are focused on sharing data for payments.
However, banks need to extend beyond open APIs for payments -- or risk becoming disintermediated from their customers… and becoming the plumbers of the banking world.
Depending on their business strategy, some banks will decide to evolve their open banking ecosystems to things like cash management and liquidity management for commercial customers. But there are countless innovative ways that we can’t predict, particularly as the retail banking ecosystem evolves.
This is why it’s critical that the API platform that is developed is scalable, controlled, governed, and provides the ability for the business to measure monetization. Future innovations will require commitment to transformation within the bank, especially with regards to business process analysis and IT management tools. These enable the understanding of the impact of changes on asset interdependencies in a bank’s complex architecture, and the resilience and transparency of the architecture with regards to new types and volumes of data and with cybercrime.
We will talk about this next time.