Open Finance
12
min of reading
March 26, 2020

Why you should care about API Management under PSD2 and Open Banking context

Eduardo Arantes
ABM Content & Communication
B2B marketer focused on technology and digital transformation, helping to provide useful information about Digital Strategies and Business opportunities for several industries.
More about the author
Back

About PSD2As you might be aware, PSD2 is an EU Payments and Banking industries regulation that provides a safe and integrated scenario, in addition to  allowing new players entrance to establish themselves more easily in order to improve the financial sector competition. In this context, bank customers have more benefits in service consumption with a greater level of security with authentication methods, required by laws, and there is a possibility of choosing  better options of services due to the decentralization of financial service providers in the market as fintech or third party apps.

The regulation has some key-topics to understand the new payment-flows:

  • Specific security requirements for electronic payments in the EU and UK, like modern authentication factor, fingerprints, facial and voice recognition;
  • Transparency of duties and obligations &  Terms and Conditions in all payments chain;
  • Set limits for interest and fees for customers bank transactions.

Those efforts come to guarantee transparency and a more competitive scenario for all players, improving innovation and new services focused on customer experience. Also, the major topic about PSD2 is enabling Open Banking models and the regulation  of third parties in the flow of financial transactions.

The set of rules for Open Banking model regulates Third Party Providers (TPP) to offer Payments Initiation Services. So, companies from different industries have access to basic information of the products and services offered, as well as access to customer’s database. In this scenario, banks are no longer the only owners of data and customer’s journeys. Although, it’s important to clarify that according to regulation, the customer is the real owner of all data provided in the journey. Therefore, when the customer asks for any information related to the services, it’s an obligation of all companies to provide the collected data and also the utilization and storage of all customer's information.

What really is Open  banking

As we mentioned before the Open banking model removes from banks the property of data and other information. In this new model, the customer is now the real owner of his data, and is empowered to decide what the best service is and choose, within the financial services ecosystem. In other words, he can connect TPPs to his journey.

In practice, this is a decentralized model that aims to bring more innovation, as there are more players improving the quality of their services and developing new ways to deliver a richer customer experience.

So instead of using different bank apps to control finances or make payments, customers can use their digital wallets as well as other apps to manage finances of the different bank accounts, everything in one single app, fully integrated, consolidating financial reports and giving more visibility of their day-to-day banking.The Open Banking Journey has three main pillars:API Exposition: Data consumption is paramount to build Open Banking strategies. Only complying with the regulation might not create the competitive advantage banks are looking for, but the data consumption, data intelligence, and a strong ecosystem can generate the insights and new revenue streams desired. Value proposition and strategic alignment are the main drivers for your API prioritization strategy, as well as its indicators must reflect companies' strategic goals.

New Partners: As I mentioned above, the "Open" models are not about competition, but about creating ecosystems and diversification of the customer experience. Therefore, companies must develop new business models for partnerships, not only Fintechs but also with other financial institutions. Combining data with those partners and providing hyper-personalized products and services must be one of the main topics in Open Banking strategies.

Security: Security and reliability walk hand in hand. The consumption of APIs must comply with a series of security requirements and access management, therefore, ensuring a clear understanding about who is consuming the data and where it is flowing to is mandatory for companies providing data. In the API world, security mechanisms must be fit for API purposes, and always consider API design as a very important security feature.

API Platforms in the context of PSD2 and Open Banking

Open Banking is not only about the possibilities enabled by PSD2, it is a standard that forces financial institutions to change the way they are used to think. In this context, it is up to the institutions to create and implement effective mechanisms to comply with the regulation and create new business opportunities using APIs.

Creating manual integration flows might do the work, but will not deliver the necessary scalability, and more importantly, it will make every governance aspect a lot more complex. API Platforms, such as Sensedia's, offers modules dedicated to Governance that enables workflows that improve the API quality. What does that mean?It means that the Platform allows the creation of standardized security and authentication mechanisms - such as masking data, logging, data obfuscation, etc. - , and ensuring that every API is meeting these standards. More than that, Sandbox environments allow you to test integrations before going live, mitigating the risk of publishing a flawed API. On top of all that, an API Platform not only protects data but protects the company from flaws that can cost, literally, millions.

Thanks for reading!