White Paper



WSO2 Open Banking

By Kushlani De Silva,
Associate Director - Marketing, WSO2


1. What is Open Banking?

For as long as we know, banks have maintained exclusive access to customer data. And while this data was shared with other service providers through piecemeal approaches, a system where external parties were able to access this data was unheard of. And with the oligopolies in financial services, there was no leeway for other financial service providers to enter the market and create innovative products, services, and experiences for customers.

In spite of the above, financial institutions in countries like the US have been opening up their APIs to other providers for a while. Open banking was formally made a regulation in 2017 for Europe and the UK. This required providers of banking services to open up their customer data to authorized third-party providers via APIs. As a result, an ecosystem of APIs is created with various third parties integrating with banks to reinvent financial services by using customer data.

Open Banking what is open banking

Figure 1

The immediate perceptions of open banking were negative. Banks had concerns that their identity would be lost and they would be reduced to being a commodity. As more education around open banking was created, customers are seeing its advantages and banks are looking at it in a more positive light. Banks now view open banking as the best way to initiate their journey towards digital banking.

Since its inception, open banking is now on its way towards global adoption with countries like Australia, Hong Kong and Mexico having moved towards regulation and with banks in several other countries looking to adopt open banking even without regulation.

2. WSO2 Open Banking Solution: Purpose-Built for Compliance and More

WSO2 Open Banking is purpose-built to align technology infrastructure and regulatory needs with domain expertise to fully satisfy technology requirements for open banking.

It has a componentized architecture that enables banks to choose and integrate specific technology components to meet unique open banking needs. And, since the WSO2 solution is built on a unified integration platform, it helps banks become integration agile for any future digital initiative beyond compliance.

 Open Banking wso2 open banking architecture

Figure 2: WSO2 Open Banking Architecture

WSO2 Open Banking comprises of the following components:

  • APIs to expose account and/or payment initiation services: Depending on the regulatory or business requirement, WSO2 Open Banking provides READ/WRITE APIs to expose data/services to regulated third parties. These APIs adhere to the Open Banking Standard in the UK, the Berlin Group NextGenPSD2 XS2A framework and the Australian Consumer Data Standards. They can also be customized to adhere to any specific requirements of a bank. The APIs also support common API security standards such as OAuth2/Certificate-based API authentication, FAPI, mTLS, SAML2, and OpenID Connect.
  • Strong Customer Authentication (SCA): Security is a critical component of open banking hence extensive security measures should be in place. Any bank that implements open banking requires strong customer authentication mechanisms. Apart from the basic username and password authentication, WSO2 Open Banking enables multi-factor authentication capabilities for third parties via multiple authenticators such as SMS OTP, Email OTP, VASCO, FIDO, DUO and MePIN. These authenticators remain independent so that the breach of one does not compromise the others.
  • Transaction Risk Analysis (TRA): Although SCA ensures maximum data security, it can hinder user experience especially when it is mandated for low-risk transactions. WSO2 Open Banking provides TRA capabilities that identify low-risk transactions through a rule-based system and exempts SCA for them.
  • Consent management: This ensures that the third parties are provided access to customer data only when customer consent is given. The WSO2 Open Banking consent management module provides a portal that allows customers to manage and revoke consent if needed together with a portal for bank officers to perform those functions on behalf of customers upon request. This module also supports handling multiple consent types such as per transaction consent, consents for scheduled payments and consent over a long period of time for recurring payments.
  • Third-party onboarding: Third parties are a critical part of the open banking ecosystem and a bank must ensure that they have positive experiences when consuming the bank’s APIs. WSO2 Open Banking ensures a thorough but user-friendly verification process for third-party accreditation. The solution supports customizable workflows for onboarding and lifecycle management based on the bank’s preferred processes. The developer portal can be branded according to the bank’s branding guidelines and themes. Dynamic client registration is also supported in the onboarding process, meaning accreditation may be processed dynamically via an API doing away with the need for third parties to access the developer portal.
  • Fraud detection: As more third parties start consuming your data, the risk of fraudulent activity increases significantly. The solution is equipped with fraud detection modules that can be customized out of the box or according to a set of predefined rules. It also provides customized dashboards with insights on API usage trends to proactively identify abnormal behavior and prevent fraudulent transactions.
  • Integration with legacy banking systems: A fundamental part of a successful open banking implementation is how well it integrates with your existing IT infrastructure. WSO2 Open Banking comes with integration points to core banking systems, legacy and otherwise.
  • Security incident detection and reporting: WSO2 Open Banking is capable of identifying incidents and issuing all alerts supported by WSO2 API Manager, so that corrective measures can be taken effectively to reduce the damage done. It can also effectively identify any possible data breaches and compromise and provide effective resolutions.
  • Regulatory reporting: WSO2 Open Banking enables banks to comply with regulatory reporting requirements for open banking based on the API invocations, third-party provider adoption statistics and performance statistics of the open banking solution.
  • APIs to expose custom services beyond regulation: WSO2 Open Banking goes beyond enabling banks to deploy pre-configured APIs subject to the regulatory specifications alone. The solution allows banks to publish custom APIs and applications to explore the full potential of open APIs to connect with the external ecosystem and build new revenue channels, and to use API technology to streamline internal processes.

3. How to Excel at Open Banking and Beyond

It comes with no surprise that banks who take on open banking will come across some challenges while doing so. We recommend that banks follow 4 key steps to simplify and expedite the process of opening up their APIs

 Understand the key requirements of an open banking implementation

Understand the key requirements of an open banking implementation
There are several aspects of an open banking regulation that banks need to understand. Adhering to API specifications and extending existing security capabilities to enable requirements like customer consent management are a few examples. When banks take on open banking without a regulation there is an even greater need to understand the bigger picture. Banks in non-regulated regions need to figure out open banking standards to use and best practices for implementation in order to meet their goals. The first step to a successful open banking implementation is making sure banks have a thorough understanding of all these requirements so they can prioritize and allocate resources accordingly.

 Identify how to make the best fit between Open APIs and legacy systems

Identify how to make the best fit between Open APIs and legacy systems
If there is one thing that is common to any bank, it’s the dependence on legacy systems and monolithic architectures for everyday business. Over the last few years, technologies such as API management, microservices, and integration have taken precedence in financial services forcing banks to evaluate how they can use these technologies. Any bank who has an open banking agenda should look at working with technology that doesn't require reinventing the wheel. An ideal situation would be where a bank can reuse some of the existing technology, add on the extra components they require and integrate seamlessly with the current core banking system.

 Appreciate the changing role of technology

Appreciate the changing role of technology
Open banking expects banks to broaden their vision for technology by looking at it beyond its traditional role of being a supporting function of a business. If you consider the open banking requirement, it needs many technology components to work together such as API management, integration, identity and access management (IAM), and analytics. These are the very building blocks that banks require to keep up with changing consumer requirements. Open banking, therefore, encourages all banks to re-analyze their technical debt and revamp their technology stacks to stay relevant and agile.

 Map your open banking strategy to long term vision

Map your open banking strategy to long term vision
Once the open banking requirement has been established, the journey towards understanding the bigger opportunity continues. Banks must decide how far they are willing to take open banking and how will it align with their larger digital vision. For example, while being digital-first is on any bank’s agenda, open banking is the best way to get a head start on digital banking initiatives. The questions banks must ask themselves is, does their vision complement the ecosystem that open banking creates? Do they foresee the benefits open banking can provide in the next 5-10 years? And if so how can they bring the two together?

4. The WSO2 Advantage for Open Banking

By choosing WSO2 Open Banking, your bank can enjoy more than a smooth implementation of Open APIs. Our subject-matter experts and technology ensure that the entire process, from the conversation with your account manager all the way to the deployment of the solution happens in alignment with your open banking vision. Here are a few reasons why you should choose WSO2 Open Banking.

  • Reduces Outcome Risk

    Built on top of renowned WSO2 products endorsed by global analysts and customers, which reduces outcome risk

    WSO2 Open Banking combines the strengths of WSO2 API Manager, Enterprise Integrator, IAM and Streaming Analytics which serve 600 global customers. Analysts like Forrester and Kuppingercole have ranked WSO2 as market leaders.

  • Provides Implementation Efficiency

    Componentized solution architecture customizable to meet varying open banking needs means a more efficient implementation

    WSO2 Open Banking is built on a componentized architecture that adapts to suit the business needs of financial institutes of all types and sizes.

  • Adaptable to support regionally diverse open banking visions

    Through a commitment to the global open banking movement

    Our work with customers in regulated and non-regulated regions supported by our working relationships with regulatory bodies help us understand how to create technology to suit various open banking priorities.

  • Faster Regulatory Response

    A concentrated open banking effort results in faster response to changes in the open banking world

    A dedicated R&D team focuses on keeping the solution updated with the latest versions of Global API Standards such as the Open Banking UK API Standard, NextGen PSD2 API Standard and the Australian CDR. This team is involved in extensive research around upcoming API specifications, which are added to the solution roadmap to meet relevant timelines.

  • Extensible Technology for Digital Banking Transformation

    A complete platform for technology that extends beyond open banking compliance alone

    Backed by the WSO2 Integration Platform, WSO2 Open Banking can scale open banking initiatives and subsequent projects to fully-fledged API-first digital transformation initiatives all within a single-vendor platform.

5. Customers Who Trust WSO2 Open Banking

A Strategic Open Banking Partnership

A Strategic Open Banking Partnership

Problem How/Why WSO2 is Used

PSD2 compliance across multiple entities of Société Générale (SocGen)

  • WSO2 Open Banking is used for PSD2 compliance at Hanseatic Bank — a SocGen subsidiary in Germany and Komercni Bank — SocGen subsidiary in the Czech Republic,
  • WSO2 was chosen as a strategic partner for open banking due to its fit with the bank’s architecture principles, alignment of technology vision and its team of technology and domain experts.

A Customized Open Banking Solution

Problem How/Why WSO2 is Used

PSD2 compliance ahead of the March 2019 deadline for a subsidiary of a CMA9 bank

  • WSO2 Open Banking integrated seamlessly with the banks core banking system and performed customizations to create a native look and feel.
  • WSO2 Open Banking was integrated with the existing consent management system to provide comprehensive consent management for the bank.
A Digital Transformation Initiative Driven by Open Banking

A Digital Transformation Initiative Driven by Open Banking

Problem How/Why WSO2 is Used

An open banking initiative to enable collaboration and data sharing in the financial services industry in Sri Lanka

  • The WSO2 platform provided a common API layer for all applications via WSO2 API Manager along with centralized IAM to manage customer identities.
  • It enabled Nations Trust Bank to go live with this implementation during a very short period of time and helped the bank to redefine its enterprise technology architecture.
  • WSO2 will continue to play a key role in the bank’s digital transformation journey.

About WSO2

WSO2 is the world’s #1 open source integration vendor, and a Leader in the Forrester Research API Management Wave Q4 2018 report. We help digitally driven organizations become integration agile; customers choose us for our integrated platform, our approach to open source, and our agile transformation methodology. Today, 100’s of leading brands and 1,000’s of global projects execute 5 trillion transactions annually using WSO2 integration technologies. Visit https://wso2.com to learn more.

For more details about our solutions or to discuss a specific requirement


Interested in similar content?