The crucial role of open APIs in Open Banking and Open Finance

Why are open APIs crucial for the success of Open Banking and Open Finance?

Open APIs play a pivotal role in driving the success of Open Banking and Open Finance initiatives. Open APIs, based on REST/JSON technology, are founded on an open and globally recognised development approach across the software developer’s community. Unlike proprietary financial protocols, Open APIs are far easier to consume, allowing financial institutions (FIs) and fintechs to integrate seamlessly. They encapsulate the necessary OAuth2 authentication method and provide advanced security through tokenization, which ensures that sensitive financial data remains secure and protected, instilling trust among consumers and businesses. 

Additionally, performance, robustness, and availability are highly important since more and more corporates, SMEs, and consumers rely on a delayed basis globally to access sensitive account information, execute remittances and transfer amongst many other financial operations. 

What variations in the adoption of open APIs exist across different markets? How do you perceive the adoption of APIs in various markets and within the banks operating in those markets?

It is clear that in the payment industry, including FIs, Fintechs, EMIs, and other stakeholders, every data provider is focused on protecting their valuable data assets like customers, accounts, and transaction information, in the best possible way. To do so, they utilise different ways of connecting and sharing data, which we call Open API.

Even within the same countries, the ways can vary a lot. Different markets have developed at various speeds, some are well ahead on account information provided by AISPs (Europe), and some advanced better on payment initiation delivered by PISPs (Asia). But no matter where to look, across all markets we experience a huge number of API variations, thus for TPPs it is a thorough and costly project to aggregate these variations and provide a standardised API environment to businesses, whatever the scale, corporates, or SMEs. 

What specific issues and challenges arise due to these differences in adoption? In what ways can non-standardised APIs adversely affect the Open Banking propositions?

If we take as a given that Open APIs offered from FIs to fintech and third-party providers (TPP) communities are quite different from each other, then immediately we understand that integration, morphing, variation handling, and custom flows are vital to consume and aggregate these APIs. 

This poses significant challenges from both an architectural and DevOps perspective. Analysing, prototyping, developing, testing, and delivering these APIs is complex due to the multitude of differences present. These variations manifest on various levels, such as authorisation, handling callback mechanisms for OAuth2 authentication, managing token expiration and renewal (which can be particularly tricky), dealing with differences in available data sets (as not all financial institutions provide the same types of account or transaction data), navigating through OTP policies, and much more. The consequence of these challenges is a slower adoption rate and a longer time to market, which contradicts the initial expectations of central banks and regulators who envisioned a rapid growth of Open Banking.

Could you provide some real-world scenarios or instances where non-standardised APIs have created challenges or issues for FIs in their Open Banking initiatives?

Let’s take a simple example; a large corporation with accounts on multiple FIs wants to have daily access to account information across (the dream of every CFO to ‘click a button and have the position of the company at all banks!’), be able to reconcile incoming payments for invoices and finally execute payments and remittances in a way to automate the payment process. 

In reality, this seemingly simple goal is challenging to achieve because different Open API providers, typically offered by FIs, provide varying functionalities through their APIs. For instance, the same corporation may obtain richer account information data from one FI but a less comprehensive dataset from another, resulting in data quality disparities.

Moreover, some FIs offer smoother authentication processes, while others require more steps or a different approach, necessitating code customisation and branching for integration. Similarly, when it comes to payments, some FIs provide APIs with fewer iterations involving Open API endpoints, while others involve additional steps like one-time password (OTP) verification or remittance fee calculations. Consequently, the approach to consuming these Open APIs differs significantly among providers.

Are there any industry-wide efforts or initiatives in place to encourage standardisation in Open Banking APIs, and if so, how do they aim to address these challenges? How can these issues be effectively addressed, and how BPC contributes to the solution?

There were indeed industry-wide efforts and initiatives to encourage standardisation in Open Banking APIs. These efforts primarily aimed to address the challenges related to interoperability, security, and ease of integration. For instance: the Open Banking Implementation Entity (OBIE) in the UK, developed the Open Banking Standard, which includes a set of API specifications and security protocols. As for other parts of the world, the examples are many: CDR in Australia, APIX in Singapore, Open API Framework in Hong Kong in 2018, Fintech Law in Mexico, and the Open Banking program PIX launched in 2022 in Brazil. 

More countries emerge as fintech hubs and technology attractors, meaning the concept of using Open APIs will persist. Saudi Arabia and the UAE have seen dramatic growth in the rise of fintechs and payment powerhouses with the KSA government issuing the Saudi Open Banking Framework in 2022 to open the door to the concept. In the same year, Dubai also announced a licensing framework for TPPs. 

We at BPC fully realise the potential of Open Banking and the promises it can deliver. In our recent free report on Open Banking and Flexible API connectivity, we also mention the importance of APIs in the success of the concept. From instant payments to R2P solutions, the future of Open Banking holds immense opportunities for FI, fintechs, and consumers. By leveraging the power of technology, collaboration, and standardised frameworks, we can unlock the true potential of Open Banking and revolutionise the financial industry for the better.

This editorial piece was first published in the Open Finance Report 2023. We encourage you to download the report and find out the latest trends and developments in the world of Open Banking and Open Finance, as the road to Open Data continues.

About Peter Theunis

Peter, a highly accomplished professional in finance and fintech with over 25 years of experience, has joined BPC as SVP Europe. He is passionate about payments, digital banking, and Embedded Finance, and his deep industry knowledge enables him to drive growth and deliver innovative solutions in the competitive fintech market.

About BPC

BPC is a proven industry leader that is shaping the world of transactions with quick, safe, and easy payment processing. With a focus on exceptional technology development and customer service, BPC helps financial institutions and businesses to deliver innovative and best-in-class proven solutions that fit with today’s consumer lifestyle when banking, shopping, or moving in both urban and rural areas. With more than 350 customers across 100 countries, BPC collaborates with all ecosystem players to deliver services for the digital world.