1. What is Open Banking?
For as long as we know, banks have maintained exclusive access to customer data. And while this data
was shared with other service providers through piecemeal approaches, a system where external
parties were able to access this data was unheard of. And with the oligopolies in financial
services, there was no leeway for other financial service providers to enter the market and create
innovative products, services, and experiences for customers.
In spite of the above, financial institutions in countries like the US have been opening up their APIs to other providers
for a while. Open banking was formally made a regulation in 2017 for Europe and the UK. This
required providers of banking services to open up their customer data to authorized third-party
providers via APIs. As a result, an ecosystem of APIs is created with various third parties
integrating with banks to reinvent financial services by using customer data.
Figure 1
The immediate perceptions of open banking were negative. Banks had concerns that their identity
would be lost and they would be reduced to being a commodity. As more education around open banking
was created, customers are seeing its advantages and banks are looking at it in a more positive
light. Banks now view open banking as the best way to initiate their journey towards digital
banking.
Since its inception, open banking is now on its way towards global adoption with countries like
Australia, Hong Kong and Mexico having moved towards regulation and with banks in several
other countries looking to adopt open banking even without regulation.
2. WSO2 Open Banking Solution: Purpose-Built for Compliance and More
WSO2 Open Banking is purpose-built to align technology infrastructure and regulatory needs with domain expertise to fully satisfy technology requirements for open banking.
It has a componentized architecture that enables banks to choose and integrate specific technology
components to meet unique open banking needs. And, since the WSO2 solution is built on a unified
integration platform, it helps banks become integration agile for any future digital initiative
beyond compliance.
Figure 2: WSO2 Open Banking Architecture
WSO2 Open Banking comprises of the following components:
- APIs to expose account and/or payment initiation services:
Depending on the regulatory or business requirement, WSO2 Open Banking provides READ/WRITE APIs
to expose data/services to regulated third parties. These APIs adhere to the Open Banking Standard in the UK,
the Berlin Group NextGenPSD2 XS2A framework and the Australian Consumer Data Standards. They can also be customized to adhere to any
specific requirements of a bank. The APIs also support common API security standards such as
OAuth2/Certificate-based API authentication, FAPI, mTLS, SAML2, and OpenID Connect.
- Strong Customer Authentication (SCA): Security is a
critical component of open banking hence extensive security measures should be in place. Any
bank that implements open banking requires strong customer authentication mechanisms. Apart
from the basic username and password authentication, WSO2 Open Banking enables multi-factor
authentication capabilities for third parties via multiple authenticators such as SMS OTP,
Email OTP, VASCO, FIDO, DUO and MePIN. These authenticators remain independent so that the
breach of one does not compromise the others.
- Transaction Risk Analysis (TRA): Although SCA ensures
maximum data security, it can hinder user experience especially when it is mandated for
low-risk transactions. WSO2 Open Banking provides TRA capabilities that identify low-risk
transactions through a rule-based system and exempts SCA for them.
- Consent management: This ensures that the third parties
are provided access to customer data only when customer consent is given. The WSO2 Open Banking
consent management module provides a portal that allows customers to manage and revoke consent
if needed together with a portal for bank officers to perform those functions on behalf of customers upon request. This module also supports handling multiple consent types such as per transaction
consent, consents for scheduled payments and consent over a long period of time for recurring
payments.
- Third-party onboarding: Third parties are a critical
part of the open banking ecosystem and a bank must ensure that they have positive experiences
when consuming the bank’s APIs. WSO2 Open Banking ensures a thorough but user-friendly
verification process for third-party accreditation. The solution supports customizable workflows for
onboarding and lifecycle management based on the bank’s preferred processes. The developer
portal can be branded according to the bank’s branding guidelines and themes. Dynamic client registration is also supported in the onboarding process, meaning accreditation may be processed dynamically via an API doing away with the need for third parties to access the developer portal.
- Fraud detection: As more third parties start consuming
your data, the risk of fraudulent activity increases significantly. The solution is equipped
with fraud detection modules that can be customized out of the box or according to a set of
predefined rules. It also provides customized dashboards with insights on API usage trends to
proactively identify abnormal behavior and prevent fraudulent transactions.
- Integration with legacy banking systems: A fundamental
part of a successful open banking implementation is how well it integrates with your existing
IT infrastructure. WSO2 Open Banking comes with integration points to core banking systems,
legacy and otherwise.
- Security incident detection and reporting: WSO2 Open
Banking is capable of identifying incidents and issuing all alerts supported by WSO2 API Manager, so that
corrective measures can be taken effectively to reduce the damage done. It can also effectively
identify any possible data breaches and compromise and provide effective resolutions.
- Regulatory reporting: WSO2 Open Banking enables banks
to comply with regulatory reporting requirements for open banking based on the API invocations,
third-party provider adoption statistics and performance statistics of the open banking
solution.
- APIs to expose custom services beyond regulation: WSO2 Open Banking goes beyond enabling banks to deploy pre-configured APIs subject to the regulatory specifications alone. The solution allows banks to publish custom APIs and applications to explore the full potential of open APIs to connect with the external ecosystem and build new revenue channels, and to use API technology to streamline internal processes.
3. How to Excel at Open Banking and Beyond
It comes with no surprise that banks who take on open banking will come across some challenges
while doing so. We recommend that banks follow 4 key steps to simplify and expedite the process of
opening up their APIs
Understand the key requirements of an open banking
implementation
There are several aspects of an open banking regulation that
banks need to understand. Adhering to API specifications and extending existing security
capabilities to enable requirements like customer consent management are a few examples. When
banks take on open banking without a regulation there is an even greater need to understand the
bigger picture. Banks in non-regulated regions need to figure out open banking standards to use
and best practices for implementation in order to meet their goals. The first step to a
successful open banking implementation is making sure banks have a thorough understanding of
all these requirements so they can prioritize and allocate resources accordingly.
Identify how to make the best fit between Open APIs and legacy
systems
If there is one thing that is common to any bank, it’s the dependence
on legacy systems and monolithic architectures for everyday business. Over the last few years,
technologies such as API management, microservices, and integration have taken precedence in
financial services forcing banks to evaluate how they can use these technologies. Any bank who
has an open banking agenda should look at working with technology that doesn't require
reinventing the wheel. An ideal situation would be where a bank can reuse some of the existing
technology, add on the extra components they require and integrate seamlessly with the current
core banking system.
Appreciate the changing role of technology
Open
banking expects banks to broaden their vision for technology by looking at it beyond its
traditional role of being a supporting function of a business. If you consider the open banking
requirement, it needs many technology components to work together such as API management,
integration, identity and access management (IAM), and analytics. These are the very building
blocks that banks require to keep up with changing consumer requirements. Open banking,
therefore, encourages all banks to re-analyze their technical debt and revamp their technology
stacks to stay relevant and agile.
Map your open banking strategy to long term vision
Once
the open banking requirement has been established, the journey towards understanding the bigger
opportunity continues. Banks must decide how far they are willing to take open banking and how
will it align with their larger digital vision. For example, while being digital-first is on
any bank’s agenda, open banking is the best way to get a head start on digital banking
initiatives. The questions banks must ask themselves is, does their vision complement the
ecosystem that open banking creates? Do they foresee the benefits open banking can provide in
the next 5-10 years? And if so how can they bring the two together?
4. The WSO2 Advantage for Open Banking
By choosing WSO2 Open Banking, your bank can enjoy more than a smooth implementation of Open APIs.
Our subject-matter experts and technology ensure that the entire process, from the conversation
with your account manager all the way to the deployment of the solution happens in alignment with
your open banking vision. Here are a few reasons why you should choose WSO2 Open Banking.
-
Reduces Outcome Risk
Built on top of renowned WSO2 products endorsed by global analysts and customers, which reduces outcome risk
WSO2 Open Banking combines the strengths of WSO2 API Manager, Enterprise Integrator, IAM and Streaming Analytics which serve 600 global customers. Analysts like Forrester and Kuppingercole have ranked WSO2 as market leaders.
-
Provides Implementation Efficiency
Componentized solution architecture customizable to meet varying open banking needs means a more efficient implementation
WSO2 Open Banking is built on a componentized architecture that adapts to suit the business needs of financial institutes of all types and sizes.
-
Adaptable to support regionally diverse open banking visions
Through a commitment to the global open banking movement
Our work with customers in regulated and non-regulated regions supported by our working relationships with regulatory bodies help us understand how to create technology to suit various open banking priorities.
-
Faster Regulatory Response
A concentrated open banking effort results in faster response to changes in the open banking world
A dedicated R&D team focuses on keeping the solution updated with the latest versions of Global API Standards such as the Open Banking UK API Standard, NextGen PSD2 API Standard and the Australian CDR. This team is involved in extensive research around upcoming API specifications, which are added to the solution roadmap to meet relevant timelines.
-
Extensible Technology for Digital Banking Transformation
A complete platform for technology that extends beyond open banking compliance alone
Backed by the WSO2 Integration Platform, WSO2 Open Banking can scale open banking initiatives and subsequent projects to fully-fledged API-first digital transformation initiatives all within a single-vendor platform.
5. Customers Who Trust WSO2 Open Banking
A Strategic Open Banking Partnership
|
Problem
|
How/Why WSO2 is Used
|
|
PSD2 compliance across multiple entities of Société
Générale (SocGen)
|
-
WSO2 Open Banking is used for PSD2 compliance at Hanseatic Bank — a SocGen subsidiary in Germany and Komercni Bank — SocGen subsidiary in the Czech Republic,
- WSO2 was chosen as a strategic partner for open banking due to its fit with
the bank’s architecture principles, alignment of technology vision and its
team of technology and domain experts.
|
A Customized Open Banking Solution
|
Problem
|
How/Why WSO2 is Used
|
|
PSD2 compliance ahead of the March 2019 deadline for a subsidiary of a CMA9 bank
|
- WSO2 Open Banking integrated seamlessly with the banks core banking system
and performed customizations to create a native look and feel.
- WSO2 Open Banking was integrated with the existing consent management
system to provide comprehensive consent management for the bank.
|
A Digital Transformation Initiative Driven by Open Banking
|
Problem
|
How/Why WSO2 is Used
|
|
An open banking initiative to enable collaboration and
data sharing in the financial services industry in Sri Lanka
|
- The WSO2 platform provided a common API layer for all applications via WSO2
API Manager along with centralized IAM to manage customer identities.
- It enabled Nations Trust Bank to go live with this implementation during a
very short period of time and helped the bank to redefine its enterprise
technology architecture.
- WSO2 will continue to play a key role in the bank’s digital transformation
journey.
|
About WSO2
WSO2 is the world’s #1 open source integration vendor, and a Leader in the Forrester Research
API Management Wave Q4 2018 report. We help digitally driven organizations become integration
agile; customers choose us for our integrated platform, our approach to open source, and our
agile transformation methodology. Today, 100’s of leading brands and 1,000’s of global projects
execute 5 trillion transactions annually using WSO2 integration technologies. Visit
https://wso2.com to learn more.