Why you should care about API Management under PSD2 and Open Banking context


Published 24 February 2020

As you might be aware, PSD2 is an EU Payment and Banking industries regulation. It basically sets new security, data transparency and fees standards, and also ensures that newcomers can join the industry with the intent to provide users more options and foster innovation.


The beginning of this Open Banking journey has 3 main pillars:

API Exposition: Data consumption is paramount to build Open Banking strategies. Only complying with the regulation might not create the competitive advantage banks are looking for, but the data consumption, data intelligence, and a strong ecosystem can generate the insights and new revenue streams desired. Value proposition and strategic alignment are the main drivers for your API prioritization strategy, as well as its indicators must reflect companies' strategic goals.

New Partners: As I mentioned above, the "Open" models are not about competition, but about creating ecosystems and diversification of the customer experience. Therefore, companies must develop new business models for partnerships, not only Fintechs but also with other financial institutions. Combining data with those partners and providing hyper-personalized products and services must be one of the main topics in Open Banking strategies.

Security: Security and reliability walk hand in hand. The consumption of APIs must comply with a series of security requirements and access management, therefore, ensuring a clear understanding about who is consuming the data and where it is flowing to is mandatory for companies providing data. In the API world, security mechanisms must be fit for API purposes, and always consider API design as a very important security feature.

API Platforms in the context of PSD2 and Open Banking

Open Banking is not only about the possibilities enabled by PSD2, it is a standard that forces financial institutions to change the way they are used to think. In this context, it is up to the institutions to create and implement effective mechanisms to comply with the regulation and create new business opportunities using APIs.

Creating manual integration flows might do the work, but will not deliver the necessary scalability, and more importantly, it will make every governance aspect a lot more complex. API Platforms, such as Sensedia's, offers modules dedicated to Governance that enables workflows that improve the API quality. What does that mean? It means that the Platform allows the creation of standardized security and authentication mechanisms - such as masking data, logging, data obfuscation and etc. - , and ensuring that every API is meeting these standards. More than that, Sandbox environments allow you to test integrations before going live, mitigating the risk of publishing a flawed API. On top of all that, an API Platform not only protects data but protects the company from flaws that can cost, literally, millions.
Check the full version here.