Resources

Top 10 Tips for Banks and FIs to consider when implementing Open Banking

There are a lot of considerations with finding the right approach to delivering Open Banking APIs.

For instance, how best to comply with regulations? Or how to use account information and payment initiation to unlock potential new revenue streams? 

Banks and FIs should consider the below tips for implementing Open Banking to help meet these considerations and more:

1. Follow a standard:Whether there is regulation that dictates a standard or not. Following a standard is the most future proofed and cost effective way to deliver. In some markets the standards have been designed specifically to meet the requirements of regulations like PSD2, and even create the space to go beyond and deliver premium APIs, like in the UK and in the Kingdom of Saudi Arabia.

💡The Ozone Tip: Did you know that there are over 20 Open Banking Standards in use globally and they continue to change and evolve regularly? Following a specific standard is essential when implementing open banking APIs – even if you operate in a market where open banking regulation is not yet mandated. These standards have been designed to ensure strong security and to reduce the risk of data breaches and following a standard will significantly reduce effort  when regulation does kick in. 

2. Strong customer authentication (SCA): Implement SCA methods, as required by regulations like PSD2, to provide secure authentication for customers accessing their account information or initiating payments. SCA is based on multi factor authentication and can be delivered using methods like biometric authentication, one-time passwords (OTP) and hardware tokens.

💡 The Ozone Tip: Whilst Strong customer authentication is all about delivering a robust, secure and trusted approach, it is also a critical part of delivering a great user experience. Frictionless SCA can be delivered through app to app experiences using biometric authentication (e.g. Face ID). But there are a number of authentication options to support different use cases, for example; web-based, decoupled (authenticating on a different device), multi level authentication (for corporate use cases).

3. Consent management: Develop a robust consent management process that allows customers to grant, and easily revoke consent for third-party providers (TPPs). This needs to be fine grained to support the widest range of use cases, enabling granular consent to access their account information or initiate payments. For example single payment versus variable recurring payments (VRP) with defined control parameters.

💡 The Ozone Tip: Providing a consent dashboard in your mobile and internet banking can provide customers with complete transparency and control for all of their third party relationships. 

4. Developer Experience is as important as user experience: Your API channel will be a key channel for building partnerships, accelerating innovation, creating new revenue streams and supporting your customers.  Consideration of the developer experience is therefore critical. Follow best practices and industry standards for API design, ensuring consistency, simplicity, and ease of integration for TPPs. Provide comprehensive documentation and support to facilitate smooth integration with third-party services.

💡 The Ozone Tip: A well structured developer portal with “How to Guides”, FAQs, sample code and training wheels for developers can also significantly reduce the amount of support required by third parties.

    5. Security and data protection: Prioritise strong security measures, such as encryption, secure authentication, and access controls, to protect customer data and maintain trust. Regularly monitor and assess the APIs for potential vulnerabilities and promptly address any security issues.

    💡 The Ozone Tip: The Financial Grade API (FAPI) from the Open ID Foundation has become the defacto security protocol between most of the mature global open banking standards. FAPI has evolved over recent years with different versions used in markets like the UK, Brazil, CDR in Australia and Saudi Arabia. FAPI 2 will be arriving soon.

    6. Scalability and performance: Ensure that the APIs can handle high volumes of requests and scale effectively as the number of third parties and users grows. Monitor API performance and address any bottlenecks to maintain a high level of service quality. 

    💡 The Ozone Tip: Cloud based solutions provide auto scaling to deliver an efficient, yet effective way of dealing with high volumes. Peaks of usage should be expected as many TPPs pull data in batches at certain periods in the day.

    7. Monitoring and analytics: Implement monitoring and analytics tools to track API usage, performance, and potential security threats. Use this data to make data-driven decisions, optimize API performance, and enhance the overall user experience.

    💡 The Ozone Tip: Pre-packed regulatory reports will be required in some markets and granular monitoring of activity by third party will be essential as you start to monetize premium APIs.

    8. Collaboration with TPPs: Engage with TPPs, fintechs, and other stakeholders to foster a collaborative open banking ecosystem. Establish clear communication channels and provide resources and support to enable the development of innovative solutions based on the bank’s APIs.

    💡 The Ozone Tip: Partnering with innovative third parties can be like a fast moving, low cost extension of your own product development. Through delivering premium and value adding APIs TPPs will become a route to drive new revenue streams and ensure your products and services are embedded in third party experiences creating a whole new channel to grow your business. 

    9. Always keep customer behaviour at the heart of your service: Behaviours towards technology are constantly changing, especially in the world of Open Banking, where tech and regulations move quickly.  When implementing new services, banks and financial institutions must take into account their customer behaviours and consider how they will apply their services to meet the behaviours of different generations, different educations, and even entire different countries. In the best-case scenario, banks and FIs would work with customers (and their employees!) directly, to innovate and build a truly user-friendly experience.

    💡 The Ozone Tip: Make sure you research your customers and their behaviour patterns throughout the process of implementing and updating APIs, and survey customers frequently to acquire useful feedback. Bear in mind how different apps will need to be updated to meet different user needs. For instance, according to the American Bankers Association, 57% of Gen Z, 60% of Millennials, and 52% of Gen X use mobile banking apps most frequently. On the other hand, 39% of Baby Boomers use online banking the most.  How will you account for different generational behaviours over two separate services?

    10. Educate your customers before making big shifts to Open Banking technologies: Improve trust in your new Open Banking implementations by educating customers early. You should consider everything that a customer needs to know in this education process, such as:

    • What data will be used? 
    • Why will it be used? 
    • Can I opt out of my data being used? 
    • Who is my data shared with?

      Answering these questions and providing regular updates on new implementations over time will reduce the shock of new technology to a service that customers may very well be highly attuned to.

      💡 The Ozone Tip: Mitek Systems recently reported that 80% of mobile banking users have concerns about their personal information being compromised due to their reliance on mobile banking. This is a huge portion of mobile banking users, and suggests that there is a lot of space left for banks and FIs to educate users early on the use of their personal data. There is clearly space in that education as well, to ease customer concerns by helping them to understand the exact steps they can take in a situation where their data is compromised.

      This approach should be handled delicately, as any improper wording could result in clients being scared away from the service altogether. If done properly though, banks and FIs could build a great deal of trust and confidence with users before the new product is even rolled out. Advocacy for the product follows on from that – an incredibly powerful tool in further promoting the overall service.

      Learn More About Open Banking Today

      Open Banking is a complex subject with lots of moving parts and ever-changing regulations. 

      To help banks and users better understand the complexities of Open Banking, we have a range of helpful articles that improve confidence and knowledge in the revolutionary technology and regulations built around it:

      Ozone – The Open Banking API

      Our industry-leading out-of-the-box compliance API makes it easy for banks and financial institutions to become compliant rapidly. 

      The Ozone API skips the long wait times and delivers compliance within weeks. See how we can help you today. Save valuable time and resources through Ozone API

      Recommended articles

      Ecosystem Collaboration: Open banking encourages collaboration between traditional financial institutions and new fintech players
      Resources Insights

      Introduction to Open Banking: Everything you need to know

      Open banking facilitates the secure sharing of financial data. Read our comprehensive guide to learn everything Open Banking.

      Ozone API
      04, Apr 2024
      Resources Insights

      The Status of Open Finance in Latin America

      Explore the current state of Open Finance in Latin America.

      Ozone API
      22, Mar 2023
      Resources Insights

      White Paper – Corporate banking APIs: Opening new horizons

      Huw Davies Co-Founder and Chief Commercial Officer at Ozone API has contributed to a white paper "Corporate banking APIs – opening new horizons" developed in partnership with Finastra and Accenture.

      Ozone API
      29, Jul 2020