Open Banking API Standards: What are the Options? How Do I Choose?
The financial services industry has long embraced standards as a way to simplify data exchange and integration between banks, clients, central banks, securities firms, and other market infrastructures. But some would argue (I certainly do) that there are too many standards, and as new standards are introduced, the old ones are never retired. For example, the European Central Bank mandated the use of the ISO 20022 XML standard for SEPA payments, but elsewhere in the world, the ISO 20022 standard is being used alongside decades-old domestic payments formats and information reporting standards.
With only a few weeks left before PSD2 comes into force in Europe, let’s take a look at how standards are evolving for Open Banking APIs, the preferred integration method used by banks to give third-party providers access to customer information and to initiate payments.
As I talk to bankers and solution providers about Open Banking APIs, they often lament the lack of API standards for common data elements such as customer records, account balances, account transactions, payment initiation, ATM locator, etc. In fact, there are a plethora of standards, all different from one another.
- Open Financial Exchange (OFX): OFX is a leading bank standard for financial data access, traditionally relying on user’s login credentials to access financial data. OFX is deployed at over 7,000 financial institutions and is used by providers such as CheckFree, Intuit, and Microsoft to support financial data exchange. The OFX Consortium released OFX Version 2.2 for comment in July 2016. OFX Version 2.2 supports OAuth tokenized authentication, supporting API access to financial data. The Consortium includes founders CheckFree, Intuit, and Microsoft along with Xero, Finicity, Silicon Valley Bank, and others.
- Durable Data API (DDA): An industry working group from the Financial Services Sharing and Information Sharing and Analysis Center (FS-ISAC) released DDA in May 2015. This working group comprised several financial institutions as well as a small number of financial data third parties. DDA was intended to improve data exchange relative to OFX. Fidelity Investments and other large financial services firms have adopted the DDA standard for data sharing.
- NACHA API Standardization Industry Group (ASIG): The AISG is working to standardize the use of APIs in the U.S. financial services industry by creating an “API Playbook” or standards framework. The group has identified 16 APIs that it will develop to support payments industry advancement in the areas of Fraud and Risk Reduction, Data Sharing, and Payment Access. Group participants include banks, credit unions, solution providers, and central bankers.
- UK Open Banking Standard: Open Banking has created 8 APIs for consumer and business current accounts, SME loans, commercial cards, ATM locations, and branch locations. Open Banking does not provide direct access to live API endpoints. Rather, these are implemented and supported by each API provider. The API Dashboard lists all available API endpoints, and show which API version is supported by each provider.
- The Berlin Group NextGenPSD2: The Berlin Group is working on a detailed 'Access to Account Framework' with data model (at conceptual, logical and physical data levels) and associated messaging, based on the EBA Regulatory Technical Standards (RTS). A list of participating banks and service providers can be found here. The draft specification is targeted to be published for consultation in Q4.
- CAPS (Convenient Access to Payment Services): The CAPS market initiative is a large multi-stakeholder coalition that proposes solutions to the technical, business and operational issues faced by potential PSD2 stakeholders across Europe. Banks, TPPs, Fintechs, service providers, corporates, and other financial industry stakeholders are working together here to develop a framework. That said, participants are primarily solutions providers.
- OpenID Foundation Financial API (FAPI) Working Group: The FAPI WG aims to provide JSON data schemas, security and privacy recommendations and protocols to: 1) enable applications to utilize the data stored in the financial account, 2) enable applications to interact with the financial account, and 3) enable users to control the security and privacy settings. Both commercial and investment banking account as well as insurance, and credit card accounts are to be considered. A working draft of FAPI’s Open Data specifications can be found here.
I recommend that if you are a financial services firm starting to develop Open Banking APIs from scratch, that you consider using one of the API standards that works best for your client base, and that hopefully is seeing a growing adoption curve.