API banking and the digital transformation of business: Part 2

Among the advantages that have driven the development of open banking, aka application programming interface (API) banking, are the following:

Reduced costs: Even without an API there are ways for third party providers to access financial data; indeed the European Union’s (EU) revised Payment Services Directive (PSD2) doesn’t technically stipulate that banks need to develop an API. The Directive only requires that banks allow third party service providers to access this data. However, while implementing an API is costly, also providing financial data in the “non-API way” also typically generates high costs. Since it can be assumed that consumers will increasingly use third party services in the future, implementing an API can actually save money over the long-term.

New revenue streams: A major reason for banks to foray into the API space, as the future will see many financial services emerge not only from banks but also from start-ups. While banks have the huge asset of financial data, which they are trying to protect, a smarter approach would be to generate new revenue streams from that asset.

How can this be accomplished? Regulation will impose an obligation on banks to provide financial data free of charge to Third Party Service Providers. A first step could be to provide the basic financial without charge (=basic API) and to implement a “premium API”, which provides data of higher value (enhanced data; for example location-based information or other additional detail). Third party providers would be willing to pay for enhanced financial data and banks would have a way to generate revenue from their prime asset.

The advantages on the corporate customer front could include:

  • Improved operational efficiency: Customers can run banking out of enterprise resource planning (ERP) with automated reconciliation.
  • Improved scalability: Exposing APIs and an expanding community of digital developers will enable banks to innovate and cater to their corporate clients’ changing needs.
  • Ease of implementation: Assisting the execution of parallel projects, using an ecosystem of APIs and vendor developers. In addition, the absence of user interface/user experience (UI/UX) significantly reduces development time.
  • High level of security: The overall risk in the system lessens, with a connected financial ecosystem reducing losses and cost from fraud and defaults.
  • Offering instant banking facilities: Enabling 24/7 real-time transaction processing for corporates, without any lead time in transaction booking and payment.
  • Standardisation: Clients don’t have to undergo changes to suit each bank’s distinct mechanism or processes.

Further potential advantages of bank API include providing the end user with a quicker onboarding experience; enabling the bank to acquire partners who specialise in niche fintech services with optimised front-end user interfaces; and allows seamless integration with crowd-funding platforms, payment splitting apps, and more – a great advantage for startups with innovative financial-oriented products that may lack the budget and legal counsel to hold funds or establish their own bank.

Key services for corporates

Among the key services that API banking opens up for the bank’s corporate clients – including several specific to India – are the following:

Payments to vendors: Real-time payments via API banking.

Bunch note acceptor for cash collection:

  • E-commerce firms for cash on delivery.
  • Hospitals for cash collection.

Receivables: Validating incoming electronic receipts instantly and logging eligible entries into ERP via web services provided by the bank.

Invoicing and bill management: A facility for hospitals and educational institutions.

Prepaid cards and expense management accounts: API-linked activation and loading/re-loading of prepaid cards and expense management accounts

Bank branch collections.

Instant refund payments to customers: Instant processing of customer refunds using India’s real-time remittance service (aka IMPS) APIs, ensuring 24/7 servicing

Loan disbursements through real time API banking by financial institutions.

Cardless cash withdrawal facilities to unbanked customers by financial institutions.

Real time domestic and foreign inward remittance disbursal under Indian financial institutions’ rupee drawing arrangement (RDA).

Bank branch cash collections.

Wallet servicing and cash out option for captive wallets.

Utility bill payments via API banking.

Among the resulting benefits for the bank’s customers are a superior customer experience; enhanced management control; better monitoring; automated reports; offering becoming available for untapped market segments; timely alerts; and easier, more effective collaboration.

The way forward and likely challenges

Industry experts believe any bank that can figure out how to effectively offer APIs for their services through partnerships will be the bank of the future.

Bank accounts were inherently not built for the web and the customer experience is going to be extremely different in the years ahead. A decade ago, online banking was a ‘nice to have’ rather than a necessity, and the key to success is the ability to continue offering differentiated customer experiences by making it as easy as possible for developers to just build tools for rapid development.

An increasingly large chunk of banks’ revenues will come from channels that don’t exist today, and those channels will be partners, according to Sanjeev Mehra, managing director and global head of product development, global consumer technology at Citi. He adds that third party partners will incorporate bank products into their apps and solutions they build, thereby creating new sources of revenues for the banks.

Analysts also note that what’s happening in the banking industry was inevitable, being in line with transformations adopted by industries such as e-commerce and travel where APIs are used to connect different systems from different companies in working together to serve the customer. Banks will need to strive to secure the mindshare of developers, along with customers, in order to leverage the technology. APIs make it possible for the industry to adopt innovative applications by fintech startups, as well as enabling non-aligned industry sectors – such as retail, transportation or logistics – to leverage the foundation services of incumbent financial institutions in creating better customer-centric services.

As the number of devices proliferates, it becomes vital for consumers and providers of information to have standard methods of connecting to each other via APIs and API banking will soon be an integral part of the business models of many banks. Already, three-quarters of the world’s top 50 banks in the world have opened their API and at least one in four have their app stores.

Going forward, what are the main challenges anticipated by industry experts? They include the following:

  • Even at a pure compliance level, PSD2 raises significant questions for the structure of the existing payments industry. Straight off, an open payment API allows a third-party – for example a giant internet retailer at a browser near you – to ask consumers if they’d mind permitting direct account access for payment. It won’t be too hard for these organisations to find an incentive to encourage customers; once permission is granted then the third-parties can bypass existing card schemes and push payments directly to their own accounts.
  • Meanwhile the account information API allows third-parties to aggregate consumer financial data and provide consumers with direct money management services. One can easily imagine that these services will be able to disintermediate existing financial services providers to identify consumer requirements and directly offer them additional products, such as loans and mortgages.
  • There could also be security challenges which make them vulnerable for to potential frauds. Web and mobile applications could become soft target for cybercriminals for various reasons, including the inherent vulnerabilities in the APIs that transfer data and communicate with back-end systems; constant exposure to the internet, which makes them easy to probe; the openness of the web, which allows hackers to view source code and data and learn how to attack it; and insecure web browsers that leave the UI and APIs vulnerable to attack.
  • APIs have been compromised in several high-profile attacks that have caused significant losses and embarrassment for well-known brands and their customers. And PSD2’s ‘access to account’ (XS2A) rule increases not only the number of APIs, but adds layers of complexity to the online banking/payments environment, adding to the risk of it being exploited.
  • A prime example of a third-party relationship vulnerability being exploited was offered by the2016 breaches of SWIFT, the global financial network that banks use to transfer billions of dollars every day. Several global banks have reported or are investigating the theft of millions of dollars through these cybercrimes, with SWIFT admitting that all the attacks involved internal and/or external attackers who compromised the banks’ environments to obtain valid operator credentials that would allow them to submit SWIFT messages from financial institutions.

 The first part of this two-part article can be accessed here.

1273 views

Related reading