The State of API Standardization in Finance Posted in Business ModelsOpen Banking J Simpson February 16, 2023 Global finances were already heavily leaning toward digitization before the COVID-19 pandemic. Logistical issues in the wake of social distancing, supply chain disruption, and a massive rise in virtualization caused a dramatic acceleration in financial technology. According to recent estimates, financial technology (FinTech) was a $26.5 trillion industry at the end of 2022. At this point, nearly every financial service provider also offers some form of FinTech service. You don’t have to think too hard to imagine a scenario where this massive proliferation of API-enabled FinTech could go horribly, horribly wrong. An insecure API endpoint can already be disastrous for an organization. Think of what could happen when it’s allowed access to your customer’s financial accounts? Understandably, the massive spike in FinTech APIs is causing a corresponding rise in calls for API standardization in finance. For example, Hans Tesselaar, the Executive Director of the Banking Industry Architecture Network (BIAN), recently explained the need for API standardization in finance to The Global Treasurer, stating: “They’re all differently constructed. Different APIs can use different naming [conventions] or a different field size.” In that same article, Finastra’s head of working capital finance explains the need for API standardization in finance. “[Standardized] APIs will ultimately reduce the cost of ownership and make corporates (sic) more flexible to change. For banks, it will enable them to offer new products and services at a much greater speed.” Considering the rapid ascent of FinTech APIs and the industry’s growth, it’s no surprise there are more and more calls for API standardization in finance. With that in mind, let’s take a look at the current state of financial API standardization to give you some ideas of the current best practices for FinTech and ways you can make sure your financial APIs are secure and efficient. The Rise of International API Standards Throughout the globe, many countries are transitioning towards API standardization for finances. In fact, we recently posted about seven different global open banking standards. The EU created the PSD2 regulation for opening financial data, for instance, which has ushered in a variety of standards. On the other hand, the UK’s financial API initiatives are following the Open Banking Standard. Most of these API standards are emerging to reduce the likelihood of monopolization and ensure transparency. With different countries having different API standards and financial regulations, there’s a need for services that will cross international borders and boundaries. In the US, Financial Data Exchange (FDX) is a standards body with over 200 participating entities to help meet these needs. More Open Banking and Open Finance Virtually every industry is transitioning towards an open everything policy. Open banking is the protocol for digitally transmitting banking data safely and securely. And open finance is arguably the next evolution beyond open banking. Open finance expands on the scope of data transmitted by open banking. Its main feature is giving consumers rights over their data that can be consumed by third parties. As such, open banking and open finance challenge some traditional financial players and products. It also asks them to reconsider how they deliver their data and products. Nowadays, third-party developers increasingly expect to be able to consume data in their own development projects rather than relying on proprietary data or software. For related insights, watch our LiveCast on Standardizing Open Banking: API Security More APIs mean more need for API security, as every new API creates more surface area for cybercriminals to attack. Cybersecurity is incredibly important in every vertical involving APIs, but it’s exponentially more so when dealing with finances. Financial-grade API (FAPI) is a suite of standards for improving API security implemented by the OpenID Foundation. The goal is to extend OpenID Connect to account for emerging financial API standards, like those that have risen due to PSD2. Their goal is to provide higher levels of security than either 0Auth or OpenID Connect. FAPI adds four standards beyond existing 0Auth and OpenID Connect, and will continue to evolve as the needs continue to change and grow. Data Modeling Inconsistent standards and data structures commonly lead to security breaches. Therefore, implementing standards for data models is an important part of ensuring API security. It’s also an important aspect of API adoption, so it’s a critical best practice for API development. ISO 20022 is a new financial standard for ensuring consistent data. It’s also intended to facilitate international payments. Much of the data model is dictated by BIAN, which provides standard service definitions and facilitates additional support for accelerating banking and financial services. Banks are Experimenting with New Business Models As mentioned above, financial API standardization is cutting out the middleman in many financial data transactions. Unsurprisingly, many banks and official financial institutions want to retain ownership over their relationships with customers and business partners. As a result, we are seeing banks experiment with new business models. These can include anything from premium APIs to partnership programs. Others offer free API services to build new relationships and attract new customers. Additional business opportunities could include working with new fintech API developers as mentors or investors. Some banks and financial institutions are even lending their banking license to certain financial API providers. These new business models signal that open banking and open finance are reaching a point of maturity and coming into their own. It’s a sure sign it’s time for API standardization for finance. Final Thoughts on API Standardization for Finance Security is just one reason for API standardization, although it’s undoubtedly one of the most important. A standardized format can also ensure more widespread adoption of your financial API. It’s an essential component for ensuring your APIs have peak performance, as well. API standardization in the financial sector is essential for the widespread adoption of financial sectors. It will become increasingly important as the more financial institutions that use financial APIs, the more surface area there is for cybercriminals to attack and exploit. It amplifies the temptation, too, with so much financial data and so many assets flowing through financial APIs. The world’s never going back to analog banking. Things will only become increasingly digital and virtual from here on out. We will do more and more business and banking across international lines. We will also need to transmit financial data using various financial API standards. It’s time to implement a financial API standard if you haven’t already. If you have, it’s an excellent time to examine your API data model and ensure it’s following the current best practices for financial APIs.