Danny Healy, financial technology evangelist, MuleSoft
The unprecedented disruption of COVID-19 has changed how consumers interact with banks; there’s been a 20% increase in digital engagement levels and a halving in the use of cash. Many banks have also needed to rapidly meet demand for new services such as ‘Interruption Loan Schemes’ to support those hit hardest by lockdown measures and, like many organizations, are operating with a partially remote workforce. Much of this change could remain even after the pandemic; one-third of retail banking customers plan to increase their use of digital banking as a more permanent shift.
As such, banks need to meet this new set of demands both in the short and long term. However, as a sector that’s built upon legacy systems, change — particularly rapid change — can be difficult to implement. The systems and processes — as well as the procedures, policies, and controls that banks employ to carry these out effectively — must be highly reliable and secure to maintain regulatory compliance and reduce the operational risk that comes with doing things differently. Any change must, therefore, be implemented carefully and with caution, but in the current climate, that cannot come at the expense of being able to respond quickly to customer needs. Banks must find a way to balance speed with managing the risks that accompany change, both now and in the future.
Ongoing operational risks
When it comes to operational risks, security is a primary concern. Banks are founded on the assumption that they provide integrity and confidentiality in customer dealings, protect customers from fraud, and ensure their details are not shared inappropriately. However, COVID-19 has seen a rise in digital transactions, in turn heightening security risks. With more transactions taking place through online channels, it becomes harder to spot suspicious or fraudulent behavior, and there is no absence of fraudsters taking advantage of the situation to target banks and their customers.
Another key area of operational risk is third-party collaboration. Whilst this can help banks respond quickly, cut costs, and offer more innovative banking services, it can also expose them to increased risk. Compliance and security can be impacted by third-party negligence, but so can the availability of a banks’ service. If a third-party’s product or service that is supporting the bank’s own offering does not work as expected, then consumers might not be able to access that offering at all. If customers are unable to access crucial financial services at any point either now or in the future, it could mean serious reputational damage for the bank. So, how can these risks be managed?
A digital tourniquet
In recent years, some banks have attempted to navigate the need for rapid change and the risks that accompany it by creating specialist digital teams. These teams are ringfenced away from the rest of the bank to reduce operational risk and remove any constraints to innovation. However, this often prevents innovation from reaching the wider bank, which still operates on monolithic technologies and systems. As such, innovation can wither at the edge and fail to deliver real impact for the bank and its customers.
Adding to these challenges, many banks are also battling with bottlenecks to innovation; 60% of IT leaders within the financial services sector reported they were not able to deliver all of the projects they committed to last year. This does not bode well for a time where rapid response and completion of new projects is key. Banks need to find a way to overcome these constraints, without creating unacceptable operational risk.
Accelerating change through flexibility
API-led connectivity can provide the solution that banks are looking for, allowing them to connect applications, data and devices without tight couplings that lead to increased risk when change is implemented. APIs can effectively act as gatekeepers for data or processes, providing a natural place to apply security controls, and maintain awareness of who is accessing resources and how. For example, this can be embedded in APIs for employee and customer-facing processes, so threats and unusual patterns can be identified early and resolved. For instance, if a customer account is accessed from Italy but the bank knows the individual is based in the U.S., it can act immediately to protect the customer.
APIs can also provide a secure, standardized mechanism for onboarding and working with third-parties as well as data-sharing within those relationships. Regulators have standardized some aspects of that in the EU PSD2 directive and the UK’s CMA Open Banking regulation. Finally, once a bank’s data is exposed in a secure, governed way using APIs, it can be more easily harnessed in new customer-facing applications within a cloud environment to meet growing demands and ensure services remain highly available.
Putting APIs to work
One bank that has adopted this approach is HSBC, which has developed an API strategy to support its adoption of cloud platforms, which increase the availability and scalability of its systems. The bank has built many APIs that expose its core capabilities in a multi-cloud application network. This unlocks legacy systems, making them available to support new services and enabling the bank to bring new offerings to its customers more rapidly. They also help to enforce policies related to security, providing the capability to feed downstream online fraud detection systems.
With the banking landscape and consumer behavior changed — possibly forever — by the ongoing pandemic, it’s clear that banks need to have the capability to rapidly respond to new demands as and when they arise. By harnessing API-led connectivity, banks can support security, availability, and third-party collaboration, whilst also managing any risks that may arise along the way. By taking this approach, banks will future-proof themselves to cope with this unprecedented disruption in the short-term and position themselves to thrive in a future that presents many uncertainties.
WHY BANKS NEED TO EMBRACE OPEN SOURCE COMMUNITIES
Nikolai Stankau, Director Business Development, EMEA Financial Services at Red Hat, the world’s largest enterprise open source solutions provider.
Banks and financial services have long been benefiting from using open source software, which is code that is developed in a decentralised and collaborative way. Open source software is cost-effective, flexible, is developed rapidly, and tends to have more longevity than its proprietary peers because it is developed by communities rather than a single author or company. According to Red Hat’s own research, 93% of IT leaders in financial services state that enterprise open source is important to their organisation.
Alongside adopting open source products, which many banks already do, there’s opportunity for these organisations to have a greater influence in the development of industry software, by engaging in ‘upstream’ open source community projects.
The advantages of engaging in upstream communities
In open source projects, code is developed as a shared process by a community of thinkers and developers anywhere in the world. Collaborating directly with these communities – what’s known as ‘upstream’ participation – can give banks a major competitive advantage on their journey to innovate. From there, software can either be downloaded at no cost, or consumed via a trusted open source vendor that secures and stabilises the software to make it suitable for an enterprise to use. This is also known as the ‘downstream’.
A company that contributes its developers’ time and resources to an open source community gets rewarded with the output of hundreds of developers working on the same code. This leads to a magnification effect, by virtue of the fact you’re expanding your team many times over while also benefiting from a much more diverse pool of talent. The result is that organisations can be captains of the product development process and work together with the community to design features and functionalities that meet their needs and keep up with customer demands.
An added benefit for banks engaging in these communities is it provides a great access point for sourcing new talent, as well as helping to retain existing talent. Developers are attracted to organisations that engage in upstream development because it allows them to be at the forefront of open source innovation and new community-led initiatives.
It’s common for multiple organisations in the industry to come together and collaborate on a project, which can drive significant benefits for the community as a whole. A good example is Fintech Open Source Foundation (FINOS), which is a community set up by banks to promote industry collaboration, by delivering software that addresses common industry challenges and drives faster innovation. The concept had its origins in Symphony, a open sourced messaging and collaboration tool that was adapted and improved upon by developers from other banks, ultimately helping the company to become a major business valued at around $1.4bn.
Where to join forces versus compete
Although the benefits of engaging in upstream communities are manifold, some organisations have concerns around intellectual property as well as the productivity of developers contributing to open source projects rather than exclusively working on the bank’s own proprietary software. To this latter point – in reality, the development of new solutions and features built inhouse often requires many months, whereas product ideas shared in a community setting can be executed in much shorter time frames. As the saying goes, many hands make light work.
Regarding the essential consideration of IP and competitiveness: a lot of where banks can differentiate is at the application layer; in the services they develop and offer, rather than at the underlying operating system or middleware foundations – these tend to be common and standard, and are what empowers organizations to get to market as fast as possible. Thus the greatest opportunity for banks lies in platforms such as Linux-based Kubernetes, which is now the industry standard for container orchestration and one of the most important technologies used in the financial services industry. Kubernetes attracts many contributors from diverse organisations all over the world.
Some IT leaders also recognise structural roadblocks: transitioning an organisation to new ways of thinking and operating is a process that isn’t achieved overnight. Not all banks have the legal or tech mechanisms in place to be able to share their code externally, and company policies can prevent their employees from engaging in open source communities. In a heavily regulated industry, it takes time for some organisations to create the necessary changes before they can harness the potential of upstream communities.
The future is open
As the software ecosystem expands, and in the face of accelerated digital transformation driven by the ‘new normal’ of the COVID-19 pandemic, banks and financial services have the opportunity to evaluate how they can get involved in open source. There are many ways to do this: they can invest financially in communities, provide technical leadership and resources, or contribute code. With organisations under more pressure than ever to gain a competitive advantage, playing a role in open source communities will help them create better products, speed up time to market and position themselves at the forefront of financial innovation.
MORE THAN REGULATION – HOW PSD2 WILL BE A KEY DRIVING FORCE FOR AN OPEN BANKING FUTURE
Ralf Ohlhausen, Executive Advisor, at PPRO
Whilst initially seen as simply a regulation exercise, the second Payment Service Directive, also known as PSD2, has been a key driving force behind Open Banking, an initiative that presents a hopeful vision for the future of the financial services sector. Thanks to the advancement of technology, the payments industry is currently seeing disruption to legacy banking systems, and a move towards a world of Open Data. With Open Banking, third-party providers (TPPs) can offer customers a wealth of new and automated services beyond their standard bank offerings, such as what products to buy or even advice on who to bank with.
PSD2 has been created to ensure that banks create mechanisms to enable third-party providers (TPPs) to work securely, reliably and rapidly with the bank’s services and data on behalf of and with the consent of their customers. PSD2 requires EU member banks to give authorised, i.e. licensed TPPs, access to customers’ accounts either via Application Programme Interfaces (APIs) or their user interfaces. It also mandates the use of Strong Customer Authentication (SCA), which requires multiple factors of authentication from a customer to initiate electronic payments and grant access to transaction data.
Despite the progress of PSD2, however, there are still challenges to overcome to achieve widespread adoption and to meet Open Banking objectives. So, what are the current roadblocks that European banks and financial services need to overcome to make Open Banking a beneficial reality for all?
Delays to API development
A crucial factor standing in the way of the acceleration towards Open Banking has been the delay to API development. These APIs are the technology that TPPs rely on to migrate their services and customer base to remain PSD2 compliant.
One of the contributing factors was that the RTS, which apply to PSD2, left room for too many different interpretations. This ambiguity caused banks to slip behind and delay the creation of their APIs. This delay hindered European TPPs in migrating their services without losing their customer base, particularly outside the UK, where there has been no regulatory extension and where the API framework is the least advanced.
A lack of awareness
Levels of awareness of the new regulations and changes to how customers access bank accounts and make online payments are very low among consumers and merchants. This leads to confusion and distrust of the authentication process in advance of the SCA roll-out. Moreover, because the majority of customers don’t know about Open Banking yet, they aren’t aware of the benefits. Without customer awareness and demand it may be very hard for TPPs to generate interest and uptake for their products.
Recently some regulators and banks, such as the Central Bank of Ireland, have made decent efforts to raise awareness of the changes with PSD2 campaigns. But it isn’t reaching the general public. When it does, it’s often because of scaremongering or fear, uncertainty and doubts around data security fuelled by incumbents to protect their business. This also isn’t the right way to approach the issue as it will lead to people being more afraid, rather than aware. Instead, it is the role of payment service providers to educate their customers about Open Banking requests or opportunities, to ensure the public are aware of the changes to payment authentication procedures when SCA comes into play and are empowered to move their data.
TPPs have a real vested interest in getting customers on board with Open Banking. They should build on their customer relationships to grow trust and raise levels of education around the changes. When customers sign up for a new service, TPPs need to tell them explicitly what to expect before they have to do it, plus what explicit consent is required to access their account information in exchange for value-added services.
Outweighing the challenges with opportunities
Although the introduction of the PSD2 regulation hasn’t been seamless for the banking and fintech industry, it is set to offer many benefits and advantages for the end-customer, and the financial industry. In fact, the regulation will create an integrated and frictionless European payments system, that will provide the customer with more choice, control and security over their finances than ever before.
One of PSD2’s primary goals is to provide greater protection against fraud for banking customers, who may have previously been open to risk through weak authentication and unregulated data-sharing practices. The new rules insist on enhanced security requirements, including the use of Strong Customer Authentication (SCA) to protect customers while making electronic payments.
Furthermore, TPPs unencumbered by legacy technology have long been able to innovate faster than traditional banks. Now, this regulation will provide regulated and secure access to customer data, allowing them to develop products even more quickly. The new regulation also promotes technology on a European level and encourages fintechs to do what they do best: innovate.
It’s also important to not forget that PSD2 regulation increases market competition allowing customers to choose a wider range of suppliers for their banking and payment services without having to switch their bank for that. The decoupling of banking services from the underlying account infrastructure will make it easier for customers to opt for the banking services that best fit their needs. It also increases the number of financial providers, services and products which customers will be able to choose from.
The future of Open Banking
The financial services landscape is becoming a firmly consumer-centric environment. Across the UK and Europe, we’ll continue to see the rollout of technologies that put control in the hands of consumers. Open Banking will be pivotal in its role, opening up new avenues and opportunities for both banks and payment service providers (PSPs).
Thanks to Open Banking, the ability to share data securely in the retail banking sector has led to a sophisticated ecosystem where the customer is in charge of their payments and choice of banking services. Over the next decade, we should expect to see the same level of transformation in our digital services and data sharing, leading to a complete rebalance of services where customers will be able to actively own their data and use it the way they like.
Europe is currently leading the Open Banking race, so the successful implementation of PSD2 and SCA is extremely important to maintain the lead and build a future with Open Finance and Open Data as well.
DON’T RISK IT ALL WITH NON-COMPLIANCE
By Paul Sleath, CEO at PEO Worldwide Did you know non-compliance costs more than twice the cost of maintaining or...
BANKIA TRANSFORMS THE CUSTOMER AND EMPLOYEE EXPERIENCE WITH BIANKA BY IPSOFT
Developed with cognitive artificial intelligence, IPsoft’s conversational agent can carry out transactional tasks, perform different roles in customer service and...
by Devan Nathwani, FIA and Investment Strategist at Secor Asset Management Defined Benefit pension schemes are one of the most significant institutional...
TOUCH-FREE AUTHENTICATION FOR ALL: WHY WE NEED A SAFER PAYMENT METHOD IN THE ‘NEW NORMAL’
David Orme, SVP, Sales & Marketing, IDEX Biometrics ASA Ever since March, when the World Health Organization encouraged people to...
WHY BANKS NEED TO EMBRACE OPEN SOURCE COMMUNITIES
Nikolai Stankau, Director Business Development, EMEA Financial Services at Red Hat, the world’s largest enterprise open source solutions provider. ...
FOR PE TO SNAP UP “GOOD” COMPANIES, THEY MAY NEED TO WADE INTO “BAD” ECONOMIES
By Martin Soderberg, Partner at SPEAR Capital There’s no shortage of global challenges for investors currently, especially for those...
THE BASICS OF BUSINESS FINANCE
When you’re starting your business, you’ve got a lot to be thinking about. You need to find affordable suppliers, market...
HOW THE IMPORTANCE OF E-COMMERCE PLATFORMS GREW DURING THE PANDEMIC
Never in history has the world relied more on the internet than during this Covid-19 pandemic. With governments imposing lockdowns...
UNBANKED AND UNCONNECTED: SUPPORTING FINANCIAL INCLUSION BEYOND DIGITAL
Darren Capehorn, Director, Icon Solutions Many of us take it for granted, but accessing basic financial services is fundamental...
MORE THAN REGULATION – HOW PSD2 WILL BE A KEY DRIVING FORCE FOR AN OPEN BANKING FUTURE
Ralf Ohlhausen, Executive Advisor, at PPRO Whilst initially seen as simply a regulation exercise, the second Payment Service Directive,...
TIME TO THINK OUTSIDE OF THE BLACK BOX
Mike Brockman, CEO, ThingCo If you have the unbridled joy of parenting a teenager you’ll probably know what telematics...
BANKING’S SECOND WAVE OF TRANSFORMATION: INTEGRATING THE CLOUD-ENABLED FUTURE BANK
Keith Pearson, Head of Financial Services EMEA, ServiceNow The last six months have seen significant changes to the financial services landscape, with operational resilience, economic recovery, cost reduction and an...
RISK AND INVESTMENT SPECIALIST, CARDANO, TAKES TO DOCUMENT AND EMAIL MANAGEMENT IN THE CLOUD WITH ASCERTUS AS IMPLEMENTATION PARTNER
Ascertus also providing document comparison tool, compareDocs Cardano, a privately-owned, purpose-built risk and investment specialist, has chosen Ascertus Limited as its implementation...
HOW SALARY SLIPS HELP YOU UNDERSTAND TAX DEDUCTIONS ON YOUR SALARY
A salary slip is defined as a document that is provided by your employer which contains the breakdown of your...
BRANCHES ARE THE HUMAN FACE OF YOUR BANK?
Sudeepto Mukherjee, Senior Vice President, Financial Services Lead EMEA & APAC Publicis Sapient Branches have always played a pivotal...
RISE IN E-COMMERCE FOR SMALL BUSINESSES IS A BIGGER RISK THAN JUST STOCK CONTROL
With consumer confidence in the high street at an all-time low, many SME shops and businesses have moved to online...
TIME TO FOCUS ON YOUR ‘WEALTHBEING’
Tony Mudd, Divisional Director, Development & Technical Consultancy. St James’s Place FIVE WAYS TO SAFEGUARD YOUR FINANCIAL FUTURE The...
PAYROLL AGILITY IN THE CORONAVIRUS CRISIS – HOW FINANCE FIRMS CAN ACHIEVE IT
by Hannah Grimshaw, BPO Payroll Lead, Symatrix The government has published guidance with regards to the next steps for...
WHY IT’S TIME TO ADAPT TO THE VIRTUAL WORLD: HOW TO MASTER ONLINE NEGOTIATIONS
By Tony Hughes, CEO at Huthwaite International, a leading global provider of sales, negotiation and communication skills development Virtual...
BNP PARIBAS PERSONAL FINANCE COLLABORATES WITH EXPERIAN AND ARYZA TO HELP CUSTOMERS THROUGH THE COVID-19 PANDEMIC
The consumer finance specialist will be using the Open Banking tool to help customers create an affordable payment plan based...