Traditionally, banks have operated in closed environments, given the nature of their business and regulatory boundaries. The present digital economic ecosystem, globalization, and changing consumer demands are necessitating banks to be more agile, collaborative, and innovative to remain competitive. The visionary regulators and policymakers across the globe have perceived the need to build a digital ecosystem to encourage innovations and deliver services to customers.
APIfication interconnects multiple third-party applications and interfaces, data, and devices via Application Programming Interfaces (APIs) to build the digital ecosystem. While conventional banks use internal APIs, the new paradigm facilitates partner and public APIs to access the bank’s existing architecture, core business applications, back-office systems, and custom services to offer newer, better services and experiences for customers and partners.
Thus, APIfication enables banks to leverage existing IT assets, functional processes, and information more strategically. So, a quick answer to the above question would be ‘Yes.’ Banks can benefit immensely by embracing business partnerships through partner and public APIs.
Factors Influencing Banking APIfication
As discussed earlier, APIs give FinTech companies and third-party developers access to the banking system’s fully-functional digital business assets and distributed processes. Banking APIfication, therefore, demands a structural change in the system and collaboration between external API developers, digital-born fintech firms, and partners that drive the ecosystem.
The move to partner and public APIs is, however, not easy as many large banks rely on complex legacy systems and internal APIs to provide financial services. Yet, they do understand that the multipurpose functionalities of APIs can be true enablers for business transformation.
Governments of many countries, including the US, the UK, Singapore, India, Japan, Australia, Philippines, Mexico, and the MENA countries, have already given green signals to move to open APIs, as banks continue to account for their financial stability and economic growth. Europe has implemented the Second Payment Services Directive (PSD2) mandate to streamline, regulate, and secure online payments and promote Open Banking.
In the US as well, the Consumer Financial Protection Bureau (CFPB) has taken the lead to facilitate Open Banking and thereby offer new and innovative financial products to consumers. With more than 62% of Americans using digital services over physical bank branches, APIs are making it easier for financial systems to securely meet consumer needs.
Most of the progress of Open Banking products and services in 2022 will be around AIS (Account Information Service) and PIS (Payment Initiation Service) in MENA region as per 2022 MENA Open Banking Spotlight report.
India has already started reaping the benefits of such open digital ecosystem networks, which allow many applications and platforms to interconnect and interoperate seamlessly using open API protocols. Few such initiatives are ‘India Stack,’ a set of Open APIs and digital public goods, which observed a huge success of Unified Payment Interface (UPI). The recently launched Account Aggregator (AA) Framework (Being promoted by DigiSahamati Foundation has enabled real-time financial information aggregation in one place across banks, tax authorities, insurers, securities, and pension funds.
Support for the API-first Approach
The 2020 McKinsey global survey estimated that 75% of banking APIs are used internally. But more than 100 banks globally have opened their APIs to third-party developers and FinTech partners to support building or orchestrating simplified financial solutions for budgeting, risk profiling, digital payments, lending, transferring, and so on. In India, activities such as banks’ lending and onboarding clients for current account saving accounts (CASA), personal finance management (PFM) are being carried out in partnership with FinTech and big tech players such as Amazon, Flipkart, Ola, Groww, Neo Banks- Jupitor, Niyo, Fi, Razorpay, and Slice through Open-API integrations.
As per the 2022 Mulesoft Connectivity Benchmark report (In partnership with Deloitte Digital), 40% of organizations’ revenue is now being generated by APIs and related implementations. About 26% of business leaders now demand a company-wide API strategy as APIs help organizations deliver value and revenue. Google Apigee is at the forefront of delivering Open Banking-compliant APIs to promote innovation, grow the partner-customer ecosystem at scale, and speed up secure financial communications. The API platform Postman has high-quality, readily usable Bank APIs and community support for simplified Open Finance services.
Challenges with Private, Partner, Public APIs, and the role of QA (Quality Assurance)
Driven by both the rise of neo banks/ ‘challenger’ banks and the traditional banks’ desire to remain competitive by offering new digital experiences to increasingly connected customers, Apigee users in the financial services industry grew API traffic by more than 125% in 2020.
Technology leaders recognize API performance analytics (26%) and API security and governance (23%) capabilities as the most critical components of a successful API program.
The above research shows that API quality, scalability, and security are of utmost importance for the success of API-first digital programs. However, defining and executing an API-driven project is not easy.
I would like to quote an interesting case where we implemented a company-wide API Factory with microservices for a major Indian bank to enable digital lending and customer onboarding through FinTech firms and Neo Banks. As the bank had several legacy systems and complex integrations, we had to overcome three major challenges:
- Achieve qualitative, seamless user journeys via an end-to-end API call chain that cuts across the onboarding partners, new microservices gateway integrations, existing ESB layer integrations, authentications, authorizations, and legacy core systems
- Scalability to reach the desired transactions per second
- Discover unknown issues of the entire journey proactively and know the root cause for quick remediation
Our Quality Assurance approach helped the bank define a strategy for Shift-Left and Shift-Right testing, integrated with DevSecOps methodologies. The steps we followed included:
- Setting up of Quality Engineering Practices for Design-First and Security-First API project, which included verification against the RESTful API Design Guidelines (API URL Naming Conventions, versioning, format, resource naming convention, Payload format, coverage of Error handling, Security Schemes – OAuth 2.0, OpenAPI Specification v2.0)
- Implementing component level, individual API, and call-chain functional and non-functional testing, integrated with the CI pipeline
- Automating functional and non-functional testing to ensure that the software performs as designed and is secure
- Establishing observability best practices with open tracing standards
The result was that we delivered a seamless customer experience through their journey across mobile devices, microservices, third-party integrations, and backend legacy systems. We also saw improved metrics such as 3X times early issue identification in SDLC, 90% automated test coverage, 10X faster test execution time per API, and 50% reduction in incidents owing to proactive monitoring and observability.
What does the future hold for open APIs
As an expansion of data sharing through APIs, the Open Banking journey will move towards Open Finance. Thus, Open Finance will drive the consent-based aggregation of the entire financial footprint of customers, and not just the banking data. This will lead to the democratization of credit, tailored financial services, and enhanced financial accessibility to consumers with access to more relevant data to industry players. Many FinTech players and financial institutions will also gain access to relevant consumer data. However, consumer consent management and the security of data being shared would become crucial for the successful adoption of Open Finance.
Banking and FinTech systems will be aligned with global compliance requirements to accommodate different API specifications, standards, and deployments to resolve integration, aggregation layer connectivity, and resolve complexity issues between banks and third-party interfaces.
Banking APIs have massive potential due to their versatility and the ability to create new business models and value propositions. They allow banks to be agile and open doors to respond immediately to market opportunities. Hence, banks should focus on collaborating with third parties, FinTech companies, technology vendors, insurance partners, corporates, and other digital banks, and embedding API technologies cohesively in their future growth strategies to become competitive in the digital space.
About the Author:
Vivek Porwal, Senior Vice President, Consulting and Banking Practice Head at QualityKiosk Technologies (QK), has two decades of experience in the BFSI segment in Consulting, Quality Assurance, and Auditing. He is currently responsible for Digital Transformation Consulting, especially for Digital Lending, Open Banking, Omnichannel, super-app engagements at QK. He also has rich consulting experience leading digital transformation projects on Digital Quality Engineering, Continuous Test Automation, RPA, API Banking, DevOps, and Agile methodologies. Vivek speaks regularly at several international forums on the global evolution of the banking sector. He was awarded the CA Professional Achiever Award – Information Technology Sector by ICAI in 2016.