Open banking and competition. How APIs are shaping the future of financial institutions
by Andrea Moriggi
Introduction – 1. Rethinking the banking industry: open banking, BaaS and BaaP – 1.1 Open API is to API as Open banking is to banks – 2. The PSD2 directive: a disruption for the European financial market – 3. Open banking the use of APIs as a tool for enhancing competition – 3.1 The 2017 Bundeskartellamt decision – Conclusion
Imagine that the banking industry, the most regulated of the whole financial sector, is able to react with agility to the new challenges of the market, maintaining a fairly competitive environment without the need for overwhelming regulations(1). Wouldn’t it be ideal? Without regulations, however, dangerous market distortions will always be around the corner with potentially devastating effects; that is why the need to preserve the integrity of the whole financial system is constantly driving the legislator to develop and fine-tune current regulations. It is true that legal provisions can sometimes be an impediment to an agile response of banks and established financial institutions to the new market challenges, but, more importantly they can also be the turning point of innovation. The first and second part of this article will focus on examining the new financial regulations in the EU and the way they are positively effecting competition between banks and the new challengers of the digital era.
«Banking has to work when and where you need it. The best advice and the best service in financial services happens in real time and is based on customer behavior, using principles of Big Data, mobility and gamification» recently stated the CEO of Moven, a mobile banking startup(2). It is not hard to agree, even more so considering the current context of the big wave of digitalization where financial technology (“FinTech”) companies are claiming a larger market share and traditional banks must decide whether to limit access to their system or to embrace this change interacting with the greater ecosystem of finance(3). Such interaction is possible, for instance, with an extensive and “open” implementation of the relatively old concept of Application Programming Interface (“API”) in the banking industry. The third part of this article will address some technical features of the APIs which is essential to understand what effects the EU regulations will have in increasing the adoption of open standards and the impact in terms of enhanced competition at a worldwide level.
1. RETHINKING THE BANKING INDUSTRY: OPEN BANKING, BAAS AND BAAP
If we want our regulators to do better, we have to embrace a simple idea: regulation isn’t an obstacle to thriving free markets; it’s a vital part of them. (James Surowiecki)
Organizations in all industries are refining their business models by providing customers with a better tailored and richer experience. Fintech companies working on digital banking applications have grabbed a greater market share providing an easy-to-use and frictionless experience(4); not surprisingly, one of the core differences between banks and fintech companies lies in democratization(5). Such characteristic quickly led many financial services professionals to credit blockchain(6) – the shared, distributed ledger that facilitates the process of recording transactions and tracking assets in a business network(7) – as “the next big thing” in finance.
On the one hand, the distributed ledger technology has all the potential to lead to a significantly more decentralized asset ownership, on the other, it is not expected to be ready and fully integrated with the current banking environment anytime soon. It could take several more years for blockchain to make a meaningful impact across the financial industry, whilst the technology that will enable the open banking transformation is here, ready to operate: it goes under the name of Application Programming Interface (“API”).
Open API is to API as Open banking is to banks
Before examining in detail APIs, it is necessary to introduce the context of the open banking legal framework. The open banking is a concept created by regulators, such as the European Union and the UK’s Competition and Market Authority (“CMA”) in order to allow third party developers to build applications and services around financial institutions, increasing financial transparency options for account holders as well as the use of open source technology.
But where did the need of increasing competition and openness between banks and non-banking institutions emerge? Why couldn’t banks continue to operate and grow in a closed system?
In a world encroached by IoT devices capable of accomplishing a great degree of interaction with financial service providers, the replacement of traditional payment methods such as credit cards(8) and checks is a clear example of where innovation is going – and why, in order to make the best out of it, there is an urgent need of systems-integration.
One of the reasons that might have given birth to the revolutionary concepts of Bank-as-a-Service(9) (BaaS) and Bank-as-a-Platform (BaaP) is the growing demand of Software-as-a-Service and Platform-as-a-Service products.
But what does “as a service” or “as a platform” mean? According to Techopedia, «the core idea behind -aaS and other services is that businesses can cut costs and get specific kinds of personal resources by purchasing services from providers on a subscription basis»(10), while -aaP products allows customers to develop, run, and manage applications without the complexity of building and maintaining the infrastructure typically associated with developing and launching an app(11).
Lately, we have been experiencing the emergence of platform business models that move away from the traditional vertical integration of the firm (known as the pipeline business model) and introduce a flatter, more inclusive and innovation-centric approach to value creation. This organizational formation can facilitate value-creating interaction amongst consumers (demand side) and external producers (supply side), and produce a multisided market. We are still yet to understand, though, how can a platform bring about such radical changes to an organization or even an entire industry.
Data shows that fintech firms are more likely than traditional banks to provide customers with positive banking experiences(12). While once considered as a threat, the largest traditional banking organizations now view fintech companies as potential collaborators, bringing smooth processes, an innovative culture and a much-needed technological expertise to the table(13). The advantage that traditional banks still have compared to fintechs, is a better knowledge of regulations, greater access to capital and the scale of customer base needed to be successful. However, open banking will foster competition between banks and non-banks and it is also likely to usher in an entirely new financial services ecosystem in which banks’ roles may shift markedly.
The successful idea of securely opening up information flow has been a business booster in other industries (such as healthcare, energy and industrial manufacturing); this gives confidence that the banking sector will be able to succeed in being a collaborative model in which banking data is shared through APIs between two or more unaffiliated parties to deliver enhanced capabilities to the marketplace. To date, however, these connections have been used by banks primarily to share information rather than to transfer monetary balances.
The potential benefits of open banking are extensive and, at the moment, underused; they include an enhanced customer experience, new revenue streams, and a sustainable service model for traditionally underserved markets. What these elements have in common is that they’re all beneficial from a competition perspective.
2. THE PSD2 DIRECTIVE: A DISRUPTION FOR THE EUROPEAN FINANCIAL MARKET.
“In each revolution, we create a brand new way of trading, transacting and storing value — but we don’t get rid of the old ones. So, 5,000 years ago, we invented money; we still have money. Three hundred years ago we invented banks; we’ll still have banks. But in this revolution, the digital revolution, seven billion people on this planet can get access to real-time trade. And that means that there’s a new way of thinking about how we’ll create this Internet of value, and what it’s going to look like longer term” (Chris Skinner)
As of 13th of January 2018 the PSD2, acronym for Second Payment Service Directive, entered into force in the European Union(14). The directive aims principally to remove barriers to trade and foster innovation(15) by forcing banks to open up their systems to non-banking companies.
According to recital no. 33, «the directive should aim to ensure continuity in the market, enabling existing and new service providers (…) to offer their services with a clear and harmonized regulatory framework. [In this context each State] should guarantee fair competition in that market avoiding unjustifiable discrimination against any existing player on the market. Any payment service provider, including the account servicing payment service provider of the payment service user, should be able to offer payment initiation services». Payment initiation service providers (PISPs) and Account Information Service Providers (AISPs) are online services that respectively provide the initiation of a payment at the request of the customer or aggregated information on one or more payment accounts held by the customer (e.g., balances, transaction history, etc.).
These services can only work if they are granted a secure access to customers’ account and payment services, provided by banks. The best way to ensure the latter is through open API.
The effects of the directive on competition are massive and even if the implementation and creation of an API framework could be burdensome for banks in the shorter term, the implementation costs would be largely outweighed by the benefits, in terms of opportunities and financial services innovation.
Empirical findings confirm that prior regulatory reforms in a different type of industries (telecommunications, energy and transport, for instance) have determined long term lower-price levels, expanded outputs and quality as well as an increased working productivity(16).
3. OPEN BANKING: THE USE OF APIS AS A TOOL FOR ENHANCING COMPETITION.
How do [banks of the future] make money? The answer is, by being the most intimate provider of service to the customer based on that digital footprint, and by being able to really leverage our understanding of the customer’s financial lifestyle far better than any other player (Chris Skinner)
APIs are everywhere. Everyday actions — like posting a picture on a social network, reading the news online, or buying a concert ticket with a smartphone app — are completed through API calls. But, how do we define API and open API, and what do they have to do with the PSD2?
API is “a way for two computer applications to talk to each other over a network using a common language that they both understand”(17). It is a relatively old technical construct that has been in use for years. Banks and firms can use APIs internally – to integrate diverse systems and allow for the exchange of data across different departments – or externally – to expose business assets to external audiences. APIs can also be private(18) – and, in turn internal or external, intended to facilitate within-firm integration and operational efficiency or highly customization for partners who want to interface directly with their suppliers or customers – or public/open – made available to third parties that might not have a formal relationship with the bank.
Even though the technology is not directly mentioned in the directive, the PSD2(19) has taken a programmatic approach taking it into account. Innovators and fintech companies are adopting open APIs as a way of stimulating new business in banking. By contrast, in the absence of a clear centralized US approach, a number of fintech innovators has emerged, as well as a patchwork of one-off bank agreements – a complex model that is not even scalable considering that in the U.S. alone there are roughly 12,000 financial institutions.
APIs create both risks and opportunities for the banking market players.
· Risks are mainly related to privacy and data security, especially in the EU considering the imminent entry into force of the new data protection regulation that imposes substantial penalties for noncompliance. These risks not only may affect financial institutions with sanctions(20), but concerns for loss of brand recognition and reputational risks might put customers’ loyalty at risk.
· Opportunities emerging from the implementation of the PSD2 may create new businesses – thanks to the increase in the reaching of product lines – increasing speed of change, decoupling platform through reduced costs of development and embracing payments via IoT devices.
The 2017 Bundeskartellamt decision
Safeguarding competition is the main reason why the European legislator has decided to intervene immediately and why national authorities are implementing and enforcing these rules accordingly. In Germany, some banking clauses which were trying go keep the system closed were recently declared illegal. The decision was issued in 2016 by the Bundeskartellamt, the German national competition regulator, against all the banks who jointly agreed on the use of some general terms and conditions, including some “Special conditions for online banking” which denied to online banking customers to use their PIN (personal identification number) and TAN (transaction authentication number) in non-bank payments systems, including payment initiation services(21).
We anticipated that two key functions that platform leaders aim to deliver are i) bringing together disparate resources and knowhow from different firms, and ii) matching and connecting users with producers or products. In the context of the digital platforms, open APIs are considered as the boundary resources through which organizations can share a core functionality based on a software platform and provide the opportunity to external developers to produce models that interoperate with it.
We are already living in an API world. APIs have been around for quite a long time in the digital environment, but they fundamentally existed in a closed system. The need to open them up as the PSD2 is being implemented in each EU country has created the need to extend it to the financial services, opening banking to a much more reaching potential than ever before.
Today the word “open” can still induce discomfort among established financial institutions and – on a superficial perspective – open API appears to favor non-banks. The reality is that banks are perfectly capable of adopting digital techniques to maintain their customers and to engage in long-term partnerships with their direct competitors. An additional advantage that they still have over platforms and fintechs is the trust that their customers have in them in handling money securely. Banks that will use their advantages to open up their APIs to a global community of web developers are those that will tap into a stunning amount of innovation(22) …and profits.
(1) According to the 2018 Pwc 21st CEO report, overregulation represents the major issue for worldwide executives, with 42% of CEOs considering it an “extreme concern”. 21st CEO Survey – The Anxious Optimist in the Corner Office, PwC, 2018, available at: https://is.gd/pwc_ceoreport
(2) Brett King, in P. CROSMAN, The Future of Banking Is All About Context, American Banker, 14 January 2013, available at: https://is.gd/nDozFc
(3) M. ZACHARIADIS – P. OZCAN, The API Economy and Digital Transformation in Financial Services: The case of Open Banking, Swift Institute working paper no. 2016-001, 15 june 2017, available at: https://is.gd/swift_mz_po
(4) J. MAROUS, The Future of Banking Depends On Open Banking APIs, The Financial Brand, 21 June 2017, available at: https://is.gd/SGCaBK
(5) Overview of Bank-as-a-Service in Fintech, Fintech Ranking, 2016, available at: https://www.bank-as-a-service.com/BaaS.pdf
(6) See also T. MACDONALD – D. ALLEN – J. POTTS, Blockchains and the Boundaries of Self-Organized Economies: Predictions for the Future of Banking, Banking beyond banks and money, 2016
(7) M. GUPTA, Blockchain for dummies – IBM Limited Edition, John Wiley & Sons, 2017
(8) Mike Corbat, CEO of Citigroup in a recent interview about market trends of the fintech industry declared that old models such as credit cards don’t have more room in the future: “We know, at some point, cards are going to go away”, Financial Review, 29 October 2017, available at: https://is.gd/9C8wnS
(9) OLIVEIRA P. – VON HIPPEL E., Users as Service Innovators: The Case of Banking Services, MIT Sloan Research Paper No. 4748-09, 2009
(10) Definition of software as a service (SaaS), Technopedia, 2018, available at: https://www.techopedia.com/definition/155/software-as-a-service-saas
(11) Definition of platform as a Service (Paas), Technopedia, 2018, available at: https://www.techopedia.com/definition/147/platform-as-a-service-paas
(12) World Retail Banking Report 2017, Capgemini & EFMA, 2017, available at: https://is.gd/onwcbA.
(13) ZURAWSKI L., Open API: Unlocking innovative new services in banking, 29 January 2018, available at: https://is.gd/SGPLrT
(14) The first Payment Service Directive (PSD) entered into force in 2009.
(15) The UK’s pending separation from the EU is not expected to alter these data-sharing protocols, as many of PSD2’s customer protection provisions are already enshrined in UK law and both the government and financial community have signaled the desire to preserve banking services compatibility. L. BRODSKY – L. OAKES, Data sharing and open banking, McKinsey & Co., 2018
(16) M. ZACHARIADIS – P. OZCAN, The API Economy and Digital Transformation in Financial Services: The case of Open Banking (see supra note n. 3)
(17) D. JACOBSON – G. BRAIL – D. WOODS, APIs: A Strategy Guide: Creating Channels with Application Programming Interfaces, O’Reily media, 2011
(18) These APIs are used within the traditional banking organization reducing friction and enhancing operational efficiency. According to J. MAROUS (see supra note n. 4) 88% of banks already viewed private APIs as essential in 2015.
(19) In 2015 the UK established an ‘Open banking working group’ in order to deliver a framework for the design of an open API standards in banking.
(20) According to the new European General Data Protection Regulation, non-compliance fines can reach 20 million euros or 4% of the company’s global revenue.
(21) Restriction of online payment services by German banking industry in violation of competition law, www.bundeskartellamt.de, 05 July 2017, available at: https://is.gd/XpfWV6
(22) World Retail Banking Report 2017, Capgemini & EFMA (see supra note n. 12)