Embed Size (px)
Citation preview
How Any Financial Institution Can Compete,Engage Consumers and Build a Successful Future
The Case for APIs in
RETAIL BANKING
The “application programming interface” (API) has
been a tool for technologists for decades, but
during the past few years the term also has
become a staple in the banking lexicon. Today, it’s
hard to have a conversation about financial prod-
ucts or services without invoking the API acronym.
But do financial institution executives, except
those dedicated to IT, understand what APIs are or
what APIs mean to their businesses—and why
they should care about this new approach to
service delivery?
This white paper explores the strategic business
implications of APIs in banking and is intended to
further non-technical decision makers’ under-
standing of the importance of APIs in delivering
competitive banking services and to launch a
serious discussion about the future of the financial
institution; specifically, how financial institutions
can address the relentless onslaught of competi-
tion for consumers’ business and loyalty, and
remain at the center of commerce.
TODAYit’s hard to have a
conversation about financial products or
services without invoking the
API acronym.
2
Sections:
Introduction
What’s an API?
APIs in Banking: Why?
Competitive Realities: The Status Quo Isn’t Viable
Use Cases for APIs in Retail Banking
Going into APIs with Eyes Wide Open
The Relationship between Core Processors and Specialty Fintech Providers
Wrap Up
Appendix A: Public, Private and Partner APIs
Appendix B: Questions for Your Core Processor and Potential Fintech Partners
Bibliography
Of Interest:
API Categories
APIs Are Everywhere
How APIs Can Help Financial Institutions Compete
The Challenges of Banking Today
Just PayPal Me!
The Digital Opportunity for Financial Institutions
Millennials: The Largest U.S. Generational Segment
How do you like to interact with your financial institution?
Projections of the U.S. Population by Age: 2015 to 2060
Sticky Relationships
Prediction: Top Banks Will Have API Platform by 2016
Are You Ready for an API Environment?
3 Great Questions
The Challenge of Legacy IT
Contents
For brevity, this white paper uses the term “customer” or “customers” to include credit union members.
3
Page
04
06
07
09
16
18
21
23
24
26
28
05
06
08
11
12
11
12
13
14
15
16
17
19
22
IntroductionFinancial institution executives are accustomed to
claims that this innovation or that will “revolution-
ize” banking. But the fact is, banking isn’t revolu-
tionary. It’s evolutionary, with incremental change
occurring over time, ultimately leading to an
inflection point—like the inflection point at which
retail financial services finds itself today as the
result of three game-changing evolutionary trends:
1. Consumer acceptance of self-service
banking. Led by digital and mobile banking,
self-service has redefined the role and importance
of branches—enabling smaller financial institutions
to compete effectively with larger financial institu-
tions with more extensive branch networks.
2. Proliferation of fintechs. Specialized
financial technology businesses (fintechs) are
creating a stream of innovative products and
platforms, enabling financial institutions of all sizes
to quickly and cost-effectively offer leading edge
services, including expanded self-service banking
functionality.
3. Nonbank competition. Nonbanks—such
as PayPal, Walmart, Venmo, Dwolla, Target, Moven,
Square Cash and other market disruptive fintechs—
are competing successfully with traditional financial
institutions for consumer business and loyalty,
especially among the coveted millennial demo-
graphic. Unencumbered by banking regulations,
nonbanks have developed a taste for providing niche
financial services, and their success encourages
additional nonbanks to look for a seat at the financial
services table.
On one side of the inflection point is the status quo;
that is, financial institutions ignoring the realities of
new competitors and a shrinking pool of consumers
who aren’t mobile-first digital natives, leading to an
erosion of business and profitability. On the other
side is a future that requires considerably more of
financial institutions in a business sense—for
example, defining clear strategies, taking greater
responsibility for product design, and being nimble
and responsive to opportunities and challenges—but
also presents a path to relevance, longevity and
prosperity.
For financial institutions committed to a successful path forward, APIs can be transformative in supporting best-in-breed products and services to maintain the loyalty of current custom-ers, attract new customers and go toe-to-toe with any competitor.
And, this is why—as an executive decision
maker—you need to know more about the role of
APIs.
Some fintechs are financial institution-centric, as described here, meaning they provide services to financial institutions but don’t compete with them. Other fintechs position themselves as financial institution disruptors and compete with traditional financial institutions. See the next bullet point on “Nonbank competition.”
4
1
1
1
API Categories
Broadly speaking, an API consists of two parts: the published standard (i.e., how to connect) and the operational component (i.e., the actual connection or hookup). Classifying an API as public (i.e., open), private (i.e., closed or restricted) or partner (i.e., hybrid) is determined by the access developers have to these two components.
Public/Open APIs: Published standard and access are open to all interested developers to encourage use of a business’s information assets in new and creative ways. For example: Facebook, Google and Twitter.
Private/Closed APIs: Published standard and access are restricted to approved internal or external entities. For exam-ple: Amazon, Seven and I Holding, and almost every business with a significant IT department.
Partner/Hybrid APIs: A hybrid of public and private APIs,
meaning access to published standard is open to developers, but the activities to launch an operational environment are restricted to businesses that have agreed to work together. For example: Payveris and Omron.
For more information on API Categories, see Appendix A.
5
What’s an API?API stands for application programming interface.
It’s a set of behind-the-scenes soware instruc-
tions and standards that enables computer
systems or soware components to communicate
(generally over the Internet) to easily share
information.
Kevin Stanton, API chapter manager at Sprout
Social, offers this description:
“An API is a precise specification written by provid-
ers of a service that programmers must follow
when using that service. It describes what functional-
ity is available, how it must be used and what format
it will accept as input or return as output.”
Lots of technical activity happens within the
API—handshakes, authentication, request manage-
ment, data exchange, session management and so
on—but, unless you’re a technologist, the specifics
don’t really matter. What matters is understanding
that APIs are the building blocks that make it
possible for organizations to share and consume
information assets in a controlled way.
APIs Are EverywhereIt’s hard to imagine businesses today without APIs. Companies that rely heavily on APIs include Google, YouTube, Salesforce.com, Amazon, Twitter, Facebook, Netflix and the list goes on. These companies might exist without APIs, but the products and services they offer would be far different, with far fewer users.
Even government is active in APIs. When, for example, you check the weather from your mobile phone, it’s likely that the app you use was created using an API published by the National Weather Service.
Here are more examples of government-published APIs used commercially to create apps:*
• The Federal Aviation Administration provides travel Websites and mobile appswith live airport status and delay information through its Airport Service API.• The Pillbox API from the National Library of Medicine powers third-party mash-ups that serve consumers who need to quickly identify an unknown pill.• The Sunlight Foundation’s Scout project consumes the Federal Register API toprovide alerts and notifications for formal government action.
Even if a financial institution hasn’t embraced APIs, it’s likely it is using them indirectly because vendors delivering certain features, such as online banking, bill payment and mobile remote date capture, are.
* http://18f.github.io/API-All-the-X/pages/introduction_to_APIs_in_government. 6
Sprout Social: “What Is an API, and Why Does It Matter?” by Michael Patterson, April 3, 2015, http://sproutsocial.com/insights/what-is-an-api/ .
2
2
Financial institutions, arguably among the most
regulated entities in the U.S., are fiduciary custodi-
ans of people’s money. Custodianship includes not
only consumers’ funds but also sensitive informa-
tion that, in the wrong hands, could undermine the
soundness and security of the banking system, and
breach customers’ privacy—both to devastating
effect. Financial institutions, cumulatively, spend
billions of dollars annually supporting layers of
regulatory compliance, technology and people to
protect their valuable information assets from
misuse by outsiders.
So, is the idea of banking APIs—which exist for the
purpose of sharing information—madness? Of
course not. Financial institutions have shared
information for years—with their processors,
payment card networks, and government agencies
and regulators. Financial institutions can’t be in
business without sharing.
But if sharing information is an accepted part of
banking, the key question is: “Why do today’s
financial institutions specifically need APIs to
facilitate this process?” The answer is no different
for financial institutions than any other contempo-
rary businesses—that is, because of consumers’
ever-increasing expectations of technology.
Today’s consumers expect technology to deliver (1)
applications and user experiences that are seam-
less, frictionless and integrated and (2) instant
access to any service they want (e.g., banking,
shopping, searches, news, social media), any time
they want, from any device they choose to use—but
most especially from their mobile devices.
Bluntly, consumers are now mobile, and they’ll
become increasingly mobile as millennials and
generations that follow hit their prime, replacing baby
boomers. If financial institutions are to be relevant to
millennials, there’s no choice but to embrace this
generation’s mobile-first sensibility to enable them to
engage and transact their banking business in the
ways they’re most comfortable.
That’s where APIs for banking come in. They enable
financial institutions to pull in functionality from a
variety of innovative third parties that specialize in
building consumer-facing applications and, in turn, to
provide their customers access to expanded
functionality through a single app—rather than a
Rube Goldberg combination of multiple screens or
apps. APIs are the invisible hand that supports
interconnectedness and immediate access, and
they’re what enable financial institutions to interact
with their customers on the customers’ own terms,
using any device or combination of devices.
In other words, APIs are the key to making it easier
and more convenient for customers and members to
do business with their financial institutions, neutraliz-
ing the competitive advantage of the category of
fintechs that operate to disrupt them and equalizing
the size advantages of traditional banking
competitors.
APIs in Banking: Why?
7
This white paper focuses on consumer use cases, but the benefit of APIs to financial institutions goes beyond retail financial services. APIs in banking also can be used to externalize banking services to businesses and business applications, e.g., connecting to accounting systems, or connecting the financial institution’s other internal systems—such as digital banking and lending applications—to its payment and money movement systems.
3
How APIs Can Help Financial Institutions Compete
Financial institutions have the flexibility to offer best-in-breed consumer services by incorporating the best solutions from the best providers into their product sets. APIs enable financial institutions to be more consumer-cen-tric by defining custom features and function-ality, and integrating different and diverse capabilities to create unique service sets that resonate with their customers.
Flexibility • Accepting standard solutions, likely with little flexibility. • Offering old-and-tired or second-rate consumer-facing services. • Requesting third parties or internal staff to build or customize services and queuing up for delivery.
Financial institutions determine and control the all-important customer interface and experience, highlighting their brand identity, differentiating their service, building customer loyalty and minimizing friction.
Control • Relying on third parties to determine customization options and to define the best experience for financial institution customers. • Delegating decisions about consumer-facing applications to third parties. • Possibly relegating the financial institution brand to a subsidiary position.
Financial institutions easily provide or access information through an API-enabled common interface, which means (1) consistent customer experience across devices and services, (2) financial institutions’ brands aren’t sacrificed to competing brands and (3) financial institutions control functionality, delivered across a single platform.
Consistency • Offering consumers siloed and non-interoper-able products. • Ceding control of the customer experience, resulting in different user interfaces across products and, likely, inconsistent branding. • Offering inconsistent customer experiences based on device or channel.
APIs are quick and cost-effective for building new banking capabilities in response to consumer demand, technology advances and competitive needs because the entire processing “engine” doesn’t have to be reconfigured to accommodate change.
Speed to
innovate
• Missing opportunities as consumer behav-ior/needs, markets and competitors shi. • Incurring significant cost to modify legacy systems.
APIs are a tool to future proof IT investment because they’re information gateways between computers/soware—not the business soware. Financial institutions can adapt to future “knowns” and even future unknowns because APIs are not service-, device- or process-specific.
Extensibility • Reinventing the wheel each time a new device, service or process is introduced. • Missing opportunities as consumer behav-ior/needs, markets and competitors shi. • Incurring significant costs to change legacy systems.
API Benefits API Environment Status Quo Environment
8
Comparing the competitive environment of just 20 years ago to
today highlights why maintaining the status quo in retail banking
isn’t a viable option.
In the mid-1990s financial institutions slugged it out with each
other for consumer business largely based on (1) the size and
distribution of their branch networks and (2) their ability to
leverage technology to serve consumers (e.g., ATMs, debit cards
and, maybe, telephone or early stage “computer” banking). Large
financial institutions, which weren’t nearly as large as they are
today , generally had the advantage of larger branch networks and
typically, were farther along the technology curve. Smaller financial
institutions compensated for their location and tech disadvantages
with high-touch service, and attractive pricing and interest rates.
In this environment, innovation was incremental. Because there
was little downside to not being first to market, financial institu-
tions could wait years (literally) before committing to a course of
action. In addition, consumers weren’t pressuring financial institu-
tions to innovate. How many remember that it took a good 15
years for ATMs to generate significant volumes, and PIN- and
signature-based debit cards took almost two decades to catch on?
Achieving success was always elusively “around the corner.”
Today, financial institutions are competing with each other and
with a proliferation of largely unregulated nonbanks that are
technologically savvy, have brand culture relationships with their
customers and are unencumbered by legacy banking systems,
including brick-and-mortar branches. These nonbanks have no
intention of replicating financial institutions; they pick financial
services niches where they see opportunity and profit, and
relegate financial institutions to a utility role. As the utility, financial
institutions are involved in the least consumer-facing part of the
transaction—forfeiting their brand identity, ownership of the
customer relationship, the ability to generate fees and/or the
opportunity to generate customer loyalty.
Competitive Realities: The Status Quo Isn’t Viable
9
Nationwide interstate banking wasn’t legal until almost the end of the 1990s, although some banks had a multi-state presence through grandfathering, enabling state laws or awkward bank holding company arrangements. https://www.stlouisfed.org/publications/regional-economist/ju-ly-1994/going-interstate-a-new-dawn-for-us-banking.
4
4
Competitive Realities:
And, in today’s environment, innovation comes fast.
With a technology-enabled population (half of the
U.S. adult population now banks using smartphones
and tablets ) and agile nonbank competitors eager
to complement their core businesses with financial
services, financial institutions don’t have years to
contemplate innovation or the luxury to be compla-
cent, because continuing to offer services that are
old and tired or second rate is the equivalent of
being connected to life support.
The competitive reality is any financial institution
that wants to carry its success forward must be on
its “A” game. This means providing best-in-breed
services that address their customers’ needs,
enable customers to transact the way they want,
solve customers’ pain points and offer a customer
experience that meets or exceeds those from other
financial institutions and tech savvy nonbanks.
To bring home the point: Branches may have an
important role in overall retail banking strategy, but
if branches are a financial institution’s main compet-
itive defense for its retail business, that financial
institution isn’t seeing the future clearly. The
landscape has shied from brick and mortar to
digital. And, a financial institution’s digital services
had better meet the highest expectations of younger
consumers—those digital natives who won’t think
twice about taking their business elsewhere if they
experience friction in their banking relationship.
The good news is that there is good news:
• First, the same technology that enables fintechs to
compete in financial services is available to financial
institutions. This technology also levels the playing
field for large and small financial institutions by
reducing the importance of branch networks. And
now, this technology generally can be acquired at a
reasonable cost.
• Second, millennials don’t have to be a mystery.
They’re open to doing business with financial
institutions—provided they have reasons to do so.
10
Javelin: “Top Banks Meet Customer Expectations for Mobile Banking” by Nancy Ozawa, May 19, 2016.5
5
11
The Challenges of Banking Today
“The financial services industry faces a host of challenges, including changing customer preference driven by a shi to digital; increas-ing presence from agile competitors using disruptive business models ... and from the technology industry; ... stiffer regulatory requirements; rising branch costs; and margin pressures due to human-intensive processes.” *
API-based solutions can address five of these six challenges.
* Cisco 2016: “Where to Begin Your Journey to
Digital Value in the Private Sector” by Joel
Barbier, Amitabh Dixit, Robert Moriarty, Chet
Namboodri, Kathy O’Connell, Michael Riege.
The Digital Opportunity for Financial Institutions
“Cisco Consulting Services calculated the upside for a typical bank that becomes as digitized as its customers a 5.6 percent bottom-line increase. For a financial institu-tion with $10 billion in annual revenue, this represents a $392 million annual profit oppor-tunity. That is, if competitors—some from outside the traditional realm of bank-ing—don’t fill the void first.”
“Reimagining the Digital Bank: How U.S.
Banks Can Transform Customer Interactions
to Increase Profitability” by Joseph Bradley,
Jeff Loucks, Paul Jameson, Kathy O’Connell
and Joel Barbier, page 2.
Case in point for nonbanks picking niches to provide financial services is PayPal’s instant transfer service.
The consumer enrolls with PayPal and provides banking account credentials and a backup debit or credit card. When the consumer wants to send money—to, say, a child or friend—he logs into PayPal, enters the email address for the recipient (who also must have a PayPal account) and amount to be sent, and clicks the Send Money tab. Done!
From the consumer’s perspective, PayPal has provided the valued service, although the financial institution is the entity holding the funds, meeting regulatory obligations, execut-ing the funds transfer and, of course, han-dling settlement and reconcilement.
The financial institution does the heavy liing, and PayPal gets credit for providing a terrific P2P service that addresses a major consumer pain point—sending money instantly and at no cost to the payor.
Millennials get a crazy amount of attention because they’re the largest and most educat-ed demographic segment in the U.S. and they’re coming of age.
Currently, millennials, which account for about 27 percent of the U.S. population, outnumber baby boomers by about 13 million. And millennials will represent more than one-quar-ter of the U.S. population through 2040, at which point baby boomers will be just 10 percent of the population.
The future success of all businesses will depend on their ability to capture millennial market share.
See “Projections of the U.S. Population by Age:
2015 to 2060” on page 14.
Just PayPal Me! Millennials: The Largest U.S. Generational Segment
12
Those Confounding MillennialsMillennials are a conundrum for parents, marketers,
financial institutions—everyone trying to figure out
those born between (approximately) 1981 to 2000.
But don’t write them off as current and future
banking customers.
Yes, they’re glued to their mobile phones (the
average millennial checks 43 times a day) and
addicted to tech (30 percent use four or more
devices daily), and they live on social media (90
percent are on Facebook) and are passionately
loyal to brands that speak to their generation. No,
they’re not like their parents: They don’t want a
house in the suburbs, two cars in the garage and to
own stuff. And, they don’t give hoot about the
“safety and security” of having their money in
financial institutions. They trust PayPal, Google,
Facebook and others just as much as financial
institutions—if not more.
But, here’s the key that’s oen overlooked. Millennials
don’t necessarily dislike or discriminate against
financial institutions; they’re just far more likely to
use services that are relevant to their activities—re-
gardless of provider—and to mix and match services
among providers. Higher income millennials, in
particular, are more likely to combine traditional
banking accounts with services from nonbanks.
They’re indiscriminate convenience seekers and
friction avoiders, and their financial services business
goes to the entity that provides the best services
and experiences according to their criteria.
How do you like to interact with your financial institution?
Based on a study conducted by Forrester, asking more than 3,000 consumers how they choose a bank, July 2015.
Source: timetrade: “The State of Banking: How Consumers Interact with their Bank” by Sarah Wallace.
In Person at the Branch 52% 48% 54% 68%
On my Smartphone(Mobile Banking Application)
65% 75% 53% 27%
ATM 58% 57% 55% 44%
By Phone 22% 27% 29% 26%
Online Banking(Desktop or Tablet)
54% 73% 70% 69%
GenZ Millenials GenX Baby Boomer
13
Ad Week: “Here Is Everything You Need to Know about the Millennial Consumer” by Melissa Hoffmann, Aug. 13, 2014. “The openness to new and alternative financial services among young adults does not appear to be associated with a rejection of more traditional bank products. Rather, young adults seem to be combining the traditional and the new, the mainstream and the alternative. Using findings from the Consumer Payments Monitor along with those from secondary research, we discover that young adults’ use of mainstream banking services is not dramatically different from that of older consumers. Where Millennials’ consumption of financial services differs is in the way they are complementing conventional choices with new or different product, provider, and channel options.” The Federal Reserve Bank of Philadelphia, Payment Cards Center: “Millennials with Money Revisited: Updates from the 2014 Consumer Payments Monitor” by Susan Herbst-Mur-phy, Federal Reserve Bank of Philadelphia, and Greg Weed, Phoenix Marketing International, December 2015, page 11.
6
6
7
7
Projections of the U.S. Population by Age: 2015 to 2060
And for millennials, mobile banking is table stakes.
According to Michael Carter, formerly of D3 Banking,
94 percent of millennials are active online banking
users, 72 percent are mobile banking users and 39
percent would consider using a digital, branchless
bank. Looking at millennials’ preference for
interacting with their financial institutions tells a
similar story—interacting via smartphone is their
top preference, with online banking (meaning via
desktop or tablet in this study) a close second. (See
“How do you like to interact with your financial
institution?” on the prior page.)
The millennials are here and the only way to capture
their business is by giving them great digital experi-
ences through their mobile phones and the Web.
(Numbers in Thousands)
This table is based on data provided from the U.S. Census Bureau: http://www.census.gov/population/projections/data/national/
2014/summarytables.html. The “As a % of Total U.S. Population” was computed based on these data.
321,363333,896346,407358,471369,662380,016389,934399,803409,873420,268
74,74171,26366,47259,80750,74039,38126,98715,686
7,2382,445
23.321.319.216.713.710.4
6.93.91.80.6
87,96491,00993,43094,96795,71295,80995,29994,13392,04788,524
27.427.327.026.525.925.224.423.522.521.1
2015202020252030203520402045205020552060
Year Total U.S. Population
Baby Boomers(B 1946-1964)
% of Total U.S. Population
Millennials(B ~ 1981-2000)*
% of Total U.S. Population
14
William Mills Agency. “2016: A collection of research, observations and articles regarding technology solutions …” Quoting Michael Carter, page 20.
8
8
“In the U.S., customers who use a bank’s mobile channel frequently are 40 percent less likely to switch to another bank as customers who use mobile rarely. Conversely, customers who use branches frequently are almost three times more likely to switch banks as customers who rarely use branches.”
Sticky Relationships
15
Bain Report: “Customer Behavior and Loyalty in Retail Banking”
Nov. 18, 2015.
Use Cases for APIs in Retail Banking
This section highlights several API use cases to provide concrete examples of APIs supporting retail banking
functionality. These examples aren’t a comprehensive list of API use cases; they’re launching points to begin
thinking further about how APIs can be used to facilitate financial institutions’ products, services and process-
es. The point is, the flexibility of APIs offers financial institutions an opportunity they haven’t had before—to
think big and without constraints because APIs make possible what formerly was impossible.
APIs are the foundation of smartphone applications and service-driven Websites because they enable apps to pull in features and functionality from multiple sources and control the consumer experience as if it’s a single application.
By automatically transferring loan application informa-tion, APIs can eliminate the manual component of data reentry (saving time and reducing keystroke errors).
Financial institutions are uniquely positioned to satisfy most consumers’ money movement needs, including bill pay, person-to-person payments and account-to-ac-count transfers. Biller-direct sites typically can meet only one of these three needs, and most niche fintechs also don’t provide one-stop-shopping. As consumers increasingly gravitate to low-friction digital experiences, financial institutions can use APIs to create secure, compelling and comprehensive money movement experiences.
DIGITAL & MOBILE BANKING
1LOAN APPLICATION
2
APIs transform the smartphone into a tool that grows deposits and helps keep the financial institution central to satisfying consumers’ money movement needs.
REMOTE MOBILE DEPOSIT CAPTURE AND PHOTO BILL PAY
4BILL PAY, P2P AND A2A
3
“According to Gartner, by 2016, 75 percent of the top 50 global banks will have launched an
API platform and 25 percent will have launched a customer-facing App store.”
https://openbankproject.com/for-banks/
Prediction: Top Banks Will Have API Platform by 2016
16
Once a financial institution decides to take control of its user experience and deliver a set of digital services that is differentiated and tailored to its current user base and broader target market, it should consider two key impacts to enter the API environ-ment with eyes wide open:
1. Expanding Third-Party Risk Manage-ment. Once you’ve committed to a “build/partner” rather than a “buy” approach, you’ll likely do business with select third-party vendors/partners, which may require you to expand your third-par-ty risk management coverage.
To ensure this expansion goes smoothly, it’s important to work closely (and early) with your compliance team to ensure it understands the benefits and the require-ments associated with the API approach and to provide the team time to adjust compliance processes, if necessary, including reexamining third-party risk management policies and procedures, and preparing for the increase in vendors. 2. “Designing” Your Consumer-Facing Services. If a third party has provided
your consumer-facing services, your ability to choose the services you offer, what those services look like and how and when you offer them may have been limited. You offered what the third party offered and customized those services within fairly narrow parameters.
With APIs, that’s all changed. You now can be creative without restraint, because—like-ly for the first time—you’re making strate-gic design decisions and integrating the most compelling consumer-facing solutions from nimble, creative, best-in-breed provid-ers. Now it’s up to you to assemble a unique service suite to delight your custom-ers and make your financial institution stand out among competitors.
Through APIs, you’re in the driver’s seat in terms of imagining your service set and creating the specifications to deliver on your vision. This effort is more demanding than choosing services and customization options from a checklist, and it requires an enterprise commitment and business discipline.
Are You Ready for an API Environment?
17
Going into APIs with Eyes Wide Open
The key question many non-technologists, particu-
larly those in banking, ask about APIs is: “Are they
secure?” The concern stems, legitimately, from
bankers’ fiduciary relationships with customers, as
well as issues such as protecting data against
breaches and safeguarding customer privacy, and
the heavy consequences—reputational, financial
and regulatory—for failure to do so.
The frequent use of the word “open” in conjunction
with APIs may contribute to the false perception
that APIs are insecure, because the word, perhaps,
implies that APIs enable anyone with a computer to
access a financial institution’s information. But,
“open” isn’t synonymous with insecure, and APIs
involving U.S. financial institutions generally fall in
the “partner/hybrid” category (See Appendix A).
They’re “open” in the sense that the API specs are
published and available for use by third parties, but
“closed” in the sense that those third parties are
businesses with which the financial institution has
made specific, most likely contractual, arrange-
ments; therefore, the financial institution controls
who has access to its information as well as the
information that is available to share.
Andres Wolberg-Stok, global head of emerging
platforms and services at Citi, describes access to
financial institution information through APIs like
this:
“It’s not like letting someone connect to the bank’s
systems. These APIs are like soda straws—they
provide very narrow, well delimited access to certain
data points that you can use and you control. You
decide who gets to use these APIs. No one is forcing
you to expose anything to an API that you don’t want
to expose … It’s up to you as a bank where you put
the barrier.”
So, the honest answer is: Exposing any part of a
financial institution’s data to a third party includes an
element of risk. But, APIs are as secure as—and,
perhaps, even more secure than—other methods of
sharing information, provided appropriate and
customary safeguards are in place. Those safeguards
are the same ones financial institutions employ now
in the course of sharing information as a normal part
of day-to-day business operations (e.g., authenticat-
ing user, system/application, IP address, secure
tokens and data encryption).
The key difference is, in an API environment, financial
institutions may be doing business with additional
third parties, so there are potentially more vendors to
manager—making a solid third-party vendor
management process (for initial and ongoing evalua-
tion) a larger function and an even greater priority.
18
American Banker: “Fintech Glasnost—Why U.S. Banks Are Opening Up APIs to Outsiders” by Penny Crossman, July 8, 2015.9
9
3 Great Questions
Because core processors are great at what they do—core processing. And the larger and more diverse these
providers have become, the more they find themselves navigating a complex set of goals that may slow their
ability to respond to fluid market demands. And, specialty fintech firms are great at what they do—responding
agilely to changing preferences, market conditions and opportunities.
Specialized fintech providers, as standalone companies focused on one product niche or set, are likely to offer
richer functionality and capabilities—with an emphasis on development and innovation—because their niche or
set is where they put 100 percent of their focus and investment. Legacy players oen find themselves invest-
ing heavily in their legacy systems and architecture, which may put them at a disadvantage to fintech competi-
tors built on APIs from the ground up.
It’s important to ask those you’re considering doing business with tough and smart questions to understand
how the differences in the way they address consumer-facing services may affect your ability to compete,
differentiate your services and serve your customers.
“Why should my financial institution use a specialty fintech pro-vider if our core processor offers the same service?”
One vendor/one point of contact to resolve all vendor processing problems is a compelling argument some
vendors use to try to capture 100 percent of clients’ business. What you must consider are whether (1) the
convenience is worth, possibly, subordinating your consumer-facing service strategy to the vision and priorities
of your core processor and (2) whether your strategies, goals and approaches will continue to align over the
course of a multi-year contract.
Also consider that specialty fintechs’ systems are likely to be architected to be API-first from the ground up. In
addition to greater flexibility, efficiency and scalability, these systems are built for uptime because they run
concurrently across multiple data centers.
Whatever the outcome—whether you’re all-in with your core processor or your core processor supports your
fintech partners—have a contractual arrangement and action plan in place to address when “something goes
wrong.”
“But, isn’t it better to have ‘one throat to choke’ when there are problems—as there always are?”
19
Most core processors make their money from core processing, and their #1 goal is to keep your core processing
relationship. If you’re a big fish because of your core processing relationship, you’ll continue to be a big
fish—even if you combine your core processor’s strengths with the strengths of others to support your
consumer-facing services.
One more thought: Your business objective isn’t avoiding ruffling your core processor’s feathers; it’s making the
best choices for your financial institution and your customers. The best core processors want the best for
you—even if it means working with other vendors to deliver ancillary services—because your success and
longevity are vital to their long-term success, too.
“If my financial institution spreads around its business, do we diminish our ‘big fish’ status?”
20
The Relationship between Core Processors and Specialty Fintech Providers
Core processors support financial institutions’
back-office operations—including processing and
clearing checks, and running standard banking,
accounting and cash management platforms.
Except for financial institutions that handle these
functions in-house, every financial institution needs
a core processor. Specialty fintech providers aren’t a
replacement for core processors but a resource that
coexists with core processors to deliver API-en-
abled innovative, consumer-facing products to
financial institutions.
With the absolute certainty that today’s financial
institutions need best-in-breed services to succeed
in this hyper-competitive marketplace, financial
institutions must identify the best providers with
the best products to create customer services
portfolios that align with their corporate strategies
and address the needs of their current and target
customers. Compromising the quality of consum-
er-facing services is a sure road to a painful,
incremental decline—but one that is addressable by
combining the strengths of core processors and
agile fintechs.
But how open are core processors to working with
these fintechs on your behalf?
The answer: Some are more receptive than others.
The most client-focused view their role as facilita-
tors of what financial institutions need and want to
achieve success. These core processors create
standard APIs and empower financial institutions to
make choices regarding which fintechs and others
may connect. (Note: The core processor may charge
an upfront fee and/or a transaction fees for providing
access.) Unfortunately, however, there are still some
core processors that are less receptive to working
with others, creating an environment that constrains
financial institutions from innovating rapidly and
responsively.
It’s important to understand your core processor’s
position on working with others to deliver the
consumer-facing services of your choice. And,
depending on where you are in your relationship with
a core processor, you might consider these
approaches:
New relationship. If you’re evaluating new core
processors, be sure to explore this question during
due diligence. And, when you proceed to contract,
include appropriate terms in your agreement reflect-
ing your understanding.
Even if you’re satisfied with the ancillary services the
core processor has available today and even if you
have no present intention of using a third party, it’s
prudent to build the contingency into your agree-
ment. Without it you’re counting on the core proces-
sor to support all your consumer-facing service
requirements for the term of the contract. With the
pace of innovation, it’s impossible to know what’s
around the corner in terms of devices, services or
competition, so build in this contingency when you
have the most leverage—before you sign.
21
Renewing relationship. The above advice also
applies if you’re renewing your core processor
agreement.
Ongoing relationships. If your core processor is
closed to working with third parties, you may be
stuck for the remaining term of your agreement. If
you have no option other than to remain with your
current core processor, work constructively with its
staff to get as close to the service features and
functionality you want to provide. And, concurrently,
work on your post-divorce plans.
Good core processors understand their role isn’t to
force financial institutions into a position that works
for them; they enable banks to make their own
decisions.
“Although big banks are well aware of how agile and innovative their newcomer market competition is, their legacy IT systems
often present serious and specific challenges to overcome when trying to adopt similar innovations themselves. APIs are a prime example of this. Many banks have an IT infrastructure that was
developed before the introduction of modern data sharing techniques and then upgraded in a piecemeal fashion over the
course of decades rather than years.”
The Challenge of Legacy IT
22
Currencycloud: “The State of APIs in Banking”.
At this significant inflection point in the evolution of retail banking, financial insti-tution executives must make a defining choice with long-term implications. They must decide whether to run out the clock, so to speak, by sticking to the old ways and old methods, incrementally losing customers, or to intelligently embrace change, recognizing that yesterday’s thinking won’t deliver tomorrow’s successes.
There’s no middle ground in this either/or choice. Going through the motions—with-out fully committing to change and becoming the best-in-breed provider for consumer services—won’t cut it in an environment where digital delivery is king and technology makes everyone a poten-tially successful competitor.
No single competitor will undermine a financial institution’s marketplace position.
But, the combination of a vast number of new competitors with great tools and great consumer relationships, and increasingly savvy traditional competitors creates an environment for financial institutions that stand still to suffer disintermediation by a thousand cuts—to adapt a popular phrase.
But the same technology and tools that have the potential to disintermediate also have the potential to elevate financial institutions of all sizes to compete and win against all comers. And, an important tool in this process is the API, which—in combina-tion with a well-conceived and well-executed strategy, and carefully selected part-ners—can transform any financial institu-tion from an artifact of yesterday to an agile competitor sitting at the center of commerce.
Wrap Up
23
• Increase production of new ideas without investing directly in development efforts
• Stimulate development of innovative apps that add value to the core business
Familiar examples of public APIs include: Facebook; Google Maps, which generates maps for a given location,
whose output can be combined with other data and services into mashups; Twitter, Weather.com; New York
Stock Exchange; local news based on ZIP codes.
Interestingly, HM Treasury in the U.K. is aggressively advocating for an open API environment for financial
institutions with the goal of encouraging innovation and boosting competition. And the industry group, the
Open Banking Working Group, is developing a framework for open API banking standards, under the threat of
legislation to “deliver better access to bank data through APIs ‘if necessary’ if industry does not embrace the
changes.” OBWG has suggested that the U.K. could have a fully functional open data market sometime in 2019.
2. Private/Closed APIs:Published standard and access are restricted to approved internal or external entities. These APIs are used in
businesses’ internal operations to enable different parts of the company to share information and collaborate
internally. The APIs are exposed only to internal developers (or external developers the business engages) and,
obviously, aren’t shared outside the business.
Appendix A
Public, Private and Partner APIs
Businesses that want to share their information assets—internally or externally—or achieve other benefits
may choose to create an API.
Broadly speaking, an API consists of two parts: the published standard (i.e., how to connect) and the operation-
al component (i.e., the actual connection or hookup). Classifying an API as public (i.e., open), private (i.e., closed
or restricted) or partner (i.e., hybrid) is determined by the access developers have to these two components.,
1. Public/Open APIs:Published standard and access are open to all interested developers to encourage use of a business’s informa-
tion assets in new and creative ways. Publishers, however, may limit how the API data may be used and require
developers to register for access and obtain certifications. Typically, public APIs are backed by open data (i.e.,
data unencumbered by copyright or patents) and based on an open standard. The goal of public APIs is to
encourage freelance developers to use the specs to create new and different applications using the shared
information assets. Many—if not most—of the apps in app stores were created in this way.
Publishers of open APIs can benefit in the following ways:
24
https://en.wikipedia.org/wiki/Open_API http://www.apiacademy.co/resources/api-strategy-lesso-201-private-apis-vs-open-apis/ http://www.theregister.co.uk/2016/02/10/consumer_trust_central_to_success_of_uk_initiative_on_open_data_in_banking/
Amazon is the poster child for private APIs. Around 2002, CEO Jeff Bezos, reportedly, emailed employees
mandating “all teams to expose their data and functionality through services interfaces” and banning all other
forms of inter-process communication, among other things. He famously concluded the email saying, “Anyone
who doesn’t do this will be fired. Thank you: have a nice day.”
3. Partner/Hybrid APIs.A hybrid of public and private APIs, meaning access to published standard is open to developers, but the
activities to launch an operational environment are restricted to businesses that have agreed to work together.
Partner APIs support information asset sharing between businesses and their chosen business partners. They
have the benefit of being available to the development community, but they cannot move to testing or live
operation without appropriate authorization and testing.
The API environment for financial institutions includes such hybrid arrangements (e.g., Payveris).
25
Jesus Gil Hernandez, Jesus Gil, “Jeff Bezos’ Mandate: Amazon and Web Services.”
Appendix B
Regardless of where you are in your relationship with your core processor and the fintechs you’re considering
doing business with, there are specific topics you should address to understand if they’re the right partner for
your financial institution now and as you move forward.
Here are some suggestions:
Fintechs• Company vision. How does the company use APIs in delivering its service? What potential valuable use cases
and payment capabilities does the company see for APIs in the future? What is the company’s vision with
respect to using APIs to address challenges that appear “unsolvable?”
• Existing core processor relationships. With which core processors does the company have live and ongoing
relationships, and what are the nature of those relationships? How does the company approach and work with
a core processor on the financial institution’s behalf. What is the cost/timing to integrate with a new core
processor and with a core processor with which the company has an existing relationship?
• Competitors. Which businesses—companies and categories—does the company compete with? Does/will it
compete with you? How will it use and secure your information to which it has access?
Core Processors• Willingness and ability to collaborate as a partner. How open is the company to collaborating with fintechs,
including those that compete with them for ancillary service business? What is the company’s API-connect
policy, fees and timing commitments? What internal resources are committed to API integrations? Once the
company agrees to integrate a fintech via API, what support does it provide to the fintech and to the financial
institution? Which fintechs is the company currently supporting?
• Ancillary services. What ancillary services does the company provide? What is the platform on which these
services are provided? How are the services maintained/updated? What customization is available?
• Revenue breakdown. What percentage of revenue is derived from core processing vs. ancillary processing?
Questions for Your Core Processor and Potential Fintech Partners
25
00AEEF00AEEF
Both • Financial status. Is the company currently profitable? If not, what is the path to profitability? What is the
opportunity of acquisition by others? What is the company’s future financial outlook?
• Backers and management. Who backs the company? What is the experience, background and reputation of
key members of management?
• Compliance. Is the company fully up to speed with relevant regulations and in compliance with industry
standards? Does the company understand the regulatory requirements placed on financial institutions and
support the financial institution in fulfilling its third-party vendor risk management responsibilities? Does the
company have relevant certifications? How does the company stay up to date on all compliance-related
topics?What staff members support regulatory awareness/compliance and adherence with industry standards
and certification requirements? Was the company recently examined by a regulatory agency? What were the
results/remediation?
• Security. In addition to traditional security-focused questions, how is the company managing security and
authentication, and the efficacy of its API services?
• Scalability. How scalable are the company’s solutions? Can the company respond seamlessly to large
increas-es in activity? How has scalability been tested?
• Future-proofing. How does the company iterate its services? How are financial institution clients affected by
iteration? How will the company adapt to digital delivery using new devices? How will it support new products?
What are the times/costs to support financial institution development requests? What is the process?
• Customer experience. What are the pain points in the customer experience?
• Infrastructure/system architecture. What is the company’s underlying system architecture? Does the
underlying system architecture provide one platform for uniform customer experience across services and
across devices? Is the system API from the ground up or are APIs layered on traditional processing platforms?
How flexible is the system to respond to bank requests for customization, including new products and new
devices?
• Digital delivery. What is the company’s expertise in digital delivery?
26
BibliographyAgrawal, Sanjay; Britton, Jeremy; Chhikara, Amit in collaboration with CA Technologies. “Transforming digital
business with APIs.” http://transform.ca.com/transforming-digital-business.html?source=twitter.
Barba, Robert. “Want to Open Your Bank to APIs? Not with That Mainframe, You Don’t.”
American Banker. April 11, 2016. http://www.americanbanker.com/news/bank-technolo-
gy/want-to-open-your-bank-to-apis-not-with-that-mainframe-you-dont-1080374-1.html.
American Banker/SourceMedia Research. “Open APIs: A Banker’s Guide.” 2016.
Amit. "The Most Important Thing in FinTech: Advent of APIs and Banking APIs Are Real Too."
Let’s Talk Payments. May 31, 2016. https://letstalkpayments.com/the-most-important-thing-in-fin-
tech-advent-of-apis-and-banking-apis-are-real-too/.
API Academy. “API Strategy 201: Private APIs vs. Open APIs. http://www.apiacademy.co/resources/api-strate-
gy-lesson-201-private-apis-vs-open-apis/.
Bain Report. “Customer Behavior and Loyalty in Retail Banking.” Nov. 18, 2015.
http://www.bain.com/publications/articles/customer-loyalty-in-retail-banking-2015-global.aspx.
Bannister, David. “Is everybody API?” Banking Technology. Oct. 14, 2015.
http://www.bankingtech.com/383591/is-everybody-api/.
Barbier, Joel; Dixit, Amitabh; Moriarty, Robert; Namboodri, Chet; O’Connell, Kathy; Riege, Michael. “Where to
Begin Your Journey to Digital Value in the Private Sector.” 2016.
http://www.connectedfuturesmag.com/Research_Analysis/docs/Pri-
vate-Sector-Digital-Value-at-Stake.pdf.
Boyd, Mark. “Private, Partner or Public: Which API Strategy Is Best For Business?” Platformable. Feb. 21, 2014.
http://www.programmableweb.com/news/private-partner-or-pub-
lic-which-api-strategy-best-business/2014/02/21.
Bradley, Joseph; Loucks, Jeff; Jameson, Paul; O’Connell, Kathy; Barbier, Joel. “Reimagining the Digital Bank: How
U.S. Banks Can Transform Customer Interactions to Increase Profitability.” 2014. http://www.-
do-cu-cu.com/view/cd529071371b2c38773b60198ad180a2/Reimagining-the-Digital-Bank-Cisco-System
s,-Inc.pdf.
Cadbury, Simon. “How can financial institutions increase their profitability by better targeting more profitable
digitally engaged customers?”
http://www.intelligentenvironments.com/media/309484/
how-can-financial-institutions-increase-their-portability.pdf.
27
28
CA Technologies. “5 Pillars of API Management.” https://www.ca.com/us/collateral/ebook/five-pillars-of-api-ma-
nagement.register.html.
Clark Neely, Michelle. “Going Interstate: A New Dawn For U.S. Banking.” Federal Reserve Bank of St. Louis.
https://www.stlouisfed.org/publications/regional-economist/ju-
ly-1994/going-interstate-a-new-dawn-for-us-banking.
Crossman, Penny. “Fintech Glasnost—Why U.S. Banks Are Opening Up APIs to Outsiders.”
American Banker. July 8, 2015. http://www.americanbanker.com/news/bank-technology/fin-
tech-glasnost-why-us-banks-are-opening-up-apis-to-outsiders-1075284-1.html?zkPrintable=1&nopagi
nation=1.
Currencycloud. “The State of APIs in Banking.” https://www.currency-
cloud.com/en-us/news/blog/the-state-of-apis-in-banking/.
Doerrfeld, Bill. “FinTech and APIs: Making the Bank Programmable.” Nordic APIS Blog. Sept. 15, 2015.
http://nordicapis.com/fintech-and-apis-making-a-bank-programmable/.
Duggan, Francis. Telephone interview. July 2016.
Duvander, Adam. “The Rise of the API economy and consumer-led ecosystems.” March 28, 2014.
http://thenextweb.com//dd/2014/03/28/api-economy/#gref.
Franko, Paul. Telephone interview. July 2016.
Goldwasser, Mickey. Telephone interview. July 2016.
Grover, Manish. “Three Steps to a Bank's API Success.” American Banker. April 11, 2016.
http://www.americanbanker.com/bankthink/three-steps-to-a-banks-api-success-1080350-1.html.
Herbst-Murphy, Susan; Weed, Greg. “Millennials with Money Revisited: Updates from the 2014 Consumer
Payments Monitor.” The Federal Reserve Bank of Philadelphia, Payment Cards Center. December 2015,
page 11. www.philadelphiafed.org/consumercredit-and-payments/payment-cards-center/publications.
Hernandez, Jesus Gil. “Jeff Bezos’ Mandate: Amazon and Web Services.” Leadership Summaries. Oct. 18, 2012.
http://jesusgilhernandez.com/2012/10/18jeff-bezos-mandate-amazon-and-web-services/.
Hines, Patricia. “The UK Open Banking API framework – more questions than answers?” BankNXT.
http://banknxt.com/55745/uk-open-banking-api-framework/.
29
Hoffman, Melissa. “Here Is Everything You Need to Know about the Millennial Consumer.” Ad Week.
Aug. 13, 2014. http://www.adweek.com/news/technology/here-every-
thing-you-need-know-about-millennial-consumer-159139.
“Introduction to APIs in Government.” http://18f.github.io/API-All-the-X/pages/introduc-
tion_to_APIs_in_government.
Jacobson, Daniel; Brail, Greg; Woods, Dan. APIs: A Strategy Guide. Sebastopol, California. O’Reilly Media, Inc. 2012.
Jensen, Claus T. APIs for Dummies. Hoboken, NJ. John Wiley & Sons, Inc. 2015.
Leimer, Bradley. “The Great Rebundling of Financial Services.” American Banker. Oct. 13, 2015.
http://www.americanbanker.com/bankthink/the-great-rebun-
dling-of-financial-services-1077172-1.html?fintech.
King, Marcell. Telephone interview. July 2016.
Mulloy, Brian. “The Why and How of APIs: The Partner API Model.” Aug. 6, 2014.
http://apigee.com/about/blog/technology/why-and-how-apis-partner-api-model.
Nunns, James. “UK banking tech faces massive shake up as regulator says open APIs and data sharing are key
to more competition.” Computer Business Review. May 17, 2016. http://www.cbronline.com/news/verti-
cals/finance/uk-bank-
ing-tech-faces-massive-shake-up-as-regulator-says-open-apis-and-data-sharing-are-key-to-more-co
mpetition-4895360.
“Open APIs for UK banking: It's happening, people.” The Register. Feb. 10, 2016. http://www.theregister.-
co.uk/2016/02/10/consumer_trust_central_to_success_of_uk_initiative_on_open_data_in_banking/.
Open Bank Project. “FAQ” https://openbankproject.com/faq/. “For Banks” https://openbankproject.com/-
for-banks/.
Ozawa, Nancy. “Top Banks Meet Customer Expectations for Mobile Banking.” Javelin. May, 19, 2016. https://ww-
w.javelinstrategy.com/press-release/top-banks-meet-customer-expectations-mobile-banking-channel.
Patterson, Michael. “What Is an API, and Why Does It Matter?” April 3, 2015.
http://sproutsocial.com/insightes/what-is-an-api/.
Peterson, David. Telephone interviews. July and August 2016.
30
Ryan, Philip. “New APIs Promise Rich, Contextual Data.” Bank Innovation. April 4, 2014. http://bankinnova-
tion.net/2014/04/new-apis-promise-rich-contextual-data/.
Schneider, Toni. “Open Source vs. Open APIs.” Jan. 7, 2007. https://to-
ni.org/2007/01/30/open-source-vs-open-apis/.
The Paypers. "Vincent Brennan, EBA: 'Open APIs pave the way for Open Banking'." June 13, 2016. https://www.-
google.com/webhp?sourceid=chrome-in-
stant&ion=1&espv=2&ie=UTF-8#q=%22Vincent+Brennan%2C+EBA%3A+'Open+APIs+pave+the+way+
for+Open+Banking'%22.
U.S. Census Bureau. www.census.gov/prod/2014pubs/025-1141.pdf and http://www.census.gov/population/pro-
jections/data/national/2014/summarytables.html.
Wallace, Sarah. “The State of Banking: How Consumers Interact with their Bank 2016.” http://www.timet-
rade.com/system/files/surveys/TimeTrade_SOB16_How_Consumers_Interact.pdf.
Weikert, Jeff. Telephone interview. July 2016.
William Mills Agency. “2016: A collection of research, observations and articles regarding technology solutions
…” ABA Banking Journal. Quoting Michael Carter, page 20. http://bankingjour-
nal.aba.com/2016/08/bankers-as-buyers-presented-by-william-mills-agency/.
