Table of Contents
1. What is Open Banking?
For as long as we know, banks have maintained exclusive access to customer data. And while this data was shared with other service providers through piecemeal approaches, a system where external parties were able to access this data was unheard of. And with the oligopolies in financial services, there was no leeway for other financial service providers to enter the market and create innovative products, services, and experiences for customers.
In spite of the above, regions like Singapore have been opening up their APIs to other providers for a while. Open banking was formally made a regulation in 2017 for Europe and the UK. This required providers of banking services to open up their customer data to authorized third-party providers via APIs. As a result, an ecosystem of APIs is created with various third parties integrating with banks to reinvent financial services by using customer data.
The immediate perceptions of open banking were negative. Banks had concerns that their identity would be lost and they would be reduced to being a commodity. As more education around open banking was created, customers are seeing its advantages and banks are looking at it in a more positive light. Banks now view open banking as the best way to initiate their journey towards digital banking.
Since its inception, open banking is now on its way towards global adoption with countries like Australia, Hong Kong, and Mexico putting regulations in place and several others looking to adopt open banking even without regulation.
2. WSO2 Open Banking Solution: Purpose-Built for Compliance and More
WSO2 Open Banking helps align banking and/or regulatory needs with technology infrastructures and regulatory expertise to quickly satisfy open banking. It is designed such that banks in regulated and nonregulated regions can open up their APIs securely to third-party providers.
It has a componentized architecture that enables banks to choose and integrate specific technology components to meet unique open banking needs. And, since the WSO2 solution is built on a unified integration platform, it helps banks become integration agile for any future digital initiative beyond compliance.
Figure 2: WSO2 Open Banking Architecture
WSO2 Open Banking comprises of the following components:
- APIs to expose account and/or payment initiation: Depending on the regulatory or business requirement, WSO2 Open Banking provides READ/WRITE APIs to expose data/services to regulated third parties. These APIs adhere to the Open Banking UK and Berlin Group NEXTGen PSD2 specifications. They can also be customized to adhere to any specific requirements of a bank. The APIs also support common API security standards such as OAuth2/Certificate-based API authentication, XACML, SAML2, and OpenID Connect.
- Strong Customer Authentication (SCA): Security is a critical component of open banking hence extensive security measures should be in place. Any bank that implements open banking requires strong customer authentication mechanisms. Apart from the basic username and password authentication, WSO2 Open Banking enables multi-factor authentication capabilities for third parties via multiple authenticators such as SMS OTP, Email OTP, VASCO, FIDO, DUO and MePIN. These authenticators remain independent so that the breach of one does not compromise the others.
- Transaction Risk Analysis (TRA): Although SCA ensures maximum data security, it can hinder user experience especially when it is mandated for low-risk transactions. WSO2 Open Banking provides TRA capabilities that identify low-risk transactions through a rule-based system and exempts SCA for them.
- Consent management: This ensures that the third parties are provided access to customer data only when customer consent is given. The WSO2 Open Banking consent management module provides a portal that allows customers to manage and revoke consent if needed. This module also supports handling multiple consent types such as per transaction consent, consents for scheduled payments and consent over a long period of time for recurring payments.
- Third-party onboarding: Third parties are a critical part of the open banking ecosystem and a bank must ensure that they have positive experiences when consuming the bank’s APIs. WSO2 Open Banking ensures a thorough but user-friendly verification process for third-party accreditation. It also supports customizable workflows for onboarding and lifecycle management based on the bank’s preferred processes. The developer portal can be branded according to the bank’s branding guidelines and themes.
- Fraud detection: As more third parties start consuming your data, the risk of fraudulent activity increases significantly. The solution is equipped with fraud detection modules that can be customized out of the box or according to a set of predefined rules. It also provides customized dashboards with insights on API usage trends to proactively identify abnormal behavior and prevent fraudulent transactions.
- Integration with legacy banking systems: A fundamental part of a successful open banking implementation is how well it integrates with your existing IT infrastructure. WSO2 Open Banking comes with integration points to core banking systems, legacy and otherwise.
- Security incident detection and reporting: WSO2 Open Banking is capable of identifying incidents, e.g. unavailability of infrastructure, so that corrective measures can be taken effectively to reduce the damage. It can also effectively identify any possible data breaches and compromise and provide effective resolutions.
- Regulatory reporting: WSO2 Open Banking enables banks to comply with regulatory reporting requirements for open banking based on the API invocations, third-party provider adoption statistics and performance statistics of the open banking solution.
3. How to Excel at Open Banking and Beyond
It comes with no surprise that banks who take on open banking will come across some challenges while doing so. We recommend that banks follow 4 key steps to simplify and expedite the process of opening up their APIs
Understand the key requirements of an open banking
There are several aspects of an open banking regulation that banks need to understand. Adhering to API specifications and extending existing security capabilities to enable requirements like customer consent management are a few examples. When banks take on open banking without a regulation there is an even greater need to understand the bigger picture. Banks in non-regulated regions need to figure out open banking standards to use and best practices for implementation in order to meet their goals. The first step to a successful open banking implementation is making sure banks have a thorough understanding of all these requirements so they can prioritize and allocate resources accordingly.
Identify how to make the best fit between Open APIs and legacy
If there is one thing that is common to any bank, it’s the dependence on legacy systems and monolithic architectures for everyday business. Over the last few years, technologies such as API management, microservices, and integration have taken precedence in financial services forcing banks to evaluate how they can use these technologies. Any bank who has an open banking agenda should look at working with technology that doesn't require reinventing the wheel. An ideal situation would be where a bank can reuse some of the existing technology, add on the extra components they require and integrate seamlessly with the current core banking system.
Appreciate the changing role of technology
Open banking expects banks to broaden their vision for technology by looking at it beyond its traditional role of being a supporting function of a business. If you consider the open banking requirement, it needs many technology components to work together such as API management, integration, identity and access management (IAM), and analytics. These are the very building blocks that banks require to keep up with changing consumer requirements. Open banking, therefore, encourages all banks to re-analyze their technical debt and revamp their technology stacks to stay relevant and agile.
Map your open banking strategy to long term vision
Once the open banking requirement has been established, the journey towards understanding the bigger opportunity continues. Banks must decide how far they are willing to take open banking and how will it align with their larger digital vision. For example, while being digital-first is on any bank’s agenda, open banking is the best way to get a head start on digital banking initiatives. The questions banks must ask themselves is, does their vision complement the ecosystem that open banking creates? Do they foresee the benefits open banking can provide in the next 5-10 years? And if so how can they bring the two together?
4. The WSO2 Advantage for Open Banking
By choosing WSO2 Open Banking, your bank can enjoy more than a smooth implementation of Open APIs. Our subject-matter experts and technology ensure that the entire process, from the conversation with your account manager all the way to the deployment of the solution happens in alignment with your open banking vision. Here are a few reasons why you should choose WSO2 Open Banking.
A keen understanding of how to convince customers about open banking
Our implementation teams have worked on both regulated and non-regulated open banking engagements that have helped us identify how customers should perceive a bank’s open banking journey. We ensure that these experiences will help plan how you communicate open banking benefits to your customers.
5. Customers Who Trust WSO2 Open Banking
A Strategic Open Banking Partnership
|Problem||How/Why WSO2 is Used|
PSD2 compliance across multiple entities of Société Générale (SocGen)
A Customized Open Banking Solution
|Problem||How/Why WSO2 is Used|
PSD2 compliance ahead of the March 2019 deadline for a subsidiary of a CMA9 bank
A Digital Transformation Initiative Driven by Open Banking
|Problem||How/Why WSO2 is Used|
An open banking initiative to enable collaboration and data sharing in the financial services industry in Sri Lanka
For more details about our solutions or to discuss a specific requirement contact us.