Skip to main content

About PSD2 and APIs: opportunities and challenges

PSD2 regulation promises the advent of exiting new services around the current product offering of financial institutions and it strives to be the breakthrough of Open Banking.

Performant banking APIs are a crucial factor in making Open Banking a success. However, banking APIs are not uniform amongst different banks, posing challenges for innovative players trying to build services on top of banking infrastructure.

The Open Banking promise

In its essence, Open Banking refers to financial institutions opening up traditional banking products, such as clients’ accounts, to third parties. These third party players then develop new services and applications around the bank’s product offering. This is made possible by the XS2A part of PSD2. Following PSD2, authorized third parties, the so-called Third Party Payment Service Providers (TPPs), will be allowed to access consumers’ banking accounts at their demand, retrieving valuable banking details and transaction data. This creates possibilities for a whole range of innovative services built on top of existing banking infrastructure and data, such as aggregation of different banking accounts into one app, personal financial management tools with automatic insights based on transaction history and third parties having the authority to immediately initiate payments on behalf of consumer. Profound innovation, consumer comfort and increased competition for large financial institutions are the core values of Open Banking.

Connecting to APIs

To realize the services promised by PSD2, TPPs and banks interact through banking APIs, which serve as communication platforms and interfaces between the TPPs and the banks. A PSD2 banking API is a secure environment, only accessible by parties who have explicitly been granted access, and governed by a standardized set of rules and conventions. It translates requests by the TPPs and performs an action or returns an answer. Some examples of a request-answer sequence are “initiate a payment from account X to merchant Y” followed by a financial transaction that is automatically executed, or “get account and transaction details of consumer Z” followed by a transfer of bank account data to the requesting party.

Performant banking APIs are indispensable for the success of PSD2. Figure 1 shows in a schematic way how TPPs need to pass through APIs to reach banking details of consumers wanting to use their services and how the information flows back to them.

Figure 1 - The API model

However, no two APIs are built the same. The lack of standardization amongst the PSD2 APIs of different banks poses a serious challenge for TPPs; integrating with a totally different API for every bank out there is not practical and very resource intensive.

 API fragmentation can lead to some perverse effects. For the sake of efficiency, TPPs might choose to interact with only the APIs of the biggest banks at the cost of the customers of smaller banks, reaching a maximal number of potential clients with minimal development efforts. To deal with the fragmentation of APIs, two solutions have surfaced on the market: standardization and aggregation.

Leveling the playing field: standardization

Standardization would ensure that interaction with the APIs of different banks takes place in an expectable, uniform way. Today, different standardization initiatives exist, coined by lobby groups which include important industry players. The most important standards currently are: Berlin Group’s NextGenPSD2, used on a pan-European scale, OpenBankingUK, used mostly by UK based financial institutions, and STET standards, mostly used by French banking groups. Table 1 indicates the standards used by Belgian banks.


Table 1 - API standards used by Belgian banks
Source: API developer pages of the banks

Standardization is a simple and elegant solution, but is currently unable to provide a comprehensive answer to API fragmentation. Various standards, although similar, are still different amongst each other. As such, procedures to connect to an API following Berlin Group standards are not the same as the procedures to connect to an API following STET standards. Additionally, current standards describe a broad framework, consisting of guidelines and best practices rather than actual strict procedures to follow. This leaves room for interpretation in implementing an API.

API squared: aggregation

To face the challenges posed by the fragmentation of APIs, specialized players called aggregators appeared to fill the void. Aggregators do the dirty work for the TPPs: they build an API on top of several other APIs, allowing developers to integrate with a single interface, while easily reaching clients of multiple banks (Figure 2). As such, TPPs need to connect to only one API to have access to consumers’ accounts at numerous banks, freeing them from a lot of the development hassle of always needing to fit each single API.

Figure 2 - API aggregation

There are multiple players active in the aggregation market. Two of them are based in Belgium: Ibanity and Banqup. Other important players are the Swedish Tink, large Swedish fintech Klarna, Dutch Yolt, Spanish Salt Edge and British TrueLayer.

Aggregators face their own difficulties though. As there are significant development costs involved in syncing with different APIs, even the aggregators themselves do not offer access to all banks. Aggregators often focus on local banks first and prioritize larger banks over smaller ones.

Open Banking in the near future

For Open Banking to truly take off, API fragmentation is a challenge that will have to be overcome. Sia Partners expects that standards will converge. This will be a slow process however, and as long as broad-scale standardization is not in place, aggregators have an important place in the PSD2 landscape. By effectively tearing down entry barriers for TPPs, aggregators provide a value-added service which can boost the roll-out of Open Banking.

So how do banks have to behave in the current environment? Sia Partners recommends banks to experiment with Open Banking products and services and encourages them to actively engage with promising TPPs. Banking will not be spared from the cross-industry trend of increasing customer centricity. Players building innovative capabilities and daring to think outside of the rigid offer of banking services will have an edge over their competitors in the near future when a seamless, all-encompassing customer experience is the norm.