The Age of 'Digital Banking'- The role of APIs in proliferating financial services
Historically Application Programming Interfaces (APIs) have been an integral component of the integration of enterprises to digital innovations. Banking and financial services industry has benefited enormously from them allowing them to store, provide and move capital between multiple parties with ease thus enabling them to create new channels to reach customers and generate revenues.
The first wave of API innovation in the banking and financial services industry led to the integration of different banks and non-banking institutions into a single network marketplace through the introduction of mainframes in the 1960s automating tasks such as manipulating and reorienting financial data sets such as account balances, transaction records and loan documents. Computers helped automate these core tasks of these enterprises.
The second wave of computing and digitization in the banking and financial services industry came in the 1990s as these institutions introduced digital solutions to drive customer experience by giving them direct access to banking services and products out of the brick-and-mortar existence of their branch. In 1994 Stanford Federal Credit Union was the first bank in the US to offer an online banking portal. By late 2001, eight major US banks had over one million online users each. The onset of the 21st century brought about innovations such as faster computing speeds, proliferation of wearable and non-wearable digital devices, cheaper and faster internet connectivity shifting majority of financial services outside their brick and mortal existence of the branch.
Consumer behaviour has shifted, customers want on-demand services, with near real-time fulfilment capability and minimum friction in accessing these services. This has changed the very nature of banking and financial services and organisations. In the 21st century financial institutions are no more just service providers but full-fledged software companies.
Financial Institutions as Software Providers
The introduction of digitization has necessitated the need for a new operating architecture for financial institutions consisting of two functions: Core services including the core account and transaction services (accounts, transactions, FX, and Loans) and consumer applications that deliver banking products and services to consumers through various digital channels. Each of these types of software has quite different requirements. Their development operates in various places, and they rely on different technologies. Thus, banks must separate their development efforts between different teams. Some would work on core services, and some would build applications used by consumers, interfacing with those core services. The connection between the teams would rely on APIs - and thus APIs have been introduced into the internal development practices of the banks . Globalisation and the proliferation of financial services has pushed the global banking space to become more interconnected and a partnership intensive business model. APIs thus play a paramount role that helps different institutions to sync and share data making API integrations and management a core part of the larger corporate strategy.
Factors Accelerating API Creation in Banks
The proliferation of APIs in financial services can be broadly attributed to the rise of fintech applications, global regulations, and API aggregators.
Most global financial intelligence agencies estimate that the world fintech market will be worth over $350 billion by 2024 fuelled by the demand for financial services across all industries and demographics, incorporation, and the embedding of financial services in every form of commerce as seen by the growth of embedded finance apps such as Uber, Google Pay, Apple, and Facebook.
These companies partner with traditional banking institutions such as SBI, Goldman Sachs and HSBC to become the digital interface for the banking offerings and rely on these banks to expose their APIs so that they can customize and curate more structured offerings to their customers whilst relying on the bank to provide security and regulatory compliance for the transactions.
The financial services industry post the 2008 Global Economic Crisis was subject to high degree of scrutiny and tight policy controls culminating in the reform of consumer protection laws, KYC/AML regulations and capital requirements. Despite the various restrictions put on financial firms by global regulators trends indicate that the general global populous has stuck to being customers of those banks who were once thought to be risky and needed to be bailed out or supported by federal governments around the world. Banking habits of the general populous tends to revolve around a high degree of customer stickiness to a bank of choice (often the first provider they use) with relative inflexibility shown in terms of changing banking providers. In fact, less than 5 per cent of the global banking consumers have ever switched their bank account.
This allows these banks a large timespan to collect customer data and use it to customize their offerings which makes a customer even more intertwined with the bank. This lack of competition leads to stagnation in innovation and services, overpayment in banking fees and a greater propensity to suffer from global market risk due to lack of diversification. The realisation of these issues led global regulators to introduce norms for that would decrease opacity of data in the global banking system by opening access to information needed by third parties to develop new applications and services with the though that it would open more competition and bring more integrated and customized services for the customer to the foray. This wave has been labelled as 'Open Banking'. The UK in 2016, began to require open banking (or PSD2), a system that required banks to open their APIs to all third parties. This trend is no unique to the UK. By 2020, countries around the world have implemented some degree of open-banking regulations in their jurisdictions with India working on India Stack in which lies account aggregator framework.
As many companies move to launching financial services and apps that require access to their customers’ financial data, there is a need to integrate with the customers’ banks.
There are two key challenges with connecting to these banks though:
1. There are multiple banks around the world. Connecting to all these banks is a daunting task.
2. Many of these banks do not have an API, requiring more creative data extraction methods.
This need led to the creation of a new type of service provider - the API aggregator. Under this concept, a customer’s personal and financial data is available in a specific location making it easier to incorporate into services and transactions. Since most banks do not provide APIs, aggregators solve this problem by providing a single interface to all banks that accesses personal and financial data. When there is not a direct API interface, many rely on “screen scraping” to obtain the information. This causes banks to become concerned about security. In addition, they are experiencing high traffic to their sites, but it is not actual customers. However, most banks understand that they need to provide access to this data to leverage the potential of fintech applications and remain competitive in the market. This is another factor pushing banks to expose more APIs.
India’s Approach to Open Banking
The global open banking regulatory framework has been structured around enabling third party access to customer-permissioned data, licensing or authorizing of third parties and implementing data privacy, disclosure, and consent requirements. Some frameworks also contain provisions related to whether third parties can share and or resell data onward to fourth parties to use the data for purposes beyond the customer’s original consent and to banks or third parties could be renumerated for sharing customer data.
India’s approach to open banking has focused on the customers consent management. In September 2016, RBI announced creation of new licensed entity called Account Aggregator (AA) and allowed them to consolidate financial information of a customer held with different entities, spread across financial regulators. In India, AA acts as an intermediary between Financial Information Providers (FIP) such as banks, non-bank financial companies, asset management companies, insurance companies, pension funds and Financial Information User (FIU) which are entities registered with and regulated by any financial sector regulator.
The flow of information takes place through APIs. The focus of the AA framework in India is thus based on explicit customer consent for data sharing. No financial information of the customer is to be retrieved, shared, or transferred without the consent of the customer The other tenets of open banking initiatives in India include financial data integrity, security and confidentiality, IT governance controls and grievance redressal mechanisms.
To facilitate the seamless movement of data the Reserve Bank of India (RBI) has framed a technical framework Reserve Bank Information Technology Private Limited (ReBIT), a subsidiary of the RBI for adoption by all regulated entities acting either as FIP or FIU. India’s unique hybrid model approach to open banking’s focus is to proliferate financial inclusion and innovation whilst preserving customer data security.
The Use of APIs in Retail Banks
APIs are used by retail banks for five core purposes:
These APIs access a user’s account information and is the core API for banking initiatives. This data could include log-in to bank account, validate user accounts, confirm user balance and funds, and get user transactions. An example of this is the Wells Fargo Account and Transaction Information API that provides customers with the ability to access their UK account balance and transaction information. This API is often used in online banking when customers are interested in getting account information for use in other applications.
This set of APIs enable users to create or apply for bank accounts programmatically. These APIs check user eligibility, start new application, submit details, and check application/account status Some of these APIs may help with the application submission process or enable an organization’s customers to open an account and transfer funds. Banks like Standard Chartered, Capital One, and Chase offer these types of APIs.
These APIs access product information for banks, obtain details for each product. In short, these types of APIs enable the application to access the product catalogue, product details, current rates/interest, eligibility for the user and customized product offers.
These APIs enable applications to create and track payments. Some common APIs for this include validate IBAN/SWIFT code, create a payment, approve a payment, and track payment status
ATM Bank Locations:
These types of APIs reveal the locations for ATMs and branches and enable applications to locate ATMs in radius, branches in radius, ATM information, branch hours and available service at each branch.
The biggest area for innovation involves creating new products and services leveraging existing banking data and infrastructure in a unique way. For example, CapitalOne has created services using APIs, where they can verify customer identity using shared identity attributes. Wells Fargo enables users to search and retrieve critical tax documents. Deutsche Bank has APIs that enable businesses to verify someone is over 18 years and confirm their identity using APIs that connect to banking data . Through APIs, organizations can offer extended services.
As banks go through the journey of discovering which APIs they can expose, traditionally they start by augmenting internal services and traditional banking products with an API layer. While this can provide significant value to both customers and partners, an API delivery model can unlock new product types and opportunities, enabling the bank to leverage its existing data and infrastructure to provide new services with a low marginal cost. The position of the bank is in many ways contradictory to that of most Internet software companies. Where most apps have user anonymity, banks must have hard authentication. Where most software companies have only online presence, banks have branches spread throughout. Whereas websites are unable to validate anything about their users’ life (address, marital status, age, etc.), banks must possess such information. A smart bank can use those data points and infrastructure and offer - as APIs - this data to other websites and applications that need such services.