PSD2: When the API is ready, will banks be ready for it as well?

Why banks may fail with PSD2?

While we are waiting for the Payment Services Directive 2 to come into force along with its European banking API, we need to consider the bank industry’s ability in implementing these revolutionary regulations. Are they really ready for the API? Can they seamlessly integrate it with their systems? How will banks deal with maintenance?

The banking API resulting from the PSD2 is currently being consulted and designed by the joined forces of the European Banking Authority and interested parties – banks and third party service providers – so it seems that the final API should meet expectations and requirements of all participants, not to mention following the guidelines of the Directive. The question is, when the API is ready, will banks be ready for it as well?

To code or not to code

Banks are not innovative and they are not good at software solutions. They rely mostly on products developed by the others, just customizing software to their needs. What we see – transactional systems, websites, mobile apps and so on – and even the backend code hidden from the user’s sight, in vast majority of cases was written from scratch by a third party based on the bank’s specifications or it was a finished product only adjusted to the requirements of a particular institution. Of course, it shouldn’t bother us, the users, who the author of banks’ engines is – at least until they work fine. But when banks finally get the API they will be obliged to use, they will have to incorporate it into their existing software environment. This means they will do it either in-house, with their own resources, or with the help of a third party.

Implementing the API by banks on their own may look very reasonable because a company IT staff should be the most acquainted with the banking system. The problem is, whether the IT specialists are familiar with integrating external solutions, such as APIs, with a bank’s internal system. It’s not an easy task since the API must be fully functional and work seamlessly with the existing core starting from day one – as it will be required by law. It also has to fulfill all PSD2 requirements regarding the data set to be open, as well as security measures.

Taking care of business

Even if the IT personnel successfully implements the official banking API imposed by the Directive, what about its maintenance? Will banks have enough resources to constantly monitor the traffic between their banking systems and third parties in order to find any potential vulnerabilities or abuses? Will they be able to improve the efficiency of the API or introduce new features in case they are necessary, eg. when some partnerships are established with other institutions and new sets of client data should be available?

These are the questions to ask when thinking of API integration in-house. Banks can always choose an alternative path: there are many independent banking API providers already on the market. Their expertise in developing and implementation of API solutions is proven and they are well established in the fintech world. They can offer customized APIs, which would open not only mandatory data sets mentioned by the PSD2 but also extra client information that could be monetized by banks. The implementation of such ready-made solutions is also fairly easy and fast compared to the proprietary internal code: there is little or no need to mess with the fragile core code since these APIs are usually designed to be universal and independent from the platform used by an organization. And, last but not least, the whole chore of development, implementation, testing, maintenance, updates and upgrades is mainly on the provider’s side. Therefore, bank IT resources can be used elsewhere.

About Konstantin Rabin:

Konstantin has taken part in various projects in the European financial industry for the last 4 years. Currently, Konstantin is heading marketing at Kontomatik - a European developer of bank API. In addition to this, Konstantin often publishes articles on finance and technology on key websites.

About Kontomatik:

Kontomatik is a provider of Banking APIs. The service supplied by Kontomatik is mostly aimed for banks with competitive products, online lenders that are looking to optimise loan-issuing processes and start-ups that want to build their app around supreme technology. Online credit scoring, instant KYC and contextual financial offers are the key benefits supplied by Kontomatik, yet the main service is the provision of a tool that lets an organisation become a true innovator in the financial industry.

Sav