How Banking-as-a-Service Is Accelerated Through APIs

The general public is getting more and more used to consuming “X-as-a-service,” a movement that’s been fuelled and perpetuated by APIs. In the words of Eyal Sivan, former Senior Director of Enterprise Architecture at CIBC:

“Everything changed. Suddenly people could order a taxi, a hotel room, a pizza, with a couple of taps on their phone. And consumers expected exactly the same kind of interaction from everyone they do business with, probably most of all the banks.”

Although people are generally cautious when their finances are involved, the widespread adoption of services like PayPal, Stripe, and Robinhood has made waves in the FinTech space. And their mega-unicorn valuations have API developers excited for what’s next.

Many developers are taking a closer look at how they can participate in the world of open finance. However, depending on location, some find it difficult to achieve their aims. Below, we look at how open banking and APIs are changing (and will continue to change) the face of finance.

The Bad Old Days

In days past, banks kept all customer data under lock and key. Although that sounds like a good thing on the surface, it meant that users sometimes ended up taking significant risks to automate processes related to their banking.

For example, a user might have had to provide their account details to a piece of screen scraping software if they wanted to do something like reconciling bank transactions in their accounting software.

Besides not always being entirely accurate — screen scraping services are prone to errors and omissions — these products left users at risk of fraud if their credentials weren’t protected adequately. And since users had shared those credentials with an unauthorized third party, banks weren’t always entirely sympathetic. Fortunately, APIs and so-called “open banking” offer a better way of doing things.

The phrase “open banking” might sound a little scary — after all, who wants their bank account opened to the world?! The concept refers explicitly to sharing data only from customers who consented. As a result, third-party apps can access this data security without screen scraping. Plus, data is only “open” to verified and regulated third-party services.

The Rise of Open Banking

In the UK, open banking was actively introduced in 2018 as a result of the Competition and Market Authority (CMA) requirement for nine large banks to make customer data more available. Before an app can access this data, it must become part of the Open Banking Directory and register with the Financial Conduct Authority.

Despite murmurs that the US is on the cusp of embracing open banking, it currently lags behind the US. In an exclusive earlier this year, Reuters stated that a proposed Consumer Financial Protection Bureau (CFPB) rule designed to facilitate sharing financial data was being stalled by privacy concerns.

According to that article, CFPB Director Rohit Chopra had concerns about how big tech companies might use the data opened up by a rule like this. It’s worth pointing out that the US doesn’t have a direct equivalent to the EU and UK’s General Data Protection Regulation (GDPR) outlining how customer data can be used throughout all fifty states.

Elsewhere in the world, the extent to which banks have embraced APIs and open banking varies hugely. We’ve previously written, for example, about how the Canadian Imperial Bank of Commerce (CIBC) adopted an API and microservice architecture back in 2018.

In the same year, Nordea’s Gunnar Berger spoke at our Platform Summit about the importance of the Payment Service Directive of 2015 (PSD2). It was the clear route to PSD2 compliance that enabled Nordea, the Nordic region’s biggest bank, to figure out the logistics of building their open banking platform.

Research report from Curity: Facilitating the Future of Open Finance

Bypassing The Banks

The likes of Stripe have written extensively about BaaS and how their services effectively forgo the need for open banking from banks themselves:

“APIs create FDIC insurance–eligible accounts for your customers that can earn yield, send ACH or domestic wire transfers…Stripe handles upfront negotiations with a network of banks, embeds KYC within your product…and advises you on remaining compliance requirements.”

In other words, Stripe has gone from being a payment processor to something as close to open banking as those in the US are likely to get…at least for the moment. And they’re not the only ones doing this.

OpenPayd, for example, has modular products that allow companies to offer accounts, currency exchange, accept payments, and more, without becoming a fully licensed bank. Although OpenPayd is based in London, they claim to provide coverage for Malta, Turkey, Bulgaria, and North America.

A recent PYMENTS article mentions that less than 50% of financial institutions invested in or developed APIs in 2021. An additional 25% plan to do so in 2022, but the extent of which is not mentioned. Translation: among banks themselves, adoption of open banking principles remains much slower. But without rules governing exactly how the process works, perhaps that’s not surprising.

The Future of Banking-as-a-Service

It’s ironic that we haven’t mentioned many actual banks in an article on open banking and banking as a service. That’s unfair, as there are plenty of banks out there doing exciting things with APIs, including in the US.

Take Citi, for example, which allows API consumers based in the US to retrieve account details, transaction history, and account statements, and grant third-party apps access to their account data and services.

Although this gives businesses, developers, and FinTech companies plenty of scope to build interesting products that connect directly to Citi, other APIs like money movement (available in the UK market) or card management and insurance booking (both available in India) are notably absent in the US.

Natwest’s Bank of APIs offering, with its comprehensive list of banking APIs, offers an exciting glimpse into the future of what banking as a service might look like when there’s more consistency around how regulation and compliance are approached in different countries.

Without that consistency and clarity, don’t expect US banks (or those in other areas that lack concrete guidelines) to wholeheartedly embrace open APIs as some folks would like.