WHITE PAPER
8/2019
WSO2 Open Banking
By Kushlani De Silva,
Associate Director - Marketing, WSO2
Table of Contents
1. What is Open Banking?
For as long as we know, banks have maintained exclusive access to customer data. And while this data was shared with other service providers through piecemeal approaches, a system where external parties were able to access this data was unheard of. And with the oligopolies in financial services, there was no leeway for other financial service providers to enter the market and create innovative products, services, and experiences for customers.
In spite of the above, regions like Singapore have been opening up their APIs to other providers for a while. Open banking was formally made a regulation in 2017 for Europe and the UK. This required providers of banking services to open up their customer data to authorized third-party providers via APIs. As a result, an ecosystem of APIs is created with various third parties integrating with banks to reinvent financial services by using customer data.
Figure 1
The immediate perceptions of open banking were negative. Banks had concerns that their identity would be lost and they would be reduced to being a commodity. As more education around open banking was created, customers are seeing its advantages and banks are looking at it in a more positive light. Banks now view open banking as the best way to initiate their journey towards digital banking.
Since its inception, open banking is now on its way towards global adoption with countries like Australia, Hong Kong, and Mexico putting regulations in place and several others looking to adopt open banking even without regulation.
2. WSO2 Open Banking Solution: Purpose-Built for Compliance and More
WSO2 Open Banking is purpose-built to align technology infrastructure and regulatory needs with domain expertise to fully satisfy technology requirements for open banking.
It has a componentized architecture that enables banks to choose and integrate specific technology components to meet unique open banking needs. And, since the WSO2 solution is built on a unified integration platform, it helps banks become integration agile for any future digital initiative beyond compliance.
Figure 2: WSO2 Open Banking Architecture
WSO2 Open Banking comprises of the following components:
- APIs to expose account and/or payment initiation: Depending on the regulatory or business requirement, WSO2 Open Banking provides READ/WRITE APIs to expose data/services to regulated third parties. These APIs adhere to the Open Banking UK and Berlin Group NEXTGen PSD2 specifications. They can also be customized to adhere to any specific requirements of a bank. The APIs also support common API security standards such as OAuth2/Certificate-based API authentication, XACML, SAML2, and OpenID Connect.
- Strong Customer Authentication (SCA): Security is a critical component of open banking hence extensive security measures should be in place. Any bank that implements open banking requires strong customer authentication mechanisms. Apart from the basic username and password authentication, WSO2 Open Banking enables multi-factor authentication capabilities for third parties via multiple authenticators such as SMS OTP, Email OTP, VASCO, FIDO, DUO and MePIN. These authenticators remain independent so that the breach of one does not compromise the others.
- Transaction Risk Analysis (TRA): Although SCA ensures maximum data security, it can hinder user experience especially when it is mandated for low-risk transactions. WSO2 Open Banking provides TRA capabilities that identify low-risk transactions through a rule-based system and exempts SCA for them.
- Consent management: This ensures that the third parties are provided access to customer data only when customer consent is given. The WSO2 Open Banking consent management module provides a portal that allows customers to manage and revoke consent if needed. This module also supports handling multiple consent types such as per transaction consent, consents for scheduled payments and consent over a long period of time for recurring payments.
- Third-party onboarding: Third parties are a critical part of the open banking ecosystem and a bank must ensure that they have positive experiences when consuming the bank’s APIs. WSO2 Open Banking ensures a thorough but user-friendly verification process for third-party accreditation. It also supports customizable workflows for onboarding and lifecycle management based on the bank’s preferred processes. The developer portal can be branded according to the bank’s branding guidelines and themes.
- Fraud detection: As more third parties start consuming your data, the risk of fraudulent activity increases significantly. The solution is equipped with fraud detection modules that can be customized out of the box or according to a set of predefined rules. It also provides customized dashboards with insights on API usage trends to proactively identify abnormal behavior and prevent fraudulent transactions.
- Integration with legacy banking systems: A fundamental part of a successful open banking implementation is how well it integrates with your existing IT infrastructure. WSO2 Open Banking comes with integration points to core banking systems, legacy and otherwise.
- Security incident detection and reporting: WSO2 Open Banking is capable of identifying incidents, e.g. unavailability of infrastructure, so that corrective measures can be taken effectively to reduce the damage. It can also effectively identify any possible data breaches and compromise and provide effective resolutions.
- Regulatory reporting: WSO2 Open Banking enables banks to comply with regulatory reporting requirements for open banking based on the API invocations, third-party provider adoption statistics and performance statistics of the open banking solution.
3. How to Excel at Open Banking and Beyond
It comes with no surprise that banks who take on open banking will come across some challenges while doing so. We recommend that banks follow 4 key steps to simplify and expedite the process of opening up their APIs
Understand the key requirements of an open banking
implementation
There are several aspects of an open banking regulation that
banks need to understand. Adhering to API specifications and extending existing security
capabilities to enable requirements like customer consent management are a few examples. When
banks take on open banking without a regulation there is an even greater need to understand the
bigger picture. Banks in non-regulated regions need to figure out open banking standards to use
and best practices for implementation in order to meet their goals. The first step to a
successful open banking implementation is making sure banks have a thorough understanding of
all these requirements so they can prioritize and allocate resources accordingly.
Identify how to make the best fit between Open APIs and legacy
systems
If there is one thing that is common to any bank, it’s the dependence
on legacy systems and monolithic architectures for everyday business. Over the last few years,
technologies such as API management, microservices, and integration have taken precedence in
financial services forcing banks to evaluate how they can use these technologies. Any bank who
has an open banking agenda should look at working with technology that doesn't require
reinventing the wheel. An ideal situation would be where a bank can reuse some of the existing
technology, add on the extra components they require and integrate seamlessly with the current
core banking system.
Appreciate the changing role of technology
Open
banking expects banks to broaden their vision for technology by looking at it beyond its
traditional role of being a supporting function of a business. If you consider the open banking
requirement, it needs many technology components to work together such as API management,
integration, identity and access management (IAM), and analytics. These are the very building
blocks that banks require to keep up with changing consumer requirements. Open banking,
therefore, encourages all banks to re-analyze their technical debt and revamp their technology
stacks to stay relevant and agile.
Map your open banking strategy to long term vision
Once
the open banking requirement has been established, the journey towards understanding the bigger
opportunity continues. Banks must decide how far they are willing to take open banking and how
will it align with their larger digital vision. For example, while being digital-first is on
any bank’s agenda, open banking is the best way to get a head start on digital banking
initiatives. The questions banks must ask themselves is, does their vision complement the
ecosystem that open banking creates? Do they foresee the benefits open banking can provide in
the next 5-10 years? And if so how can they bring the two together?
4. The WSO2 Advantage for Open Banking
By choosing WSO2 Open Banking, your bank can enjoy more than a smooth implementation of Open APIs. Our subject-matter experts and technology ensure that the entire process, from the conversation with your account manager all the way to the deployment of the solution happens in alignment with your open banking vision. Here are a few reasons why you should choose WSO2 Open Banking.
-
Reduces Outcome Risk
Built on top of renowned WSO2 products endorsed by global analysts and customers, which reduces outcome risk WSO2 Open Banking combines the strengths of WSO2 API Manager, Enterprise Integrator, IAM and Streaming Analytics which serve 600 global customers. Analysts like Forrester and Kuppingercole have ranked WSO2 as market leaders.
-
Provides Implementation Efficiency
Componentized solution architecture customizable to meet varying open banking needs means a more efficient implementation WSO2 Open Banking is built on a componentized architecture that adapts to suit the business needs of financial institutes of all types and sizes Adaptable to support regionally diverse open banking visions: Through a commitment to the global open banking movement Our work with customers in regulated and non-regulated regions supported by our working relationships with regulatory bodies help us understand how to create technology to suit various open banking priorities.
-
Faster Regulatory Response
A concentrated open banking effort results in faster response to changes in the open banking world A dedicated R&D team focuses on keeping the solution updated with the latest versions of Global API Standards such as the Open Banking UK API Standard, NextGen PSD2 API Standard and the Australian CDR. This team is involved in extensive research around upcoming API specifications, which are added to the solution roadmap to meet relevant timelines.Â
-
Extensible Technology for Long Term Partnership
A complete platform for technology that extends beyond open banking Backed by the WSO2 Integration Agile Platform, WSO2 Open Banking can scale open banking initiatives and the subsequent projects to API-first digital initiatives all within a single platform.
5. Customers Who Trust WSO2 Open Banking
A Strategic Open Banking Partnership
| Problem | How/Why WSO2 is Used |
|
PSD2 compliance across multiple entities of Société Générale (SocGen) |
|
A Customized Open Banking Solution
| Problem | How/Why WSO2 is Used |
|
PSD2 compliance ahead of the March 2019 deadline for a subsidiary of a CMA9 bank |
|
A Digital Transformation Initiative Driven by Open Banking
| Problem | How/Why WSO2 is Used |
|
An open banking initiative to enable collaboration and data sharing in the financial services industry in Sri Lanka |
|
About WSO2
WSO2 is the world’s #1 open source integration vendor, and a Leader in the Forrester Research API Management Wave Q4 2018 report. We help digitally driven organizations become integration agile; customers choose us for our integrated platform, our approach to open source, and our agile transformation methodology. Today, 100’s of leading brands and 1,000’s of global projects execute 5 trillion transactions annually using WSO2 integration technologies. Visit https://wso2.com to learn more.
For more details about our solutions or to discuss a specific requirement contact us.
