Articles

5 Benefits of Open Banking APIs

Benefits of Open Banking APIs in Canada_Blanc Labs

Open banking APIs (application programming interfaces) offer a wide range of benefits for a modern financial institution, from increasing revenue to reducing fraud risk. 

Open banking is finding its way into Canada with the government working hard to set regulations by the tentative launch date of January 2024.  

In the meantime, financial institutions like yours should start preparing. When open banking is introduced to the public, you should be in a position to roll out products and services faster than competitors and with minimal friction. 

Below, we explain the meaning of APIs, the state of open banking in Canada, and how exactly open banking APIs can help your business. 

What is Open Banking? 

Open banking refers to using APIs to access financial data by third parties in a secure manner. 

Customers expect faster, one-stop banking services. So far, customers have relied on third-party services that use screen scraping for non-core banking services like budgeting and financial decision-making. 

Screen scraping leaves your customers vulnerable to multiple types of online threats. In a world rampant with cybercrime, your customers want a safer alternative, and that’s where open banking offers value. 

With open banking, you can securely allow third parties to access your financial data. For example, suppose a fintech app offers AI-based investment advice. 

To offer advice, it needs to look at your current portfolio. You can use open banking to allow the app to access your financial data securely without having to use screen scraping. 

This model offers all parties a benefit — you can use the app faster, the fintech can operate with the bank’s license, and the bank can charge a fee for the customer data. 

Open Banking in Canada 

Open banking is currently unavailable in Canada. The government is developing a roadmap to introduce open banking in Canada safely. 

According to the Final Report from the Advisory Committee on Open Banking, the government has established four groups to provide input on the four fundamental aspects of the open banking framework—accreditation, liability, privacy, and security. 

The original target date to introduce open banking was January 2023. However, the committee is yet to reach a consensus on multiple aspects. 

The Canadian government may take a while to implement open banking. But we’ll likely see key developments in the implementation process over the next few months.  

The government has appointed Abraham Tachjian to develop the open banking framework for Canada. 

Benefits of Open Banking APIs 

While you wait for open banking regulations to become available in Canada, it’s best to prepare your API ecosystem, so you’re ready for open banking when it’s introduced. 

Once you have a mature open banking API ecosystem that’s operational, you’ll benefit in the following ways: 

Increased Revenue 

As a financial institution, you can use open banking APIs to increase revenue in one or more of the following ways: 

  • Partnering with Fintechs offering innovative solutions: You can partner with Fintechs to offer innovative solutions without creating, managing, or innovating products and services in-house. The partnership allows you to offer services your customers expect and improve their end-to-end journey. Of course, these services also create new revenue streams for you. 
  • Selling to Fintechs: As a bank, you can add another revenue source by providing banking-as-a-service (BaaS), where third parties can connect to your database using APIs for a fee. Third parties can use this data to provide value-add services in addition to what regulators mandate. 
  • Optimize your marketing campaigns based on user data: Open banking, combined with data aggregation, provides deeper insights into customers’ behavior and choices. These insights enable you to position your products better and run personalized marketing campaigns, which can increase your overall revenue. 

 

Banking as a Service (BaaS) 

Open banking APIs and Banking-as-a-Service are often used interchangeably. 

However, they’re fundamentally different. BaaS is a business model where banks integrate their services into a third-party’s product or service. 

Fintechs and non-financial companies (NFCs) use BaaS to offer customers better digital banking services, like one-minute loan approvals, without getting their own banking license. This is made possible through open banking APIs. 

BaaS is quickly gaining popularity as customer dissatisfaction with banks’ existing services grow. According to Delloite, 2x ROAA (return on average assets) for banks focused on BaaS offerings. 

A few ways you can monetize by proving BaaS include: 

  • Providing your banking license, technology, and products to other banks, non-financial companies (NFCs), and aggregators. 
  • You can partner with a distributor with excellent end-user relationships to offer innovative financial solutions. 
  • You can partner with an aggregator who acts as a provider-aggregator to provide an out-of-the-box solution by coupling the capabilities of multiple vendors. 

 

Payment as a Service (PaaS) 

Open banking APIs allow you to build faster, more secure bank rails. Once you implement open banking, you can enable users to make direct payments seamlessly without entering card details. 

As a bank, you can use open banking APIs to increase payments’ transparency and scalability by leveraging individual transactions and bi-directional processing. 

With open banking APIs, you can upscale your current payment methods like ACH (Automatic Clearing House Network) and wire transfers. APIs will also enable you to offer modern payment methods like Real-Time Payments (RTPs) and Pay-By-Bank when they become available in Canada. 

Open banking also facilitates payment initiation service (PIS). When a merchant partners with a licensed third party, the third party can initiate a payment on behalf of a customer’s bank account using PIS. 

PIS doesn’t require the customer or merchant to share any sensitive information. The customer simply approves a payment via the banking app with a secret pin or biometric authentication. 

Just like any account-to-account transfer, the money is transferred directly to the merchant’s account within seconds. 

Improved Customer Engagement 

Open banking APIs improve customer engagement by streamlining the onboarding process and offering a one-stop solution for multiple needs. 

For example, open banking APIs can allow biometric logins and authentication to minimize the time it takes your customer to access the account. Your users will be able to complete tasks faster without compromising data security. 

With Canadians worried more than ever about the cost of living crisis in Canada, they’re carefully observing their money. 

Typically, they’d need to source information from individual sources to get a full picture of their financial status in order to make sound financial decisions. 

Open banking APIs can simplify the process by allowing third-party apps to automatically aggregate this information into a single app, improving customer engagement. 

Reduced Risk of Fraud 

Open banking APIs provide access to customer data, allowing more accurate risk profiling. Access to customer data allows incorporating verified identity information, account balances, and transaction patterns into your risk models. 

The UK, where open banking has been available since 2018, has reduced card fraud significantly. In 2021, the UK reduced the losses from card fraud by an impressive £49.2 million. 

The following four things make open banking payments safer: 

  • Each payment uses strong customer authentication (SCA), which was introduced as a requirement in Europe by the revised Payment Services Directive 2 (PSD2) for ecommerce transactions in 2019. 
  • No sensitive information is required for any open banking use case. 
  • APIs pre-populate payment information. 
  • Open banking providers take care of onboarding the merchants as well as carrying out the necessary due diligence. 

Implementing Open Banking APIs with Blanc Labs 

Familiarizing yourself with open banking APIs is critical to ensure you’re equipped with the right knowledge and tools when open banking becomes available in Canada. 

The problem? It can feel daunting. Partnering with the right team can make the process a whole lot easier. 

Blanc Labs, in partnership with Axway and Mulesoft, can help you build a robust open banking API ecosystem. We can answer any questions you have and take care of the end-to-end implementation process.

Book a discovery call with Blanc Labs to learn more about open banking APIs. 

Articles

What is API Management?

What is API Management_Blanc Labs
Illustration by Storyset

Application Programming Interface (API) management has become an increasingly important aspect of modern business operations. With the advent of cloud computing and the need for digital transformation, enterprises are using APIs to enhance their existing applications, develop new applications, and drive innovation. 

According to a study by Forbes, firms that used APIs saw 12.7% growth in their market capitalization over a period of four years. But using APIs is one thing and having an API strategy in place that can enable your business goals is another. 

Proper management of APIs is imperative to support smooth business functioning. From startups to large enterprises, API management has become a critical component for businesses to remain competitive and meet the changing needs of their customers. 

 Whether you are a financial services provider looking to securely integrate third-party services, a retail giant seeking to improve your e-commerce platform, or a healthcare organization seeking to securely exchange medical data, API management can help you achieve your business objectives.   

API Management Components

API management components are the building blocks that make up a comprehensive API management solution. These components work together to enable organizations to effectively manage their APIs and deliver value to their customers and partners. The primary components of API management include: 

API Gateway 

The API gateway is the component that sits at the front end of the API management architecture, acting as a traffic cop for incoming API requests. The API gateway is responsible for routing API requests to the appropriate backend services, applying security and access controls, and transforming data between different formats. The gateway also provides features such as caching, rate limiting, and request and response transformations. 

Developer Portal 

The developer portal is a  platform that provides developers with the information and tools they need to consume and build applications using your APIs. A good developer portal includes detailed documentation, code samples, forums, and tools for testing and debugging. The developer portal is a key component of API management as it helps to foster a community of developers who can help you drive adoption and engagement with your APIs. 

Reporting and Continuous Improvement

Reporting and continuous improvement are essential components of API management as they help organizations understand how their APIs are used, identify improvement areas, and make data-driven decisions about their API strategies. With the help of real-time analytics and usage reports, organizations can track key metrics such as API request volumes, response times, and error rates. This information can then be used to continuously improve the API management process and deliver a better experience to developers and end-users. 

API Lifecycle Management 

API lifecycle management is the process of managing the entire life cycle of an API, from design and development to retirement and deprecation. This includes tasks such as versioning, testing, and publishing APIs, as well as managing security and access controls. API lifecycle management helps to ensure that APIs are managed in a consistent and organized manner, enabling organizations to respond quickly to changing business requirements and deliver value to their customers and partners. 

Benefits of an API Management Platform

API management platforms provide a number of benefits to organizations that are looking to leverage APIs to drive innovation and growth. Some of the key benefits include: 

Improved Security 

APIs provide businesses with various benefits such as accessing enterprise services from different devices, promoting innovation, and creating new revenue streams. However, using APIs can also pose risks to data security, which is why it is crucial to protect them with an API manager. API management platforms are essential to ensure the security of APIs as they monitor their usage and implement security protocols such as JWT, OpenID and OAuth. Additionally, API management platforms can provide extra security benefits by controlling access to applications. 

Increased Agility 

API management platforms allow organizations to quickly and easily expose their existing systems and services as APIs. This enables organizations to respond quickly to changing business requirements and create new opportunities for growth and innovation. With the ability to easily manage and scale APIs, organizations can quickly and easily adapt to changing business needs.

A good example of this is the Emirates NBD Bank. In an interview with McKinsey, senior bank executives explained how they were able to achieve effectiveness and efficiency by shifting to APIs. “We have enabled several strategic business initiatives as a result. One example is our digital onboarding, which is available on mobile phones for self-service and via tablet for assistance in our branches. “We have onboarded more than 100,000 customers with our new process, doing up to 85 percent with straight-through processing in less than ten minutes,” said Neeraj Makin, group head of international and group strategy. Today, the bank offers more than 800 microservices and have seen over a million interactions in the last two years. 

Improved Developer Experience 

API management platforms provide a centralized location for developers to access and use APIs. With features such as detailed documentation, code samples, and testing tools, API management platforms make it easy for developers to consume and build applications using your APIs. This helps to drive adoption and engagement with your APIs, which can lead to increased revenue and more opportunities for innovation. 

Better Monitoring and Analytics 

API management platforms provide real-time monitoring and analytics capabilities, allowing organizations to track the usage and performance of their APIs. This information can be used to identify areas for improvement, optimize performance, and make data-driven decisions about your API strategy. With a better understanding of how your APIs are being used, you can make informed decisions about how to optimize your API offerings and deliver a better experience to your customers and partners. 

Monetization Opportunities 

API management platforms provide organizations with the tools and capabilities to monetize their APIs. With features such as billing, usage tracking, and rate limiting, organizations can set pricing and usage policies for their APIs, creating new revenue streams and driving growth. 

Top Use Cases for API Management 

The global API management market is expected to grow at a CAGR of 34.5% and reach $41.5 billion by 2031. API management has a wide range of use cases across various industries and sectors. A few of the major use cases are: 

Digital Transformation Initiatives 

API management is an essential component of digital transformation initiatives as it allows organizations to expose their existing systems and services as APIs. This enables organizations to quickly and easily create new applications and services, and drive innovation in a fast-changing digital landscape. With the ability to manage and scale APIs, organizations can respond quickly to changing business requirements and drive growth. 

Open Banking 

Open banking is an emerging trend that is transforming the financial services industry. With open banking, financial institutions can securely share their customer data with third-party providers, enabling new financial products and services to be created. API management is a critical component of open banking as it provides a secure and controlled environment for exchanging financial data, helping to ensure that customer data is protected and that transactions are compliant with regulatory requirements. 

Read more: What is Open Banking and is it available in Canada?

Data Security  

Data security is a critical concern for organizations in a wide range of industries. With API management, organizations can secure their APIs and the sensitive data they carry with features such as authentication, authorization, and encryption. This helps to protect sensitive information and ensures that data is transmitted securely, reducing the risk of data breaches and protecting the reputation of your organization. 

Compliance 

Compliance is an important consideration for organizations in regulated industries such as healthcare and finance. With API management, organizations can ensure that their APIs are compliant with regulatory requirements, such as the EU’s General Data Protection Regulation (GDPR) and the Payment Card Industry Data Security Standard (PCI DSS). This helps organizations minimize their risk of non-compliance and reduces the risk of costly penalties. 

Custom API Management Solutions from Blanc Labs 

At Blanc Labs, we understand the unique needs and requirements of our clients, and we offer custom API management solutions that are tailored to meet your specific needs. Our API management solutions are designed to provide enterprise organizations with the tools and capabilities they need to drive their digital transformation initiatives, secure their data, and ensure compliance with regulatory requirements. 

If you are interested in learning more about the benefits of API management and how Blanc Labs can help you achieve your goals, we encourage you to book a discovery call with our team. Our experienced consultants will work with you to understand your needs and provide you with a customized solution that is tailored to meet your specific requirements. 

Articles

What Is Composable Banking and Why Should I Care?

Composable Banking is a technology and transformation approach that addresses the simple fact that change is constant. To ensure that banks and FI’s can innovate swiftly and maintain the greatest level of control over their product roadmap, they must adopt a modular or “swappable” architecture. The characteristics that define Composable banking follow the MACH principles: Microservices, API First, Cloud Native, Headless.

In a world that is evolving at an ever-increasing pace, it can seem as though the velocity of technology trends is starting to reflect the feverish pace of modern-day news cycles.  It can be hard to keep up with all that is happening across the financial services industry and a lot of the content out there is often decorated in painful consulting speakThat is why we view it as our accountability to sift through the noise and develop an informed opinion on the what, why, and how of emerging trends that our clients and ecosystem partners need to know about.   

A significant shift is underway in terms of how banks and FI’s do transformation work reflecting similar (r)evolutions in other industries like eCommerce and tech platform players like Apple and Google. The term that is being increasingly adopted to encompass a broad cross-section of tech evolution amongst financial institutions is composable banking.  

Composable banking is a technology-enabled approach to delivering financial products and services to customers and ecosystem partnersIt is a banking transformation approach that addresses the simple fact that change is constant. To ensure that banks and FI’s can innovate swiftly and have an agile experience roadmap, they must own a modular “swappable” architecture. This is the only way to deploy new features rapidly and retain control of their destiny. 

Modular banking is not composable banking

First, let us define the characteristics of composable banking by delineating how it is different from the traditional, modular approach offered by E2E core banking systems provided by established SaaS vendors.  They have been using a modular approach to extend the functionality of their core systems, whereby their propriety modules are extensible but are neither flexible nor open.     

Composable banking is a solution approach that prioritizes integration readiness and flexibility, allowing organizations to dramatically improve the speed at which a company can onboard a new partner or design, build, test and deploy a new product.  This is relevant for value-driven business transformations aiming to build differentiating customer experiences while setting up a future-proof, flexible and cost-effective IT landscape.  

What you are Composed of matters 

Composable banking is enabled through the adoption of MACH characteristics to define how an organization approaches developing and supporting technology to enable new customer experiences and improve business operations.  


Microservices


M: Individual pieces of business functionality that are independently developed, deployed, and managed. 

With a microservices architecture, an application is built as independent components that run each application process as a service. 

These services communicate via a well-defined interface using lightweight APIs. Services are built for business capabilities and each service performs a single function. Because they are independently run, each service can be updated, deployed, and scaled to meet the demand for specific functions of an application.


Microservices Enabled Banking Example: 

 Monzo is a UK based neo-bank that has written extensively about their API-first approach and how they scale, secure, and manage over the over 2000 microservices that power their banking experiences. 


API First


A: All functionality is exposed through an API. 

API-first is a product-centric approach to developing APIs. It views the role of APIs as discrete products, rather than integrations subsumed within other systems. 

 Developing and managing microservices in an API-first approach means that APIs become key inputs to determine & define product functionality.  This means that the people developing against your API are your users, and your API needs to be designed with those users in mind. 

An API-first mindset requires adopting product management best practices to ensure the services evolve to meet the needs of users (developers), particularly around the characteristics of flexibility, interoperability and reusability.   


API-First Banking Example: 

Citibank is one such organization that follows an API-first approach in its path to digital transformation and empowers a developer ecosystem for innovation. Citi’s global consumer bank serves 62 million clients in 35 countries and uses APIs to build many of its consumer facing digital products. 


Cloud Native


C: SaaS that leverages the cloud, beyond storage and hosting, including elastic scaling and automatically updating.  

 Cloud-native technologies empower organizations to build and run scalable applications in modern, dynamic environments such as public, private, and hybrid clouds.  They feature containers, service meshes, microservices, immutable infrastructure, and declarative APIs to exemplify this approach. 

 Cloud-native banks leverage core banking systems built in the cloud and for the cloud to enjoy benefits such as scalability, flexibility, availability and elasticity, amongst others. 


Cloud Native Banking Example: 

 In September 2021, JP Morgan Chase announced that it would migrate its retail core banking assets to the Google Cloud Platform and leverage Thought Machine cloud native core banking system. 


Headless


H: Headless architecture enables an organization to evolve from a monolithic approach to service delivery to an ecosystem model.  

Front-end presentation is decoupled from back-end logic and channel, programming language, and is framework agnostic. 

Enables the ability to seamlessly embed secure banking services into a variety of customer touchpoints.   e.g., Apple Pay, ACH money transfers, budgeting and billing platforms.


Headless Architecture Banking Example: 

Using the API’s available through Temenos core banking platform, EQ Bank was able to act as a deposit-taking backend for Wealthsimple to launch high-interest savings account offering to WS clients in Canada. 

 

In the image below, we’ve highlighted some of the intended outcomes FI’s can expect to benefit from as they undertake the development of a digital transformation strategy and embark on a journey that can only be described as iterative and incremental. Spoiler alert: the work is never doneThe goal though is that with investment and dedication it goes faster and gets easier to measure 

What is composable banking

“Almost half of the global financial services organizations are still in a very early or even immature stage of their digital transformation journey.”  

– Juergen Weiss, FI Practice Vice-President at Gartner 

Digital Transformation is the entire journey by which a financial institution seeks to digitize and automate its processes to improve its products and customer experiences and expand into newer, untapped markets with speed and greater operating efficiency.   

For those organizations that are still in the early stages of planning and prioritizing their transformation initiative, the breadth of choice, cost, and complexity can be daunting. Some of the activities required to achieve MACH characteristics require major infrastructure upgrades and the migration will most likely be implemented over a multi-year horizon.  

Status of core banking initiatives

A Composable Approach to Digital Transformation 

Developing a composable transformation approach should allow for multi-threaded initiatives that support the broader objectives. For this reason, we often work with clients to highlight one to two areas of opportunity, whereby organizations can see an immediate ROI in terms of CX and operational efficiency.   

Initiatives like implementing an intelligent document capture platform to reduce manual data entry into a Loan Origination Systems (LOS) or conducting an API Maturity assessment allow FI’s to realize immediate benefits while building transformation capability and creating foundational progress towards a future state that reflects the characteristics of composable banking.  

Curious about how you can develop a composable transformation approach at your organization? Book a workshop with Blanc Labs.

Articles

5 Factors to Evaluate Open Banking Readiness in Canada

By Steven Chung and Rishi Khanna

open banking readiness

Open banking’s first phase is almost upon us. Now more than ever, banks will need to address their digital and core systems if they wish to participate and gain from the new banking regime. The need for seamless digital experiences, especially post Covid, is shaping customers’ expectations from banks and financial institutions too. Roughly $416 billion is up for grabs and if the prediction holds true that open banking adoption will increase by 76% in the next three years, then incumbents should begin preparing themselves without delay.  

What is Open Banking? 

Open banking is a way for financial services customers to securely share their financial data with other financial institutions and third-party providers using APIs governed and regulated by universally accepted protocols. Open banking exists in several countries around the world including the UK, Australia, Brazil, and Singapore.  

The Benefits of Open Banking 

Open banking is pushing banks to innovate and play nice with Fintechs. In the UK, where open banking launched shortly before COVD-19, the use of Fintech applications for money management rose by 20% for adults and 50% for young adults. Banks, as trusted custodians of customers’ data, can take advantage of the new Fintech technologies that have sprung up as a result of open banking to deepen customer relationships and retain them by providing valuable insights on their personal or commercial finances instead of just facilitating transactions.  

5 Factors to Assess Open Banking Readiness in Canada 

The first phase of open banking in Canada will begin in January 2023. Many banks and credit unions are in the midst of preparing themselves for open banking. But just how ready are they? 

 Here are 5 Factors recommended by Blanc Labs to evaluate if you are ready for open banking: 

Factor 1: Your core and digital banking systems are up to date 

Your financial institution’s core and digital banking systems are scalable, compatible with other new technologies. You have web-banking and mobile banking platforms for retail and commercial customers. Most processes are automated, minimizing manual intervention. The core banking and digital channel systems are cloud-native 

Factor 2: You have identified business use cases for open banking 

You have identified use cases for open banking at your institution and you would now like to invest in an API-led ecosystem to monetize your data. Open banking use cases could include Account Aggregation, BNPL (Buy Now Pay Later), and Tax preparation.  

Factor 3: Your organization is united in reaching its transformation goals 

You have a non-traditional approach to growth and view open banking as a strategic imperative towards creating new lines of revenue for your business. As such, you have budgets dedicated to open banking efforts. You are looking at ways to improve how to use your data through TPPs (third-party providers) to create relationships with other financial institutions and non-banking entities and turn them into new offerings for your customers.  

Factor 4: Your API-ecosystem is mature 

Your organization has been creating APIs for internal and external consumption for some years. There is a standardization and documentation around maintenance, governance, security, and management of APIs. There is visibility over the entire API catalogue and tooling to track and monitor API performance. You participate in agile data partnerships with Fintechs, which means your onboarding processes are thorough, but quick.  

Factor 5: You can operationalize APIs and use them as products 

That leads us to the final step. Your organization can support third-party use, both in terms of system bandwidth as well as security. Your systems can take high traffic load. You are primed to use API-as-a-Product.  

Do you have an Open Banking strategy? 

Still unsure? Apart from readying the underlying enabling technology considerations, Open Banking is fundamentally a business decision and a discussion about how to best compete and win in the new banking environment.  Here is a handy Digital Maturity Assessment from Axway that can help you figure out what stage you are at and what to do next. Blanc Labs in partnership with Axway offers an Open Banking Strategy Workshop that can help you: 

  1. Define your financial institution’s goals for growth 
  2. Analyze the current state of your organization and what you need to meet your long-term goals 
  3. Identify challenges that you need to beat to ensure you can take full advantage of open banking 
  4. Zone in on use cases that will give you the biggest ROIs and the fastest time to value 

Book an Open Banking Strategy Workshop with Blanc Labs to learn more.

Articles

Open Banking API Challenges: 4 Areas That Need Intervention

By Steven Chung and Bob Paajanen

woman solving api integration challenges

As financial institutions find their way into the digital world, they face competition from several non-bank forces, including FinTechs and Big Tech companies like Apple, Google, and Amazon. FinTechs and Big Tech have begun rewriting the rules for the finance industry creating new ways of banking and new revenue streams. By offering speed, innovation, and unbundled financial services, digital non-banking entities are luring away customers from banks and credit unions. Open banking promises financial institutions an entry into the changing banking ecosystem by tapping into third-party application programming interfaces (APIs). But without the right strategy, banks may find themselves saddled with high costs, low time to value, vulnerable data systems, and no ROI to show.  

API Challenges 

As API adoption grows, so does the concern around how these APIs will be built or bought; how they will be managed; and the security and privacy risks that they present.  

API Standardization and Documentation 

The biggest concern around API adoption is standardization with more than 52% of organizations finding it a challenge. Unfortunately, there is no universal identity management framework which means that companies must rely on their developers to build their own management systems. Without proper documentation or style guides, different teams of developers within the organization may come up with varying standards for how the APIs are built and consumed, leading to issues with integration and management. The ‘State of Software Quality: API 2021’ study by SmartBear found that 54% of respondents pegged “accurate and detailed documentation as the second most important characteristic they needed in an API as an API consumer, ease of use being the topmost. Yet, close to 40% of the respondents did not use API management software or were using an in-house API management tool.  

API Security  

As banks use more APIs to enable digital businesses and provide web and mobile experiences to customers, the chances of security breaches also go up. There have been several incidents of API attacks and data leaks this year alone. API security is made worse by the fact that many organizations lack an inventory of the APIs they create or use from third parties. Research firm Gartner found that the common theme among many of the API breaches was that “the breached organization didn’t know about their unsecured API until it was too late.” Sadly, there is no tool that will automatically discover vulnerabilities in the APIs. Implementing API threat protection and access control will require endpoint security (processes, infrastructure, and protocols). Without an API management platform in place, this will present further challenges.  

“By 2022, API abuses will move from an infrequent to the most-frequent attack vector, resulting in data breaches for enterprise web applications.”
Gartner (2021)

API Governance standards and privacy regulations 

Government-dictated compliance frameworks around APIs are still some time away for Canadian financial institutions. This means that developers at banks and credit unions must rely on varying standards, including security standards, when it comes to how API integrations will work and be used. Without governance standards, financial institutions run the risk of exposing themselves to fraudulent third parties and exposing customer information in ways that could be used against their interests.  

API Reliability & Performance 

To support new functionalities and user experiences, developers in financial institutions are relying more and more on third-party APIs, APIs from business partners, and from other business units within the enterprise. Many of these APIs are licensed from providers that also look after their daily operations. Due to the composite nature of these applications, an outage with one third-party API can impact any application that is using that API. As of April 2022, there were close to 7.8 million failed API calls in the UK according to Open Banking Implementation Entity (OBIE). The financial entities with the most failed calls are the big banks including Barclays, Lloyds, and HSBC. Frequent API errors create a negative impact on customer experience and may lead to discontinued product use.  

Is your bank ready to adopt open banking? 

API integrations are a necessity as we move towards an open banking system. Financial institutions must have a clear strategy on how they want to implement, govern, monetize, and market APIs to ensure a frictionless customer experience and better business results.  

Blanc Labs has partnered with Axway to provide specialized solutions that make API integrations and management more efficient and cost-effective. Benefits of our unified API platform include:   

  1. Increased productivity, as developers are easily able to find and repurpose APIs instead of duplicating efforts or wasting time searching for them.   
  2. Less technical complexity by unifying and simplifying API services across the organization  
  3. Better security through a unified view of all APIs  
  4. Faster upgrades of legacy systems through an API-first layer allowing you to add new services more easily  
  5. More robust governance through centralized documentation that multiple teams of developers can reference 

Book a demo or discovery session with Blanc Labs to learn about the impact of our API solutions for banking. 

 

Articles

Are your APIs causing more pain points instead of solving them?

By Steven Chung and Bob Paajanen

Now, more than ever, banks are looking at ways to modernize their core technology to meet customer demands for speed, personalization, and seamless digital experiences. For the banks, a large part of that involves securely exposing customer data to third-party systems and consuming data from them. A simple example of this is using your bank credit card to pay with an app such as Google Pay or Apple Pay. For this data exchange to take place, banks build their own application programming interfaces (APIs) or use third-party APIs to interact with other systems. From a digital transformation viewpoint, APIs are indispensable in making banking services more open.

A study on APIs in banking by McKinsey found that nearly 70% of the surveyed banks planned to double the number of internal and third-party APIs and triple the use of public APIs. However, not all API integrations are successful. Close to 40% of the banks mentioned above did not have an API strategy or were still evaluating APIs. Mismanagement of APIs only increases operational issues, decreases productivity, pulls up costs, and delivers incremental results at best. Here we explore five API integration challenges and how to overcome them.

API Integration Challenges

Put simply, APIs are supposed to make it easy for disparate systems to work together. But poor integration can have the opposite effect, leading to silos, duplication of efforts, and rising costs. Some of the API integration challenges include:

  1. Technological Complexity
  2. High Costs
  3. Security Risks
  4. Time Consumption
  5. Varying systems

Technological Complexity

API integration is not an easy process. In fact, of all the digital transformation initiatives, API integration may be the most daunting. The reason for this is that integrating APIs requires an overhaul of the bank’s core systems. Understandably, many banks and credit unions are reluctant to change their core systems in one go as seen in the chart below. Yet, 75% of banks state that the number one reason for focusing their corporate banking strategy on APIs is “improving internal corporate banking processes, workflows and product management.”

Intention to replace core systems

To carefully integrate APIs while upgrading core systems at a pace that is suited to the bank requires a team of experts including highly skilled developers that come with a heavy price tag.

High Costs

Hiring a team of experts to execute APIs is only one part of the cost of integrating APIs. The question for many financial institutions is one of build or buy as this requires significant financial resources, a dependable developer ecosystem, as well as a strategy to monetize these APIs so current costs may be justified. Building a single API can cost upwards of $10,000 (as of 2020) depending on the complexity of the integration and the times it takes developers to build it. Buying APIs may come at a lower cost. Either way, there is no getting around the expense of building APIs and integrating them with core systems.

Security Risks

In Canada, the number of stolen records went up by 4,379% between 2015 and 2020. A data breach in Canada costs approximately $6.35M CAD. The use of APIs is reliant on web-based applications, which means that they are more open to threats from hackers and ransomware. Add to this the fact that a data breach can severely damage the reputation of an organization. API integration projects require hiring a team of security experts as well as updated security protocols.

Time Consumption

Setting up an API connection and integration module can take anywhere from a few weeks to months. This is the time when the development team will learn the logic and architecture of your platform and work to reduce bugs, among other things. Financial institutions that choose the wrong API solution may find that they are losing out to the competition by coming in last.

Varying systems

Within APIs and API systems, there are all kinds of architectures and software. Every system has its own logic and therefore each integration has its unique challenges. With every new system that developers work with, they need time and expertise to integrate APIs with those systems. Therefore, with multiple integrations, the process does not get faster and only becomes more complex

How to overcome API integration challenges

API integrations are a necessity as we move towards an open banking system. Financial institutions must have a clear strategy on how they want to implement, govern, monetize and market APIs to avoid high costs, duplications, and incremental gains.

Blanc Labs has partnered with Axway to provide specialized solutions that make API integrations more efficient and cost effective. Benefits of our unified API platform include:

  1. Increased productivity, as developers are easily able to find and repurpose APIs instead of duplicating efforts or wasting time searching for them.
  2. Less technical complexity by unifying and simplifying API services across the organization
  3. Better security through a unified view of all APIs
  4. Faster upgrades of legacy systems through an API-first layer allowing you to add new services more easily
  5. More robust governance through centralized documentation that multiple teams of developers can reference

Book a demo or discovery session with Blanc Labs to learn about the impact of our API solutions for banking.

Articles

4 Ways APIs Can Improve Your Bank

by Bob Paajanen and Steven Chung

Man using banking APIs for transactions

With the urgent need to catch up with FinTechs and appease customers, there is a lot of discussion today around digital transformation in banks and how technology can improve both the customer experience and the bottom line. The word API is thrown around, but few understand the tangible impact of how APIs can improve your bank. In this article, we break down what APIs can do and the areas in which they can significantly change the ways in which banks operate.   

What is an API? 

An API or Application Programming Interface allows disparate systems to communicate with one another. Think of APIs as waiters at a restaurant—they take your order and relay that order to the kitchen. The kitchen prepares your order, and the waiters bring it back to you. The waiter here is a middleman that relays important information that is within the framework of the menu (defining what information should be shared) in a format that is understood by the kitchen (structured data).  

The most common examples of APIs include “login using Facebook” or “login using Google” which use APIs to connect your Fb and Google accounts to a third-party website.  

The use of APIs increases flexibility, increases efficiencies and therefore improves the user experience.

What are banking APIs? 

Banking APIs are specific to banking software. Since the pandemic, the demand for APIs has grown as customers expect real-time 24/7 support across all banking functions. Using APIs can allow the bank’s systems to talk to one another thereby providing the customer with a unified and seamless banking experience.  

The use of banking APIs is up from 35% in 2019 to 47% in 2021 and another 25% of banks and credit unions plan to invest in APIs by 2022.  

Using APIs not only connects legacy systems to one another but gives financial institutions the opportunity to reimagine how their operating model works, what the customer journey should look like and how they would like to interact with customers. Indeed, the use of APIs today, according to PYMNTS, could be compared to getting the “proverbial plumbing in place to enable new digital experiences.” 

Source: Business Insider

APIs and the future of Open Banking

Open banking is a system where banks enable their financial data to be securely accessible to third parties with the use of APIs. Using APIs gives financial institutions access to new banking technologies such as digital lending, online mortgage approvals, digital payments, account opening, engagement tools, analytical tools and a host of other functionalities, while also empowering customers to have more control over their data.  

What can APIs do for your bank?

There are many types of APIs created for a variety of functions. In this article, we will focus on four of the most common types of banking APIs and how they can help in your digital transformation and modernizing efforts.  These are:

  1. Integration
  2. Connectivity
  3. Platform Banking
  4. Innovation

Integration

Banking systems set up even five years ago are now considered legacy systems. Such legacy systems don’t usually communicate well with newer technologies.  Failure to keep up with the consumer or regulatory demands of today may render the bank obsolete. This is where APIs come in. Instead of replacing legacy systems—a time-consuming and expensive process—APIs can help legacy systems communicate with new software at a fraction of the cost and twice the speed. A good example of APIs integrating banking systems would be providing a branch locator (using mapping software like Google Maps) on the bank’s mobile app.  

With advancements in technology and frequently updated regulatory requirements, integrating legacy systems with newer technologies is no longer a choice but a necessity.  

Connectivity 

As services such as personal financial management become more automated across various functions within the bank, there is a growing need for better governance of user data, including customer checking and credit history.  

Because APIs also regulate the information that they share between systems, they can filter out relevant information to a third party without disclosing every detail. They can also time how long the information will be available to a third-party program. For example, credit history may be available for only 30 days.  

APIs available today, especially REST APIs(or web-based APIs), are lightweight, faster, more scalable, and offer real-time connectivity, making them a perfect use case for mobile applications.  

Platform Banking 

Many non-bank businesses such as FinTechs today opt for the banking-as-a-platform strategy, where APIs are used to connect the non-bank business to a bank. With the use of APIs the non-bank business can use the bank’s license and regulatory framework, thereby offering banking services without being banks themselves. This means lower operations costs, which they can pass on to the customer in the form of lower fees and better rates. Banks on the other hand can take advantage of the newer technologies offered by the FinTechs to improve their service offerings without having to build them themselves.  

An example of this is Tangerine Bank, a no-branch “bank” that offers banking services like savings and checking accounts using Scotiabank’s banking license to operate. APIs allow seamless, real-time connectivity for Tangerine customers, allowing them to access their banking information on their mobile app.  

Innovation 

The ability to plug-and-play innovative technologies means that banks can now offer a variety of new products while creating better efficiencies at the back end. Using APIs, banks can circumvent an overhaul of their legacy systems, improving bits and pieces at a time. This will save banks both money and time. APIs also allow banks to integrate products and services in a modular way. This gives them a wider choice of vendors, and with that comes better control of price, quality, and delivery.  

Banks need not always depend on third parties to add on new products and services. If they decide to go their modernization route themselves, they can use APIs to standardize the process and add tools without making drastic changes to the underlying system—something that most banks prefer.  

APIs can also help connect one banking system to another. For example, an API can connect the lending workflow with a customer’s personal banking workflow. This connection can provide better efficiencies, reduce manual work, and improve employee satisfaction. APIs can also integrate automation tools such as end-to-end journal entries, loan document processing, and report creation on top of legacy systems, saving time and cost. A 2019 report by Accenture predicted that banks would see a productivity gain of US$ 59 billion by 2025 thanks to automation. This number is probably higher in the context of the pandemic, which forced banks to automate and modernize their processes even more aggressively.  

Current Challenges with API integration 

While many banking institutions recognize the benefits of APIs, integrating them into the banking system is not without its challenges. This is especially so when you have multiple teams across geographies using a variety of API tools and vendors. This leads to duplication of efforts, further complicates the system and therefore leads to a loss in productivity.  Using the right API platform can take care of these issues while giving the additional benefit of security and governance.  

Integrate APIs in your banking system with Blanc Labs 

APIs offer an exciting future for banks. It is imperative that banks take advantage of new technological products and services and leverage open banking, so they are not left behind in the race with FinTechs and other competitor banks.  

Blanc Labs offers APIs that unify all ledgers and functions so that banks can get a true 360-degree view of their customers and help banks upgrade systems to meet regulatory standards.  

Book a demo or discovery session with Blanc Labs to learn about the impact of our API solutions for banking.  

Interested in hearing how we can accelerate your digital transformation?