Open banking – safe and secure
11.08.2020
This article was published in the Ergon Magazine SMART insights 2020. Order your free copy now ->
Once unthinkable, open banking, unfettered access to banking services via an interface, has now become a trend. Open banking allows third-party providers (TPPs) to offer their own financial services to clients, irrespective of the bank that actually manages the account. This expansion of the customer interface has already been regulated in the EU and currently operates on a voluntary basis in Switzerland. What are the key success factors when it comes to opening up such access and what insights might the Swiss glean from their neighbours?
In Switzerland, an important financial centre, changing customer needs, innovative technologies and a growing and diverse range of financial service providers, including banks, fintechs, neobanks and non-financial-sector players, are all ratcheting up the pressure on traditional banks. The regulated introduction of open-banking standards is leading to increased international competition within the euro area, and the positive effects of this change are already being felt. The era of open banking was ushered in by EU regulators after legislation forcing financial institutions to open up customer interfaces, the Revised Directive on Payment Services, or PSD2, was passed. Interest groups from the software and banking industries in several member states, such as the Berlin Group in Germany or Open Banking Limited in the UK, have adopted these procedures. The goal is to ensure that as many banks as possible follow the same protocols in adherence to the regulatory guidelines, thereby enabling standardised access for TPPs. While there is justified concern that such new regulation may hamper and unnecessarily restrict the momentum of the sector, a free and transparent capital market with a standardised environment that is nonetheless sufficiently flexible to accommodate international factors, for example Swiss exceptionalism, certainly represents a major opportunity.
“A successful opening requires rock solid IT security and an infrastructure that is fit for development.”
A new business model
The Swiss financial industry is not currently subject to PSD2-style regulation and any “compliance” has so far been voluntary. One of the key challenges concerns the fact that the adoption of such a system would require an ideological regime change. Traditionally, Swiss banking has relied on absolute discretion, reserve and trust. The demise of banking secrecy and the advent of tax treaties has already largely pulled the rug from under the first of these and now open banking is driving a fundamental opening-up of the business model and the integration of TPPs. This could lead to banks losing their direct interface with clients.
At the same time, an expansion strategy offers considerable potential for growth and represents an opportunity to retain the trust of customers. Publicly accessible interfaces enable TPPs to deliver specialised services to clients in a faster, more efficient and more user-friendly manner than banks operating monolithically – this is a familiar pattern with successful startups. Here, the bank’s hand is strengthened by openness, as it can use an enhanced service portfolio to respond nimbly to the market and boost its competitiveness. The logical outcome is a quicker time-to-market with new services. Both of these improvements will have positive ramifications for a bank’s image amongst the online community: customers will see that new and attractive services are coming on stream for their bank and this will promote acceptance and generate favourable feedback. Standardisation of open interfaces will allow banks to benefit from an ecosystem of partners to cater for rapidly proliferating customer needs – it can also open up new revenue streams from cross-sector sources, creating further added value for the client base. A modern bank will therefore need a business model that is consistently orientated towards agility and adaptability.
Opening up – the success factors
A successful opening requires rock solid IT security and a corporate IT infrastructure that is fit for development. Liability issues arising from cooperation with TPPs must also be settled. The ability to provide interfaces (APIs) and expose them to the outside world on robust enterprise architecture is critical. While running APIs is a standard task, the latter is still anything but a given – specialised components such as API gateways are required to make technical interfaces available to multiple TPPs in a controlled manner. What’s more, not only users have to be authenticated but organisations. Existing models taken from interactions with users, for example e-banking, cannot be applied, one-to-one.
More interfaces mean more attack surface and, thus, new risks. As TPPs receive a direct channel into IT infrastructure, banks must take particular precautions in order to be able to monitor the effects on their core business as closely as possible. Here, too, tried-and-trusted defence mechanisms from e-banking cannot be transferred directly to APIs.
In addition, banking customers will want to decide for themselves who can access their data and to what end. User-consent forms must be incorporated into digital processes promptly and without the need for complicated contractual detours. Setting up a system to acquire such permissions quickly, securely and with minimal hassle is a key success factor and a core requirement for banking customers.
The questions of liability for damages under this kind of regime and the extent of any third-party obligations have yet to be defined. These issues were resolved under PSD2 in the EU, with liability residing entirely with the banks but financial institutions in Switzerland are digging their heels in against a 100 per cent adoption of such a regulation. In the absence of formal guidelines, however, Switzerland runs the risk of stymying the open banking concept and falling behind the rest of the world.
The last success factor is the actual “meat on the bone” – the standardised definition and development of interfaces for TPPs. In order to serve as many different use cases as practicable with the fewest possible interfaces, it makes sense to divide today’s often complex service landscape into elementary building blocks: this is the only way the innovative power of fintechs will be able to evolve freely. How small these building blocks might ideally be will depend on your vantage point: banks have an interest in retaining as much of the value chain as possible, while fintechs will typically want to make use of services that are as far upstream as possible and to add their own value. Quite where the “happy medium” lies remains to be seen. Banks that adopt a standard PSD2 API will be subject to significantly more restrictions, which may prove a blessing in disguise – thanks to standardisation, they can expect more TPPs to use their APIs and, thus, will be able to generate greater utility and higher returns on investment.
“It is clear that open banking is set to influence and change Switzerland’s financial market over the long term, however, the exact contours of this transformation have yet to emerge.”
A diverse spectrum with a rosy future
It is worth looking to the UK for a glimpse of what the future might look like. Its open banking API standard applies to far more than just payment transactions – it covers all aspects of banking that are relevant from the user’s perspective. The upshot is an ecosystem of more than 200 regulated service providers consisting of TPPs, account providers and the major banks. The figures speak for themselves: more than 1.25 billion API calls were placed and processed in 2019, indicating high user acceptance. The success factor that tipped the balance for establishing open banking in the UK was the extremely close collaboration between regulators and all market participants. A durable and sustainable public-private partnership was created that permitted the UK, alone amongst EU countries, to declare a single technological standard to be mandatory, with resounding success.
Switzerland’s financial market
Switzerland is still a long way off successes on the UK’s scale but voluntarily opening up interfaces represents a great opportunity to help shape the financial market and position companies actively. Individual banks have spotted this potential and have already implemented such a policy with success, managing to establish a fast-growing partner ecosystem with open banking and open interfaces based on their existing IT environment. Several TPPs are backing this approach and have lost no time in bringing innovative services to market. Combining traditional and open banking enables a more efficient time-to-market, ensures satisfied customers and allows both the bank and the TPP to access additional revenue sources. The successes, and associated reputational dividend, achieved by these first-movers speak for themselves. How this will develop and which banks will manage to carve out a niche for themselves is still uncertain. The burning question on everyone’s lips: will the Swiss take the fight to the Anglo-Saxon countries with an ecosystem of their own? It is clear that open banking is set to influence and change Switzerland’s financial market over the long term, however, the exact contours of this transformation have yet to emerge.
This article was written by Adrian Berger, Managing Director Finance & Telco Solutions, and Marc Bütikofer, Head of Innovation Security Solutions Airlock.
Open banking in Switzerland – an overview
There are currently eight different initiatives promoting the establishment of open banking in Switzerland.
Ergon is a founding partner of OpenBankingProject.ch.
| Projects | Aims | Services offered | Customer segment | Coverage | Strengths | Live since | Website |
|---|---|---|---|---|---|---|---|
|
Avaloq.one Ecosystem |
Promoting the development of innovative, open banking solutions and simplified integration of fintechs with Avaloq banking systems, via standardisation |
Market place including developer portal with API documentation, sandboxing and API management services |
Banks and fintechs, global |
Account information, credit, customer services, asset management, robo-advisors, payments, securities trading, PSD2 Berlin Group |
|
April 2019 |
|
| Common API* | API specifications tailored to Switzerland's financial industry and support for enabling and reference implementation |
|
Banks and insurance companies, third-party providers, regulatory bodies and authorities | APIs for banks’ and insurance providers’ business segments that include non-differentiated services or those for which there is significant demand |
|
September 2018 | common-api.ch |
|
Finnova Open Platform |
YES we can! Supporting banks’ individual digitalisation strategies and enabling open ecosystems |
Solution modules for integration and orchestration projects for banks with third-party systems and the Finnova core suite |
Banks, financial-service providers and third-party providers |
Support for integration and orchestration of third-party systems, both amongst themselves and with the Finnova core suite |
|
April 2020 |
|
|
Finstar Open Platform |
Connecting partnership-orientated and tech-savvy companies in an innovative network for a growing ecosystem |
“Banking licence as a service” for payments, cards, account information and investment business |
Swiss banks, financial-service providers and third-party providers |
Online onboarding and account opening, payments, cards, account information, fixed-term deposits |
|
January 2018 |
|
| Inventx Open-Finance-Plattform | A service ecosystem aimed at the specific needs of the Swiss financial industry | Agile “prosumer” network in which both service consumers and providers play an active role | Swiss banks, financial service providers, third-party providers and application/integration providers |
|
|
January 2020 | inventx.ch/ofp |
| Open Banking for Switzerland from SIX* | Simplification of cooperation between banks and third-party providers to focus on developing an innovative range of services for end clients |
|
Swiss financial institutions and third-party providers | First applications: account information and payments, with focus on accounting solutions and multibanking |
|
May 2020 | six-group.com/b.link |
| OpenBankingProject.ch | Exploitation of API standards and coordinated expansion within the community as a basis for new business models |
|
Swiss banks, financial service providers, third-party providers and application/integration providers | Account information, payments and financial statements as a Swiss adaptation of the Berlin Group’s NextGenPSD2 API; ongoing expansion in fields of securities and financing |
|
December 2019 | openbankingproject.ch |
|
Open Business Hub |
Technical support for development of partner networks and connection to other hubs |
|
Swiss banks, financial service providers and insurance companies, e-government, third-party providers |
|
|
May 2018 |
Table contents based in information supplied by the individual open banking initiatives. (last updated April 2020).
*The Common API and Open Banking for Switzerland from SIX initiatives joined forces in August 2020, but will also remain as listed.
Interested in more?
Digitisation projects
Change makers
Tech trends
Order now
