Have you ever attended one of those industry events that tickled your mind and made you think: ‘I wish I had thought of that 10 or 20 years ago?’ That’s exactly the way one felt coming out of the recent ForgeRock Open Banking event held at the epicentre of financial innovation in the UK — the infamous ‘Square Mile’ on 15th November 2022.
Steve Ferris at a recent ForgeRock Open Banking Community event
Recently, I had the opportunity to hear ForgeRock co-founder Steve Ferris espouse the benefits of identity and access management (IAM) modernisation and its roots some 20 years ago dating back to his time at Sun Microsystems. What proved even more compelling was hearing Steve compare this evolutionary journey to the past, present, and (anticipated) future fate of the Open Banking application programming interfaces (APIs). But let’s roll back the story before getting too excited.
Ascendancy of the UK Open Banking APIs
Since the publication of the retail banking report by the UK Competition and Markets Authority (CMA) in 2016, many began to salivate over the promise of Open Banking and an API revolution in the financial services industry. Since that time, and according to the 2022 Open Banking Report from the UK Open Banking Implementation Entity (OBIE), more than five million users now consume Open Banking APIs in the UK alone, with a 500% rise in Open Banking payments this year to July 2022.
Retail banking leaders, fintech entrepreneurs, and third-party provider (TPP) ecosystem innovators flocked to Open Banking in numbers, albeit, involuntarily. The stringent requirements of the UK Open Banking API Specifications and PSD2 Regulations have been critical in driving what has come to be known as “regulated” Open Banking APIs. And so it comes as no surprise that there’s been some resistance to what Eric Christensen, Vice President of Payments, Fraud, and Financial Services at Digital River once called “an opportunity to continue enhancing and build[ing] relationships with customers.” Let’s explore the reasons behind this challenge.
Limitations of the UK Open Banking APIs
Delivering secure Open Banking APIs is no easy undertaking, as many traditional banking providers will attest. First, there’s the raft of UK Open Banking API specifications that providers have had to align with. Since November 2018, the OBIE has released no fewer than ten iterations of the said specifications. Account Servicing Payment Service Providers (ASPSPs) have been forced to hire legions of highly specialised API developers to keep up with code control.
These Open Banking implementation teams have also been required to build their own Test Facilities to ensure Open Banking APIs are secured in conformance with FAPI 1.0 and 2.0 specifications. That’s not the end of the story — these implementation teams have also been compelled to spin-up their own production facilities to support the deployment of the very same Open Banking APIs. And there’s also the challenge of managing consent flows with outdated identity and access management (IAM) infrastructure.
For all of these reasons, the appeal of Open Banking implementations, outside the fintech world, has plummeted. Furthermore, the initial excitement amongst consumers has followed suit. A recent Yapily survey of 2,000 working professionals and 500 financial decision-makers has shown that even after all the work done over the last few years to make Open Banking work for consumers, only 51% felt that their financial providers were doing enough to support them. So, where next?
The Future of Custom APIs
A fascinating piece in FinExtra by Tatsiana Kuchminskaya, CFO at Andersen, points to research suggesting that the global API market growth will surpass USD 21 billion by 2028. The 2020-2021 RapidAPI Developer Survey shows that over 71% of respondents were planning to use APIs more widely in 2021, as compared to 2020. And it comes as no surprise that the industries leading the API pack include telcos, healthcare providers, and financial services providers.
But here’s the all-important “rub” as Shakespeare would say: when and how does one capitalise on the custom-API revolution while benefiting from all the great work done on Open Banking APIs? Short of veering off on a tangent, the answer is simple (in contrast to the complexity of execution): leverage secure, extensible, and FAPI-compliant APIs to develop new value-added services on the back of comprehensive financial data.
The Way Forward
That’s great, but if only it were so simple! Naturally, valuable things in business and life are never simple. But perhaps it’s not too much to ask for them to be simpler, easier, more secure, and faster? “That’s a reasonable ask,” as Steve Ferris would say. Especially so if financial services providers are able to bring both Open Banking test and production facilities as well as future custom API test and production facilities into one framework. This framework would be enabled by a modern IAM infrastructure that can, in turn, handle, secure, and deliver thousands of API calls across tens of millions of identities worldwide.
Perhaps Steve’s evolutionary vision for both Open Banking and custom APIs will become more of a reality than a vision. And perhaps that will unlock an uptick on Open Banking investments for multiple players in the financial services industry and beyond.
Luckily, the ForgeRock Open Banking team led by Jamie Bowen has been working with leading UK financial services providers to address this very challenge. Join the discussion on the SAPI-G Community threat to learn more. Visit the ForgeRock Secure API Gateway for Open Banking webpage to find out more.