By Manfred Bortenschlager, Director, Business Development for Agile Integration and API-based integration solutions, Red Hat
When it comes to something as highly regulated as the banking industry, open source may not be the obvious technology to choose. However, with the rise of Open Banking — which likely came about as an answer to what is probably the most often cited regulatory requirement for financial institutions, the Payment Services Directive 2 (PSD2) in Europe — banks may need to approach regulatory challenges in different ways. And, in August 2019, the Regulatory Technical Standards is expected to roll out, at which time banks in Europe will be required to comply with these new standards.
These regulations present new rules around opening customer data, and in turn seek to promise a better banking experience for customers. In order to see the benefits of open banking through, my suggestion for building the banking platform of the future resides on the principles of Agile Integration, which is an architectural approach centered around application programming interfaces (APIs) and API management. But, how exactly is this done, and what exactly are APIs?
What is Agile Integration?
Agile Integration has three major pillars: distributed integration for greater flexibility, containers for the ability to scale better and managed APIs for re-usability and greater speed. Agile Integration brings together agile methods and best practices with specific IT technologies, for the main purpose of the quicker integration of applications and data. The three pillars of Agile Integration are crucial and central to any campaign, but also rest on a solid base that includes non-technical aspects like culture, process, tools and automation to enable the successful deployment of agile practices. Agile Integration can also be extended further to incorporate capabilities based on customer demand, like building out enterprise applications, enabling mobile and/or IoT applications, supporting business process management (BPM) and enabling more effective data management and security.
How can Agile Integration be applied to the financial services industry (FSI) and Open Banking?
Since the financial industry is highly regulated, the technology used is designed to be compliant and able to adapt to change quickly. Based on the underlying principles of Agile Integration, a reference architecture can be created that enables financial institutions to implement a banking platform that is both future-focused and one that can comply with relatively new open banking regulations. This reference architecture consist of 12 core components to make the one comprehensive platform:
-
Core banking: The core banking services that a bank’s system is built off of, that often rely on tried and true technologies, some of which may have been in use for 30 years.
-
Third-party services: Most banks and financial institutions also consume and offer services from external and third-party suppliers.
-
Integration / transformation: This covers data and service integration and/or protocol transformation or mediation.
-
Backend-for-frontends (BFFs): The BFF pattern is an architectural pattern used to prepare services for specific front-end applications. For example, a web app has different characteristics than a voice-enabled chat bot, so it cannot be built in the same way.
-
API manager: This is the central element of an API management solution, where the various policies such as rate limits, different API consumer segments, or monetization of API access are configured.
-
Dashboards / analytics: Dashboards are designed to provide comprehensive intelligence about the health of the banking platform on various levels. These are also important to inform strategic decisions, especially for open banking.
-
Gateways: These are the control instances of API traffic and are designed to make sure that only authorised calls are permitted and logged. In the highly regulated financial industry, I believe this component is crucial.
-
Developer portals: These are the outward-facing interfaces for the API consumers. Their purpose is to enable internal or external developers or partners to consume API documentation, register for APIs and manage credentials and analytics.
-
Identity Provider (IDP) and Single Sign-on (SSO) solutions: Financial institutions handle a lot of sensitive data that I recommend be secured via end-to-end identity management. Often several IDPs are deployed within a bank and leveraged in different subsystems.
-
Container runtime / PaaS: Modern IT infrastructures should leverage the benefits of container platforms, such as demand-based scaling, deployment flexibility across different environments such as on-premise, private or public clouds, and DevOps capabilities. More about use of containers in FSI can be found here.
-
Own channels: Finally, banks need to have the capabilities to expose their services and data to customers via different channels such as through websites, mobile and/or IoT apps and also have the ability to ramp up any future channel as they come about.
-
Third party channels: The banking platform must also enable third parties to create customer channels. It is important that the customer experience is consistent between the channels.
Having one comprehensive platform comprised of the the above 12 components, based on the Agile Integration concept, can help organizations seeking to become compliant with the main requirements of PSD2, which are summarized from a report by Mark Boyd about PSD2 and listed below:
- Third-party authentication
- Third party access to payments
- Third party access to account information
- Fees transparency
- Fine grained entitlements
- API versioning
- SDKs
- OAuth or other delegated authentication schemes
- Step up authentication strategies
- Sandboxes
- Fraud and penetration attempt monitoring
- Supporting tooling for developers and DevOps
- Performance management to protect core banking
- API Explorers for discovery and interaction
- Interactive API documentation
- Unique IDs (e.g. Bank ID, Account ID, Transaction ID)
- Flexible entitlements to enable data sharing and better transparency
Open source is often recognized as being at the forefront of innovation in the software world. With big data, cloud computing and IoT, more business leaders are realizing that open source software can be an integral part of planning for future IT projects. Open source concepts combined with agile integration can deliver the core principles needed to build an open and programmable banking platform that is designed to be compliant with current needs and regulations but can also allow for internal and external innovations on top of banking data and services. To help be able to more quickly adapt to regulatory changes as they happen, I recommend spending the time now to create a scalable open banking platform.