Accessing Open Banking: build, partner or product?🛠️🤝📦
A guide for businesses considering an Open Banking integration
The world of PSD2 & Open Banking is littered with jargon and acronyms. This article is too — but we’ve included a full glossary at the end 👌
The EU’s PSD2 legislation has enabled a new generation of fintech services, based on consensual access to consumers’ bank account data.
The legislation has enabled national and multi-national Open Banking initiatives, programmes letting companies re-imagine financial services. Use cases range from new payment formats to personal finance managers to customer identification methods.
This article outlines the three main routes businesses can take to access the benefits of Open Banking.
- Becoming a regulated Third Party Provider (TPP) of Open Banking services, and building connections with the banks’ PSD2 APIs
- Using an API aggregator to bypass the effort of connecting with each bank individually
- Using an end-to-end solution to get started immediately
Businesses should consider several factors when choosing their approach to Open Banking:
- What’s the financial cost?
- Are there significant opportunity costs to the approach you’re considering?
- How long will it take to get to market?
- Which specific features of Open Banking do you want to make use of?
Read on for a closer look at each approach.
1: Building connections and getting regulated 🛠️
Building your own integration takes significant effort, and is only suited to businesses planning to offer a product or service based entirely on Open Banking. Even then, working with an API aggregator may still be a better option.
Any business choosing to go down this path will need to be regulated as an Open Banking provider, and develop their own API connections with each bank.
The process: regulation, integrations and product development
First you’ll need to apply to become an Account Information Service Provider (AISP) or Payment Information Service Provider (PISP), depending on your use-case. Your regulator (the FCA in the UK) will expect you to demonstrate PSD2 compliance as well as adequate data privacy and security measures. This process can take up to 6 months, and PISP licenses are harder to obtain.
Once approved, you’ll need to integrate your own properties with the banks’ APIs. The time this takes depends on the number of banks you need to integrate and the number of developers you can allocate to the task. Naturally, the kind of product or service you plan to offer will also impact the time and resources allocated to development — whether you’re developing a new application or adding Open Banking functionalities to an existing one.
Costs, benefits & considerations
There are two predictable costs from the regulatory process. Assigning your own compliance teams or hiring external legal assistance, and the cost of assigning developers to the task of integrating with the banks’ APIs.
Naturally, there’s an opportunity cost as engineering resources are assigned to Open Banking integrations in place of other tasks. This approach also requires ongoing efforts to maintain API connections.
Most if not all services based on Open Banking will require interaction from a customer. It’s easy to overlook the importance of designing digital services with the customer in mind. Businesses building their own Open Banking services need to invest in creating an intuitive user experience. This carries a cost, but good user experiences minimise friction and ultimately win customers.
Building an integration requires a significant investment of time, effort and resources, but offers businesses total control over their Open Banking tech. This is the natural choice for companies that are serious about offering their own Open Banking-based services.
2: Working with an API aggregator 🤝
API Aggregators offer businesses access to multiple bank APIs via a single interface. Using an aggregation service spares you the effort of manually integrating with every bank your markets require.
Working with an aggregator lets you get up and running with Open Banking more quickly than pursuing your own integration allows. This approach still requires product development, as API aggregators are not ‘plug and play’ services.
You may still need to be regulated as a PISP or AISP, depending on the regulatory status of the API aggregator and your use case. Not all aggregators are regulated — they don’t necessarily need to be. If they are, you may be covered by their license. It’s important to figure this out sooner, as the regulatory process can take some time.
Choosing an aggregator: costs, benefits and considerations
You’ll have to pay for access to the service — aggregators typically use volume-based pricing, where costs vary inline with the number of API calls you make. There may also be an integration fee.
Working with an aggregator will cost less than building your own integration, although it still creates work for your developers. Once you’ve connected your applications with the aggregator’s API, you’ll probably need to develop a front-end experience for your customers. If you need to be regulated you’ll either have to direct your compliance teams towards the process or pay for legal assistance.
You’ll also want to understand the following:
- What’s their regulatory status and what does this mean for you?
- What are they doing to secure your customers’ data?
- Which countries and banks do they currently have covered?
- Have the endpoints they’re providing been tested? Using the ‘real’ APIs? As PSD2 test environments do not necessarily reflect the actual state of the APIs.
- Are there suitable plug and play alternatives for your use case?
This approach spares companies the effort of building their own bank integrations, a task which can eat up a lot of development time depending on the scale of the service. Aggregators let your developers put PSD2 to work sooner, with the freedom to design the service as you see fit.
3: Using an end-to-end solution 📦
End-to-end solutions let you make use of Open Banking as soon as possible, without the need for your developers to do any heavy lifting. These solutions are designed to be integrated and used immediately by any organisation.
An end-to-end solution should include a complete and well designed end-user experience, as well as an interface making it easy for you to use.
While you can’t count on this as an option for niche use-cases, a solution will exist for more common ones. Many Open Banking providers are younger companies, and will be open to exploring your specific requirements.
Costs, benefits and considerations
Estimating costs for an end-to-end solution is easy. You’ll pay for use of the product or service — pricing models vary. There may also be an integration fee.
Effort on your part includes time researching and talking to service providers, and some developer time integrating the solution with your own applications.
Time to market will be short, as there’s no need to develop your own technology. From contacting a provider to integrating and getting onboarded, the process shouldn’t take longer than a week or two.
You’ll want to consider the following when evaluating a service:
- Which countries and banks do they offer right now?
- What’s their onboarding process, and how easy is it to integrate?
- Does it include an interface helping you manage payment and account information requests?
- Do they offer a well-designed experience for end-users?
- What are they doing to keep your customers’ data secure?
The Citizen platform is an example of a complete solution for Open Banking payments and account holder confirmation.
Summary: choosing a provider
Once you’re clear on what you want to achieve with Open Banking, it’s time to see which of the three approaches works for you.
Connecting directly with customers’ bank accounts via PSD2’s APIs is an effort-intensive approach suited to organisations aiming to offer either account information or payments services.
Working with an API aggregator is a good option for organisations that want to integrate PSD2 payments or make use of account information, and have the capacity to develop their own software around those APIs.
Customer-ready services are best for companies that want to get to market quickly, without having to do any development work of their own.
Citizen is a customer-ready platform for Open Banking payments and account-holder confirmation. You can learn more about us by clicking this link to our website.
- Open Banking: giving third parties free, permission-based access consumers’ bank account data. Explained further in this article.
- PSD2: EU legislation that aims to modernise payment services and create a single digital market for payments.
- PISPs (Payment Information Service Providers): Businesses authorised to provide Open Banking-based payment services.
- AISPs (Account Information Service Providers): Business authorised to provide Open Banking-based account information services.
- TPPs (Third Party Providers): Businesses holding an AISP or PSIP license.
- APIs (Application Programming Interfaces): Programming interfaces used by developers to connect distinct software applications together.
- API aggregator: Businesses that enable other organisations to access the banks’ APIs via their own.
- FCA (Financial Conduct Authority): The UK’s conduct-focused financial regulatory body.
- API Endpoints: a touchpoint an API sends information to when communicating with another system.