The regulatory recap
Establishing digital connections for creativity and collaboration
Open banking is the practice of sharing data between new and established financial service providers to develop and deliver improved services and capabilities to clients. The term “open banking” describes the shift from a traditional “closed” banking model where data was retained within an individual firm, to a more “open” model, where data is shared with third parties.1
Initially adopted in retail payments and account services, opening banking is now increasingly seen in corporate and institutional markets – including securities services – and is often supported by national regulators to improve consumer outcomes such as increased choice, innovation and inclusion.
Open banking leverages digital technologies such as APIs to exchange information between service providers and clients electronically and securely. Starting in UK/EU, open banking rules have mandated open access for third-party financial service providers to consumer account and transaction data from incumbent institutions. In parallel with near-universal smartphone use, open banking has spurred development of app-based services that offer greater immediacy, convenience and transparency, paving the way to new business models, partnerships and value propositions.
National regulators take varying approaches, from facilitative to prescriptive2, balancing consumer and data protection priorities with promoting innovation and choice. As they expand scope within retail financial services, regulators are neutral or supportive of a market-led expansion of open banking into securities services, some saying banks are “welcome to extend”3 existing frameworks.
Securities services firms are rapidly exploring opportunities to use APIs and related data-transport mechanisms, both to achieve process efficiencies and add new client value. Asset owners, asset managers and other intermediaries such as broker-dealers could engage with their custodians to find out how open banking can improve operational efficiency, reduce or eliminate the risks and costs of manual processes, and streamline communication flows, thus enhancing insight and visibility.
Scope, scale, and structure
Both rules-based and market-driven; beyond borders and breaking boundaries
Open banking started in 2016 as a regulatory response to limited competition and innovation, specifically in UK and European retail banking. It partly took its lead from how digital technologies such as APIs are connecting systems and organisations, creating new, integrated services, often accessed via apps on increasingly powerful smartphones.
Initially, the UK’s Competition and Markets Authority required large retail banks to allow secure third-party access to current account information, establishing the Open Banking Implementation Entity (OBIE) to oversee development and use of APIs, including security and message standards.
Europe’s second Payment Services Directive (PSD2) mandated third-party payment initiation and account information services from 2018, with implementation phased until September 2019. PSD2 aimed to enhance competition and client-centricity, integrate the European retail payments market, and increase access to user-friendly, internet-based payments services, whilst reinforcing consumer protection. In these markets, compliance was slow, but competition, innovation and competition are gradually increasing. Tension between security and access may require further regulatory intervention.
Starting with payments, but expanding across the financial services spectrum, API-enabled connectivity and integration is driving innovation across developed and emerging markets, as well as for corporate and institutional clients. Open banking is being rolled out differently across jurisdictions. Whilst some markets are prescriptive about how APIs are used, Singapore and Hong Kong have only introduced API guidelines and measures to promote data sharing with third parties. China has seen strong adoption, despite issuing no mandate or standards, with Japan encouraging, rather than requiring, open banking partnerships. In the Middle East, Bahrain is mandating open banking to improve visibility across banking services.
APIs are enabling financial inclusion in countries which have leapfrogged previous generations of financial market infrastructure. For example, India’s Unified Payments Interface which was launched in 2016 supports a billion mobile payments per month via API-facilitated real-time interbank transactions5, leveraging the country’s Aadhar digital identity platform. In Africa, open banking also plays a supporting role in the National Bank of Rwanda’s Vision 20206, which aims to achieve 90% financial inclusion by the end of this year. Kenya has no such mandate, but e-wallet and related payments innovations are paving the way for increased data exchange.
The UK’s OBIE is expanding use of APIs into a wider range of financial services. However, no securities services provider has been mandated to open its data or systems to third parties in any major jurisdiction. Provided they observe data protection, cybersecurity and third-party risks7, securities services firms are free to develop standards and practices for API usage at industry level.
To ensure interoperability and safety in the open banking era, regulators are taking on new roles as trusted registration authorities to ensure only approved entities may access bank client data via APIs.
Building the blueprint for your firm
Leveraging APIs - from design to deployment
Within securities services, APIs already have some potentially valuable use cases. These include developing alternative channels to existing host-to-host communications, serving as a transport layer for innovative new digitised products and services, e.g. chatbots, and supporting third-party authentication, to enable bank-sponsored client access to value-added services. Destinations will differ, but common principles will help firms get the most from APIs:
- What’s your vision? APIs are enablers of a business vision, rather than an end in themselves. As such, firms should start with their desired business outcomes in mind and evaluate whether APIs are the best tools for achieving them. Firms should have clear business-driven reasons for API-based information exchange, for example, to eliminate or reduce reliance on particular manual processes, or augment workflows for greater efficiency, or improve responsiveness to client needs. It may also make sense to start small, rather than placing them at the centre of a major project.
- Ready to receive. Firms must ensure their internal technology stacks are operationally ready to consume data from third parties via APIs, whether augmenting or replacing existing data flows, or creating entirely new connections. Typically, adopting APIs does not require major change to existing policies and procedures, particularly if supplementing existing data flows, but full thought should be given to supporting end-to-end workflows across traditional silos.
- Is API the best option? Although APIs streamline data exchange, many simply push and pull data between systems, making them less sophisticated than certain alternatives, e.g. XML over IBM WebSphere MQ. APIs may be just one option within a wider conversation and consideration about improving dataflow efficiency.
- Counting the cost. Firms must weigh the underlying costs of preparing systems to receive, analyse and leverage API-delivered data. The cost/benefit analysis must include the skilled staff and security investment required to maintain API-based communications with third-party systems.
- Partnership priorities. Partnerships with third-party providers need to be mutually beneficial in terms of functionality and security. For example, partners must manage client data in line with local regulations on API usage, data security and privacy, and have the requisite cybersecurity infrastructure to deliver robust, reliable APIs.
Building the blueprint for the industry
Consistency is key to industry connectivity
While APIs have been around for some 50 years, they are in relative infancy in the finance industry, especially in sectors currently outside open banking mandates, such as securities services. Initial caution in markets where open banking was regulator-led has been replaced by greater appreciation of opportunities to add value to clients.
But the framework for wider use of APIs is being built, both by regulators and the industry. Growth of use cases inevitably means innovation and creativity, but some degree of standardisation is also needed to drive efficiency and scale. For institutional markets, standardisation initiatives – such as those sponsored by SWIFT – will drive API growth, as will integration with digital identity frameworks to allow greater control over what data is shared and with whom.
Championing change with Standard Chartered
Playing a pivotal part in digital innovation
Standard Chartered has collaborated with clients in many markets on open banking initiatives over the past 18-24 months, making APIs available via its pioneering aXess platform, which helps to foster innovation and partnership with fintechs. Our comprehensive suite of securities services APIs already provides information on trade status, holdings, market news, NAV, cash balances etc, with settlement initiation and corporate actions APIs in the pipeline.
APIs are enabling new partnerships, functionality and business models. But the true innovation often lies in the creativity they enable, serving as a transport layer on which powerful and valuable new apps run. At a time when many firms are switching from pipeline to platform business models, APIs will play a key role in connecting counterparties in new, more efficient and value-added ways.
As well as enabling competition and innovation in the retail market, APIs are also helping corporate and institutional clients adjust their client propositions to the needs of the digital economy. APIs have undoubted value in the securities services sector, but their impact may be most significant in combination with other digital technology innovations. For example, Standard Chartered is leveraging APIs and machine learning to automate account opening and streamlining digital asset transactions via an API that simplifies blockchain platform integration. Talk to our experts to help maximise their potential for your organisation.
1 How to flourish in an uncertain future, Deloitte (2017)
2 Report on open banking and API interfaces – Basel Committee on Banking Supervision (November 2019)
3 Open API Framework for the Hong Kong Banking Sector – Hong Kong Monetary Authority (Jul 2019)
4 CMA paves way for Open Banking revolution (August 2016) https://www.gov.uk/government/news/cma-paves-the-way-for-open-banking-revolution
5 UPI crosses 1 BN transactions in October 2019 – National Payments Corporation of India (November 2019)
7 Report on open banking and API interfaces – Basel Committee on Banking Supervision (November 2019)