Our Insights

Banking APIs: Disruptive threat or innovative opportunity

Open banking is being driven by changing consumer behaviour and forward-thinking regulations.

Bettering customer experiences and the seamless delivery of services were central themes throughout SIBOS 2017 in Toronto, with topics ranging from the deployment of artificial intelligence in big data processing, and the increasingly successful trials of distributed ledger technology, to the use of predictive analysis to disrupt cyber attacks.

An equally prominent topic was the growing embrace of open banking, which has been facilitated through application programming interfaces (APIs) that enable the highly efficient sharing of data. Carolyn Burke, head of enterprise payments at RBC, participated in a panel discussion at SIBOS looking at what the future might hold for open banking.

The shift to open banking

Key insights
  • Open banking is being driven by changing consumer behaviour and forward-thinking regulations such as PSD2
  • Open banking will create greater competition with fintech providers
  • Banks are concerned that open banking could make them more vulnerable to cybercrime

APIs enable companies to readily share data in a machine to machine environment. Historically, customer data stored at banks was considered wholly proprietary, in part because financial institutions did not want their clients using the services of other providers. The traditional way of thinking, however, is changing, as banks look to open their data to third parties.

Open banking's growth is attributable to several factors with the primary reason being changing consumer habits. Customers are demanding more flexibility and additional services, which a single bank may not necessarily be able to provide. In addition, consumers are increasingly using third-party banking apps such as Google Pay or Apple Pay, as well as Payment Initiation Service Providers (PISPs).1

Regulation, too, is playing a role in expediting the augmentation of open banking. The European Union's (EU) Payment Services Directive II (PSD2), which goes live in January 2018, is intended to increase flexibility, mainly for retail customers, and increase competition for the provision of banking services. PSD2 gives bank customers the right to instruct their banks to allow third-party providers (TPPs) to access customers' online accounts and various data, and banks cannot unreasonably deny such access.2 TPPs, which may include disruptive technology companies, will be able to build products and services around the open architecture, facilitating greater competition.

Regulation is playing a role in expediting the augmentation of open banking

PSD2's success is partially contingent on customers actually giving banks and TPPs express permission to share their data. Some experts are hesitant about whether privacy-conscious clients will want third parties to peruse their private financial information, although one panellist at SIBOS suggested that, with the current pace at which technology is advancing, individuals are becoming more accepting about sharing personal data.

The risk of cybercrime

Open banking does carry risks, and the most prominent is the elevated threat of cybercrime. As banks may provide TPPs with access to sensitive materials, the vector points at which intuitive cyber criminals may inflict damage will likely increase. Experts at SIBOS expressed concern that regulations such as PSD2 did not really address how organizations in an open banking environment should deal with cybercrime.

Organizations have to adopt a robust approach to protecting customer information

Uncertainty still remains as to whether, for example, a breach at a TPP would actually be reported back to the bank. For some organizations, this is an unacceptable risk. In a world where legislators are increasingly taking data breaches seriously through regulations such as the EU's General Data Protection Regulation (GDPR), organizations have to adopt a robust approach to protecting customer information. There are clear concerns that PSD2 and the emergence of open banking run counter to those obligations.

And the winner is?

The chief beneficiary of open banking is going to be the customer, who will be able to tap into more products and receive greater service flexibility, at potentially lower cost. If TPPs possess more data on customers, they will gain a better understanding of customers' behaviours and needs, enabling them to provide more bespoke offerings.

Fintech and big tech will also gain from open banking, as they can now offer services to previously untapped customers in what is expected to lead to a proliferation in product innovation. There is already speculation that the GAFA (Google, Apple, Facebook, Amazon) group will leverage PSD2 as a means by which to bypass the card companies and deliver instant payments to customers through bank APIs.3

The outcome for banks will depend on how they approach the changes to come. An Accenture paper warned that banks which simply adopted de minimis compliance with PSD2 were at risk of disruption.4

Conversely, banks that engage and leverage the expertise and agility of new entrants could see further innovation and new revenue sources, particularly if TPPs incorporate bank products into their product suite.5 Banks that accept that dramatic change is happening and work with it will be rewarded.

You may also like

The rise of regtech

Fintech and regulators

Australia's new payment platform


  1. GTN News (January 13, 2017) API Banking and the digital transformation of business: Part 1
  2. Accenture - PSD2: How can Banks Seize the Opportunity
  3. IB Times (February 13, 2017) Apple, Facebook and Amazon primed for PSD2 demolition of the card companies
  4. Ibid. PSD2: How can Banks Seize the Opportunity
  5. GTN News (January 20, 2017) API banking and the digital transformation of business: Part 2