Skip to main content

Breaking into the banks: How an old technology is helping the walls to come down

(Image credit: Image source: Shutterstock/MaximP)

Banking, one of the earliest adopters of the application programming interface (API), is facing its greatest disruption in history. The UK’s Open Banking directive and Europe’s PSD2 (Revised Payment Service Directive) require banks to develop a set of core open APIs to enable data sharing, transforming competition in the retail banking sector. Thanks to these mandates, traditional banks, which have always kept their data firmly within their own walls, are now facing a major challenge from their newer rivals in the financial services industry.

API proliferation

Banks have relied on APIs for decades. Their early usage was to connect system components within an organisation, typically by just a handful of users. In other sectors, programmers developed APIs to help organisations to exchange data between complementary programmes, such as an order management system and a delivery scheduling tool. In recent years, however, API use has exploded. The adoption of smartphones means that millions of consumers are now using multiple programmes, all of which can share data, from fitness applications to grocery shopping, online maps and social media. API technology has developed accordingly to become super-easy to use on the surface, yet internally much more sophisticated; resilient to high user volumes and with sufficient security to protect privacy and financial integrity.

Essentially, without APIs, mobile banking and other modern apps would not be possible; APIs provide an extra layer to the infrastructure so that core systems do not have to be rewired for a new application to be integrated. And this means banks can innovate much faster to keep up with consumer demands.

What is Open Banking?

The proliferation of smartphones has changed consumer behaviour, so that we expect and demand connectivity 24/7. What’s more, we want instant access to information and control over our money. It was only a matter of time until banks had to respond to this demand, and Open Banking and PSD2 reflect this change, placing control firmly with the consumer. 

The Open Banking directive from the Competition and Markets Authority (CMA) has called on banks to make some of their data available as of 2018, so that customers can easily compare what is offered by different banks, and third parties and multiple finance firms can use it to recommend alternative services. The objective is to encourage innovation and accelerate technological change in the UK retail banking sector and it certainly represents a major shift for financial institutions in the way they will manage, consume and share mission critical data. Ultimately, APIs are the key component to facilitating this revolution, allowing access to data with a user-friendly interface, without having to alter the back-end of the business.  


The CMA supports consumers’ rights to be able to switch service providers. This initiative, combined with the regulatory changes, means that banks have to accept that brand loyalty may be a relic of the past. Open Banking APIs will encourage the growth of the financial technology (“fintech”) start-ups that have the agility and technological impetus to use the banks’ data to provide individual services. Customers will have more choice about whom they wish to buy services from, whether they’re looking for a loan, mortgage, savings account or foreign exchange. They will also benefit from personalised financial information and the ability to compare best offers on financial products.

At the same time, this “banking-as-a-platform” model enabled by APIs can provide a great opportunity for banks to expand their reach. If they are willing to create relationships with trusted third parties and exploit these technological developments themselves, a symbiotic relationship can develop. By allowing the integration of third party services on to their platform, traditional banks could take advantage of the opportunities on offer from the smaller, faster-moving fintech organisations.


However, the UK’s nine largest banks are not expressing huge enthusiasm about the changes. They have been given one year to develop and adopt Open Banking APIs, and they have expressed a number of concerns: the top three being security, project failure and timescales. Security is the most significant: confidential banking information is hugely valuable and hackers will undoubtedly be looking for any weaknesses in the cryptographic keys that could allow them to gain access to bank accounts and the banks’ servers.

The fintechs also have some concerns about both Open Banking and PSD2. While the aim of these initiatives is to open up the competitive field to new entrants, providing more choice to customers, fintechs say the balance of power still lies with the banks. They say that, in lobbying the regulators with their data protection and privacy concerns, banks have ensured that fintech groups will face greater regulations and as a result, start-ups will struggle. 

We will start seeing how the market is impacted over the course of this year: Several banks have already announced their Open Banking platforms and developer portals, allowing trusted and chosen partners to access data and develop apps and services. HSBC in the UK launched three APIs at the end of last year to enable branch and ATM locators as well as a product finder – services which are mandatory requirements of Open Banking.

Mobile banking apps, desktop interfaces, other digital banking services are entering a new era where APIs will play a major role. Ultimately, they need to be embraced, while still taking into account security and privacy. APIs have always enabled banks to do their job more effectively, connecting the old with the new, integrating emerging technology, scaling innovation and allowing modernisation without rewriting essential existing code. Open APIs are the key to banks’ evolution, remaining relevant and responding to regulatory and consumer demands. Regardless of how this works out for the finance sector, one thing’s for sure – banking is about to look a whole lot different.

George Smyth, Director of R&D, Rocket Software
Image source: Shutterstock/MaximP

George Smyth
Director of R&D George Smyth joined Rocket Software in 2005. George has over 30 years IT experience, starting his career at IBM UK before moving to IBM Silicon Valley Lab in California.