API’s & PSD2
While Application Programming Interfaces (APIs) were by no means invented by the financial services industry, since the announcement of the European Payment Service Directive 2 (PSD2), geared at stimulating competition in the electronic payments market, the use of APIs has been widely adopted by banks and financial institutions as a means of conforming to the new regulation, changing the future landscape of the industry.
Of the 28 countries impacted by PSD2, 24 have already applied the legislation into national law. Although the PSD2 does not explicitly call for the use of APIs, many in the banking industry have opted for adopting open banking API portals as a way of conforming to the new regulation which calls for a dedicated or direct interface with third-party service providers enabling them access to payment accounts
What is an API?
Even if you aren’t familiar with the term, you have probably already used an API. An API or “application programming interface” is a technology protocol that allows software programs to communicate with each other and provides developers with access to backend data and services they might otherwise not have access to. A common example of this type of technology is the Google Maps API, which allows developers to embed google maps into any website or application granting users of those website or application access to Google Maps data. Applying this technology to financial services sector means that banks are now able to securely share account transaction history and allow for payments to be executed with Third Party Payment service providers (TPP). Ultimately this will lead to improve financial services applications.
While providing this type of data openly might seem like a security nightmare, uneasy consumers (called PSU in PSD2 for Payment Service User) can be assured that the PSD2 has set out rules and regulations to impede the improper use or handling of account and payment information. Firstly, it is important to note that no consumer data can be shared without the consumer’s consent with a strong and secure authentication (Secure Customer Authentication , SCA). Additionally, regulation stipulates that developers using open APIs in the financial services industry undergo a vetting and monitoring process. Approved payment service providers orregulated Third-Party Payment service providersare recorded on national registers. Organizations such as the Euro Banking Association (EBA)in Europe[MK1] maintain registers for this purpose. As of March 18th this year, the EBA launched its central electronic register which will provide payment information on thousands of payment and electronic money institutions as well as 150,000 agents within the EU. As an additional measure, more than a few banks have taken further precautions by limiting their API access only to developers which register directly with their bank.
Whilst the PSD2 regulation may have set the machine into motion, the buzz surrounding APIs has many speculating the potential this technology may have for payments services and for corporate treasury. One could imagine this technology could allow treasures to gather or monetize their banking information with the added benefit of next to real-time insights on payment status and reporting.
Amongst the first APIs released by banks, there are a few that seem to be most consistently present. While the detailed functionally may vary from API to API, of a random pool of 50 banks, the top 5 trending APIs included:
Some banks are also putting a focus on applications of APIs for corporate clients:
- BBVA: Business Global Position API – “Discover the financial position of your company at a glance.”
- JP Morgan: Treasury Payments – “Treasury Payments lifecycle – from initiation to visibility, reconciliation and reversal.”
- JP Morgan: Treasury Reporting – “Retrieve real-time reporting around your transactions, account balances, transmissions.”
- Arkea: Beneficiaries – “Get the list of trusted beneficiaries of an Arkea payment service user.”
- Wells Fargo: ACH File and Batch Status – “Check the status of ACH files and batches originated through Wells Fargo channels.”
- aXess by Standard Chartered: Collect Money – “Enable collections for corporate entities.”
- OCBC: Corporate Account Listing – “Provide clients with an overview of all their OCBC corporate accounts.”
The reality is, however, we are still in the beginning stages of the open banking era. Some banking players have hit the ground running leading the way with providing a more extensive range of APIs available for developers (BBVA, Citi, DBS, Royal Bank of Canada, OCBC Bank, Wells Fargo) while others are still testing the waters with three or four of the top trending APIs. Additionally, APIs are not always globally applicable and may only apply to certain branches, countries, or regions. However as this is the first year in which bank are required to comply, portals are in constant development and will most likely be enriched as time goes on as more standardization and knowledge sharing takes place. The service is required to be live by September 14, 2019. Most banks have already exposed their API to a sandbox to allow TPP to develop the service in order to be ready for the go live date.
Portals are developing daily, if you would like to visit the some of the API portals reviewed for the purposed of this article and the APIs which are made available visit some of the provided links below:
For references or further reading please visit: