Speaking at APIdays Paris 2019, Chris Michael, the Head of Technology for Open Banking Ltd, formed by the Competition and Markets Authority and the nine largest UK retail banks to transform the UK banking industry.
From 2m:10s he begins with a summary of the progress of the Open Banking Roadmap.
Chris highlights that the vast majority of Europe’s 6,000 banks did not meet the deadline to comply with the PSD2’s Regulatory Technical Standard, a keen insight into the challenges the industry faces with Open Banking.
He summarizes the make up of their ecosystem – 500 signed up to the Open Banking community, of which 64 are ASPSPs, 116 are authorized third parties, over 100 technical service providers.
At 4m:40s Chris showcases the growth of API call volume, an exponential climb from next to zero a year and a half ago, to 140 million per month, in large part driving by accounting package providers starting to migrate their customers.
This is followed by an overview of API availability and performance, which doesn’t show particularly great results, explained by the fact banks have to take their systems down to upgrade to the new standards. Response times have improved greatly, reducing from over 2secs to under one sec, with Chris observing that the Cloud, mobile-only challenger banks perform a magnitude better at around 10-20 millisecs.
A key function of the Open Banking organization is conformance and certification, and from 9m:15s Chris shares the progress of their members in this regard, describing how most have not yet achieved compliance but are near to doing so.
The key standard Chris highlights is the ‘FAPI‘ profile, and he urges vendors seeking to promote their API solutions to adopt and be certified for it.
Consent and Authentication
Starting at 11m:55s Chris moves on to consent and authentication journeys.
He stresses that mobile app-to-app authentication is the best practice approach they are encouraging all banks to adopt, emphasizing that the regulators also believe and prefer this to be the best approach.
To illustrate the key points Chris shows some video demos. For simple account information look ups he says to download any one of the personal finance apps and connect it to your bank account, and concentrates instead on the meaty topic of payments, first an e-commerce payment via a Barclays account and then a scenario of ordering a coffee via a kiosk which displays a QR code that can be read by your mobile banking app.
Central to these scenarios is another standard they’ve worked on with the OpenID Foundation: CIBA – Client Initiated Backchannel Authentication, which is:
“a new authentication flow in which RPs, that can obtain a valid identifier for the user they want to authenticate, will be able to initiate an interaction flow to authenticate their users without having end-user interaction from the consumption device.”
Chris proposes this system offers an alternative to cards and card schemes, but observes there are two key gaps: Liability and a commercial incentive for banks to adopt them. API performance is also a critical success factor, 100% availability is needed but as described earlier this is still an ongoing challenge.
However there is considerable opportunity for addressing these – Open Banking for payments would be a very viable market offering in scenarios where manual data entry is needed, such as paying business suppliers or a tax bill, as the bureaucracy elimination would be very appealing to consumers.
Use Cases and Conclusion
At 17m:30s Chris moves on to walking through a number of example use cases:
- Personal finance management – Via apps like Yolt Open Banking makes personal finance management better and more reliable. Ideally they should also encompass pensions, mortgages etc.
- Business accounting – A current driver of big growth.
- Safetynet credit – Monitors your account and you draw down from a lending facility to prevent customers getting into using unpaid overdrafts.
- Financial inclusion – Open Banking enhances the credit scoring to give more funding access to more people.
- E-Commerce – As described earlier.
- International payments – Enabling international payments from your existing current account.
Chris concludes with outlining what’s next for the Open Banking organization, describing their three main priorities of continuing to evolve the standards, improving implementation to help banks better adopt the APIs and to drive growth of the ecosystem.