OpenLegacy Blog

The 4 Key Elements of API Management in Open Banking

Share this:

It is no surprise that banking industry customers are becoming increasingly tech-savvy and modern banking experiences including advanced online services and a seamless mobile presence are now expected. This has increased the pressure on banks to develop digital transformation strategies including API management and open banking.

But the strife between incumbent banking brands and FinTechs has been misguided.

While FinTechs have brought innovative ideas to the industry with convenient, mobile online services, they’ve fallen short in scalability. Large banks may have the established customer base and expertise, but they’ve always lagged behind in digital transformation.

The future of banking lies somewhere in between with the concept of open banking. By combining the expertise of incumbent institutions with the agility of upstart FinTechs, the industry as a whole can create more valuable customer interactions.

One of the things standing in the way of open banking success is proper API management. By focusing on these four essential elements of API management, banks and FinTechs can achieve their goal of collaborating to create an open banking reality.

APIs will make it possible for the banking industry to unlock the potential of third-party collaboration, making feature-rich digital experiences an attainable reality rather than a frustrating, unattainable goal.

For open banking to develop properly, there are four key elements that must be satisfied with API management—core (legacy) system utilization, adherence to regulatory standards, operational speed/efficiency, and data protection/security.

1.Overcoming Core, Legacy System Challenges with API Management

The concept of open banking might be new to the industry, but APIs certainly aren’t. Established banks have been using private APIs for years to make up for the shortfalls of legacy systems.

Banking systems that have supported established brands were implemented decades ago. At this point, they’re too cumbersome and loaded with dependencies for banks to have any chance of meeting the demands of modern customers.

Even with private APIs in place to reduce friction between internal core or legacy systems, as it stands today traditional banking infrastructure isn’t ready for open banking. The core and legacy systems in most banks represent the long-established internal processing and customer servicing capabilities. The value they provide and customers they own need to be leveraged with FinTech technology to achieve open banking success. That’s why banks and FinTechs must work together on partner APIs and open APIs.

The long-term goal may still be to replace these legacy systems. However, a complete overhaul of decades-old infrastructure may too much to ask. Traditional banks can start with a holistic mindset shift and lean on open APIs to facilitate strategic initiatives.

2.Regulatory Standards Driving Open Banking and the Need for API Management

It may come as a surprise to external observers, but not those that know the industry, that regulators are a major driving factor behind open banking.

While there are multiple regulations playing into the open banking concept, the primary example is the European Union’s Payments Services Directive 2 (PSD2), which goes into effect in January 2018.

The PSD2 regulation is meant to open banking payments systems to third parties. Customers expect to be able to access their bank accounts through third-party services, but the backend processes are more complicated than they appreciate. This standard will require banks to give system access to Account Information Service Providers (AISPs) that can then interact with Payment Initiation Service Providers (PISPs) to deliver customer-facing capabilities.

Banks must rely on API Management to ensure all stakeholders have the access necessary to enable these payment services. Without effective API management, big banks risk falling out of compliance not just with PSD2, but with the inevitable wave of digitally-focused regulations that will come in the future.

3.Achieving Operational Speed, Efficiency, and Flexibility

It’s second-nature for big banks to spend months (even years) contemplating a single decision about operational or technological change. In years past, these decisions would have business impacts that would last many years. The concept of “failing fast” wasn’t even a conceivable alternative.

However, agile decision making is critical for the modern banking industry. In the World Retail Banking Report 2017, there’s an example of how JPMorgan Chase is putting the agile mindset into practice. A partnership with FinTech company On Deck is helping JPMorgan Chase accelerate loan processing with third-party access to credit scores that help approve loans in hours—not weeks.

The key to the partnership between JPMorgan Chase and On Deck (and other business partnerships like it) is an API that opens the traditionally-closed banking system. Legacy systems and processes won’t be replaced overnight, but effective API management will give financial institutions access to the speed of open banking.

4.Securing APIs for Safe Open Banking

One of the greatest barriers to open banking is a cultural mindset in traditional institutions that believes data should be closed off from connected systems at all costs. The origin of this thinking is the consequences of a data breach or regulatory misstep have always been too great.

However, when open APIs are developed and integrated correctly, the exchange of data keeps customer information safe and secure. But for some financial organizations, secure API management can seem easier said than done. A few API security challenges include:

  • Sprawling Governance: As open banking APIs take hold, the average portfolio will grow and secure management will become harder. Banks must maintain clear ownership documentation and conduct regular security reviews for each open API.
  • Complicated Data Flow: The communication protocols used within internal banking systems have always been complicated. However, data flows become more complex as you’re weaving in and out of third-party services. Data owners must ensure APIs support encryption both in transit and at rest to maintain secure data flows.
  • Patch Management: Hackers have an uncanny ability to discover every weak link in a business infrastructure. And as open APIs become more common, it’s only a matter of time before they become targets of cyber attacks. Patch management will be critical to API security to ensure there are no glaring holes in protection.

Open Banking Doesn’t Have to be So Far Out of Reach

Even though digital transformation and open banking are inevitable, accepting change can be difficult. Overhauling long-standing cultural mindsets and 30-year-old backend systems can’t be taken lightly.

However, implementing the right API management best practices to facilitate open banking doesn’t have to be as difficult as it may seem.

Learn more about how real financial institutions are benefitting from open technology, check out this OpenLegacy case study that shares how a top global bank implemented a Global API to lay the foundation for customer experience innovation within days.
Tags: Open Banking, API Management

Share this: