Open Banking APIs: A Guide for Fintech Founders

The Open Banking initiative ensures that banks provide secure and controlled access to customers’ financial data via Open Banking API, given the customers’ consent. This allows fintech businesses to build feature-rich offerings atop bank infrastructures and ecosystems. 

While this sounds promising, there are many challenges connected with Open Banking API integration. Knowing how to overcome them will help you succeed in your fintech endeavor. This article will provide you with a clear Open Banking definition, as well as some tips and best practices on building and managing a successful product using the Open Banking capabilities. 

200+ companies from 25 countries outsourced software development to Relevant

We provide companies with senior tech talent and product development expertise to build world-class software. Let's talk about how we can help you.

Contact us

As a company that has built dozens of high-grade fintech software solutions, Relevant has ample experience with Open Banking API integration. And we know exactly what information managers need to lead the fintech development team, so keep reading!

What is Open Banking, and how it works

Let’s start with an Open Banking definition to ensure we all stay on the same page.

Open Banking is an initiative backed by the UK government to allow better collaboration between banks and fintech service providers using Open Banking APIs. It improves the user experience but requires explicit consent from bank customers.

By providing a secure way for banks to share their customer’s financial information with third-party providers (TPPs), Open Banking offers a wide range of opportunities for small-to-medium businesses, helping them deliver value to customers.

The data Open Banking provides access to includes transaction history, bank account details, credit statements, and other information from banks and non-bank financial institutions, accessible via Application Programming Interfaces. 

As far as users are concerned, Open Banking allows them to conveniently use products and services from banks, fintech companies, and other entities regulated by the Financial Conduct Authority (FCA) and its EU analogs.  

The Open Banking initiative is supported by the Payment Services Directive 2nd edition (PSD2) enacted as of 2016 across the EU. This fundamental piece of regulation outlines the specifications and best practices to follow when providing financial services to customers and processing their data. Relevant has already covered how this affects the financial landscape in the UK.

Open Banking glossary

If you feel overwhelmed with all these industry-specific terms, here’s a little glossary to help you get everything sorted out.

• TPP or Third Party Provider. It is you, the developer of a fintech product or service, who needs API access to the bank’s digital infrastructure.
• ASPSP or Account Servicing Payment Service Provider. It’s the bank that has to provide this access.
• TSP or Technical Service Provider. It’s a company that builds platforms supporting Open Banking API architecture.
• PSD2 or the Second Payment Services Directive. It’s the fundamental set of standards all regulated providers must adhere to.

We will use these terms extensively throughout the article. You will also encounter them once you dive into the documentation necessary to implement Open Banking for your product. But first, let’s really consider its advantages and disadvantages.

Open Banking API: Pros and cons

Open Banking APIs help form an ecosystem of interconnected apps that simplifies the financial activities for customers and creates more value delivery lines for businesses. Imagine using a centralized Open Banking app for budgeting and managing all your bank accounts. In addition to that, you can have a single dashboard for uniformed identity verification and credibility checks for obtaining mortgage or loan approvals. The range of Open Banking API use cases is vast and grows daily.

But, of course, Open Banking is not all roses, so we’ll discuss its shortcomings too.

Open Banking pros 

Every party involved in Open Banking benefits from: 

• Customization and personalization of services. Customers get convenience in using financial products and hyper-personalized bank offers that meet their needs and expectations.
• Centralization of services. It’s easier for customers to have a centralized dashboard to manage all their financial activities than having to use a bundle of standalone fintech apps.
• Financial market growth. Cooperation boosts productivity, opening new revenue and value delivery streams for all participants of the financial services market.

In general, Open Banking advantages vastly outweigh the downsides when implemented correctly. Still, we must mention the shortcomings to give you the full picture.

Open Banking cons

Most challenges with Open Banking stem from the complexity of its implementation. There are many moving parts and parties involved, so everything has to run like clockwork to work correctly:

• Cybersecurity requirements. Since a single bank account aggregation API is used to gain access to multiple bank accounts, it becomes a viable honeypot for hackers. So, including strong cybersecurity measures becomes paramount in Open Banking API software development.
• Technology implementation. There are nearly 5,000 banks across the EU and several dozen thousands of businesses in other industries. Building APIs that can work with the majority of the market can be time- and resource-consuming.
• Disparate fintech products. The market does not always listen to government-backed initiatives. There already is a wide variety of successful fintech products that do not adhere to the Open Banking regulations and provide an outstanding level of services. Convincing the customers to replace such tools with Open Banking-compliant ones might be a daunting task.

Despite that, the Open Banking community grows stronger as more service providers operating in different domains are joining the initiative. The reason is simple: the robust Open Banking API capabilities provide immense business opportunities.

Open Banking API capabilities

Open Banking API has a lot to offer. Here’s a list of API calls TPPs can make to banks thanks to it:

• Get account—request a list of all customer’s banking accounts
• Get balances—request a list of balances for all these accounts
• Get transactions—request a history of transactions for said account
• Get beneficiaries—request from a bank to get the account beneficiaries data
• Get direct-debits—request to a bank to provide the direct debits data for a specified account 
• Get product—request to a bank to provide the list of products enabled for a specified account
• Get standing-orders—request to a bank to list all the standing orders for a specified account
• Get party—request to a bank to provide account holder’s business details 
• Get offers—request to a bank to provide a list of offers available to a specified account 
• Get scheduled-payments—request to a bank to provide a list of scheduled payments for a specified account
• Get statements—request to a bank to provide a summary of transactions for a certain period for a specified account
• Get statement transactions—request to a bank to provide details of transactions for a certain period for a specified account

This is just the tip of the Open Banking API specification iceberg, but these API calls demonstrate the enormous range of possibilities offered by bank API integration. 

How do various service providers access customer’s financial data?

First of all, to get access to a customer’s financial data, TPPs have to comply with the GDPR (General Data Protection Regulation) and PSD2 directives and be authorized by the Open Banking Implementation Entity in the UK or its analogs in the EU.

Next, the TPPs should get express consent and permission from users to act on their behalf, the so-called consent access token. Only then will the banks share the user’s data with TPPs. Let’s take a look at this process in more detail.

Open Banking API security workflow

Compared to traditional API interactions, the key challenge with Open Banking data security is that TPPs don’t access their own data during a transaction. They need to access the financial data belonging to customers on the behalf of the latter. That’s why traditional API keys don’t work. Instead, there needs to be a token that serves as proof of the customer’s consent for TPPs to access the data. 

The workflow looks like this:

Here’s what happens along that journey:

1. A customer gives a TPP express consent to access their data and authorizes the TPP to act on their behalf. This is usually done by pressing the “I AGREE” button in the app.
2. The TPP forms a time-limited token representing this consent. The token contains the access rights requirements and the time limit till the token expires.
3. The TPP authenticates with the bank and sends the customer’s token.
4. The customer receives a request from a bank to authorize this token.
5. The token is authorized by the customer.
6. The bank grants TPP access to the customer’s data.
7. The data is taken and rendered by the TPP product, and the token expires.

There are multiple ways to implement every step of the Open Banking API security flow, so you will be able to select the one that fits you best. 

Open Data use cases

We’ve covered the theory, and now it’s time to dig into some use cases. 

Digital identity services

Banking information is an important part of digital identity management and verification. Open Banking allows gathering, securely storing, and transparently processing customer data for businesses, governments, and public organizations. It is also important because digital identity services allow banks to validate customer identity when a TPP requests data on their behalf. 

KYC process automation

Know Your Customer (KYC) identity checks are required to prevent fraud. Whenever a customer performs a transaction, a business must ensure the person behind the request is actually the one they claim to be and not a criminal. KYC automation using Open Banking APIs helps quickly gather relevant financial information associated with the customer for verification.

Transaction monitoring

It’s a part of anti-money laundering (AML) procedures used by financial organizations to prevent fraud. Transaction monitoring helps detect abnormal or fraudulent activities and prevent them in time. Using AI algorithms to detect normal transaction patterns allows to quickly identify and alert the user and the bank if there’s an attempt to make an unusual transaction.

Financial management services

Centralized financial management of funds in disparate banking accounts can help businesses and individuals get more value with less effort. For example, this removes the need to export all data in a specific format like MT940 because the data is transmitted directly over the API.

Onboarding process automation

Automation of paperwork and workflows associated with corporate banking customer onboarding is a relief for everyone. Using aggregated data instead of finding hard-to-obtain financial documents allows customers to apply for banking account registration quickly and easily.  

Multi-banking services

Wouldn’t it be great to offer centralized management of funds and transactions for all the customer’s bank accounts in a single platform? Open Banking API helps you implement this. Multi-banking apps like Tink, Zuper, Outbank, or Isabel are among the most popular real-world Open Banking API examples. 

Business payment initiation services

This use case includes the support of direct payments between bank accounts, omitting the Visa/Mastercard credit/debit card fees. This allows businesses and individuals to optimize and speed up their cash flows and funds turnover. Open Banking is the foundational element in the niche.

Risk scoring algorithms

These algorithms are part of risk management processes in debt management, retail, gambling, mortgage, healthcare, insurance, and other industries. Applying this kind of algorithm via API helps to dramatically reduce the time needed for loan application processing.

Transaction reconciliation services

Transaction reconciliation is rapidly gaining popularity. Checking customer transaction logs for discrepancies and rectifying any issues helps in chargeback mitigation, fraud prevention, and other personal and business financing areas. 

Product comparison services

Product comparisons include aggregation of data regardless of the industry and niche, be it online retail or banking services. This information can help banks prepare personalized offerings to convince customers to switch from a competitor to them. 

Income verification services

Income verification is a part of anti-money laundering workflows. Besides, it is useful in validating a customer’s eligibility for certain financial services and preparing personalized banking offers. 

Credit scoring algorithms

Credit scoring is a part of risk management workflows responsible for loan application processing. By providing clear and transparent access to the entirety of their financial statements, the customers can support their claims and prove they can pay the loan in time. 

Subscription management services

The COVID-19 pandemic resulted in a skyrocketing number of subscriptions to various online entertainment services. Using the Open Banking API to centralize subscription management is a trend that quickly gains popularity.

Retail payment initiation services

Payment initiation covers direct transfers of funds from and to any banking accounts and from any device. This use case is booming with the growing digital economy as customers value mobility and streamlined financial transactions.

Open Banking: Customer experience guidelines

Open Banking seems promising, but people will only use it if they feel comfortable sharing their data and know it’s secure. Thus, creating a positive customer experience is one of the pillars of Open Banking implementation. The UK government prepared detailed guidelines for this, and we’ll just cover the key points here.

Open Banking services and digital products must enable the following:

• Informed decision-making. Customer journeys must provide easily consumable information that encourages informed decision-making.
• Simple and easy navigation. The apps must not require unnecessary steps or delays.
• Parity of experience. The customer must be able to reach the intended results with no more steps than when using the original bank’s app.
• Familiarity and trust. The customer has to use only the bank-issued credentials.

• Control. The customer should always feel in control of the situation, understand what they want to achieve, what steps they have to make to reach that goal, and what the consequences of each step are. This can be done by providing unobtrusive, intuitive, and sufficient information about each step of the journey, at the right time and at the relevant place.
• Speed. The customer must move at a pace convenient for them. While speedy execution of operations is welcome, the customer journey must leave time for consideration and voluntary approval of all actions to support the feeling of control.
• Transparency. Open Banking requires the customers to share a lot of sensitive information with their TPPs. To foster adoption and encourage using such services, the Open Banking products must be transparent regarding the goal of collecting each piece of data, how it will be processed, and what the consequences will be.
• Security. The product must ensure the cybersecurity of all the data processed and inform the customers of the measures taken in a reassuring tone. The customers must understand where their sensitive data is and how it is protected at all times.

The principles listed above create an atmosphere of trust, a comfortable digital environment where people are not afraid to share their data via an Open Banking mobile app of their choice. This will result in green light for creating even more excellent products.

Open Banking: Should I build or partner?

If you are going to enter the Open Banking arena and reap the benefits it provides, you will have to answer a series of important questions regarding regulatory compliance, cost structure, and speed to market:

• Do I want to process payments and apply for a PISP (Payment Information Service Provider) license, provide account information and apply for AISP (Account Information Service Provider) license—or both?
• Do I plan to gather and maintain an in-house compliance team or outsource the task?
• Would I prefer to partner with an existing TPP or a TSP provider instead? 
• Do I have sufficient time, man count, and budget to develop and maintain APIs to interact with 350+ banks in the UK and over 5,000 across the EU?
• Should I use a ready package from an authorized TPP and save on all the headaches?
• Which TPP provides the connections with the primary banks I want to serve?
• What is the time-to-market I want to achieve?
• Can I afford to wait for 6+ months to become an authorized TPP, or should I invest the time and money into developing our product and opt for a ready solution instead?

Answering them will help you understand whether you want to create your own Online Banking API platform or partner with the existing provider and build your offerings on top of their infrastructure.

Top Open Banking platforms

If you do decide to work with another provider, here are some TPP/TSP partners you might want to consider:

• Plaid—a US-based Open Data transfer and processing platform
• Tink—an Open Banking platform covering more than 3,400 EU banks
• Solarisbank—a Berlin-based Banking-as-a-Service fintech with a German banking license 
• Yapily—an EU-based fintech startup providing AmEx integration with its Open Banking API offers open banking API monitoring as a part of other services 

Choose the one that fits your goals best based on the Open Banking API architecture and the range of services they provide.

On-boarding your application to Open Banking Directory

If you’re ready to release your product and want to become a part of the Open Banking ecosystem, here are the four steps you need to make:

1. Licensing. Obtain an AISP or PISP license from the FCA or similar EU license based on your registration country. This demands your product/service to be PSD2-compliant and follow the Open Banking API standard outlined previously.
2. Enrolment. Become a part of the Open Banking Directory to gain access to the verified company details of all the participants.
3. Testing. Use the Open Banking Sandbox with dummy data to test how your app performs and resolve the issues that might arise with Open Banking API integration.
4. Release. After your application is approved by FCA or its analog, and your product has a proven record of interoperability with the rest of the Open Banking Directory, you can go live and release it to the customers.

One of the key concerns to address during this journey is ensuring Open Banking security, which we covered previously.

Summary

As you can see, the Open Banking initiative allows delivering value and growing revenues across multiple industries. However, you will have to make several important decisions regarding the way you want to structure your product and build your offering before you dive into the development. One of those decisions includes gaining access to a reliable TSP partner to build your APIs from scratch or integrate the ready TSP packages with your product.
Relevant can become such a partner thanks to our extensive expertise in API integration, as well as front-end, back-end development, cloud, and cybersecurity services. We can help you every step along the way. If you have any questions or want to talk about your idea, reach out to us, we’re always open for a business conversation!

FAQ