What is open banking? Everything fintechs need to know

What is open banking? Everything fintechs need to know

The emergence of the open banking API is transforming the financial sector, helping fintechs and other businesses to securely access customer banking data and initiate payments on behalf of customers. Gone are the days of customers being forced to do everything through their banking provider - they are now free to access their data and transact however they choose.

But how do open banking APIs work? How do account providers make their accounts available on the open ecosystem and how do third parties access those accounts?

In this article, we will dive into regulations, definitions, fees, benefits, and more.

How is open banking regulated in the UK?

Open banking in the UK is regulated by the Financial Conduct Authority (FCA) through the Payment Services Regulations (PSRs). The PSRs were established based on the Payment Services Directive (PSD2), a European law passed in 2007 and updated in 2015.

This directive granted customers the right to utilise third-party providers for payment initiation services (PIS) and account information services (AIS).

Before these regulations, bank terms and conditions often prevented customers from accessing their bank accounts through third-party providers.

Now, any organisation providing a payment account (known as an account provider, or ASPSP) must provide access to its accounts through open banking. A payment account is:

  • an account held in the name of a business or individual
  • accessible online (web or mobile app)
  • able to be used to make payments

So this includes bank accounts, e-money accounts, prepaid cards, debit cards, crypto-fiat accounts, wallets, and more.

The PSRs require account providers to expose a dedicated interface which is a specialised AP, designed and operated specifically for the purposes of open banking.

Only companies authorised by the FCA can use open banking APIs in the UK. These companies may be granted permission to operate as a payment initiation services provider (PISP), an account information services provider (AISP), or both. The collective term for these services is a third party provider (TPP).

What is an open banking API?

There are three main types of open banking APIs:

  1. Data APIs – these allow for viewing account information such as balances and transaction history in a read-only format.
  2. Payment APIs – enable users to transfer funds, set up direct debits, and initiate payments.
  3. Product APIs – third parties can list financial products, rates, and terms on comparison websites or marketplaces.

Typically, an account provider will allow TPPs to access all of its open banking APIs through a single interface.

How does open banking API architecture work?

Open banking API architecture facilitates the secure exchange of financial information between account providers and authorised third-party open banking providers, enabling interoperable financial services.

It mandates standardised data formats and secure communication protocols to create a level playing field for third-party services to integrate with multiple banks.

Unlike traditional banking services that operate in closed environments, open banking decentralises financial services by mandating standardised data formats and secure communication protocols.

Here's how the process works:

  1. Account providers create a dedicated interface with API endpoints for third parties to access customer data such as account balance and transaction history, and to initiate payments.
  2. Third party providers (TPPs) can integrate with the account provider’s API, enabling customers to access the services offered by their account provider.
  3. When customers want to connect their account to a third party, the customer is taken to their account provider’s app or website where they are prompted to authenticate themselves with their credentials and confirm that they give permission for the service being requested. This creates a trust connection which the account provider and TPP store using secure tokens.
  4. The TPP is then able to use the API, with the secure trust token, to access the permitted data or initiate a payment.

Are open banking APIs safe to use?

Yes, open banking APIs are safe to use. When a business utilises an API to connect customer data to financial services or initiate a payment, they can be confident that the customer has granted permission for their account data to be accessed.

Additionally, these APIs adhere to robust security practices that meet or exceed industry standards. This ensures the protection of customers' financial information, safeguarding their privacy and security throughout the data exchange process.

Are open banking APIs free of charge?

Compared to traditional financial services that involve manual processes and disjointed data systems, open banking APIs offer a more efficient and cost-effective solution.

The ability to share financial information quickly through APIs enables third party providers to deliver tailored financial services that meet the unique needs of their customers.

Open banking APIs expedite services that previously required significant time and resources, resulting in cost efficiency and improved user-friendliness.

How do I provide open banking APIs for my accounts?

As an account provider, you are required to provide an open banking API. This can be costly and complex, particularly if you choose to build this within your organisation. Fortunately, there are providers such as tell.money that specialise in providing this service on a Software-as-a-Service (SaaS) basis. The benefit of partnering with tell.money is the ability to rapidly deploy a dedicated interface with minimal development, and at a low cost. Everything that is required to comply is included in the package.

However, if you wish to build and operate this yourself, here are some of things you will need:

  • Public developer portal & API specification
  • TPP validation & support
  • A fallback “contingency mechanism”
  • A secure consent management lifecycle management system
  • Publishing of real time usage and uptime statistics
  • Creation and submission of regulatory reporting
  • Keep the system and processes up to date as the standard and regulations evolve

How do I access account data and initiate payments from other account providers?

In order to access account data or initiate payments on behalf of customers, your organisation will need to either become directly regulated by the FCA, or you will need to contract with an existing TPP.

A TPP will be granted permissions by the FCA (or other National Competent Authority in the EU) and will need to obtain a PSD2 Certificate, which can issued by OBL in the UK or, in the case of the EU, an eIDAS certificate (Electronic Identification, Authentication and Trust Services).

With the appropriate permission and certificate, a TPP can register with any account provider and will be granted access to its open banking dedicated interface API.

To connect to an account provider operating in the tell.money ecosystem, a TPP simply registers using a standardised “Dynamic Client Registration” process. For more information, contact support@tell.money.

To connect to an account provider outside of the tell.money ecosystem, a TPP will need to onboard individually to each institution.

How open banking APIs are revolutionising the Fintech industry?

Open banking APIs are disrupting  banking, financial services, lending, and insurance sectors. This is driven by several key factors:

  1. Newfound focus on innovation – Open banking APIs enable the development of safer, more profitable, and highly customisable banking services.
  2. Data control for customers – Open banking puts customers in control of their financial data, allowing them to have a better understanding of how their data is shared. This shift in data ownership improves relationships between customers and incumbent institutions.
  3. Single services for multiple accounts – Fintech companies can provide seamless and instant money transfers, enhanced safety measures, improved availability, personalised experiences, and access to the best financial solutions, all through open banking APIs.
  4. Potential for increased revenue streams – Open banking encourages partnerships between banks and third parties, creating revenue. This allows incumbent institutions to provide customers access to third-party developed services while benefiting from the referral.

The impact of these advancements places pressure on traditional financial institutions to keep up, improve their offerings, or partner with fintech companies.

How can fintechs benefit from using open banking APIs?

Fintech companies can reap a multitude of benefits by using open banking APIs. Here are the advantages they can leverage:

  • Deeper insights – Analyse granular financial data for smarter risk assessment, investment planning, and beyond.
  • Faster & more cost effective – Streamline payments with open APIs, reducing reliance on legacy systems and lowering costs.
  • Personalised service – Craft custom offerings like tailored loans and treasury services using rich customer data.
  • Effortless compliance – Standardised protocols ease the burden of regulatory hurdles.
  • Resource efficiency – Automate tasks and free up resources for strategic initiatives.
  • Market expansion partner up – Reach new regions and tailor services with local fintech partnerships.

Open banking drives innovation, competition, and constant evolution within the industry, benefiting all stakeholders involved.

All Articles