The Promise of Open Banking: A Nordea Case Study

Posted in

There’s a particularly apparent trend in today’s economy: we’re moving away from big, centralized systems towards collaborative, access-based ones. It’s changed the way we shop with websites like eBay, the way we travel with apps like Uber, and the way we get a good night’s rest with portals like Airbnb.

One industry that’s been slow to change in the context of this global movement is banking, where it’s all the more important. We still use huge institutions, like JPMorgan Chase, Citi, and HSBC, to manage our finances — and what’s more, we use them to manage all aspects of our finances, from investment to insurance to mortgages.

However, it’s somewhat of a double-edged sword with banking: we want the trustworthiness and reliability of a big bank, but with the agility and innovativeness of a hundred startups.

The solution? — open banking.

This post was inspired by a presentation given by Gunnar Berger at the Nordic APIs Platform Summit. Watch it below:

Open Banking: The Premise and Promise

The premise of open banking is to put the power of financial institutions in the hands of others. On the one hand this just means increased transparency, but more interestingly it means the development of APIs to allow third party developers to build their own financial services and platforms using all the data and functionality that banks usually keep to themselves.

While open banking may not sound so attractive for big banks or the major payment service providers like Mastercard and Visa, it’s mostly good news for everyone else. Consumers get a greater choice of financial services without sacrificing on security, FinTech startups get to explore otherwise impossible ideas, and governments get to tackle the issue of having huge, hegemonic financial organizations.

In fact, most governments in Europe — and even the European Union itself — are already pushing for open banking. The UK has its own Open Banking momentum while the EU has passed PSD2, the second edition of the Payment Service Directive, which will encourage APIs that “unlock customer data” and “enable consumer choice”.

What PSD2 Means For Banks

The original Payment Service Directive was enacted in 2007 to regulate payment services across the European Union and encourage competition across borders. The revised edition — PSD2 — was passed in 2015 and shifts the directive’s focus from broad safety regulation of the financial world to the development of more innovative and transparent financial services.

So what exactly does PSD2 mean for European banks? In order to be compliant with these new rules, they’ll have to implement a significant amount of specific, robust functionalities, which will ultimately require an overhaul of much of their technical infrastructure, including security concerns associated with doing so.

Fintech group Difitek compiled this PSD2 compliance checklist for banks, which includes, among other things:

  • An API function allowing users to grant others access to their data
  • An API authentication process which verifies both the user and application
  • API documentation, developer SDKs, code samples, and tutorials

While PSD2 is already enforceable as of January 13, 2018, strong customer authentication is only mandatory by September 2019.

Nordea’s Journey to PSD2 Compliance: 300 Signups in 72 Hours

Nordea logoFor most, Nordea needs no introduction. As one of the biggest banks in Europe and the biggest bank in the Nordic region, Nordea serves over 10 million private customers. Of course, like all other European banks, Nordea is subject to the new PSD2 regulations.

Gunnar Berger, Head of Open Banking at Nordea, told the story of their journey to PSD2 compliance at our 2017 Platform Summit in Stockholm, Sweden.

Nordea was one of few European banks that chose to take a proactive approach to compliance. PSD2 was coming whether they liked it or not, and as Gunnar was well aware, Nordea is “sort of a supertanker when it comes to changing course; — it takes a while”, so when it came to building an open banking platform, they were going to do it well and in good time. Development on their PSD2 open banking platform began in Autumn 2016.

As with any behemoth project, Nordea was bound to run into some problems while building this platform. In this case, the issue was trying to balance the very real requirement of basic, legal compliance with the desire to build on new opportunity. Since developers would pick innovation over compliance any day of the week, the open banking team slowly started falling behind on the main aim of their project: to make Nordea PSD2 compliant.

No Presents This Year

Come Christmas, Gunnar realized it was only a year until the requirements for PSD2 had to be fulfilled — or so he thought. With that in mind, he asked his development team to focus just on the compliance aspect of their new open banking infrastructure, setting aside the more creative work.

While this wasn’t much fun for the developers, it got the project back on track and meant that Nordea could start looking for beta testers from February of 2017. Without giving it too much thought, they published a signup page where external developers could apply for early access, expecting to get only a few signups. Who would want to test out the boring new legal stuff, anyway?

Within 72 hours, the page had garnered 300 signups, with developers both big and small leaving enthusiastic comments about what they wanted to build with the platform. Supposedly, Nordea was the only bank communicating with the Nordic FinTech world at the time, although by this point the “communication” was limited to just a signup form.

The Results Are In…

By the time signup closed, 700 applications were tallied. Clearly, FinTechs were much more interested in the possibilities of open banking than had been anticipated — and this was evidenced in just one of hundreds of banks trying to meet compliance.

“Now we had created an expectation in the market — not that we will deliver some really crappy compliance APIs by the end of this year — an expectation of something much more.”

-Gunnar Berger

It was only right that Nordea matched the enthusiasm of the applicants, and so they created blogs and newsletters, met up with developers, and decided to let everyone access the platform. Needless to say, this stirred up even more excitement, and helped Nordea gauge — with minimal investment — the feasibility of developing their open banking platform beyond basic compliance.

Thankfully, they had realized by now that they had until late 2019 to meet the technical requirements for PSD2, and so by now Nordea could even begin collaborating with 3rd parties on more innovative aspects of the project.

A World Beyond PSD2 Compliance

With this huge influx of enthusiasm and now great expectations for the platform, Gunnar’s vision changed completely. This was the perfect medium to connect an old, big bank with nimble and innovative FinTechs.

It was the open banking system that could leverage Nordea’s huge clientbase and reliable infrastructure against the FinTechs’ brains and fast footedness. It would allow FinTechs to put their products in the hands of ordinary people — not just the young or tech-savvy — without having to spend millions of euros on a sales team.

The vision for what was previously a PSD2 compliance platform is now to create an open banking marketplace — or perhaps an even more universal developer platform. Gunnar wants to work with third parties across the ecosystem, with partners not only using the new solutions, but also creating them or even creating the APIs needed to create them!

If you’ve ever wondered how big banks will stay relevant into the future, now you know. Instead of doing the very minimum to meet legal requirements, Nordea opened up access to their platform early, collected feedback, and then decided to dive in with both feet when they saw an opportunity.

Final Thoughts

Open banking will allow financial services to extend into a comprehensive network of services. The world of banking may no longer be closed behind locked doors, operating separate to all other technology — and is there anything really stopping banks like Nordea from expanding their open banking hub into a flexible, cross-industry development platform?

Even banks not legally affected by PSD2 might benefit from building similar development platforms, as they’ll be able to stay relevant into the more dynamic, universal service markets that Gunnar predicts. In an age of endless consumer electronics and worldwide interconnectivity, it’s no wonder that banks are starting to redefine themselves as technology companies.