In this post, guest blogger Jerry Silva, Vice President, IDC Financial insights, discusses benefits for both IT and Business in API-based open banking, where APIs are utilized “beyond being a vital component of infrastructure modernization”. Jerry also explores important considerations for Banking API strategies, including security, governance, and the need for a single source of truth and lifecycle management.
A Brief History of Banking APIs
In 2016, IDC Financial Insights started writing about the modernization of the banking infrastructure. At the time, the focus was on modernization of core legacy workloads that jeopardized the progress of digital transformation. Prior to that, around 2010-11, and because of the worldwide economic crisis and the subsequent rise of the power of the mobile device and the proliferation of fintech firms that threatened to steal customers from traditional banks, institutions worldwide responded by focusing on their front-office applications like mobile and online banking. While improving customer experience and bringing banks closer to par with the smaller fintechs, eventually the legacy nature of middle and back office systems limited any true product innovation the banks were potentially capable of.
The answer to this constraint was transformation of the core infrastructures that were the heart of banking. And fundamental to this was the use of APIs to fulfill the promise made by services-oriented architectures (SOA) we all talked about in the 2000s. Along with Agile application development and microservices architectures, the use of APIs was recommended to componentize and standardize the back office infrastructure, but, more importantly, to allow the banks to pursue a progressive transformation that minimized the risks typically associated with the historic “big bang” approach many banks looked to modernize critical platforms. By creating an inherently interoperable architecture over time, one business workload at a time, banks could focus on prioritizing transformation to fit market requirements, all while using internal and external APIs to enable further transformation and support innovation.
In Europe, the use of open APIs in banking was forced on the industry due to the 2018 Payment Services Directive amendment (PSD2) that required banks to open customer data to qualified, third-party payments providers. The use of open API to comply with this directive triggered other regions to consider the use of open APIs for “Open Banking,” a concept that spread from Europe to the east and is now adopted, in varying degrees, by many top tier banks.
Benefits to IT
The use of APIs provides several of the following benefits to the IT group at the institution:
Progressive transformation
It is now the exception, rather than the rule, to replace platforms all at once with modern equivalents. The risks are too high to entertain this strategy for more than a few, unique situations. By using an API-based approach that standardizes integration across enterprise platforms, banks lower the risks of transformation by taking a longer-term approach and selecting specific functionality for modernization as the business requires.
Building standardized architectures
Institutions will be able to grow and modify their architecture using a standardized approach based on API catalogs. This becomes important to the efficiency initiatives at the institution, breaking down the work needed for new or modified workloads into smaller projects that all comply with the API catalogs in place, and eliminating one-off integration projects that often include a review of a chain of dependencies and almost as often results in failure to capture some missed integration, delaying those projects.
Enabling parallel development
By creating API libraries that are managed separately from application code, it’s possible to run multiple development efforts in parallel, instead of single-threading development, due to shared resources and dependencies. This greatly increases the speed of innovation.
Benefits to the Business
IDC Financial Insights has written that the use of APIs, beyond being a vital component of infrastructure modernization, has business value for several stakeholders:
The bank’s lines of business
By using API catalogs as the basis for access to systems and data, it allows line of business analysts and product managers to effectively compose new functionality in an almost no-code environment. At the very least, this enables non-IT staff to create proof-of-concept pilots to create new products and services that can be tested before they are vetted by stronger assessments through normal security and compliance testing.
Trusted partners
Most banks partner with third-party solutions providers for their enterprise workloads or maintain institution-to-institution connections for key business operations. Often, these integrations are direct one-to-one system connections that need to be maintained, changed, and tested as applications on both sides change. The use of standard APIs both minimizes the effort needed to maintain these links as well as standardizing the links across multiple partners.
Fintech
By using open APIs to access processes and data within the bank, fintech and other development partners can create innovation and positive disruption in the market. Likewise, open APIs can be used by the institution to access systems and data from external providers, adding value to the bank’s customers. This accessibility represents no less than the future of the banking industry as institutions attempt to become more embedded in the customer’s lifestyle, acknowledging participating in the customer journey without demanding to be the destination.
There Are Considerations (not Challenges) to API-based Banking
A thoughtful strategy, starting with guidelines from institution executives and regulatory bodies, will ensure architecture, development process, and business workload deployment while maintaining the trust that customers expect. A few key areas need to be reviewed and strategy set for:
Security
Access to the institution’s APIs – and thus it’s assets – needs to be controlled with regard to:
- Internal vs external access
- Appropriate functionality access
- Encryption where necessary
Compliance
The institution must ensure that the modernization of any workload maintains all regulatory compliance that existed prior to transformation. This is particularly critical in circumstances where external parties provide API-based workloads. New vetting processes are needed if the institution is new to an infrastructure that includes API-based applications.
Lineage and Change Management
Orchestration is often a skill set that institutions need to implement or improve to manage an API environment. This requires not only skilled staff, but orchestration technology that can manage the environment and track dependencies, development, and changes to the catalogs or libraries. This curated environment helps maintain records of ownership and track dependencies across the enterprise resources.
Governance
Finally, the move to a modern, API-based architecture requires a different mindset at the institution – one that not only addresses the requirements listed above to maintain appropriate levels of trust, but also to see into the future and recognize the immense power and manifold opportunities that are enabled by an API-based infrastructure.
Partners
As a result of the crisis in 2020, change is happening much too quickly to be able to implement an API paradigm given existing resources and technologies for all but the biggest banks. And even the top banks will seek to external sources to fulfill some aspect of the modern infrastructure. A third-party technology partner is vital to modernizing efforts if the institution wishes to succeed.
Single Source of Truth and Life-Cycle Management
In the creation of an API environment, an eye to consistency is critical. One of the most significant benefits of an API library or catalog is maintaining a single source of truth that can be leveraged across the enterprise. This alleviates undue work necessary to track hundred and thousands of similar or identical connection points to ensure security and compliance. In development operations, this single source of truth aids in the creation of development environments, staging, and testing, making for a more robust life cycle, from ideation to production.
Open API banking, or Open banking, is bound to lead to a better integration between the customers’ day-to-day journeys and their need for financial services to support it. APIs are already being used in many institutions, but their use will expand faster than ever as the industry recovers from serious weaknesses exposed in 2020. IDC guidance is to quickly proceed with modernization, with thoughtful consideration to the potential benefits APIs can bring.
