Open API - bending, but not breaking

Open APIs and Open Banking were created to increase competition and innovation in the financial services sector and to make financial services more accessible for end-users. But, in turn, it has caused even bigger confusion among the stakeholders of the banking and financial services market. 2019 was supposed to be a ground-breaking year in financial services with the integration of Open Banking. Nevertheless, up to this day, the innovative Open Banking idea is overshadowed by a lack of unified guidelines and the uncertainty of Open API developments.

14 September 2019 was the final date, when all the financial organization had to comply with PSD2 standards and provide customers’ data to third-party fintech companies. It sounds great in writing, but there is no surprise that the directive was delayed by the European Banking Authority (EBA) because the market was not ready. As a result, in September, the regulatory agency EBA published an Opinion on the deadline to give additional time for the implementation of Strong Customer Authentication (SCA) by December 31, 2020. There is no doubt that it confirms the complexity of the Open Banking implementation.

Fragmented regulators

Multiple standards around APIs has confused the market and its players. There is no industry-issued standard on how to adopt open APIs in the European Union.

The UK has pioneered Open Banking Standard bank interfaces, but in the rest of Europe, the Open API standards have left room for adaptation and interpretation. This has led to the financial service chain becoming fragmented. Banks and bank aggregators are implementing custom Open APIs, making it even more complicated for third party providers (TPPs) – it requires more time and resources for them to connect to different types of APIs.

Currently, the most popular standards are the Open Banking regulation in the UK and the NextGenPSD2 framework created by the Berlin Group that is widely known as a standards initiative that helps for almost 40 banks, associations, and PSPs to comply with the PSD2 regulation.

Limited understanding

Deloitte (2018) has discovered that the financial industry lacks a clear PSD2-based business model. In fact, banks and fintechs need to take into account that APIs are services, but not all services are APIs.

The simple truth is that there are no clear guidelines on how to interact with each stakeholder. Which services banks need to offer to other parties? Which information about the bank account must be provided? The widespread adoption has been difficult so far. Many banks fear the PSD2 and follow wait-and-see-stance. Or, on the opposite, they develop a solution based on their own understanding.

Statistics from a survey of 442 European banks carried out by Tink (2019), a Swedish open banking platform, was a warning sign that there is no chance that the Open Banking will be effectively implemented by September 2019. In March 2019, the study revealed that 41% of banks failed to meet the PSD2 deadline for the provision of a testing environment. And their final analysis of PDS2 APIs, showed that none are compliant with the PSD2 requirements and obligations.

A lack of time

The innovative initiative of Open APIs is far behind schedule. Too much time was wasted to grasp the idea of how to make it possible. There were no guidelines on how to do it. Regulators have only answered the question – What should it be?

Even though the UK is considered the leader in Open Banking and implemented its Open Banking Standard long before Europe in January 2018, the Financial Conduct Authority (FCA), a country’s regulator, announced delay enforcement of strong customer authentication (SCA) by a further 18 months and an adjustment period of six months for Open APIs until March 2020 to avoid any disruption for bank clients. In a similar way, the Central Bank of Ireland has postponed the enforcement of EU regulations.

Decades-old legacy infrastructure

Majority of core banking systems are not ready to play the new game of Open Banking and Open APIs. Historically, banks are concerned about interoperability and stability, therefore they find this new approach difficult to adapt to.

Open Banking connects one service to another service that is already existing. What does happen when the bank infrastructure does not support new developments in the existing system? Very often internal tech complexity doesn’t allow back offices of financial institutions to directly integrate this capability. Open Banking requires some additional re-engineering and customization.

End-user awareness of the standard

Lack of information to customers - was another area, missed by PSD2. All the European countries were focused on understanding requirements and technical developments, while customers were not ready to use new services.

End-users feel troubled about Open banking becoming a security loophole. A majority or 75% of bank customers admitted they are unlikely or very unlikely to authorize banks to share their personal information and financial data with third parties (Simon-Kucher & Partners, 2019).

Another UK consumer survey from CREALOGIX shows that two-thirds of bank account customers haven’t heard of Open Banking. The overall awareness is still weak. Regulators and service providers can do more to fill gaps that currently exist and make it difficult for efficient services to emerge.

Conclusion

The chapter of Open Banking has only just started, but one thing is clear. PSD2 is highly complex initiative with a number of implementation flaws that have caused delays in the deadlines previously established by the European Union. As a result, it will take a while to bring down barriers of Open Banking and effectively connect traditional banks and fintech companies on a global scale.