Open banking in Switzerland: APIs as a game-changer - Banking blog

6a01a73df2a4c2970d022ad395dc4a200c-800wi

Application programming interfaces (APIs) are the underlying infrastructure that forms the technological basis for open banking initiatives. In fact, the terms open banking and API banking are often used synonymously, which in such underlines the importance of open APIs. Open interfaces are neither new to the business world nor to incumbent banks. However, with the emergence of financial technology third parties, their innovative service offerings and recent regulatory push in certain regions towards accelerating innovation and competition, APIs have gained traction. Incumbent players in the financial ecosystem need to define their API approach; how they monitor relevant API standards is an imperative to stay competitive and innovative.

Use of APIs in the financial services industry

APIs define standardised methods of interactions that govern and execute data flows between different systems. Technology companies have long been using APIs as core part of their strategy to integrate third-party services into their own product portfolio and to make their own products available in ecosystems of other companies. A common example is Google Maps API, which is used in a vast number of applications including Uber.

Likewise, APIs provide financial institutions the possibility to integrate complementary products to their offering (e.g. a bank adding third-party money transfer services to their banking app) as well as to allow their services to be consumed in the ecosystems of other companies (e.g. mortgage provider offering applicants connecting to their bank account and sharing data within the online application process).

APIs are indeed an essential building block to capitalise on commercial opportunities offered by open banking.

Three possible API approaches for financial services firms

Open banking has highlighted the need for an API strategy focused on the exchange of data and services with external providers, whereas in the past, financial institutions have mostly used APIs to exchange data internally.

We see three main API approaches for financial services organisations, indicating diverse strategies firms are taking to grow open banking initiatives into alternative revenue streams.

API approach

Description

Acting as a supplier

What? Financial institution supplies own products via third-party platforms

How? Limited API investment, the focus is on integrating with APIs offered by third-party providers

Acting as a distributor

What? Financial institution offers products of third-party providers on its own platform

How? Greater API investment, the focus is on enabling third-party providers to efficiently integrate their products

Acting as a platform provider

What? In addition to the role of supplier and distributor, the financial institution acts as a platform provider for third parties to exchange data with other third parties

How? With significant API investment, the focus is on providing secure and scalable infrastructure for other market participants to offer their products

Current state of API standards in the context of open banking

Independent of the API approach that a financial institute choses, there is also the need to establish a common API standard. This allows all participants in an open banking ecosystem to exchange data in a harmonised way based on the same rules, with maximal interoperability and accessibility.

We are observing that in all regions, markets are developing in a similar direction: towards common API standards and platforms that offer API services to financial institutions. However, there are differences in terms of regulatory environment and commercial maturity. In some regions, standards are still being developed, and in others, implementation has only just started. Winning business models have yet to emerge, while significant commercial education, both on demand and supply side is still required.

What is the status in Switzerland?

It is fair to say that Switzerland has not been the frontrunner in the implementation of open banking initiatives, but the picture is changing.

The Swiss Fintech Innovations Association (SFTI) commissioned a working group comprising of most major financial institutions and financial software providers in the Swiss market to develop a common Swiss API standard. In September 2018, the group published a first draft of common API specifications for the business domains payments and accounts. The SFTI API standard emulates best practices from the Berlin Group, a pan-European initiative focusing on the standardisation of an API framework in the EU and EEA.

In parallel, SIX is leading a Swiss Corporate API initiative that is developing a common API platform aimed at providing secure and reliable infrastructure and reducing operating costs for financial institutions. First modules, account access and the submission of payment orders will be available by the second quarter of 2019.

The SFTI and Swiss Corporate API initiatives are working closely together, which is a good sign for a joint movement towards a common API infrastructure in the Swiss market to drive innovation in open banking.

EU and UK are further ahead

PSD2, in force since January 2018, mandates banks to provide APIs to allow third-party providers (TPPs) to access their data. With its NextGenPSD2 initiative, the Berlin Group presented the prospect of introducing one single API standard for Europe to reduce the complexity of the PSD2 access to accounts (XS2A) requirements. The draft version 1.0 is available since March 2018 and is based on the Regulatory Technical Standards (RTS), on customer authentication and secure communication under PSD2.

As for the UK, the API standard developed by the Open Banking Implementation Entity (OBIE) of the Competition and Markets Authority (CMA) has a broader functional scope compared to PSD2 in the EU, but it only applies to nine tier 1 private banks in the UK (the so-called CMA9). API standards for the retrieval of account information and the initiation of payments comparable to PSD2 are available since early 2018 with the latest version 3.0 published in September 2018. In general and compared to Switzerland and the EU, the UK market is further ahead in terms of the commercialisation of open banking use cases.

Other region are also progressing with APIs

The Hong Kong Monetary Authority (HKMA) published the Open API Framework for the Hong Kong Banking Sector in July 2018. The framework is based on prevailing international technical standards to ensure fast adoption and security. HKMA has decided for a phased approach to develop various open API functions, starting with product information function planned for January 2019, followed by customer acquisition, account information and transactions.

The Australian Competition and Consumer Commission (ACCC) has announced that by July 2019, all major banks will be required to make data on credit and debit card, deposit and transaction accounts available to customers.

In the United States, the US Treasury has urged market participants to adopt APIs, however no API standards have been agreed upon so far. Open banking is progressing as part of market evolution while regulatory role is less pronounced compared to EU and UK. Canada is mirroring the US approach in the sense that there is less regulation.

Regulators in Asia are predominantly taking a more organic approach, focusing on providing support and guidelines to market participants rather than putting in place implementation deadlines.

Road ahead

Initiatives on API standardization and design are clearly moving ahead both in Switzerland and globally, not only due to regulatory requirements but increasingly also due to customer expectations.

It is imperative for financial institutions to invest time now to consider different API approaches and their relation to open banking business models. In addition, they should closely monitor how the API standards relevant to them are developing over time.

The API economy comes with a fair share of challenges, the largest one being the impact on competitive positioning and cyber security. That said, we think that the Swiss market is well underway in proactively addressing these challenges and is well positioned to capitalise on the opportunities that the API economy brings.

 

Sergio icruz

Sergio Cruz - Partner, Banking Operations Lead

As partner in Deloitte Switzerland’s financial services practice, Sergio is a specialist in operational transformation. His areas of expertise lie in risk and regulatory-driven transformation as well as finance and trading transformation. With over 20 years’ experience in financial services, Sergio has led numerous large transformation projects in Switzerland and abroad. He advises global banks in Switzerland and the UK as well as private banks based in Switzerland. Sergio is a regular contributor to Deloitte’s Banking Blog and the media on topics ranging from regulatory trends (FIDLEG, IBOR etc.) to open banking.

 Email

Ch-blog-andreas-lentzsch

Andreas Lentzsch - Senior Manager, Strategy and Operations  practice

Andreas is a Senior Manager in Deloitte’s Strategy and Operations  practice, with over 10 years of experience in private banking, retail banking and insurance. He has led and supported numerous large transformation and implementation programmes on both business and IT side, with a special focus on business transformation, operating model transformation, product management and IT platform management. Andreas’ current specialism is the Revised Payment Services Directive (PSD2). He is co-founder of the Open Banking Working Group in Switzerland.

Email

Jasa

Jasa Andrensek - Consultant, Strategy and Operations  practice

Jasa is a Consultant in Deloitte’s Service Delivery Transformation practice, with 2 years of experience in consulting within the financial service industry.  Jasa is focusing on process optimization and data architecture of large system implementations. His previous work included large transformation projects in banking and insurance industry. He is a member of Open Banking working group in Deloitte.

Email

Comments

Verify your Comment

Previewing your Comment

This is only a preview. Your comment has not yet been posted.

Working...
Your comment could not be posted. Error type:
Your comment has been saved. Comments are moderated and will not appear until approved by the author. Post another comment

The letters and numbers you entered did not match the image. Please try again.

As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.

Having trouble reading this image? View an alternate.

Working...

Post a comment

Comments are moderated, and will not appear until the author has approved them.

Categories