Beyond the Hype: A Practical Guide for Open Banking in Saudi Arabia
- Anisha Yasaratne
- Associate Director & Head of BFSI Practice - WSO2
- 5 Mar, 2021
Open banking is positioned to redefine Saudi Arabia’s banking landscape by making it more innovative, competitive, and user-friendly. It leverages public application programming interfaces—commonly known as Open APIs—to enable third-party developers to create consumer-centric applications and services using traditional banking and financial services. By empowering customers to direct their banks to send their financial data to other providers or to initiate payments directly from their bank accounts, this new initiative creates a disruptive shift in financial services that can’t be ignored by incumbents looking to build a lasting competitive edge.
This publication highlights key learnings that are likely to reshape the way Saudi Arabian banks will operate in an open banking world. It distills our experience gained first-hand from addressing the demands of open banking from projects across the globe.
- Most banks in Saudi Arabia have taken a wait-and-see approach towards fintech collaboration. However, this will not work as open banking creates more space for innovation by fintech firms and as consumers have increasingly adopted fintech solutions. In order for banks to be competitive in this space, they need to have strong plans on how to respond. They cannot ignore collaboration and open banking cannot merely be a compliance requirement. Banks should view fintech firms as partners, and not as competitors, to achieve business goals.
- Use cases have already emerged. With account aggregation and personal financial management seeing rapid adoption, banks can focus on these to start and experiment with more as they mature digitally and gain more mature partners.
- Consumer adoption should not be a concern for open banking. The data proves that open banking is here to stay.
- Security is a concern for many banks. However, because of the work put into making open banking APIs secure globally, this is not a problem in reality. In fact, it is safer than screen-scraping, which is the alternative method consumers use to authorize data sharing.
- Your strategy both in terms of tech and commercial goals should be linked directly to your broader business goals. Understand which business goals you can achieve through open banking, build consensus, and buy into this with the various teams relevant to the initiative. Our lessons learnt and methodology will help you set up a framework to do this.
- Your open banking strategy should not be limited to compliance. You need to build flexibility and agility in your tech and business teams to respond to evolving regulations and business requirements (i.e., where there is a natural push for you to do more with open banking APIs with premium and voluntary offerings to stand out from the crowd).
- To achieve all this, addressing culture will be key. Without the right mindset among the board, the C level, and the business and tech heads, the open banking project, just like any other digital transformation project, is bound to fail. Your open banking methodology should necessarily include a structured way of addressing this need to align internally in the long term to build this cultural shift.
At this point in the evolution of the Saudi banking industry, taking the time to appreciate the strategic fit of open banking for your business is a core task for decision makers. Each bank should embark on an open banking journey suited to its unique business position and strategic goals.
However, from our experience, most banks who have been in a strong position to explore the benefits of open banking faltered by taking a conservative approach focused on regulation alone. Banks that have taken on open banking as an innovative opportunity for disruptive growth, after fulfilling the regulatory mandate, have not only entered new markets and created new business models but have been able to use this initiative as a forward leap in their efforts at transforming digitally. This new initiative encourages banks to include dynamic changes to every aspect of the business—such as in terms of converging divergent technologies, adopting agile strategies, and becoming laser-focused on personalizing the customer experience.
We hope you enjoy the read.
Open banking is coming to Saudi Arabia. This guide aims to provide technical and commercial decision makers and project committees tasked with implementation a compact primer to help kickstart their work. We do so by taking a firm step back from the hype train that tends to surround open banking conversations and acknowledging practical technology, strategic, cultural, and budgetary challenges faced by most in projects of this nature. With this in mind, here’s your real-world guide to open banking implementation in Saudi Arabia.
This guide starts by covering some of the key local factors to be considered when building your strategy. We then address problem areas many of you will encounter when running your projects and discuss solutions to these. Next, we review lessons learnt from global implementations in the UK, the EU, Australia, and Bahrain and end with a checklist, which will form a simple framework for success with your open banking implementation.
2.0 Context is everything—Key factors impacting your open banking strategy in Saudi Arabia
2.1 Open banking is being championed to drive fintech-based innovation, incumbents take note
In January this year, Saudi Arabia’s Central Bank (popularly known as SAMA) announced its "Open Banking Policy", firmly establishing that open banking is to play “a pivotal role in the further development of the Kingdom’s financial sector.” Banks must recognise that this coming new financial sector places fintech front and centre.
The policy is part of a wider programme to develop a digital economy, enable financial intermediaries, and stimulate growth in the private sector through new financial services products. Coupled with the Fintech Saudi programme, a Regulatory Sandbox already having catered to over 30 fintech startups, the issuance of Payment Service Provider licenses as a precursor to open banking and enabling the launch of non-bank Financial Institutions, signals that the regulator intends to stimulate the creation of a fintech hub as a key element of modernizing and diversifying the Saudi economy. This is, in fact, a regional trend with most regulators highlighting the attraction of fintech firms as their top motivation for open banking. Incumbent banks must acknowledge this reality. Riyadh’s fintech ecosystem is only ranked 232 globally by Findexable, with limited local and regional impact; however, the regulatory push towards open banking should significantly alter this.
Fintech is here to stay; now what?
2.2 Consumer acceptance is not the issue, banks need to step up
Banks in KSA have been slow to respond to consumer acceptance of fintech. According to Deloitte, across the region, and especially in Saudi Arabia, stemming from their behaviours in other sectors, consumers are willing to adopt innovative services offered by banks. The research firm’s March 2020 survey found 22% have already adopted fintech solutions, with 82% of respondents willing to try fintech solutions. 61% of this latter group were motivated to use these solutions to fulfill banking needs. With 90% of the banked in the country already using mobile banking, the trend towards adopting fintech services will only grow.
However, the survey also found limited serious engagement by banks with fintech firms. The broad strategy observed has been a “wait and see” approach, not proceeding beyond one-off projects to a strategic long-term engagement with identified partners or partner types. Considering the policy of the central bank in placing fintech firms at the center of their open banking initiative and that over $2 billion in venture capital is projected to flow into Middle Eastern fintech firms in 2022 alone, it’s clear banks need to think carefully about how this will impact their business models. While there is certainly no dictate that fintech engagement is the only path to success (an alternative with the right resources being internal fintech teams), proceeding with a clear strategy on responding to the competitive dynamics of fintech and big tech firms is a necessity and not a nice-to-have.
2.3 Use cases already becoming clear—follow fintech traction to pick up on trends
The Deloitte survey found that Saudi Arabia leads the region in terms of fintech adoption by consumers for their banking needs. Popular fintech use cases for consumers have been peer-to-peer money transfers (over 39% of those already using fintech solutions), account aggregation (38% of the users), and automated investment advice. This represents the highest demand for account aggregation in the region alongside the UAE and Egypt. On the face of it, these statistics provide a strong counter to those questioning how wise it is to introduce open banking in a country with relatively lower fintech activity.
Other use cases being widely discussed in the fintech space in Saudi Arabia include new payment types geared to reduce the delays and costs in transferring remittances, leveraging and augmenting the government eIdentity platform and similar eGovernment capabilities (following trends in the EU), and the rising growth opportunities stemming from the increased adoption of eCommerce. These fintech use cases will naturally evolve into solutions that utilize open banking data extensively, with the service providers not only looking at improving their existing solutions with better and more widely accessible data, but also with richer data carrying actionable insights on end consumers.
Looking at emerging patterns in open banking globally, recently published data from the Open Banking Implementation Entity (which delivered open banking in the UK under the guidelines established by the regulator) paints a picture similar to Saudi Arabia—not a surprise considering both markets possess modern banking systems. Personal finance management and account aggregation are the most popular use cases being taken to market by fintech firms for consumers. Interestingly, Small and Medium Enterprise financial management (23%), the facilitation of better user experiences and solution in payments for eCommerce (17%), accountancy and tax services (16%), cash flow management (16%), and alternative lending (13%) all emerge as trending areas when analysing the propositions made available by fintech firms on the OBIE app store. It's important not to forget internal teams within the bank itself are users of open banking data, with access to enriched data, process automation, and improved user experience being highlighted as open banking use cases in a recent industry study conducted in Brazil.
Together with the rise in investment, clear consumer adoption and emerging use cases show fintech should indeed be a policy priority for the central bank. Using open banking as a catalyst to hasten the shift also represents a bold strategic move by the regulator to establish Saudi Arabia’s early leadership is a trend that is now clearly going to be the norm in the banking industry in the coming decade.
2.4 Banks are waking up to the possibility. Don’t fall behind the curve
In this environment, it's not surprising that banks have already started to make the shift in mindset to being more open to fintech collaboration. In a survey of Arab central banks in August 2020 by the Arab Fintech Working Group, regulators expressed the view that in their experience incumbent banks showed a broad awareness that open banking was a strategic opportunity beyond the compliance requirement and that it represented a long term shift in the financial services space. The results showed that in most Arab countries across the MENA region, one-third of regulators saw banks fully embracing open banking as a strategic priority, while another third were taking a structured tactical approach. If you are still going slow on your open banking and fintech engagement programmes, you are taking a serious risk of getting left behind in a fast-moving region for digital transformation.
2.5 Standardised APIs alone won’t cut it; an agile tech stack is a must for those wanting to scale and stand out
In every regulated open banking ecosystem, all banks will eventually have the same mandated APIs. This will become the default scenario in KSA too. Having the standard open banking APIs alone won’t benefit the bank, and it will only deliver minimal benefits to end-consumers and fintech firms.
There are several strategies and tactics proposed and discussed at length to help banks succeed in building competitive differentiators in open banking. These range from programs to instill an entrepreneurial agile culture within banks, building and engaging extensively with developer communities, and building internal developer capacity. In all these, technology plays the role of a key enabler. Strong API management along with capabilities like API productization and monetisation would lay the foundation for this. Furthermore, technologies and methodologies like distributed-ledger technology, artificial intelligence, agile methodologies, microservices architecture, and cloud native approaches that help you better collate, process, and share data and make useful services available quickly and iteratively to end-consumers and API consumers (e.g., fintech firms) would give you the ability to stand out in the crowd and attract the best partners while scaling services as traction grows.
2.6 With incumbents, the difficulty to execute digital remains very real
A reset in mindset to working closely with fintech firms is never easy. In KSA, this is particularly amplified by several banks still running legacy technology for their core banking systems. Coupled with a culture that approaches IT as a cost centre rather than a strategic function and resistance to collaborate with fintech are commonly encountered factors that pose a significant obstacle for teams working on projects like open banking. Time and again, a failure to address this culture upfront has meant marquee transformation initiatives have had to rely on poor quality outsourced developer talent or succumbed to limitations of tech systems not aligned to the business brief.
Understanding the problem here though doesn’t provide much comfort. Even where a digital transformation project is board-sanctioned, consciously and continuously building and maintaining broad support from the top down will always be difficult and slow involving lobbying influential champions outside of the project committee and iteratively proving the value of initiatives for the duration it takes to start delivering ROI. An important task for Saudi banks in responding to this is to acknowledge these challenges upfront and develop a programme of engagement throughout the organisation to secure a mindset change on the potential of technology to impact the business. Partners and technology that assist in this are, of course, a core gap to be filled.
2.7 Within a framework that’s participatory by design, can you afford to stand on the sidelines?
Now that it’s clear some degree of engagement with open banking is non-negotiable, it is also important to understand how the bank may be able to influence the regulator. With its Open Banking Policy, SAMA has made it clear it would be adopting a methodology similar to that seen in the UK and Australia, where all stakeholders were engaged in the design and implementation stages.
Significantly, the “implementation phase” suggests early testing of the open banking rules and infrastructure may be achieved by working together with select banks. How could your bank be included in this early-adoption phase? This affords banks with the right regulatory engagement strategy to influence the scope, timetable, and technical requirements of Saudi Arabia’s open banking regime. Each bank should include in its open banking policy a strong definition of what success in terms of regulatory engagement would look like and a strategy to achieve this, either acting alone or via consortia and lobby groups to align the open banking regime not only to the general objectives of open banking but also to the bank’s own business plan.
- Design of the Open Banking ecosystem (technologies and processes)
- The definition of a governance involving market participants
- Development of the defined frameworks, technology building blocks, and rollout activities
- Testing with financial market participants
- Enhancement of customer awareness
Another manner in which the bank can avoid defaulting to low ROI standard open banking is to work with other like minded banks to establish proprietary open banking systems over and above the regulators open banking system. This would allow all participants in this mini-ecosystem to get ahead of the regulation and develop APIs and data flows that would enable the creation of more personalised and timely consumer value, thereby creating a competitive advantage for the participants in that mini-ecosystem.
2.8 COVID as a digital and fintech accelerator
The pandemic has accelerated the adoption of technology by banks on two fronts. Firstly, with the curfews and travel bans imposed on several parts of the country between March and July 2020, it became immediately necessary to enable bank employees to securely access the systems necessary to do their work. Secondly, this also meant consumers required remote access to a far greater range of banking services. The experience and its lasting behavioural impacts on consumers and the workplace means several of these changes will outlast the pandemic. A redoubled commitment by the government to diversify the Kingdom’s economy and reduce its reliance on global oil prices can also be observed by initiatives like the fast-tracked introduction of open banking. In fact, creating the conditions for KSA to emerge as a financial services hub driven by an innovative fintech community is one of the widely discussed elements of this. In crafting an open banking strategy that is linked to the overall business goals of the bank within this economic and social context, the influence of COVID in accelerating digital cannot be ignored.
3.0 Immediate concerns for banks and how to tackle these—An open banking FAQ
Different banks will respond differently to the market conditions laid out above. While some banks will look to get ahead of the regulations and leapfrog their rivals in terms of data sharing capabilities and fintech collaboration, others will take a wait-and-see approach with plans to scale proved use cases as they emerge.
Regardless of approach, there are a common set of problems that represent the “hard part” about open banking that as the boots on the ground implementers of open banking you would most likely encounter, and have to respond to strategically.
3.1 What will the Saudi Arabian open banking regulations mandate me to do?
SAMA is yet to publicly communicate the regulatory outline and technical standards for open banking in Saudi Arabia. However, looking at global trends, it is very likely Saudi open banking would follow a structure and implementation programme similar to what was seen with the open banking regimes in Brazil and Bahrain while capturing some of the aspects of the Europen PSD2 and Australian CDR regimes. Based on this, we can make some calculated assumptions:
- The APIs published would need to be flexible to conform to the technical standards as they evolve allowing the creation of services from the core banking system along with an API gateway that manages the access to the API in real time.
- Onboarding the right third parties either dynamically using certificates or through a manual workflow, based on their accreditation tier and status, and ensuring they get access to the relevant API resources based on their accreditation tier.
- API lifecycle management to keep up with version upgrades of the mandatory open banking APIs and even the voluntary APIs published by the bank comprising of notifications, upgrade processes, documentation, and access to future versions for testing.
- A system for authentication to verify identity and the authenticity of data sharing requests made. Depending on the approach taken by the regulator, this would likely evolve to cater to more user-friendly authentication approaches such as app-to-app authentication and decoupled authentication.
- Banks will be required to report statistics of the new open banking channel to the regulator.
- As regulations have matured, CX and operational guidelines have been added to open banking standards requiring open banking APIs to be fit for purpose, meeting availability and performance standards.
- In addition to this, the bank’s strategy for open banking may demand further digital transformation capabilities, making it easier for fintech firms and internal teams to access the bank’s systems and data securely and create new customer experiences.
3.2 What will open banking compliance cost?
A recent survey of European banks conducted by Tink revealed the median forecast expenditure per bank on open banking technology to be approximately USD 15 - 25 million for 2020 alone. What’s alarming about this statement is that if an open banking implementation comes at such a large cost, it would have a noticeable knock-on impact on the bank’s overall financial outlook. Our experience with banks that have adopted open banking in different regions has shown us this investment could be converted to just a fraction of this cost with the right strategies.
In our experience, there are several key strategies you could employ to mitigate these costs. These include:
- Repurposing existing components to achieve the tasks identified after a thorough understanding of the requirement.
- Only filling the gaps needed to achieve your open banking strategy.
- Investing in a good integration layer that allows you to maximize how you reuse existing components and introduce new technology.
- investing in technology to fill a cohesive long-term open banking strategy instead of a compliance stop-gap, so your technology and administrative costs wouldn’t be duplicated as the regulatory and commercial requirements of open banking evolve.
- Work with providers who allow you to confidently outsource the task of implementing and keeping the technology up-to-date with the evolving regulatory requirements. This would eliminate the cost of hiring and maintaining specialized staff to follow the regulatory changes and implement them.
3.3 How can we achieve compliance?
The answer to this is unique to each bank. The starting point to understand this should be with the bank’s business goals (see below under heading 5.1) and the strategy that flows from this.
The high-level strategic decision around open banking. Make the right decision here to set yourself up for success early on.
If the bank decides to take a wait-and-see approach with open banking it may be possible to opt for a low-cost black box solution for compliance. There are several proven providers on the market with solutions built on technologies like Node.js and offering SaaS-style implementations. In choosing these, it would be in the best interests of the banks to understand how these are set up to provide ongoing support to the regulations as they evolve. Importantly, considering the context of the rising importance of fintech firms and the trend towards consumer adoption of fintech (i.e., open banking) use cases among consumers in Saudi Arabia, it is also recommended to assess the ability of the supplier to support commercial projects beyond regulation. In the event the supplier lacks a roadmap to support these requirements, it is prudent to assess the cost of switching at a later stage and the sunk cost into that vendor’s solution in terms of fees paid and human capital invested in learning and working with that solution.
Where the bank takes a more progressive approach to open banking, looking to get ahead of regulations and establish both capabilities internally and relationships with fintech firms from the earliest stages, black box compliance solutions would not meet the criteria. Here, the bank would be better served by choosing a more flexible set of technologies that deliver API management, integration, identity and access management, and options to build or utilize data analytics and aggregation services. In doing so, opting for a vendor that is able to provide support in meeting compliance requirements is also necessary to meet the immediate need of the compliance and risk teams. See our answers to questions 3.1 and 3.2 above on how this can be met best.
3.4 How do I mitigate the security risks posed by open banking APIs?
At the heart of open banking is the opening of data to be shared with third parties. This sharing could take the form of millions of API calls coming from multiple channels and originating from millions of consumer devices. What is clear is that open banking opens the possibility of a vastly broadened attack plane for malicious actors. The immediate concerns of internal compliance and risk teams are certainly understandable from this point of view.
However, security and data privacy have been core concerns for lawmakers and open banking regulators and implementation agencies from the outset. From the earliest days of PSD2 to the latest iterations of mature standards like the Open Banking Standard in the UK, both technical designs and operational processes have been finetuned and further improved upon over tens of thousands of human hours by highly skilled teams of engineers.
Accordingly, while the OAuth 2.0 framework is the fundamental layer of security on top of the APIs exposed to the public, the OpenID Foundation published the Financial Grade API (FAPI) security profile specifically to address inherent shortcomings of OAuth 2.0 for financial services use cases. For example, the inability to address unauthorized access using stolen bearer token and bearer tokens generated from using leaked application credentials have been addressed.
This security profile has now emerged from the open banking ecosystem as a widely adopted industry standard. Added to this, you find open banking systems implementing security at both the application and the transport level, and adding layers of protection using encryption, fraud analysis and notification, grant types, access tokens and certificates around authentication of identity and authorisation of access to data. Sophisticated consent management flows and dashboards have also been incorporated into open banking standards backed both by technical processes and UX principles anchored in behavioral psychology to ensure consumers control access to their data with a high degree of understanding—which is key for good security practices.
As a result, today’s open banking APIs are some of the most secure enterprise use cases for APIs globally. More recent open banking initiatives, like those in Brazil, have opted to take learnings from these efforts rather than reinvent the wheel, and it is very likely regulators in Saudi Arabia will follow suit. Several open banking technology platforms provide compliance to standards, while select vendors offer additional security with sophisticated API security and identity access and management (IAM) products above and beyond the open banking standards themselves.
3.5 How do I overcome the challenges of my legacy core banking system to meet compliance and future needs around commercial open banking?
In an ideal world, banks can perform a complete overhaul of their existing technology stack and create a clean, digitized system that can also provide open banking compliance. However, in reality, this isn’t achievable due to costs and the demands on ongoing business.
Even when faced with severe constraints posed by legacy technology, the open banking compliance requirement can be achieved through a robust integration layer. First, you need to front the existing architecture (which usually follows the messy spaghetti pattern) with an integration layer. This layer allows you to expose all the required services to the open banking solution, which will, in turn, expose them as APIs with the required identity and access management (IAM) checks. Once this step is done, the regulatory hurdle is accomplished. See more details in 3.1 above.
This also provides a great opportunity to digitally transform the bank, piecemeal. The following are the key steps you could follow:
- Integrate internal systems and expose standard APIs and services for consumption.
- Centralized identity and access management to enforce strong security and to maintain a single identity for each user, giving you access not only to greater security, but also the ability to gain a 360 degree understanding of your consumers and serve them with more personalized services.
- “Learn and earn” with comprehensive data analytics and alerting capabilities.
By combining the architectures enabled by this approach, banks end up with an infrastructure that is lean, agile, and provides all stakeholders in the banking ecosystems with an optimal experience despite running on legacy core. Importantly, this approach also improves the extensibility and flexibility of your system architecture to support future compliance and commercial requirements as open banking and the banking industry as a whole evolves.
3.6 Are consumers ready to share data?
As described above, the perception that consumers in Saudi Arabia are not ready to adopt open banking is unwarranted. In fact, a recent survey found Saudi Arabia leads the region in fintech adoption by consumers for their banking needs. It was found 82% of respondents were willing to try fintech solutions. Of the remaining 18%, it was only 40%who were wary of fintech solutions due to security concerns. Looking at the data, age groups over 40 were less likely to adopt fintech, meaning much of the younger mobile-savvy target audience were open to these solutions, e.g., personal finance management, ecommerce payments, and alternative credit options. In many cases, these age groups were already actively using fintech solutions for their daily banking needs.
In this light, it is important for the core team tasked with open banking implementation to analyze the true market potential of open banking as a driver of commercial opportunities for the bank, and to incorporate these findings into the banks open banking strategy from the outset.
Read more about this under 2.2 above.
3.7 What are the use cases and what is right for us?
As covered earlier in this guide, the use cases for open banking are already becoming clear. Peer-to-peer money transfers, account aggregation, and automated investment advice have been popular in the region to date, with KSA being one of the highest adopters of account aggregation services in MENA. The government has been identified as a key partner in the region for building use cases, with the sector likely to drive significant adoption considering the active steps taken by government agencies to digitize services as a key aspect of building economic resilience beyond the oil industry. Here, KYC and identity become key areas to explore innovation. Looking for inspiration from further afield, small and medium enterprise (SME) financial management, payments, accountancy and tax services, cash flow management, and alternative lending have emerged as growth areas in the ecosystem in the UK. With these external consumer solutions, banks should build for internal users too. Solutions include better consumer insights for innovation and service delivery, process automation, and improved user experience.
Read more about this under 2.3 above.
3.8 How can we create a competitive advantage around open banking?
In regulated open banking ecosystems, all banks will eventually have the same mandated APIs. How can banks look to benefit more from this new ecosystem without being just another passive participant?
Doing the bare minimum means you are just like any other bank
More and more banks are looking to answer this question by embracing one of the central tenets of open banking—collaboration. Specifically, in mature open banking ecosystems, more and more banks are looking to collaborate much more deeply and proactively with fintechs. In the context of Saudi Arabia, with its modern banking system and established trends towards consumer adoption of fintech solutions, collaboration with fintech firms to create a competitive advantage should be a high priority.
Adopting an approach to get ahead of regulation and the market, sharing voluntary datasets over premium APIs for example, means you can deliver more consumer value partnered with the best fintech firms
Fintechs are recognized as possessing the consumer-centric and agile culture required to rapidly prototype and take to market innovative new solutions that deliver more personalized value for today’s growing base of digital-native consumers. As discussed earlier in this guide, there are several strategies and tactics proposed and talked about at length to help banks succeed in working with startups. These range from programs to instill an entrepreneurial agile culture within banks, building and engaging extensively with developer communities, building internal developer capacity, and providing the technology backbone to facilitate collaboration.
With the maturing of the open banking strategies adopted by banks, open banking models such as banking-as-a-service, banking as a platform, and banks operating as third-party providers have emerged. To fully appreciate how banks are embracing these options as a strategic priority, a survey of 300 global bankers conducted by the Economist Intelligence Unit in 2020 provides some interesting reading. Here, 45% of banks saw their business evolving into one where it “acts as a true digital ecosystem” (offering own and third-party banking and non-banking products and services to own customers as well as to other financial services organisations.) A further 30% saw their business model being adapted to one in which it maintains its own product offerings, while also becoming an aggregator of third-party banking and/or non-banking products (e.g., personal financial management [PFM] comparison websites.) Only 3% of banks foresaw no change as a result of the disruptive influence of open banking on the banking industry.
Choosing a model and building towards implementation must be recognised for the multi-stakeholder long-term project that it is, launched with alignment at all levels on the time and resource commitment, which could easily stretch beyond the 18-month mark. Acknowledging these realities places your bank in prime position to execute a strong open banking strategy.
Watch the webinar: https://wso2.com/library/webinars/monetize-your-open-banking-apis/
4.0 Lessons learnt from global deployments
Drawing from experience with open banking deployments in the EU, the UK, Australia, Bahrain, and Latin America, and observing the evolution of the open banking landscape since the launch of PSD2, our team has five insights for new entrants to the space.
4.1 Banks struggle with incumbent system
It is unlikely we would find an incumbent bank that doesn’t face the challenge of dealing with legacy technology. In a Tink industry survey, European bankers identified modernizing their IT systems as their single biggest open banking challenge.
As discussed earlier, deploying a strong integration solution in the bank’s tech stack provides a highly cost-effective option to build robust workarounds for monolithic systems to meet compliance while also setting up your infrastructure to be ready to evolve with the changing needs of regulatory and market-driven open banking needs.
4.2 Reuse what you have
Every open banking solution is unique to the bank’s tech stack and business needs. You don’t find a standard open banking reference architecture that you can merely plug and play to deliver a successful open banking capability. This arises both from the problem of legacy technology and the often prohibitive cost of ripping and replacing, but it also comes from the human element, where your engineering team has built a knowledge base and institutional capacity around a particular API management or IAM product, and would like to continue with to achieve open banking.
What flows from this is again a technology strategy that has at its core strong integration capabilities. With this, you would be able to study your existing tech stack against the needs of open banking and plug in the gaps integrating new components only as required. This must be done keeping in mind the future requirements of open banking both in terms of regulatory compliance, and the extensibility and agility needed to facilitate successful relationships with third-party fintechs.
4.3 Cultural change
One of the key themes of this guide is the importance of aligning culture with your open banking strategy. You may make the best suited strategic decisions with technology and product, but you would be bound to fail if the bank’s internal culture doesn’t facilitate open banking and digital transformation as a strategic investment instead of a cost centre. The failure to promote the mindset and skills to effectively collaborate with fintechs is also a commonly encountered gap in open banking projects. No matter the tools available, without addressing this culture and internal alignment issue proactively, would leave those tools unutilized.
This proves also one of the more intractable problems to address. While hackathons, training and skills development programmes do pay dividends, securing engagement across all relevant teams over a sustained period of time for those skills to become internalised requires commitment and resources. Our recommended approach is to empower select groups of employees to work in small high-impact teams that operate similar to startup teams to kickoff this cultural shift from within the bank—consumer-centric, independent teams following agile customer development practices and composed of subject matter experts who thrive in disruptive environments.
4.4 A compliance only mindset will deliver limited results
Limiting your open banking project to compliance only means you are making a decision to forego the benefits of engaging effectively with the ecosystem. This means focusing on building your homegrown service offering for consumers and opting not to aggregate and leverage the capabilities of external parties to boost the value you offer partners and end-consumers. This approach could, in fact, work for certain banks based on their unique business goals. However, considering the fintech-friendly market context, coupled with a high probability of consumer adoption of new simpler financial services, taking this restrictive approach would be difficult to justify for most banks in Saudi Arabia.
Being at the starting point of your open banking journey in Saudi Arabia gives you the luxury of carefully crafting a long-term open banking strategy while avoiding costly mistakes. These mistakes could include not only expensive turnaround projects involving technology and business process revamps, but also must factor in the lost opportunity of getting a head start in the ecosystem. Here, the main task for you is to carefully analyze market conditions, appreciate the role of open banking in creating a position of leadership for the bank in the emerging financial services space, and to build internal momentum with the right stakeholders.
Gathering the right fintechs, together with the right technology and services partners, is vital to your ability to implement this engagement strategy.
4.5 OB is actually a catalyst on your journey towards digital transformation
The objective of regulator-driven open banking is to foster a more collaborative mindset among incumbent banks to work with new entrants and deliver new consumer value. This can’t be achieved by merely ticking a compliance checkbox. With the technology suite and cultural shift open banking brings to the table, it can be a catalyst for broader digital transformation by enabling new revenue streams and channels for growth via collaboration and empowering internal teams to gather, build, and expose new niche services at scale.
In market-driven open banking initiatives, the objective of digital transformation is a given.
An open banking journey through compliance to digital transformation
When banks realize this important fact, it becomes easier to map out a long-term pathway to how the bank could leverage mandatory open banking standards, and build unique differentiated service offerings above the base regulatory open banking infrastructure. This gradual expansion of the bank’s open banking and digital transformation capabilities can be described as the bank’s open banking journey and involves multiple internal teams and external parties phasing into the project with each additional capability, feature, and partnership.
Understanding this process and setting your open banking technology and operational practices around iterative, orchestrated, and gradual growth would give you the best opportunity to secure the vast commercial opportunity that arises from the market conditions set out in section 2 above.
5.0 A checklist to kickstart your open banking journey—Asking yourself the right questions
Based on our experience in the “open banking” space starting from well before the PSD2 regulatory project, we have developed a methodology that helps banks build cohesive open banking initiatives tied to their business goals. Its objective is to help banks exploit the open banking opportunity at its optimal to achieve the bank’s unique business goals.
Covering all the bases - A framework for open banking strategists
This methodology is built around the five pillars that are key considerations in any open banking implementation, whether its a pure plug-and-play compliance project or a broad consumer-focused digital transformation project.
The step-by-step process below drives banks to start by bringing a clear understanding of the bank’s current business goals to the table when analyzing each pillar of their open banking strategy. You may adapt this process as best suits you, adding steps (e.g., security) or amending the order in which they are considered.
Align on which business goals of the bank
may be achieved through open banking
[✔] Which business goals can we best achieve through open banking?
The above image sets out an illustrative list of business goals that banks may choose from to pursue through open banking. Do you have key business goals from one of these areas? Or are your business goals more specific to targeting a key demographic or product segment for growth?
Map out a technology timeline and deployment plan that aligns with the tasks required to achieve those business goals
[✔] What technologies do we need to deploy?
[✔] What’s the optimum timeline for rolling each out?
Map out a strategy on standards that aligns with the tasks required to achieve those business goals
[✔] What is our strategy to achieve compliance?
[✔] Do we want to get ahead of compliance?
[✔] Do we want to publish voluntary/premium APIs over and above the standards?
Map out a programme for cross-functional alignment on how open banking helps achieve those business goals
[✔] Are our teams set up to make the most of digitization and collaboration?
[✔] How do we create sustainable alignment around our open banking and digital strategy across the bank from the board down?
Map out a fintech/external partner engagement plan that aligns with the tasks required to achieve those business goals
[✔] How do we choose the best partners?
[✔] How do we engage with them?
[✔] How do we ensure we enhance the core competencies of both parties during our collaboration?
Map out an innovation programme drawing from the technology, standards, culture and fintech/ external partner engagement programmes to explore solving consumer problems in a way that helps achieve those business goals
[✔] Which consumer problems should we solve?
[✔] How do we build solutions, take them to market and scale them efficiently?
WSO2 Open Banking
WSO2 Open Baning delivers comprehensive technology and strategic consultancy helping banks of all sizes execute standards-compliant, commercially successful open banking initiatives.
WSO2 provides technology to leading global banks, helping them to deliver more personalized consumer experiences and to meet the needs of modern business.
Our industry-leading technology can help you build future-proof systems to transform your business.
WSO2 API MANAGER named
in The Forrester WaveTM: API Management Solutions, Q3 2020
WSO2 IDENTITY SERVER named
An Overall Leader
in The KuppingerCole Leadership Compass: CIAM Platforms, 2020