Banks are facing a digital revolution that may become rule of law if European Commission proposals on account access are passed. With new entrants on the inside track when it comes to technological advantages and banks at risk of becoming the 'dumb pipes', some lenders are rising to the challenge, while others simply do not get it. 

Imagine that Apple’s App Store was closed to apps created by outside developers and only Apple creations were available. Would the iPhone be as popular? 

Opening up access is the route many industries have taken. The telecoms industry post-liberalisation in the UK, for example, allows other companies to run over the existing networks and forced the monopoly provider to rethink how it sells content and data.

Now it is banking’s turn to do the same. Done well, the incumbent can maintain market share in a growing and innovative market. Done badly, opening up can leave the incumbent relegated to being the infrastructure, and 'dumb pipes', on which everyone else’s business runs. 

For banks, this is no longer a hypothetical issue: if European regulators have their way, banks in the continent will be forced to open up. 

Open access

Digital industries open their platforms by making their application programming interfaces (APIs) public. An API allows software to connect with other software and for developers it is the key to creating an app that is compatible with an existing system.

Facebook’s APIs, for example, enable developers’ apps to ‘talk’ to Facebook and access its data, but only in a way that Facebook controls. As a result, an ecosystem of third-party developers has created a range of apps – such as games, dating services and questionnaires – that are available on Facebook’s platform. 

“If we look at Amazon, Google, eBay, Twitter – they all made massive uses out of APIs. The ecosystem is the future. Banks would do well not to believe that they can do everything themselves,” says Simon Redfern, chief executive of software company Tesobe. He is the founder of the Open Bank Project, a universal API and app store for banks that “empowers financial institutions to securely and rapidly enhance their digital offerings using an ecosystem of third-party applications and services”, according to its website.

The Open Bank Project has the principle of openness at its core. Many banks do not have APIs and if they do, they are hidden and can be of poor quality, says Mr Redfern. The Open Bank Project provides a standard API, software that can be used by anyone and a community of developers that talk to the API. A common interface means that developers create an app once, which can then be used by banks belonging to the project, rather than creating apps separately for each bank’s unique specifications. 

“We see ourselves as an innovation engine: banks can onboard new apps faster, cheaper and in a more secure way,” says Mr Redfern. Some of the apps already available include personal financial management for children, a speaking bank for the visually impaired, and a singing bank whose tones are based on whether money is coming in and out of the account. 

Digital evolution

An open platform that third parties can access is part of the digital evolution of financial services, says Derek White, Barclays’ chief design officer. He draws a parallel with other industries that have evolved through the stages from physical to digital; from product to platform; from platform to open ecosystem. 

Take, for example, Google Maps, the digital incarnation of the physical map. From this digital product, it evolved into a platform where other things were possible, such as getting directions, Street View and Google Earth. And now Google Maps is open to third-party developers, who can create their own apps that integrate with Google’s platform. 

This digital evolution comes at a time when traditional banking models are under threat. Deloitte’s Banking Disrupted report, published in June 2014, argued that although the banking industry has survived other disruptions, this time it is truly different.

“Banks’ core competitive advantages over new entrants are being eroded by technology and regulation,” the report stated, and non-banks innovating around the traditional banking model will erode the banks’ advantage. 

Opening up

Since the financial crisis, banks have been squeezed from many angles. One of the ways forward is for banks to open up their infrastructure. But, says Alex Mifsud, chief executive of payments company Ixaris: “Opening up is hard for banks to do.”

Banks are having to face the issue in Europe where the European Commission (EC) is proposing – through the revised Payment Services Directive (PSD2) – that banks will have to give third-party providers access to their customers’ accounts so they can initiate payments. 

“If banks see this as an IT project, as an end in itself, it really could be seen as a charter for disintermediation,” says Richard Johnson, strategy director at mobile money company Monitise. “The effects of opening up APIs and the regulations could be that the bank becomes the dumb pipes. That is a real risk if a bank sees this just as a technology delivery challenge rather than a key business strategy project.” 

The impact of the PSD2 could change the role of banks. “It will push banks to be wholesale underwriters of transactions,” says Mr Mifsud. “That is hard for banks to swallow.”

One example of a third-party provider is Sofort, which enables customers to shop online and pay by logging into their bank account through Sofort’s platform. As a non-bank solution, Sofort has encountered resistance from bankers, who see liability and security issues in account holders allowing Sofort to make payments from their account. Sofort, on the other hand, sees banks’ resistance as their way of maintaining a stranglehold on European payments. Sofort lodged an antitrust complaint with the EC, arguing that new entrants were excluded by banks from the payments market. 

Sofort was one of the companies that was lobbying for regulatory changes, and under PSD2 it will be licensed and regulated. “We see that as very positive,” says Jens Lütcke, the company’s chief financial officer. He says it is not a case of third parties – such as Sofort – having “access to accounts”, more it is "the consumer who has access. They are using their account via our software.” 

Account entry

Another person who takes issue with the phrasing of ‘access to account’ is Michael Salmony, executive adviser to the board of directors at payments processor Equens. In a paper on the topic, he said the term is misleading and potentially dangerous. Mr Salmony instead proposed the term "controlled access to payment services", which is secure, trusted, safe and fair.

In his paper, Mr Salmony noted that Apple at first tried to keep its App Store a closed platform, with only Apple apps available. Jailbreakers soon hacked Apple’s systems, making non-Apple apps available on the iPhone. Apple subsequently made its APIs public. 

Mr Salmony proposes an app store model for banks, where they share a standard interface so that developers can create apps that work across the industry. He adds, however, that it was much easier for Apple to define its APIs. “There are 7000 banks [in Europe] rather than one Apple,” he says. 

Not only do the banks in Europe have to agree on a common interface, they also have to agree on the rules – such as liability, how revenue is shared, how complaints are handled – and the functions they offer. “It is very important to have a standardised interface on an app with a set of rules and a level playing field and that no [bank customers] lose any money,” says Mr Salmony. 

He describes the Open Transaction Alliance, a group of industry participants looking to address these issues of standardisation, as a “coalition of the willing”. Mr Mifsud at Ixaris is part of another consortium of industry participants exploring how to build an ecosystem where banks can open up safely. It has identified a number of engineering challenges that need to be solved first and is in the process of submitting a proposal for EU funding to work on this. 

The time is now

Although the PSD2 proposals still have to be voted through the European parliamentary process, Mr Salmony believes that now is the time for the industry to think about opening up and to play a role in how it will be done.

Banks have had mixed reactions to the PSD2 proposals, according to Mr Salmony. “There are some who have totally got it and are embracing it and looking at the opportunities. Some are just hoping it won’t happen and are sending their lawyers to block it,” he says.

Mr Salmony anticipates that the opening up will go beyond setting an API for payment initiation. Other APIs that could be explored include those for age verification, to check that a customer is old enough to buy alcohol for example, or validating a shipping address for e-commerce against the buyer’s banking address.

“Who knows where this might end,” says Mr Salmony, adding that the game Angry Birds would not have been predicted as a consequence of opening up Apple’s App Store. “Nobody can predict what fantastic things will emerge,” he says. 

The app store concept is appearing in the financial services industry in a number of guises, as a way to provide convenience. One example is Ixaris, which in June 2014 launched the app store concept in its Ixaris Payments Server. This enables banks to select a payments app – for travel and expenses, for example – customise it, and then deploy it for their customers. The solution has been designed so that non-technical staff can configure the app and it enables banks to introduce new payments solutions without them having to develop them in house.

Consumer choice

The next stage of evolution of the app store concept, says Mr Mifsud, is a model where banks have their own app stores promoting apps to their customers, who can then choose the apps they want. 

This customisation and selection by customers is a move away from the monolithic presentation of a bank’s services. One banker explains that when his bank designed apps, it designed them to contain as much as possible. Once developers and customers were involved in the process, it made more sense to have different apps for different uses. 

This kind of tailoring by the customer is an idea Deutsche Bank introduced back in September 2011. Graham Warner, global head of online, mobile and desktop client access products at the bank, explains that most of the apps on the bank’s Autobahn App Market are developed internally. When asked if the balance was likely to change in the future – towards more apps being developed by external developers – Mr Warner says that the decision would be based on client need.

One example of a third-party app is Swift’s MyStandards, which simplifies the handling of payment file formats. It will be available later this year through Deutsche’s app market. This model, however, is more about user convenience rather than opening up. Deutsche is not opening its APIs, making them available to any developer who wants to experiment and innovate with them. “The goal is to reduce complexity and create workflows that are intuitive, and that integrate into our clients’ specific business,” says Mr Warner.  

Property rights

Crédit Agricole’s app store, CA Store, which was launched in 2012, by contrast is open and has a developer community creating apps for it. Bernard Larrivière, head of innovation at Crédit Agricole, outlines one of the key ideas behind the project: “Every [piece of] data the customer creates in his relationship with the bank, or any partner, is his own property so he should have access to it, but he should have access to it in apps that are useful to him.” This echoes the views of Mr Redfern at the Open Bank Project who believes that account holders should have a choice of who they share their account data with and how.  

The second idea behind CA Store, says Mr Larrivière, is: “We as bankers do not know everything about our customers. Maybe we should give them back the key to this data” so that developers can create apps that connect directly with the customers. 

The third principle, he continues, is that the security of the data – and money – is of the utmost importance. The bank will always be responsible in customers’ eyes if something goes wrong with a developer’s app. 

BBVA is another bank that has embraced the idea of opening up and has been building a developer community. “APIs for us are not new" and are one of the bank’s keys to spurring innovation as part of its Open Platform project, says Carlos Kuchkovsky, BBVA head of Open Platform.

The bank has defined a roadmap of APIs for each market in which it operates. When asked whether the creation of a common industry standard for the APIs would mean that BBVA would have to start all over again, Mr Kuchkovsky says it would be relatively easy to change the APIs.

For now the bank is taking its own path to opening up, even though it is not clear what form future innovation will take. “We are working [on opening up], trying to offer a great experience to our customers with our apps and those of the partners who use open APIs,” he says. 

BBVA has been actively building a developer community to make it easy for developers to use the APIs. One of the open innovation initiatives has been the Innova Challenge, held in December 2013, where the bank invited developers to build apps based on anonymous and aggregated data from card transactions. One of the apps to emerge from this challenge was a travel planner that helps users avoid queues at restaurants and shops. 

Turkey leads the way

There are other examples of banks that have embraced open-access banking. Germany’s Fidor Bank puts openness at the heart of its strategy. And a report by Monitise notes that Turkey has an open API strategy across the entire retail banking industry. But it is not as if the traditional banks have never heard of opening up their systems or collaborating to create a common standard. In the UK, for example, banks came together in 1986 to create the ATM network Link so that customers of one bank could use another bank’s ATM, withdrawing money and checking their balance. 

Monitise, a third-party technology provider that enables banks to offer mobile money solutions, has been using this Link network as a way to integrate with banks’ systems. Often banks do not have sleek systems and APIs that third parties can easily integrate with and so Monitise has become an expert in re-using existing connections. When a UK customer clicks ‘What is my balance?’ on their bank’s mobile app, if it uses Monitise’s software, it turns that into an ATM balance enquiry that runs over the Link network. 

This network is an example of the traditional banks spurring innovation by sharing a common platform, an idea that digital disrupters have taken to the next level. PayPal, for example, opened up to third parties in 2009, allowing them to embed PayPal in their own apps, including games, leading to innovations such as apps that manage expenses or coin counting machines that automatically credit a PayPal account. The company made the strategic move to open up given the speed of innovation and believing that a business runs best with open access. 

Broader strategy

Mr White at Barclays has opened up access to Pingit, the bank’s mobile payments service. The bank opened APIs as part of Pingit’s evolution from physical to digital (cash to e-money); from product to platform (from simple payments to the addition of other services); and from platform to open ecosystem (where developers are invited to innovate). Some of the apps currently being developed are looking at ways of integrating Pingit with point-of-sale terminals and loyalty schemes. 

Opening up the APIs was not just an experiment with Pingit, says Mr White, it is part of a broader strategy of the bank a whole. “This is very much the expansion of our business,” he says, explaining that the opening up of APIs was with one of the bank’s most strategic products. Opening up “is definitely an area of focus. We see significant growth opportunity”, he adds. 

“Open ecosystem architecture is much more where we [as an industry] are headed,” says Mr White, although he acknowledges this is not going to happen overnight, given the security that is needed to protect people’s money.

For banks that recognise that they do not have all the answers, and cannot do it all themselves, they can be proactive and shape the ecosystem in which third-party developers can unleash their creativity. And, as Mr Salmony at Equens says: “It is better to disrupt yourself rather than be disrupted.”

PLEASE ENTER YOUR DETAILS TO WATCH THIS VIDEO

All fields are mandatory

The Banker is a service from the Financial Times. The Financial Times Ltd takes your privacy seriously.

Choose how you want us to contact you.

Invites and Offers from The Banker

Receive exclusive personalised event invitations, carefully curated offers and promotions from The Banker



For more information about how we use your data, please refer to our privacy and cookie policies.

Terms and conditions

Join our community

The Banker on Twitter