Connect with us


It’s time for a serious open banking standard



It’s time for a serious open banking standard

Steve Kirsch, CEO and Founder, Token

There are four things that should now be crystal clear to everyone involved in open banking:

  1.    Open banking has arrived. It was the #1 topic at Money 20/20 Europe. Open banking regulations are now appearing in other parts of the world beyond the EU.
  2.    Open banking is so irresistible that even banks that aren’t required to adopt open APIs are doing it voluntarily. Wells Fargo, for example, has implemented APIs to support over 20 use cases that it thought were compelling.
  3.    There is a lack of standardization. Of the APIs now available, only a handful of banks in the UK and Ireland are using the same API. And they only did that because the UK regulator required them to do so. But each bank implemented the standard differently. This lack of standardization is bad for everyone: it increases costs and complexity at each bank, it opens the door to insecure solutions which expose banks and their customers to unnecessary risk, and it hinders adoption by software developers who only have bandwidth to write to one or two open APIs at the most.
  4.    The standards that have been created/proposed leave a lot of room for improvement. The UK open banking API, for example, is only usable by human beings, and it took about two minutes and 15 screens for a typical human to approve a simple access request. None of the standards allow for charging the caller a fee. The Berlin Group standard is very complex.

If open banking is to reach its full potential, it’s critical that points 3 and 4 are resolved. Here’s what I think should be done:

  1.    The top banks worldwide should jointly fund the creation of a worldwide open banking standard.
  2.    The creation of the API should be done by a commercial vendor selected by the banks. Presumably, it would be a vendor that specializes in open banking APIs and also has expertise in secure, instant micro-payments.
  3.    The chosen vendor for the API design should seek input from all parties in the ecosystem: business, consumers, banks, service providers, software developers, system integrators, regulators, security experts.

Here’s why:

  1.    To be a global standard, it’s really best that it starts with global support. Trying to take a single region/country standard and get other countries to adopt it is harder (especially one that has been designed by committee).
  2.    The best standards are created by small teams of highly competent people working together in close proximity. In contrast, “design by committee” efforts take a very long time to come to fruition and the results are generally subpar. For example, all the computer platforms we use today to develop software on desktop and mobile devices were all created by commercial vendors, not by non-profits or industry consortiums. Choosing multiple vendors to work together is also infeasible. Great products aren’t created this way.
  3.    Getting input from all stakeholders is not controversial. Importantly, however, this doesn’t mean the vendor should accept it all blindly; good design is always an iterative process and input is often conflicting.

Finally, the direction given to the selected vendor should include things such as:

  1.    The API should be simple and low-level, somewhat analogous to the BIOS layer in personal computers: the simplest possible API which safely exposes the offered banking functionality and which handles authorization and consent management in a consistent, secure manner. This would enable vendors implementing other open banking API specifications to build on top of this core layer. For example, the OFX standard has worked very well over time for data and it is very simple. By contrast ISO-20022 is very complex. We should always be asking: do we need this complexity at the core layer? More often than not, the answer is no.
  2.    The API standard should specify things at a high level, e.g. a payment request that can include meta-data, and let the meta-data itself be self-describing. Higher level APIs could translate the meta-data to/from a variety of formats.
  3.    The API should be fully open and not assume a particular style of API access. For example, it should not specify the interaction between a PSU and PISP/AISP; that should be out of scope. The API should assume the callers are evil and not compliant with any regulations. For example, Bitcoin and Ethereum are designed to be callable by anyone and it works extremely well because the security is built into the architecture.
  4.    The API should be easy to read, understand, and use by programmers. For example, Plaid and Stripe APIs are examples of APIs that are easy to understand, well documented, and easy to use.
  5.    The API should be available as a commercial product from at least one commercial vendor so banks don’t have to write it themselves.
  6.    The spec should be sufficiently detailed that all implementations operate identically.
  7.    The back-end of the API server should be easy for a bank to implement. For example, Token offers banks a full PSD2/RTS compliant API including very sophisticated consent management, yet a bank only has to implement eight simple API calls.
  8.    The API should use modern security and software methodologies for authentication and authorization/SCA. There must be no shared secrets between the owner of the account and the bank.
  9.    The API should not support the use of insecure standards. For example, OAuth2 is fundamentally insecure. It was designed to be insecure because they wanted it to be easier for programmers to implement. Sadly, we see OAuth2 specified in pretty much every open banking standard proposal. This is a huge mistake; basing open banking protocols on OAuth2 is a recipe for never ending security problems for the next 50 years.
  10. The API should work for retail as well as corporate applications. For example, the API should not assume that there is a human being/user interface making the transaction: it should be computer-to-computer. Human interaction should be layered on top of the API, not designed into it.
  11.   The API should be designed to be extensible so it can last for at least 50 years.
  12.   The API should support charging API callers for the service(s) provided so that banks can make money, e.g. by secure instant micro-payments that work worldwide.
  13.   The API should allow for instantly pushing payments worldwide, not just a local payment push.
  14.   There should not be any sacred cows, e.g. directives such as “you should start with the xyz standard and build off of that.”

Following this process will create a solid foundation for building great applications and benefit all parties.


Banks weigh up home working – the new normal or an aberration?



Banks weigh up home working - the new normal or an aberration? 1

By Lawrence White, Iain Withers and Muvija M

LONDON (Reuters) – As the finance industry prepares for life post-pandemic, commercial banks are moving quickly to harness working from home to cut costs, while investment banks are keen to get traders and advisers back to the office.

HSBC and Lloyds are getting rid of as much as 40% of their office space as an easy way to make savings when bank profits have been crunched by the pandemic.

But there are concerns that remote working does not benefit everyone. Junior staff miss out on socialising and learning opportunities and there are also risks home working can entrench gender inequality.

At investment banks, where long hours in the office were the norm pre-pandemic, bosses say they want most people back where they can see them.

HSBC plans to almost halve office space globally, as it aims to squeeze more use out of the remaining space and increase the number of staff per desk from just over one to closer to two.

Britain’s biggest domestic lender Lloyds plans to shrink its office space by a fifth within three years. Standard Chartered will cut a third of its space within four years, while Metro Bank said it would cut some 40% and make more use of branches.

“We’ve had a period where flexible working has been tested in full, with about three quarters of people not based in offices as we used to call them, and the business has performed remarkably well,” Andy Halford, Standard Chartered CFO, said.

But major investment banks take a different view, with Goldman Sachs Chief Executive David Solomon pouring cold water on the potential of remote working.

“It’s not a new normal. It’s an aberration that we’re going to correct as soon as possible,” he told a Credit Suisse conference on Wednesday.

Barclays CEO Jes Staley, who last year said he thought the days of 7,000 employees trudging into its Canary Wharf headquarters were numbered, is also unwilling to commit for now to large office closures.

The Barclays boss has said the bank had “no plan” to make a major real estate move as Britain’s prolonged third lockdown had shown the strains of working from home.

Nick Fahy, CEO of online lender Cynergy Bank, said working over screens often could not compete. “You might have a disagreement on this, that or the other but actually over the coffee machine or over a glass of wine or a bit of lunch, issues can be resolved.”


Some banks have acted quickly because they are used to flexing workforces in line with economic cycles, particularly in investment banks, Oliver Wyman principal Jessica Marlborough said.

But some are waiting on analysis of staff productivity changes before making final decisions, while others were mindful junior staff may still prefer going into offices, she said.

Banks are also concerned women may lose out from the shift to remote working.

“We thought the pandemic would be a big leveller for women. But actually what we’re starting to see is it’s extremely challenging to get women to move jobs in a pandemic,” Marlborough said.

“Banks were making progress in hiring a more balanced workforce in terms of gender and other metrics, but they’re actually struggling now (as banks are finding) they (women) are less likely to seek out a new job.”

Union leaders said part of the reason was that some women are juggling more childcare responsibilities during the pandemic.

Dominic Hook, national officer for UK union Unite, said banks must ensure working from home is voluntary, use of surveillance tools is limited, and employers respect staff hours so work does not spill into evenings and weekends.

“Our concern is that it won’t actually be a choice and that banks will pressure staff to work from home,” Hook said.

There are also concerns hybrid working will favour employees who visit the office more regularly, as they can spend more time in person with colleagues and managers, said Richard Benson, managing director at Accenture Interactive.

The staff most likely to go back to the office are traders, bank executives said, while back-office functions such as finance, risk management and IT will spend more time working remotely.

In Germany, Deutsche Bank said it had been challenging to adapt home office spaces for traders and expected many will want to return, but not all.

“We will pay more attention to the personal circumstances at home. Dealers also have children or parents in need of care. We have become more sensitive,” said Kristian Snellman, Deutsche Bank’s head of investment banking transformation for Germany and EMEA.

The trend to shed offices predated the pandemic as many banks made cuts after the 2007-09 financial crisis. Some have already made moves as a result of the pandemic, such as NatWest, which shut its tech hub in north London last summer.

Retained offices are being remodelled, with desks removed to make way for collaboration and break space such as coffee areas, gardens and libraries, property consultancy Arcadis said.

“It’s not just about adding a ping pong table and table football and hoping it will work, it’s about making sure people get downtime,” said Sarah-Jane Osborne, head of workscape at Arcadis.

David Duffy, CEO of Virgin Money, said the bank is among those planning to strip out office cubicles.

“The world of large-scale populations returning to a tall skyscraper building to come in and do their e-mail in the office doesn’t make any sense,” he said.

(Reporting By Lawrence White and Iain Withers in London and Muvija M in Bengaluru, Additional reporting by Patricia Uhlig in Frankfurt. Editing by Rachel Armstrong and Jane Merriman)

Continue Reading


Bank of England’s Haldane warns inflation “tiger” is prowling



Bank of England's Haldane warns inflation "tiger" is prowling 2

By Andy Bruce

LONDON (Reuters) – Bank of England Chief Economist Andy Haldane warned on Friday that an inflationary “tiger” had woken up and could prove difficult to tame as the economy recovers from the COVID-19 pandemic, adding that central banks may need to respond.

In a clear break from other members of the Monetary Policy Committee who are more relaxed about the outlook for inflation, Haldane called inflation a “tiger (that) has been stirred by the extraordinary events and policy actions of the past 12 months”.

“People are right to caution about the risks of central banks acting too conservatively by tightening policy prematurely,” Haldane said in a speech published online.

“But, for me, the greater risk at present is of central bank complacency allowing the inflationary (big) cat out of the bag.”

Haldane’s comments prompted British government bond prices to fall and sterling to rise as he warned that investors may not be adequately positioned for the risk of higher inflation.

“There is a tangible risk inflation proves more difficult to tame, requiring monetary policymakers to act more assertively than is currently priced into financial markets,” Haldane said.

(Editing by David Milliken)

Continue Reading


BOJ to highlight climate risks as key theme of bank tests this year – sources



BOJ to highlight climate risks as key theme of bank tests this year - sources 3

By Leika Kihara and Takahiko Wada

TOKYO (Reuters) – The Bank of Japan will for the first time highlight climate change risks as among key themes in its bank examinations this year, sources said, joining major peers moving to gain research clout on the effects of global warming.

In guidelines on the examinations due next month, the BOJ will clarify its readiness to coordinate with Japan’s banking regulator in analysing the impact of climate risks on financial institutions, said three sources familiar with the matter.

The central bank will also beef up cooperation with the regulator, the Financial Services Agency (FSA), in studying European examples and specific ways to measure financial risks associated with climate change, they said.

The moves are part of Japan’s efforts to follow in the footsteps of an increasing number of countries working on or considering stress-testing financial institutions on climate risks.

“For the BOJ, green QE is still off the radar. The more approachable and near-term focus is to assess climate change risks on the financial system,” one of the sources said, a view echoed by two other sources.

“Climate change is a key theme for the BOJ this year,” another source said, adding that stress-testing climate risks on financial institutions is “not imminent, but something Japan needs to aim for in the future.”

The BOJ conducts hearing and on-site monitoring in voluntary examinations on financial institutions. But it does not have regulatory authority, which falls under the FSA. Neither the BOJ nor the FSA stress-tests banks on climate risks.

Officials of the two institutions have been discussing climate change as among topics that could affect Japan’s banking system. But progress toward stress-testing financial institutions has been slow because of a lack of data and models.

The BOJ began to gear up efforts on climate change after Prime Minister Yoshihide Suga last year pledged to make “green” investment a key pillar of his growth strategy.

The Biden administration’s focus on battling climate change, and the Federal Reserve’s decision in December to join an international central banks’ group focused on climate risks, also prodded the BOJ to engage more, the sources said.

But actual roll-out of stress tests will take at least another year as policymakers work out guidelines and details, including whether they will ask banks to conduct a “self-assessment,” the sources said.

(Reporting by Leika Kihara and Takahiko Wada. Editing by Gerry Doyle; Editing by Chang-Ran Kim)

Continue Reading
Editorial & Advertiser disclosureOur website provides you with information, news, press releases, Opinion and advertorials on various financial products and services. This is not to be considered as financial advice and should be considered only for information purposes. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third party websites, affiliate sales networks, and may link to our advertising partners websites. Though we are tied up with various advertising and affiliate networks, this does not affect our analysis or opinion. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you, or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish sponsored articles or links, you may consider all articles or links hosted on our site as a partner endorsed link.

Call For Entries

Global Banking and Finance Review Awards Nominations 2021
2021 Awards now open. Click Here to Nominate

Latest Articles

Newsletters with Secrets & Analysis. Subscribe Now