Whether or not to fully embrace APIs... It is a bold question but one that many answer strongly in the affirmative. Joy Macknight investigates whether banks are truly ready to open up their applications to the world.

The banking industry’s use of application programme interfaces (APIs) is rapidly accelerating. According to the ‘Banking APIs: state of the market’ report, jointly published by software developer Axway, API conference APIdays and open-source API store Open Bank Project (OBP) in November, “2015 is seeing a significant cultural shift within banks, and a greater readiness to utilise APIs and related technologies to [help] banks meet current challenges in transforming to a digital landscape”.

Arguably, banks have arrived late to the party – API technology is widespread across a range of other industries. “It is the accepted norm for secure data sharing and embedding functionality in an online environment,” says Maurice Cleaves, CEO of industry trade association Payments UK. Basically, it allows one software programme to ask another to perform a service, accessing specific data in the process.

Banks are beginning, however, to understand the critical role the technology will play in the digital transformation of their business. APIs hold the promise of giving banks more flexibility to improve customer experience, reducing time to market and cutting costs, effectively putting them on a level playing field with financial technology (fintech) firms.

“Banks recognise the value that APIs can bring in terms of efficiency and innovation – many use APIs internally already,” says Mr Cleaves. “They also recognise that many of the new players that they want to work or partner with are built on infrastructures that utilise APIs.”

Benny Boye Johansen, head of Saxo Bank’s API programme, OpenAPI, believes such interfaces are a business imperative for financial institutions. “In the future, the best solutions will involve parties that are able to co-operate through APIs,” he says. “There is going to be a continued evolution of banks having to offer APIs or die, as they will be overtaken by other companies that can interface to create better solutions.”

Overcoming obstacles

Nevertheless, there remain a number of issues to overcome in order for banks to embrace this new paradigm, including internal technology and cultural inertia, a lack of a global standard and, above all, data security concerns that must be addressed before banks will feel comfortable in opening up access to their technology.

Simon Redfern, the founder of OBP, says: “The biggest challenge is addressing bureaucracy, security and privacy concerns relating to opening banking services to third parties. However, banks are realising they need to open the gates of their walled gardens a little to reveal some innovation gems on the other side.”

Vikram Gupta, vice-president of product strategy and development for IT solutions firm Oracle Financial Services, agrees. Over the past six months he has seen a sea change happening among the banks he speaks to. He says: “As the tablet and mobile world takes off, banks are looking to expose some services to third parties that can help them go to market faster because it takes longer to develop them in house.”

The state of the market report confirms these observations. Despite banks’ current concentration on internal APIs, the research predicts a budding trend towards public APIs in the near future. A majority of those surveyed believed in an open platform future for banks, in which 60% of a bank’s APIs would be made available to partners and third-party providers.

Listening to legislation

Emerging regulations, such as the EU’s Payment Services Directive 2 (PSD2), have helped in opening up the banking sector to API developments. The revised directive, which will come into force from January 13, 2018, includes access to accounts whereby banks are required to offer an API to third parties under the supervision of the European Banking Authority (EBA). The EBA is expected to finalise its regulatory technical standards and release a consultation document in the second quarter of 2016.

“The PSD2 legislation has put open APIs firmly on the banks’ agenda,” says Alex Mifsud, CEO of Ixaris, a cloud-based open payments platform. In June 2015, Ixaris launched the first phase of the EU-funded open payments ecosystem project, which allows banks to expose some services and co-operate with developers in a safe environment, says Mr Mifsud.

Not waiting for the EBA’s lead, the UK’s Open Banking Working Group (OBWG) released its recommendations for the design and delivery of an open banking standard at the beginning of February 2016. The framework provides guidance on how open financial data should be “created, shared and used by its owners and those who access it”. A basic standard will be launched by the end of the year, followed by personal customer transaction data included on a read-only basis at the start of 2017. Full business, customer and transactional data will be included by 2019.

Mr Cleaves, who participated in the OBWG, says the experience was a “positive one”, showing that “banks, fintechs and government can work together positively to help to advance these important issues”.

It is noteworthy that the fintech community got a place at the table, demonstrating a common acceptance that they are important constituents of the financial ecosystem and are here to stay.

Rising to the challenge

It is hardly surprising that smaller or 'challenger' banks are more ready to take a leap of faith with open APIs than many of the larger incumbent banks. The former are actively exploring new business models and do not face the same legacy issues.

For example, Munich-based digital lender Fidor Bank is grounding its whole business strategy on open APIs. In order to be flexible and scalable the Fidor team built FidorOS, a digital middleware with open APIs. “Open APIs play an active, strategic and crucial role in our infrastructure because in addition to our own retail and business banking products, we also offer ‘no-stack banking’ to non-banks, retailers or challenger banks,” says Matthias Kröner, CEO of Fidor.

Other organisations can connect to Fidor Bank’s technology stack and offer full banking services to their customers without a proprietary banking licence or infrastructure. The bank is hoping to announce its initial partners in the first half of this year, and this will “shake up the market”, according to Mr Kröner, who declined to provide further details at this time.

Copenhagen-based Saxo Bank made a pivot towards openness during a revamp of its trading platform strategy. In September 2015, it launched an additional channel called OpenAPI. The open strategy will facilitate a broader white-label business, which supports its mission as a market facilitator.

“By having an open API we make it possible for any third party to not just accept our trading platform, but also make it a part of their own business and develop ways to present the trading experience in a way that fits their target market better,” says Mr Johansen. Today, Saxo Bank has two institutional clients on OpenAPI, with more in the pipeline.

Logical steps

Silicon Valley Bank (SVB) also began migrating to open APIs from a legacy infrastructure position. Megan Minich, the head of product and channel delivery, believes this was a logical step given its innovative corporate customer base. The bank’s open API platform went live in a private beta at the end of last year and the bank is onboarding more clients every week.

SVB began with a specific card payment, for which it already had an API solution via a partner but knew it could enhance the experience and the API. The bank is currently adding new features and plans to do a broader beta by the end of the first quarter of 2016, as well as launching additional products throughout the year. “We take a similar approach to all our digital delivery – get something out, test it and iterate,” says Ms Minich.

In addition, SVB plans to apply the APIs it builds for clients within the bank. Ms Minich explains: “While it is important to think of APIs as a client-facing tool, we also want to leverage the flexibility, ways of collaborating and gathering data to use internally when building out our front-end user experiences, such as online and mobile.”

In India, Yes Bank’s decision to embrace APIs was prompted by the central bank’s decision to issue new payment bank licences in August 2015. “To sustain and grow our current share of the payment business, we needed to proactively read our customers’ minds to cater their needs,” says Yes Bank's chief information officer Anup Purohit.

Additionally, the private sector bank wanted to improve the stickiness of corporate clients. “Our immediate priority was neither to charge customers for API banking nor returns on investments, but to transform the bank into an agile and flexible service provider and bring a ‘wow’ [factor] to customers by making their lives simpler,” he adds.

The first API published on its platform was a funds transfer, which is the most critical and frequently used product, according to Mr Purohit. Initially the bank targeted e-commerce vendors, such as Snapdeal, a large Indian online marketplace. It was able to make Snapdeal’s instant refund API available in three weeks and went live with it in September. The bank is now targeting corporates with numerous distributors, for example, pharmaceutical companies.

Today, every application that comes into the bank must have APIs. Similar to Ms Minich, Mr Purohit is also rolling out internal APIs to create a flexible banking infrastructure.

Opening up the large banks

The smaller banks are not the only ones focused on open APIs. For example, in addition to ongoing initiatives on the retail side, Citi is rolling out APIs in the institutional space, according to Hubert JP Jolly, global head of channel and enterprise services for Citi treasury and trade solutions. Citi’s institutional clients are driving more sales through e-commerce sites and are publishing APIs to advise the bank on how to process transactions, typically collections, from their websites.

Plus, Citi’s innovation lab in Dublin is working on APIs to enable treasury workstation providers to connect directly with the bank. To date, the bank has released APIs around payment initiation, payment status and account balance, which are the main services that clients look to do on the back of a treasury workstation.

Opening up APIs is essential to Spain-based BBVA’s digital strategy, says Shamir Karkal, the co-founder of US-based banking service Simple who is now heading up BBVA’s open API unit. “Opening up some of our core assets allows us to support the financial services innovators of tomorrow, puts us at the heart of the positive change that’s under way and offers us a chance to grow rapidly,” he says.

The bank’s open API roadmap is in its early stages, with a small-scale alpha trial currently under way in Spain under the name API_Market. “We are focused on where the greatest innovation is happening in the market, where the greatest demand is and what our customers are doing,” says Mr Karkal. “Given that security of customers’ data is paramount, we’re giving developers access to a sandbox with dummy data and building a system to gradually give them more access.”

Tips for success

While the examples illustrate diverse drivers, approaches and strategies, the common themes are: start small, pick a use case that delivers value for clients and use APIs to digitally transform the internal organisation. “Banks are suited to a progressive modernisation journey,” says Paul Leadbetter, newly appointed group vice-president and chief technologist at Oracle Financial Services. “Choose something that is easy to consume, can be delivered in a reasonable amount of time and brings value back to the bank.”

Hackathons are a low-cost way for banks to leverage APIs in a controlled environment, according to Mr Redfern. “For example, a bank could do a hackathon around PSD2 APIs, which is addressing a pressing regulatory directive,” he suggests. “Another avenue is to deploy API sandboxes that serve test data.” OBP recently launched a sandbox to support the UK's open banking standard initiative and plans to launch a similar sandbox to help banks fine-tune their APIs for PSD2.

Chae An, chief technology officer and vice-president for financial services at IBM, stresses the need for good governance from the outset. “This isn’t a one-month project where a bank develops a set of APIs and then calls it quits – it is a long-term journey,” he says. “As such it is important to have good governance around API creation, prioritisation and ensuring that there is a re-use.”

He adds: “Plus ensure you have the right skills – whether internal or external – which understand the bank’s infrastructure and emerging tools.” IBM is in talks with some clients regarding an API factory, where it would augment their staff for creating APIs based on business needs.

Stephane Dubois, CEO at Xignite, which served more than 50 billion API requests from its market data cloud platform in July 2015, warns against banks just taking existing internal systems, formats and processes and then exposing them as APIs. “If they do that, they will see zero adoption," he says. "APIs must be simple to succeed. Banks must put themselves in the mind of the developer who is going to build an app and has just three days to do it.”

Ms Minich agrees. “Learn to think differently and don’t do APIs the same way as everything before. Banks must begin thinking as technology companies,” she says.

PLEASE ENTER YOUR DETAILS TO WATCH THIS VIDEO

All fields are mandatory

The Banker is a service from the Financial Times. The Financial Times Ltd takes your privacy seriously.

Choose how you want us to contact you.

Invites and Offers from The Banker

Receive exclusive personalised event invitations, carefully curated offers and promotions from The Banker



For more information about how we use your data, please refer to our privacy and cookie policies.

Terms and conditions

Join our community

The Banker on Twitter