Open Banking generically refers to the objective of banks opening up their data for wider consumption – be this authorised Third Party Providers (TPPs) or simply a Technology Service Provider (TSP) such as FinLync.
The European Payment Services Directive (PSD2), has the objective of transitioning from a bilateral relationship between a bank and its customers to an ecosystem where bank data is shared between bank, customer and an authorised third party via API.
However, Banks are increasingly providing direct access to their corporate customers of Premium/Private APIs allowing corporates to directly access bank data into their underlying systems – whether these are front-office commercial systems or back-office ERP, finance or treasury systems.
These 2 different types of API, one regulated (PSD2) and the other not (Premium) has led to significant market confusion.
This blog attempts to shed some light on the key differences between regulated “open banking” APIs and premium/private APIs. In Europe, PSD2 defines open banking; and, in the UK, it is the Competition and Markets Authority (“CMA”) which mandated the 9 largest UK banks under the Open Banking Standard. The blog will also review the API market in the US.
A brief history
Regulators across certain economies have been trying to increase competition and innovation by opening up banking data to third parties. In other economies, whilst not driven by regulation, market forces are having a similar impact.
The aim is to develop a level playing field for new market entrants and banks.
PSD2 outlines two different types of Third-Party Providers (“TPPs”):
- Payment Initiation Service Providers (PISPs), and
- Account Information Service Providers (AISPs)
Note that PSD2 also defines a Technology Service Provider (TSP)
Premium APIs for Corporates
Corporates have traditionally relied upon individual bank portals, Host to Host (“H2H”) and/or SWIFT connectivity between themselves and their banks for the purposes of transmitting payments, balances and transactions or other financial messages. Corporates have built up, over a number of years, a usually reliable connectivity infrastructure with their banks – however, this infrastructure relies upon file transmissions, middleware and third-party intermediaries such as SWIFT service bureaus to transmit messages. Messages need to encrypted and decrypted multiple times. Corporate treasuries, that are by nature risk averse environments, have been maybe slow to adopt newer digital technologies.
Whilst maybe slow, Corporate Treasuries have not been immune to digitalisation and real time processes/data. The trend can be attributed to multiple factors, not least the digital transformation occurring in the retail sector.
Within this context, open banking APIs might offer treasurers access to real time data. However, open banking APIs are ill suited for the corporate market. The main shortfalls are:
PSD3 is unlikely to take effect under national regulation until 2026 at the earliest. EU launched a consultation period which comprised 3 elements:
- a public consultation
- a targeted consultation on the technical aspects of PSD2, and
- a targeted consultation on open finance.
The public consultation came to an end in August 2022. The targeted consultations have also concluded. Some of the items being considered include:
- Are current open banking requirements adequate?
- Are there alternatives to current SCA methods?
- Should the SCA period be extended from 90 to 180 days to reduce friction?
- Should contactless payment limits change?
In the unregulated premium/private API market, corporates are looking to accelerate their digitalisation strategy. In response, banks are accelerating the rollout of their APIs and these are covering an ever-increasing range of use cases. SWIFT has launched a project seeking to standardise a number of core APIs but this is seen as a drag on innovation allowing a number of API aggregators such as FinLync to develop software solutions allowing simplified multi-bank API solutions.