134 banks and authorized deposit-taking institutions (ADIs) in Australia have to open up customer financial information through secured APIs as a part of the Australian Open Banking regulation (coming under the Consumer Data Right) by July 2020. This poses several problems for the ADIs in question. Depending on the size of the organization as well as how long they’ve been in business, different ADIs will have different challenges to overcome in complying with the regulation.
Many ADIs currently have rather messy technology stacks, where new systems have been incrementally added resulting in
- A myriad of systems for core and internal operations.
- Systems by multiple vendors with orthogonal capabilities.
- Systems that require strong security, robust integration, and auditing capability.
- Different types of users consuming different services.
Figure 1: A typical architecture in a traditional bank
This usually results in the following issues:
- Multiple applications are needed to carry out different operations within the bank
- Each application has a different account/login
- Disconnected experience through different channels of delivery
- No centralized platform to collect data on customer experience
- Limited or no external facing APIs for consumption from outside the organization
In an ideal world, banks can do a complete overhaul of their existing technology stack and create a clean, digitized system that can also provide open banking compliance. But in reality, this isn’t achievable because business, as usual, must go on (using the existing systems) while modernization happens parallelly and completely oblivious to the consumers as well as the employees of the bank.
The open banking compliance requirement provides a great opportunity to digitally transform the bank, piecemeal. If you take the requirement as a whole, it needs many technology components to work together in order to achieve compliance. Let’s look at what components you need to focus on and how you can modernize your technology.
2. Integrating an Open Banking System to the Existing Technology Stack
First, you need to front the existing system architecture (which usually follows the messy spaghetti pattern) with an integration layer. This layer allows you to expose all the required services to the open banking solution, which will, in turn, expose them as APIs with the required identity and access management (IAM) checks. Once this step is done, the regulatory hurdle is accomplished.
Now comes the fun part — modernization. Once the new open banking technology components are connected to the existing technology stack, banks can understand how some of these components, while interoperating with the existing stack, can be used to digitally transform the bank’s technology architecture. Following are the key steps you need to follow:
- Integrate internal systems and expose standard APIs and services for consumption.
- Centralized identity and access management to enforce strong security and to maintain a single identity for each user.
- Comprehensive data analytics and alerting capability.
Figure 2: Technology components needed for compliance and beyond
3. Integrate and API-fy
Spaghetti architecture found in most traditional banks makes it increasingly difficult to add new technology or update existing technology to add new services, without having an impact on the rest of the systems. Maintenance is also difficult, risky, and costly.
Figure 3: Systems integration in a traditional bank
Banks can re-use the integration layer and the API management technology used for the open banking requirement to transform their existing architecture to a more structured, digitized architecture by following the below steps:
- Integrate all systems with each other via a common integration layer.
- Create two separate integration clusters for business and enterprise systems.
- Standardize API and service interfaces to consume services.
- Expose legacy systems as web services via the integration layer.
- Create an API catalog and documentation for better service discovery and easier adoption.
- Manage throttling and rate limiting on services exposed.
- Introduce RBAC (Role Based Access Control) and ABAC (Asset Based Access Control) for service invocations.
Once this is done your bank’s systems integration will be digital-grade.
Figure 4: Systems integration in a digital bank
4. Strong Identity and Access Management
Figure 5: IAM in a traditional bank
In traditional banking systems, users may face several inconveniences when accessing applications and systems that meet various banking needs. These include multiple logins to disparate apps, poor customer authentication techniques, and the inability to access all applications from a common interface.
In order to eradicate this problem from both a security and user experience standpoint, banks should
- Implement customer IAM to facilitate a single account over multiple channels.
- Implement employee IAM to facilitate a single account for all internal systems.
- Set up strong multi-factor authentication for customer channels.
- Provide fine-grained access control and delegation.
- Exert flexibility to integrate a common user store.
- Set up brokered authentication capability for external applications.
When you successfully implement an IAM solution, you will end up with a system similar to the one depicted below:
Figure 6: IAM in a digital bank
5. Analyze and Earn
“Data is the new oil” is probably a quote you have heard many times. But like unrefined oil, if we don’t refine the data into actionable insights, it becomes useless. In most traditional banking architectures, individual systems create siloed analytics or reports that are generated at the end of the day or week. These are then viewed as part of a weekly or monthly check up.
Figure 7: Analytics and auditing in a traditional bank
However, if banks want to not just benefit from the existing data, but also use it to provide digital products and services they need to
- Create a centralized analytics platform for all systems.
- Collaborate data from multiple systems to identify broader patterns.
- Enable decision making through real-time data analytics.
- Understand trends and prepare for future outcomes using predictive analytics.
- Use an API interface to expose analyzed information.
- Use a common analytics platform to source information for both internal and external audits.
- Increase revenue by using data insights to create customized offers for consumers.
These steps will enable you to end up with an analytics platform that can truly deliver digital banking services by utilizing data.
Figure 8: Analytics and auditing in a digital bank
By combining these digitally savvy architectures, banks end up with an infrastructure that is lean, agile and provides all stakeholders in the banking ecosystems with an optimal experience.
This improves the position of your bank as a digitally driven and innovative player in the Australian financial services market and puts you way ahead of the competition.
6. Change Management
So are we there yet? Well, the goal post keeps changing. With the regulators promising to have regular version upgrades to the specifications, we will never really get ‘there’. But the important thing is that we ensure that our systems, processes, and people are able to operate in an agile and iterative manner to ensure that each regulatory update and each business expansion can be handled with ease without having to overhaul the technology stack each time.
At the end of the day, banks should remember that compliance is just the first step. How you perceive the opportunities beyond compliance and what you do in order to get there, lies in the hands of the decision makers in the bank. Open banking compliance provides you a great opportunity to digitally transform your bank. All you have to do is, identify which existing technologies can be re-used, acquire the technology you don’t have, and create a technology strategy for digital transformation. This puts your bank in the right place to use open banking compliance as a pathway to becoming a digital bank.
WSO2 Open Banking allows you to comply without having to reinvent the wheel. It can seamlessly integrate with your existing IT infrastructure, fill in any technology gaps and satisfy compliance quickly and effectively. The best part is, the solution can extend to the rest of the WSO2 Platform, allowing you the benefit if having a comprehensive technology stack to benefit from, when you start thinking about digital initiatives beyond compliance.