Banks increasingly using APIs to enable connectivity to third-party systems
By Darryl Yu
APPLICATION programming interfaces (APIs) are becoming increasingly sought after in the banking world as financial institutions look to curb manual processes, free up siloed systems and enable connectivity to third-party systems.
Although the terminology may be unfamiliar to some, APIs covertly play a significant role in our everyday lives. An API is part of a remote server that receives and sends responses, basically specifying how software should interact, and enables the transfer of information between applications.
For instance, ride hailing app Uber integrates maps into its application using the Google Maps API. Similarly, if you book a hotel online and the website shows you the location of the hotel, it’s likely using an API to bring data from Google Maps. Simply embedding a YouTube video also uses an API, although in a very elementary way. And if you’re reading this on The Asset App, you’ll also be using an API, as this is how the app communicates with the main. For banks, APIs would allow third-party systems to connect with a bank’s data, or allow a bank to connect to third-party data.
The potential is huge, and is recognized as such by the banking industry. Eighty percent of banking executives say APIs will be one of the most important technologies to impact their corporate customers in the next five years, according to a survey by technology firm Misys.
As such, banks have started to establish open banking APIs and developer portals. DBS has integrated itself into the app for several eateries in Singapore including Old Tea Hut. This allows DBS retail customers to directly interact with the ordering system of an eatery through the food app, which then communicates via an API to DBS.
However, the potential goes beyond retail payments. Some Indian banks have connected via an API to the Indian government’s biometric identity database, Aadhaar. This gives banks access to biometric data (e.g. fingerprints) which can be used to verify someone’s identity. This has clear benefits for due diligence in account openings, identity verification, and so on.
In China, APIs have allowed Guangfa Bank to directly send business registration information to the Guangdong government via a single portal, speeding up account openings.
On the transaction banking side, the emergence of supply chain management platforms such as GT Nexus and funder platforms including DEMICA have pushed banks to evaluate their connectivity to third-party platforms, as enabling an API connection to a popular third-party vendor could make or break a deal. A transaction banker speaking to The Asset recently mentioned that the inability to link to a client’s third-party vendor cost the bank a key supply chain finance mandate.
And what is more, APIs are being pushed by regulators. In Europe, the second Payment Services Directive (PSD2) aims to break the monopoly banks have on customer data and give third-party payment providers a chance to flourish by enabling API linkages between banks and third-parties.
Likewise, in Asia the Monetary Authority of Singapore in 2016 began publishing 12 sets of data from their monthly statistics bulletin as APIs on their website, which includes frequently accessed datasets on exchange rates and interest rates. Currently the Singapore government is considering launching a centralized API exchange for the sharing of government data between different public entities.
The Hong Kong Monetary Authority is currently consulting the financial industry on open API architecture. The financial regulator aims to gain an understanding on how impactful APIs can be in connecting banks to other industries such as lifestyle and retail services.
While API linkages have the power to make transactions seamless and automatic, businesses that further embed themselves with their banking partner or third-party provider need to be aware of risks associated with a closer relationship. With cybercriminals increasingly looking to target financial firms, businesses need to carefully evaluate the cybersecurity counterparty risks. The UK’s Financial Conduct Authority reported last year that there was an 80% increase in cyberattacks reported compared to 2016.