Open Banking -Ready for API-led Banking as a Service Models?

Sidhartha Sharma

What is open-banking and how it started?

Open banking is defined as the sharing and leveraging of customer-permission data by banks with 3rd party developers and firms to build applications and services, including for example those that provide real-time payments, greater financial transparency options for account holders, marketing and cross-selling opportunities. Individual jurisdictions may define open banking differently.

Open banking, as a concept was preceded by open innovation, a term popularized by Henry Chesbrough. Fueled by shifts in attitudes towards the issue of data ownership illustrated by regulations such as GDPR (General Data Protection Regulation ) and concepts such as the open data movement.

Banks will have to evolve into financial service platforms, that operate as a BaaS (Banking as a Service) model.

Why Open banking is the future?

With the development of online and mobile banking, many customers explicitly grant third party firms permission to access their personal banking data in order to obtain other services. Data sharing has contributed to innovative new financial services and products. This includes, for example, financial management tools that aggregate all of one’s financial accounts into one dashboard, seamless payment transmissions between accounts at different banks, small-value transactions including intra-day payments and bank fees, and mortgage comparison tools.

The delivery of financial services to customers once integrated like a bouquet, is now being unbundled and offered by non-bank third parties, such as fintech, telco, social, mobility platforms. At the same time, these 3rd party disruptors may also create new services that banks can leverage, adding value to the customer proposition. Open banking is a dynamic world where the banks that offer a ‘one-stop solution’ for all customer needs will eventually win.

Banks are much more open to partnerships now with Fintech

Banks have realized that branch-based, employee heavy banking models are facing threats from low-cost, customer-centric platforms and fintech ecosystems. To stay relevant, it is important to partner with the new-age platforms.

Banks are increasingly implementing API’s based partnerships to partner with fintech, and consumer-tech players to making banking invisible. DBS for example has a very proactive API-enabled ecosystem.

DBS wants to be the Invisible bank with the LMBL motto (Live More, Bank Less).

Image- DBS- API’s

But what is an API?

Application Programming Interfaces (APIs) — a set of rules and specifications for software programs to communicate with each other, which forms an interface between different programs to facilitate their interaction.

  1. Open API — an interface that provides a means of accessing data based on a public standard. Also known as external or public API.
  2. Internal/Closed API — an interface that provides a means of accessing data based on a private standard. Also known as internal API.
  3. Partner API — an API created with one or two strategic partners who will create applications, add-ons, or integrations with the API.

EU/UK are not just started the challenger/NEO banks- they are pioneers of open banking and PSD2

PSD2 (Payment Services Directive 2)will marginalize the bank’s monopoly on its user’s data in the EU. PSD2 was first brought in at a European level in 2015, but members of the EU have until 2018 to implement it.

PSD2 allows 3rd party ‘merchants’, businesses like Amazon or Uber, to retrieve customer bank account data from their bank — with your permission. When the bank account holder buys something the 3rd parties can make a payment, without having to redirect you to another service (like PayPal or Visa).

For consumers who hold multiple bank accounts, the changes would also allow businesses, known in the legislation as Account Information Service Providers (AISP), to showcase all their account information in one place for them — similar to the service offered by Mint in the US or Yolo in the UK (see below).

PSD2 and open banking mandates stronger identity checks when paying online. Multiple features of the directive, are still being carved out—but cybersecurity, user-consent, and trust will be three essential pillars for them to succeed.

Different regions are taking different approaches to Open-Banking?

Regulatory scope and oversight of open banking activities vary across region-specific regulations but often include fundamental consent and privacy expectations, as well as data security requirements. While there is a growing focus on using APIs that rely on tokenized authentication methods to share data, most jurisdictions do not currently prohibit the practices of screen scraping and reverse engineering.

Banking regulators have taken a range of actions related to open banking in their respective countries.

  1. Mandatory-Some jurisdictions require banks to share customer-permission data and require third parties to register with a particular regulatory or supervisory authority.
  2. API Standardisation-Few countries have issued guidance and recommended standards, and published open API standards and technical specifications.
  3. Facilitators-Remaining jurisdictions follow a market-driven approach and currently have no explicit rules or guidance that either requires or prohibits the sharing of customer-permission data by banks with third parties

One reason why the regulators are cautious and the bankers are worried about is the possibility of cyberattacks.

Open banking induced Data sharing world brings many benefits but also results in a bigger surface area for cyber attacks.

Data collected by third parties, whether via screen scraping, reverse engineering, or tokenized authentication methods through APIs, can be stolen or compromised

Banking as a service: How is the pilot in UK?

Yolt, the app that allows customers to view credit card, banking and savings accounts in one place, is the first third-party provider to tie up with all nine of the UK’s biggest retail banks.

  1. Along with fintech challengers Starling and Monzo, 18 banks are now connected to Yolt, with users able to access a total of 35 different cards and banks.
  2. App users can see the shops where they spend the most money, set budgets and plan for upcoming payments, and see how much cash they have available until payday.
  3. Yolt is now the largest user of Open Banking application programming interfaces (APIs) that enable the app to perform about 1.5 million calls every week. APIs are sets of clearly defined ways for various components, in this case, accounts, to communicate between themselves.

How should the banks prepare? Be the one-stop money manager

Banks now need to think of themselves as a service provider or a platform-based ecosystem whose only goal is to give its customers- one-stop solution through a partner ecosystem, secure, frictionless, predictive, and personalized experience.

  1. Predictive- What the retail customer (individual or SME) must plan for to meet the desired budget or business goal
  2. Personalized — Personalized offers based on the transaction data
  3. Aggregator insights- Offering a comparative review of all services they may need so that they choose the best from the platform.

The main thing for the banks to consider is to build a value-based and outcome-focused API strategy. Every partnership must contribute to revenue, cost optimization, or some competitive advantage. The cost of acquiring a new customer and to maintain them must come down drastically for them to compete in the world of open banking.

Remember the previous write up- where I highlighted how -few Chinese Digital Only Banks (MyBank and Webank) have lowered the cost of maintaining a customer account to a fraction (up to 90% less) of what it costs the traditional banks.


Sidhartha Sharma

Digital Economy expert and Platform strategist




~15yrs Consulting- McKinsey & BCG-Digital Strategy, Ecosystems & Ventures | Start-Up Mentor | Platforms | Digital-First | Author & TEDx Speaker. Views Personal

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Privacy stripped away, one email at a time

Scarier Than You Think

The attackers are in your network — now what?

First Fee Distribution from Gambit!

Corona Crypto Airdrop

Could not connect to the endpoint URL: “"

10 Most Common Cloud Security Vulnerabilities, Threats and Risks

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Sidhartha Sharma- Future of Tech, Digital & Data

Sidhartha Sharma- Future of Tech, Digital & Data

~15yrs Consulting- McKinsey & BCG-Digital Strategy, Ecosystems & Ventures | Start-Up Mentor | Platforms | Digital-First | Author & TEDx Speaker. Views Personal

More from Medium

Farewell to Ozark

Cybersecurity nihilism

1-Describe one thing you learned in class today.