Вы находитесь на странице: 1из 60



Patricia Hines, CTP

26 March 2018

Executive Summary ............................................................................................................ 1

The Evolution of APIs .......................................................................................................... 2
Driving Business Value with APIs ....................................................................................... 4
APIs for Integration ............................................................................................................. 6
Simplifying Integration ..................................................................................................... 6
APIs for Banking as a Platform ......................................................................................... 11
CBW Bank ..................................................................................................................... 12
Fidor Bank ..................................................................................................................... 16
JB Financial Group ........................................................................................................ 24
APIs for Banking Innovation .............................................................................................. 29
Regulatory-Driven Vs. Market-Driven Innovation .......................................................... 29
APIs for Customer Communication ................................................................................... 37
Citi.................................................................................................................................. 38
YES BANK ..................................................................................................................... 42
Replacing Screen-Scraping for Accounting System Data Feeds .................................. 47
The Path Forward ............................................................................................................. 49
Appendix ........................................................................................................................... 51
Leveraging Celent’s Expertise .......................................................................................... 54
Support for Financial Institutions ................................................................................... 54
Support for Vendors ...................................................................................................... 54
Related Celent Research .................................................................................................. 55


How have APIs How are banks

evolved into driving business How should banks

1 building blocks for

the bank of the
2 value with
different API
3 begin their API

For decades, getting disparate bank applications to talk to each other was a nightmare.
Most integration involved custom, point-to-point code, manually written by a programmer.
Getting systems to communicate with one another included manually translating data
fields between the two applications, and defining business rules for the use of the
information. Starting in the mid-1990s, enterprise application integration (EAI) rose to
prominence along with message-oriented middleware, linking disparate legacy systems
across multiple software platforms.

In 2000, APIs emerged for externally facing integration, driven by pioneers

Salesforce.com and eBay. The business value of external APIs is seen in the monetary
results of three leading firms. Salesforce.com generates 50% of its revenue through
APIs, eBay generates 60%, and Expedia.com generates 90%.

APIs are critical technology enablers for several use cases in banking including
application integration, banking as a platform, innovation, and client connectivity.
Although there is much blurring of lines between the use cases, there are different target
audiences for each of the four API approaches.

 APIs for Integration  Enterprise architects and developers

 APIs for Banking as a Platform  Digital neobanks
 APIS for Innovation  Fintechs
 APIs for Connectivity  Bank customers

Web services, microservices, and APIs enable legacy modernization by wrapping legacy
systems with a decoupled integration layer, bridging traditional batch-based processes
to real-time, digital cloud, mobile, and social applications. APIs enable the modular
application stack underlying Banking as a Platform and provide neobanks with state-of-
the-art digital banking capabilities. As open banking grows, driven by regulatory
imperatives, shifting customer demands, and the threat of fintech firms, APIs connect
banks and third-party firms entering into collaborative partnerships for innovation. To
access banking services, most customers manually log in to a web-based or mobile
platform, pulling balance and transaction data on demand. APIs are emerging as a new
connectivity channel, streamlining and securing on-demand, programmatic access to
financial data for accounting packages, treasury management systems, and ERP

It is clear that internal staff, neobanks, fintech partners, and end customers all gain
business value when banks adopt APIs for one or more of the four approaches discussed
in this report. We offer updated case studies from CBW Bank, Fidor Bank, JB Financial
Group, Citi, and YES BANK detailing their API journey, including technology architecture,
monetization approach, and latest results. For banks seeking to begin their API journey,
we recommend a series of guideposts that banks can follow to unlock business value
with APIs.

Key How have APIs evolved into building blocks for the bank of the
Research future?

1 REST APIs are the latest evolution in integration

technologies, enabling fast performance, reliability,
and reuse of components that can be managed and
updated without affecting the system as a whole.

Before the 1990s, getting different applications to talk to each other was a nightmare,
especially if different hardware, operating systems, and programming languages were
involved. Most integration was point-to-point — custom code written by a programmer,
connecting one system to another, including translating data fields between the two
systems and defining business rules for the use of information. In the early 1990s, the
concept of enterprise application integration (EAI) held promise to link disparate
enterprise applications such as core banking, loan servicing, and customer relationship
management (CRM). IBM MQ became the most popular solution for integration and
messaging across multiple platforms, and it still plays a major part in many banks’ back
office integration architecture and is the backbone for IBM’s service-oriented architecture
framework, and its growing API Connect solution (Figure 1).

Figure 1: The Evolution of APIs

Chapter: The Evolution of APIs

Source: Celent analysis

Circa 1995, Common Object Request Broker Architecture (CORBA) allowed components
to communicate with one another no matter where they are located, or who has designed

them, using an “interface broker,” a foundational element for traditional client-server

Service-Oriented Architecture Protocol (SOAP) emerged around 1999. At the time, web
services were a new breed of software component that was language, platform, and
location independent. The tenets of Service-Oriented Architecture are to decouple
applications and to provide a well-defined service interface, which can be reused by
applications and composed into business processes.

SOAP APIs were particularly well suited to externally facing integration enabling the
sharing of services with external firms. On February 7, 2000, Salesforce.com officially
launched as an outgrowth of Salesforce’s revolutionary delivery of business software
applications as Software-as-a-Service. On November 20, 2000, eBay launched the eBay
Application Program Interface (API), along with the eBay Developers Program.

The launch of the eBay API was a response to the growing number of applications that
were already relying on its site either legitimately or illegitimately. The API aimed to
standardize how applications integrated with eBay and make it easier for partners and
developers to build a business around the eBay ecosystem. eBay is still considered a
pioneer in the current era of web-based APIs and web services, and still leads with one of
the most successful developer ecosystems today. Moreover, you can see the importance
of external developer ecosystems in their monetary results. Today, Salesforce.com
generates 50% of its revenue through APIs, eBay generates 60%, and Expedia.com
generates 90%.

The next stage on the maturity curve is REST APIs. REST stands for “Representational
state transfer,” considered a stateless protocol — enabling fast performance, reliability,
and the ability to grow — by reusing components that can be managed and updated
without affecting the system, even while it is running. REST is considered the most
logical, efficient, and widespread standard in the creation of APIs for Internet services.

Enterprise architects still value SOA for its ability to facilitate the exchange of structured
information between applications, and we see continued development of web services to
expose underlying systems functionality and facilitate integration.

Chapter: The Evolution of APIs


Key How are banks driving business value with APIs?


2 Banks are using APIs for integration, banking as a

platform, innovation, and client connectivity.

APIs are critical technology enablers for several use cases in banking including
application integration, banking as a platform, innovation, and client connectivity
(see Figure 2).

Figure 2: Four Approaches to Unlocking Business Value with APIs

Chapter: Driving Business Value with APIs

Source: Celent analysis

Although there is much blurring of lines between API use cases, there are different
primary target audiences for each of the four API approaches (Figure 3).

Figure 3: Different Audiences for Different API Approaches

Source: Celent analysis

1. APIs for Integration  Enterprise architects and developers

2. APIs for Banking as a Platform  Digital neobanks

3. APIS for Innovation  Fintechs

4. APIs for Connectivity  Bank customers

Chapter: Driving Business Value with APIs


The IBM mainframe recently celebrated its 50th birthday and remains the processing
workhorse at many large financial services firms. These firms depend on mainframes to
run back office systems for such critical functions as core banking, loan servicing,
payment processing, and bank financial management. These legacy applications are key
systems of record (SoRs) and part of the foundational core application stack for running
the bank. Legacy systems will continue to serve their purpose for many years to come.

SOA and web services continue to help banks reduce integration costs to legacy
systems, breaking down barriers between monolithic applications. Developers often
prefer SOAP APIs for internal, machine-to-machine communication and REST APIs for
external, web-based communication. Whether SOAP or REST-based, one way of looking
at APIs is thinking of them as integration layers between infrastructure building blocks.
(Figure 4).

Figure 4: APIs in Bi-Modal (Hybrid) Environment

Source: The evolving hybrid integration reference architecture, Kim J. Clark and Rob Nicholson, IBM
developerWorks, June 22, 2016

At the foundation, web services or systems APIs enable legacy modernization by

wrapping aging systems of record with a decoupled integration layer, insulating the
limitations of what the systems were designed to do and bridging to process APIs for
agility. Process APIs create a bridge between traditional batch-based, on-premises
integration approaches and real-time digital integration with the cloud, mobile, and social
Chapter: APIs for Integration

applications underpinning omnichannel delivery. Experience APIs power systems of

engagement, allowing firms to create differentiated digital experiences such as context-
aware mobile apps that provide consumers with information and features when and
where they need them.

As web services and APIs have become popular technology choices for integration, tools
also evolved, helping banks to simplify API adoption. These tools include standardized
services and APIs, a microservices architecture for APIs, tools to generate APIs for
legacy systems, and banking-specific connectors.

Standardized Services and APIs
The Banking Industry Architecture Network (BIAN) is an association of banks, solution
providers, and educational institutions with the shared aim of defining an international
semantic service operation standard for the banking industry. The BIAN membership list
includes a number of leading banks, and the BIAN Board includes three bank members:
PNC, Bangkok Bank, and ABN Amro. Participants in BIAN’s working groups gain insight
into best practices across the sector, benefitting their internal projects.

BIAN bases its model on a service-oriented architecture that defines the standard
business capabilities that make up a bank such as payments, loan offerings, or trading
facilities. The latest version, BIAN Service Landscape 6.0, includes more than 306
service domains, 1,000 business scenarios, 2,000 service definitions, and 26 semantic
API definitions. Banks are using the BIAN service landscape as a reference model to
guide web services and integration architecture. The BIAN model is a standard unto
itself, crossing seven bank “business areas,” with a goal of identifying shared data
elements and business processes. One example is the Operations and Execution
business area (Figure 5).

Figure 5: Sample Business Area — The BIAN Service Landscape 6.0

Source: BIAN

In addition to Operations and Execution, there are BIAN business domains for Reference
Chapter: APIs for Integration

Data, Sales and Service, Risk and Compliance, and Business Support, all leveraging the
same BIAN service landscape. The result is a consistent BIAN-based model to meet
each product group’s or operational team’s specific needs. Further contributing to
industry standardization, BIAN recently published its Service Landscape 6.0. The latest
version includes a business object model cross-referenced to ISO20022 XML, a key
standard for financial messaging. BIAN has also included the results of their Semantic
API working group identifying opportunities for external APIs and eventual delivery of
service endpoints.

The vision for banks and financial services software providers that embrace the BIAN
standard is to enable componentized architectural frameworks on a common standard.
Banks use BIAN to help them move to a modern, services-based architecture. Vendors
adopt BIAN to craft “BIAN approved” software solutions. When both organizations use
the BIAN common reference model, integration and implementation are streamlined
because both project teams have a shared, semantic language.

Microservices Architecture for APIs

Microservices are a popular choice for modernizing legacy systems. Microservices
architectures focus on delivering small, discrete, and individually deployable services —
in some cases, each service is its own microapplication. Thus, the name derives from
being a collection of many small services. With discrete services, similar, multiskilled
teams using accelerated toolsets may support a set of microservices driving an API. As
detailed in Honey, I Shrunk the Microservices: Microservices in Insurance, (December
2017), the presence of an API does not require a microservices architecture. However,
typical microservices architectures focus on delivering an API, aggregated together in an
API Management layer (Figure 6).

Figure 6: Monolithic Vs. Microservices Architecture

Source: Celent Analysis

Having small components that can be swiftly deployed to shared machines, dedicated
machines, or many machines in an elastic infrastructure allows for a highly scalable and
adaptive infrastructure. Microservices provide common business capabilities, accessible
Chapter: APIs for Integration

through an API, such as “Retrieve Customer Name,” “Create Internal Transfer,” and
“Request Credit Line Increase.” A microservices-led approach enables reuse of services
and thus reduces integration cost and complexity.

Rest APIs for Mainframe Applications

Many API management platforms focus on newer programming languages, applications,
and use cases. Using one of these platforms to access legacy system data requires that
developers understand the underlying data structure and programming language (often
COBOL) and manually code the API. Recognizing the challenges, and importance, of
modernizing integration to legacy systems, several vendors offer API-enabling solutions
for mainframe connectivity (Table 1).
Table 1: Vendors Offering API Solutions for Mainframe Applications (Not Exhaustive)


IBM z/OS Connect Single, focused REST API entry to all Z Systems subsystems.
Enterprise Edition Integrated REST API editor enables design and mapping. API
discovery via dynamically created Swagger documents.

MULESOFT Catalyst Accelerator A set of API designs and supporting reference implementations
for Banking that accelerate the path toward digital transformation. Provides a
microservices foundation for implementing Open Banking and
PSD2 use cases.

OPENLEGACY API Software, Easily and automatically create open APIs from legacy systems,
Microservices Edition including mainframe, iSeries/AS400, databases, and stored
procedures as a self-contained standard Java component.
Speed delivery of digital transformation projects to days or
weeks, simplify complex architectures, and improve

ROCKET Rocket API Enable real-time access to critical business functions from
SOFTWARE virtually any application at a fraction of the time, expense, or risk
normally associated with modernization projects.

Source: Company websites

Success with API enablers for legacy systems depends heavily on the vendor’s approach
to automation, standardization, testing, and legacy system connectors. Ideally, the API
solution should automatically analyze the underlying application to create Java-based
code that developers can choose to transform into web services or REST APIs. Pre-built
connectors and templates help developers to use those web services and APIs and build
web or mobile applications (Figure 7).

Figure 7: Automating Legacy APIs

Source: OpenLegacy
Chapter: APIs for Integration

Connecting the Dots

As programmers build out web services and APIs to expose banking functionality, you
might ask how APIs communicate with one another. There are a growing number of API
connectors available from software providers or straight from developers contributing to
open source code repositories.

A connector is a preconfigured piece of software, already mapped with data elements,

business rules, and authentication standards. Figure 8 shows a sampling of financial

services connectors and integration templates from MuleSoft’s Anypoint Exchange
library, including implementation templates for PSD2 access to account and payment

Figure 8: MuleSoft API Connector Library

Source: MuleSoft Anypoint Exchange

Using connectors and templates, a developer can drag and drop a connector into their
integration flow, and the logic contained in the underlying integration development
platform attempts to identify and map common data elements such as customer name
and address, greatly simplifying the coding effort.

APIs and microservices also power the modular application stack underlying the next
approach, Banking as a Platform.
Chapter: APIs for Integration


Banking as a Platform (BaaP), sometimes referred to as Banking as a Service (BaaS),

occurs when a bank acts as an infrastructure provider to external third parties. Variations
include other banks white-labeling the BaaP platform for faster time to market, fintech
firms leveraging the BaaP provider’s banking license to provision bank accounts, and
banks and fintechs using the BaaP platform for testing purposes.

Banks like CBW, Fidor, JB Financial, solarisBank, and wirecard built their BaaP
architecture from scratch, without the constraint of legacy systems, creating modular
application stacks broken into discrete services. The modular banking services on a
BaaP platform serve as building blocks, accessible to third parties through an API
management layer, where they can be mixed and matched to create new products and
services tailored to the third party’s business model (Figure 9).

Figure 9: Banking as a Platform Modular Architecture

Source: Celent analysis

Using an API approach to provisioning banking services for third parties provides a single Chapter: APIs for Banking as a Platform
gateway to interact with many connected partners. For BaaP providers, advantages
include the ability to monetize state-of-the-art technology capabilities, gain indirect
access to new client groups, extend the existing product distribution network, and attract
fintech development of new products. For consumers of BaaP, advantages include time
to market, banking license leverage, regulatory compliance expertise, and state-of-the-art
technology capabilities.

We profile three BaaP providers, CBW, Fidor, and JB Financial, below.


Table 2: CBW at a Glance


INITIATIVE Leveraging Modern APIs

SYNOPSIS CBW Bank developed and implemented an API-enabled digital

banking platform that facilitates real-time, contextual and conditional
payments across multiple channels.

KEY BENEFITS  Created 500+ internal APIs connecting to 30-40 external APIs,
allowing many connection points into its digital banking platform.

 The first bank in the US to publish its API set.

 Allows banking as a platform service, where customers choose

what they want, how they want it.

KEY VENDORS Yantra Financial Technologies

Source: Celent

Celent Perspective
CBW Bank is a small bank in rural Kansas with $33.3 million in assets. It offers retail and
corporate banking services. With just one branch, it has been transformed and rebuilt in
recent years by senior figures in the fintech industry to become much more than just a
local bank. As profiled in CBW Bank: Leveraging Modern APIs (April 2017), CBW was
the winner of the Celent Model Bank 2017 Award for Banking as a Platform. This was
CBW’s second win. In 2016 CBW was a Celent Model Bank winner in the Corporate
Payments and Infrastructure Modernization category.

Since 2013, CBW Bank has set out to redesign its banking technology, using modern IT
principles that are still rare in financial services but widely used in other industries. The
bank has ensured that, wherever possible, every granular process becomes an API.
These APIs can be used in multiple ways and avoid processes being replicated across
the bank. Also, it allows the bank to combine multiple internal APIs and publish discrete
process APIs in its own API store, “YLabs Marketplace.” In doing so, it became the first
bank in the US to publish APIs.

Since the launch in June 2016, over 300 companies have signed up to use the APIs, Chapter: APIs for Banking as a Platform
primarily fintech firms. In addition, a number of banks are using the APIs as a form of
rapid prototyping tool for their own digital transformation. The success of CBW Bank
comes as much from its approach to banking as its technology. While the ability to offer
APIs is the result of the technology, asking why something was done in a particular way,
and how it could be improved, was the necessary trigger to change the technology in the
first place. This is an important distinction to make. Without this vision that things could
work differently, the bank could have rebuilt the underlying technology, but in effect only
have built “a better mousetrap.” That is, until they used the technology differently, they
would have only made an incremental change to what they had before. What CBW Bank
has built is less a banking platform, and more a set of building blocks that can be
assembled in ways that banks on old technology can only dream of.

With a new digital banking infrastructure, CBW Bank was one of the first banks in the US
to offer real-time payments that could reach virtually the entire population. CBW Bank

developed and implemented an API-enabled digital banking platform that facilitates real-
time, contextual, and conditional payments across multiple channels, effectively
modernizing conventional approaches to payments and digital banking.

The Chairman of CBW, Suresh Ramamurthi, is an ex-Google executive, and along with
his wife, Suchitra Padmanabhan, bought CBW largely with their savings in 2009, just
after the financial crisis. With his technology background, Mr Ramamurthi saw both the
need and an opportunity to fundamentally rebuild the bank from the ground up, by using
modern technology and a fundamentally different mindset than a traditional banker but
still bound by the same regulatory rules as any other bank.

CBW identified that the core banking solution itself was a legacy solution, and
consequently that it did not support many things that CBW believed were central to the
ideal solution. The following shortcomings were identified:

 Lack of API support for rapid account configuration.

 No support for online account opening.
 No option to embed risk scoring, compliance, or risk management.
 The legacy design meant that it could not support custom integration into third
party payment rails including to other banks, including lack of support for debit

Effective use of APIs can revolutionize traditional approaches to banking and payments,
and consequently, resolve pain points for both consumers and businesses in various
verticals. For this reason, CBW Bank built 500+ modern APIs, empowering the bank to
take a marketplace approach to banking. This marketplace approach enables CBW Bank
to develop payments products and services that anticipate market needs, spanning
various business verticals, and delivering tangible value to both businesses and

CBW Bank recognized that many challenges hindered the banking industry’s digital
transformation, such as how to develop new services while ensuring regulatory
compliance, and the lengthy time it takes to bring new products/services to market. In
part, CBW recognized that this was due to inflexible banking platforms. Furthermore, they
realized that if they solved this, they could offer this as a service to others.

One key challenge, then, was how to achieve this marketplace service while maintaining
compliance. CBW had to solve compliance at scale and in real time, as well as across all
payment channels, and have the ability to stop a transaction immediately if it did not meet Chapter: APIs for Banking as a Platform
the risk score or fraud check. CBW accomplished this by completely redesigning the
constituent parts of the process. While all banks have similar elements, CBW separated
the elements to have greater flexibility and control. For example, it built an authorization
engine separate from the card switch, which allows it to set conditional and contextual
management at both card level and merchant level. Furthermore, it built a real-time risk
scoring engine which ensured every transaction was risk scored and watchlist checked. It
is these elements that CBW has created from APIs.

The bank formed a delivery team with virtually everyone at the bank involved in the
discussions, requirement gathering, and testing. They then leveraged an external IT
partner, Yantra Technologies, to help with some of the coding and building. Yantra is also
partly owned by Mr Ramamurthi and effectively acts as a reseller of productized elements
of the solution built for CBW.

CBW’s approach of using a single API as an integration point eliminates the challenge by
integrating endless connection points into one digital banking platform. The platform
provides a single way to interact with many connected partners, instead of hundreds of
individual connections. It acts essentially as a gateway that gives the end user access to
multiple payment networks and delivery channels. This gives customer benefits of
control, but equally reduces dramatically the cost of adding and maintaining additional
connections and testing them. Rather than a “many-to-many” approach that most banks
take (that is, many connections connecting individually to each of the many systems a
bank has), this is essentially many-to-one, with the “one” insulating everything internally
from any changes (Figure 10).

Figure 10: CBW Enabled and Extended Existing Legacy Technology to Deliver New Services

Source: CBW Bank

CBW uses machine learning for real-time transaction scoring and analysis using an in-
house developed platform. While most banks only capture transaction data for analysis,
CBW looks at contextual data from API calls as well. Contextual data includes browser
information, device ID, IP address, and geographic location, allowing CBW to more
readily detect fraud. Machine learning in its bill pay API allows fintechs to develop apps
that can recommend short-term investments or financing. Due to the massive amounts of
data it collects, CBW has become expert at efficient storage methods and seeking low-
cost storage providers.
Chapter: APIs for Banking as a Platform
CBW Bank runs its systems in a private, secure cloud. YLabs is hosted in the cloud on
Amazon Web Services (AWS).

The bank can now leverage the 500+ APIs to provide connection points into the digital
banking platform, giving users access to multiple payment networks and channels. This
approach ensures interoperability between anything and everything, regardless of the
system, including multiple financial institutions, programs, product combinations, and
accounts. As a result, CBW Bank can use its technology to create solutions that meet the
needs of consumers and benefit a wide range of business verticals.

Additionally, CBW Bank published its APIs, becoming the first bank in the US to do so, in
Yantra Technologies’ “YLabs Marketplace.” By granting access to its APIs, the bank now
allows fintech startups and other financial institutions to rapidly build and validate a
variety of business and consumer banking products while ensuring compliance. This also
allows any startup or bank to leverage the YLabs platform to build a digital bank within six

YLabs Marketplace does not publish all 500 APIs, but a selection of 30 to 40 process
abstractions; a sampling is listed in Figure 11.

Figure 11: YLabs Marketplace API Portal

Source: Yantra Financial Technologies

Each abstraction is typically made up of multiple APIs, which are brought together to
complete a specific function. For example, doing a KYC check uses up to four “public-
facing” APIs, with each API connecting to an average of 10 to 12 “infrastructure” APIs.

Since the launch of ylabs Marketplace in June 2016, over 300 companies have signed up
to utilize the APIs. Although fintechs are the largest proportion of the firms signed up
(approximately 75% to 80%), some of the heaviest users are large banks. The banks use
Chapter: APIs for Banking as a Platform
the platform as a sandbox for inspiration and rapid prototyping tool for services that can
accelerate the banks’ digital transformation and better meet the shifting demands of
consumers. Furthermore, CBW’s focus on compliance ensures that the system results in
the ability to quickly add new services without taking on inordinate risks or increasing
exposure to fraudulent transactions. By leveraging CBW Bank, financial institutions can
ensure compliance and validate innovative services or products.

CBW’s fintech clients represent different business models:

 Infrastructure extension partners: Allowing fintechs to extend their product

infrastructure with features such as bill pay, mobile wallets, and multi-country

 Vertical specialist partners: Helping firms in different verticals such as
healthcare and insurance to incorporate banking and payment services into their
software solutions.

 Nonbank financial services partners: Supporting fintech firms offering services

such as person-to-person payments, mobile lending, and bill pay.

Once a fintech develops an application using ylabs APIs, CBW evaluates the fintech’s
business case to determine whether it will allow the application to move into production.
CBW is strategic in its choice of production applications, choosing partners with clear
roadmaps and an ability to extend CBW’s ecosystem.

Yantra Technologies also white-labels a platform for global money remittances,

connecting to multi-currency payments providers such as Currencycloud and TransferTo.
Connections with telcos around the world enable top-ups for digital wallets.

Supporting cross-border payments, CBW has correspondent bank relationships with

banks in 15 to 20 countries, allowing it to offer real-time gross settlement directly with an
international bank, bypassing traditional payment and messaging networks for clearing.
CBW uses its own messaging standard that includes more contextual data than existing
standards. When looking for a bank partner in a specific geography, CBW looks for the
most advanced banks in the locale.

Table 3: Fidor at a Glance


INITIATIVE Reinventing banking

SYNOPSIS Starting from scratch, Fidor Bank redefined traditional banking from
the ground up, leveraging its technology and business model to
develop a differentiating customer experience

KEY BENEFITS  Flexibility and agility that enables the bank to create an extensive
ecosystem of partners and capabilities.

 Leveraging APIs to develop differentiating applications.

 Leveraging APIs to onboard B2B partners, allowing them to run

their business and grow with their growth
Chapter: APIs for Banking as a Platform
 Creating a community that brings users together and solidifies a
bond between the bank and its customers.

 White labeling of its own platform to support partner banks,

incumbent banks, or consumer-led organizations to launch their
own digital brand

RELEVANT PARTNERSHIPS  Core Banking: G&H Bankensoftware Bancos, Swisscom

 Payment/Card: van den Berg, Mastercard, PetaFuel

 API Crypto: bitcoin.de, Kraken, several ICOs, and crypto


 API distribution, White-Label Bank: O2/ Telefónica

 Marketplace/Branding: Eight Inc.

 Investment: Scalable Capital, Ginmon, Nutmeg

 Savings: Raisin

 Trading: Ayondo, eToro

 Insurance: Allianz, Friendsurance, Helvetia, Hiscox

 Peer-to-Peer Lending: Smava, GIROMATCH

 Crowd Finance: kapilendo, Exporo, Seedrs

 Business loans: iwoca

 Crypto/Blockchain: Ripple, bitcoin.de, Kraken

 Cross-Border Payments /FX: Hyperwallet, Currencycloud

 Precious Metals: Goldmoney

 System Integrators: EPAM, GFT Technologies, DXC.Technology

 Online Lending: Smava, O2/Telefónica, FINANZCHECK

 B2B: Van Lanschot (Netherlands), Abu Dhabi Islamic Bank (UAE),

a leading bank in France, a leading bank in Africa, o2/Telefónica

 Education: Singapore Polytechnic, partnering with universities to

educate students on how to set up fintechs using the Fidor API

 Financial tools: OptioPay, Volders

Source: Celent, Fidor

Celent Perspective
As profiled in Fidor: Celent Model Bank of the Year 2015 (March 2015), Fidor Bank was
the overall winner of Celent’s 2015 Model Bank Awards. Fidor Bank in Germany was one
of the first neobanks with a banking license, allowing it to redefine traditional banking
from the ground up. Started from scratch, it aims to provide a truly innovative and
differentiating customer experience that offers a comprehensive suite of financial
products and services by owning the entire infrastructure. The bank adheres to two main
principles of financial innovation: openness and community. Openness is the flexibility
and agility that enables the bank to create an extensive ecosystem of partners and
capabilities, while also leveraging APIs to develop differentiating applications. Community
is about bringing users together and solidifying a bond between the bank and its
customers, as well as between the customers themselves, discussing financial topics in
an open and transparent manner.
Chapter: APIs for Banking as a Platform
Fidor Bank was launched in 2010 with a new German “de novo” charter. The bank is the
primary entity in the Fidor Holding Group, which holds two additional entities: Fidor
Solutions and Fidor Factory. Fidor carved out its IT department to form Fidor Solutions,
focusing on financial technology innovation. With a focus on the B2B market, Fidor
Solutions has doubled its revenues for the past two years. The company designs,
develops, implements, and maintains the digital backbone of Fidor Bank: the fidorOS
digital banking platform and its library of APIs that enables a variety of strategic features.

In addition to serving Fidor Bank, Fidor Solutions co-innovates with incumbent or startup
challenger banks, as well as consumer-led organizations that wish to launch a digital
bank, leaning on Fidor Solutions for both its banking expertise and technology. Fidor
Factory is an in-house digital marketing agency that oversees all customer
communications and services of Fidor Group´s customers globally. Combining their
expertise in neobank, payment, and technical innovations, the Fidor entities have

expanded their value proposition to include digital banking solutions and banking-as-a-
service since 2015.

Fidor was acquired in 2016 by Groupe BPCE, a leading banking group headquartered in
France and the parent of two major cooperative banking networks, Banque Populaire and
Caisse d’Epargne. Fidor’s current portfolio of products in Germany covers retail and
business banking ranging from basic bank accounts and savings bonds to various
lending offers. In Europe, Fidor currently has more than 750,000 community members.

Most recently, Fidor developed a credit-as-a-service offer. Again, APIs play a major role
in that service. Fidor Bank and its B2B partners can run their credit distribution model,
including risk-adjusted pricing, digital signatures, and real-time 24 x 7 payout with
constant monitoring of credit customers. Fidor Bank and its partners started the credit
distribution of consumer loans on Fidor’s infrastructure in December 2017. Fidor is rolling
out its credit-as-a-service solution across Europe in 2018, starting in France.

In the mid-’90s the founders of Fidor were at work creating their first financial institution,
the first European discount brokerage named DAB Bank (similar to Charles Schwab),
capitalizing on the rise in amateur stock trading. In 2007, web 2.0 was changing the way
users used the Internet and consumed services. Customers were demanding
increasingly high levels of engagement and a customer-centric experience across the
growing number of web-enabled devices and social media platforms.

The founders of Fidor recognized that few financial institutions were meeting customers
on their terms (like eBay, Amazon, collaboration platforms such as XING, and others),
but instead continued to pursue a traditional product-focused and bank-focused view of
the business. The design concept was simple: create a bank from scratch that focused
entirely on the customer, be relevant, and give something back. The bank would put the
customer first, create a community of like-minded users, be transparent, and provide

Fidor applied for a German banking license in 2007, just weeks before the financial crisis
began. The license was granted in May 2009 (despite the crisis), and the bank went live
on December 31, 2009. In the meantime, Fidor started work on the initial model for the
Fidor operating system, fidorOS, and launched a financial community and loyalty
scheme. Fidor’s interaction with its customer community is the bank’s core asset, and its
community is one of the largest financial communities in Germany.

While developing the functionality and support for the launch of the formal bank, fidorOS
acted as a digital platform that seamlessly integrated the community as a module with
high-speed banking capabilities for users to come together, discuss finances, and Chapter: APIs for Banking as a Platform
transact in real time. This was a crucial step because it created the foundation for the
community of like-minded users that would eventually be rolled into the bank itself. Even
today, a person does not have to be a Fidor Bank customer to participate in the
community. Each year, the bank earned a Net Promoter Score of over 40; most banks
are in the negative range.

Fidor launched its formal bank operations in 2010 with the motto “banking mit freunden”
(banking with friends), a community-first commitment to making banking more fun,
transparent, and fair. The journey to build the fidorOS platform originated when Fidor
Bank was screening the market for a solution that could respond to a high level of
customer engagement, coupled with speedy banking and payment capabilities. The
company could not find the right platform and made a strategic decision to architect and
build their own platform, fidorOS (fOS) which Fidor Bank now operates on. By taking
control of the entire process, providing technology, payments, banking services, and

mastering customer engagement, Fidor created an integrated experience with complete
control over the products and services suite (Figure 12).

Figure 12: fidorOS Platform Components

Source: Fidor Bank

fidorOS enables Fidor to become more agile and flexible in the market than most of its
traditional bank competitors. The bank strives to create a healthy ecosystem of partners
and internal development to maximize the strength of its business. It understands that
financial institutions cannot be the best at everything, but by creating an environment of
openness, as well as owning the entire infrastructure, a bank can create an experience
that is truly innovative.

fidorOS distinguishes itself with a number of features:

 End-to-end, fully digital, real-time, “60-second banking.”

 Flexible platform for innovation (e.g. basing interest rates based on Facebook
likes, or access to free data versus paying interest on balances).
 Aggregating customer behavior data helps the bank deliver on its promise to be a
relevant partner for customers, offering and delivering the right products and
services to the right customers at the right time and place
 Proven operating model on a cost-efficient platform, bringing the cost of
acquisition to €5 per customer versus €150 to €200 on average for incumbent
Chapter: APIs for Banking as a Platform
fidorOS creates and stores many types of customer and transaction-related data from its
banking activity as well as community dialogues. The platform’s success has spurred
interest from other institutions, and today Fidor white-labels the operating system for
other organizations.

Fidor developed and manages the developer portal, API gateways, and developer
sandboxes in-house. The fidorOS platform can be installed and operated on-premise, in
Fidor’s private cloud (two separate data centers in Germany), or in a public cloud from
providers like Amazon, IBM, Microsoft, and Google. Fidor currently collaborates with
Amazon Web Services as well as Swisscom.

Fidor built their first banking APIs versions based on market best practices established by
early API pioneers like PayPal and the social media networks. More recently, Fidor
decided to offer RESTful APIs using the JSON format, designing and publishing in
OpenAPI (OAI) Swagger format. (Swagger is a popular API developer framework.)

Considering emerging open banking API standards like Open Banking UK (CMA9) or
NextGenPSD2 (Berlin Group), Fidor is deciding whether to add one or more of these
standards. Since Fidor offers a number of nonfinancial services via APIs for features
such as identity, customer service, and community, it will continue to use its own
standards and adopt industry standards where applicable.

Fidor’s open API consent and authentication approach centers around OAuth2, and in
particular, the web-flow (redirect) model), although they also offer the resource-owner-
credential-flow. Fidor Bank account holders who want to exchange data with third party
fintechs are led through a series of web pages that inform them about risks, and then
request consent for data exchange and/or payment initiation. Account holders can later
review and revoke their consent via user settings. Depending on the user, the
authentication use case and a number of risk-based checks may require additional
security elements (e.g., biometrics) before they get processed.

Fidor requires that every third-party application requesting access to a customer account
or data go through an approval process. This vetting process ensures that Fidor
customers can only use, and give consent, to applications previously screened by the
bank. Fidor will no longer need to approve third party fintechs when European PSD2
regulations provide the legal and technical framework to license service providers.

Fidor offers a developer portal that includes an extensive set of APIs for banking,
payments, credit, card management, user management, community, scoring, integrated
services, and third-party services (Figure 13).

Figure 13: Fidor APIs

Chapter: APIs for Banking as a Platform

Source: Fidor Bank

As shown in the API list, Fidor goes well above PSD2 regulatory requirements for
account information and payment initiation APIs. Fidor and its partners leverage the long
list of open APIs to collaborate and co-innovate in several ways:

Open APIs for Marketplace Ecosystem

Fidor’s direct-to-consumer marketplace offers a retail-like experience combined with
community features. Customers can fulfill their financial needs with a broad array of
solutions from over 50 providers including investments, cryptocurrencies trading,
crowdfunding projects, peer-to-peer lending, insurance purchasing, mobile phone top-
ups, precious metals buying, voucher purchasing, or personal finance management tools.
The marketplace allows customers to interact with one another, asking for advice,
reviewing products, and choosing Fidor and partners’ products transparently and from a
single place.

Through open APIs, Fidor partners can offer their services to Fidor customers. Fidor’s
marketplace was beta-tested in Germany for over a year, resulting in a successful launch
of a tool that responds to the needs of consumers to find the right fintech in a trusted
environment. Fidor will expand its marketplace to new geographies and is currently
collaborating with Eight Inc., a leading human design agency, to improve the user
experience. Eight Inc. is well known for designing the Apple Store in addition to
collaborating with innovative organizations such as Nike, Virgin Atlantic Airways, and
Tesla Motors.

Open APIs and Sandbox for Educational Purposes

Sharing knowledge and experience with fintechs, customers, and partners is part of
Fidor’s philosophy. It was no different when Fidor decided to partner with universities and
other educational entities with the launch of its Fidor Student Academy. Fidor sees
education as an essential element that drives progress in the financial industry. Fidor
signed a partnership with Singapore’s five polytechnic high schools, white-labeling a
Fidor Sandbox to their requirements and allowing students to train in a hands-on
simulated digital banking environment, with the freedom to realize their own fintech
business ideas using Fidor APIs.

Open APIs for Cryptocurrency

Another example of Fidor’s drive to continuously push the envelope is its many
partnerships in the cryptocurrency space. Open APIs facilitate easy, secure, standardized
integration while enabling new business processes. Fidor Bank itself is not trading
cryptocurrencies, but its open APIs enable the real-time clearing of Euro-currencies
following the actual cryptocurrency trade. For counterparties that are Fidor customers,
clearing happens in real-time, 24 hours a day, and seven days a week.

Fidor’s approaches increase the security for trading counterparties because they have Chapter: APIs for Banking as a Platform
already been screened using Fidor’s onboarding and KYC processes, and the post-trade
transaction and money transfer hits the account instantly. Real-time clearing ensures the
trade proceeds are instantly available for further trading. The API-enabled cryptocurrency
service enables Fidor’s partner bitcoin.de to display Fidor’s customers on its trading
portal, identifying real-time clearing capabilities, and ensuring trust and efficiency for
traders in an extremely volatile market.

Figure 14: bitcoin.de, powered by Fidor

Source: Fidor Bank

Open API for Incumbent Banks and Consumer-Led Organizations

The Fidor open API use cases are the foundation of Fidor’s Bank-as-a-Service (BaaS)
concept. BaaS allows the launch of a new digital bank using Fidor’s white-label software
solution, including its banking license and operational services. Fidor’s BaaS services
offer complete business process outsourcing, including:

 White-labeled front end.

 Banking expertise and products.
 Anti-money laundering risk and compliance.
 Dedicated customer service.
 SaaS, AWS, and private cloud deployment.
 Banking operations.
 Fidor Bank’s license (EU only).

Figure 15: Fidor Bank-as-a-Service (BaaS)

Chapter: APIs for Banking as a Platform

Source: Fidor Bank

Fidor positions its BaaS solution to consumer-led organizations such as retail, transport,
insurance, or telecom firms looking to expand their brand and customer base with Fidor’s
banking license, regulatory compliance expertise, and cloud-based platform.

Fidor BaaS also appeals to incumbent banks that want to deliver faster on their digital
transformation agenda. As an example, Fidor BaaS enabled Telefónica Deutschland to
launch O2 Banking, Germany’s first mobile bank combining a telecom operator business
model of a telecom operator with a bank. O2 Banking customers enjoy free data instead
of paying interest on deposits. The free data can be used, shared with peers, or
converted into Amazon gift cards.

Open API for B2B Fintech Partners

Through Fidor Stack and its banking license, Fidor enables the inclusion of more players
in the financial ecosystem. It allows fintech partners to extend their business model with
specific banking services such as credit, payments, cards, and escrow accounts. These
services are fully enabled with APIs, offering the choice for end customers to subscribe to
offers directly from the fintech partner’s user interface.

Fidor generates revenues through its API partnerships with fintechs with revenue sharing
based on number of accounts, subscription fees, or as a percentage of revenue. It also
generates revenue through licensing its white-labeled (BaaS) platform for banks that
want to transform digitally.

Fidor’s agile development approach also applies to its business model. Pricing must fit
each specific project and be fair to the consumer, the partner, and to Fidor. A licensing or
“pay as you grow” revenue model is agreed between all parties following the inception
phase of a project. During this phase, the project is fully defined from ideation to
prototyping, and clear KPIs are set across a timeline. This agile-based methodology
ensures that pricing aligns with the KPIs and that all parties work towards success goals.
One example of monetization is the commissioning of API-enabled transactions. For
example, in the cryptocurrency collaboration scenario, Fidor charges a 0.1% fee.

For a customer like O2/ Telefónica, the BaaS use case is invaluable to the provider.
Obtaining a banking license is an expensive, drawn-out, complex process, requiring
capital, technology investments, technology resources, and office space. In this scenario,
O2 benefits from the entire Fidor Stack and banking license with a dedicated team
running the bank and serving customers, all based on a pay as you grow business

Fidor Bank had the luxury of starting from scratch. This led it to develop a state of the art Chapter: APIs for Banking as a Platform
banking platform, unencumbered by the legacy code that hampers most incumbent
institutions. Fidor is redefining the customer experience by taking advantage of
architectural openness, partner ecosystems, and a community focus.

With a focus on innovation and years of experience operating as an open bank, Fidor
managed to create the first direct-to-consumer marketplace providing over 50 fintech,
insurtech, and tradetech offerings to its customers. Fidor makes it simple for any API-
enabled organization to connect to its platform, expand, and be future ready. Its
ecosystem evolves with more and more partnerships, creating international communities
with new opportunities at a global level.

Fidor states that it is the oldest fintech, and its early adoption of an open banking
approach makes it the most experienced bank in building APIs. The bank counts today
hundreds of available APIs that enable the creation of new revenue models and business

concepts. The API-based microservice architecture allows for an ever-growing portfolio of
offers that include various innovative services.


Table 4: JB Financial at a Glance


INITIATIVE Leading a new financial paradigm

SYNOPSIS JBFG developed and implemented an innovative open banking

platform allowing third parties to act as a bank’s digital branches,
enabling the bank to acquire new customers as well as increase
fee income.

KEY BENEFITS • Acquire new customers through third party digital channel.

• Allow fintechs to overcome financial regulatory and compliance

hurdles by leveraging a bank’s expertise.

• Flexible open banking platform, able to connect to any core

banking system across geographic regions.

• Provide white-labeled products and services to third party firms

including customer portal.

RELEVANT PARTNERSHIPS Peer-to-peer lending: PeopleFund.

International remittance, transfer, mPOS, real estate, and others:

under nondisclosure.

Source: Celent

Celent Perspective
JB Financial Group (JBFG) states that it is the first Asian bank to integrate third party
services into its existing core banking. JBFG’s open bank model allows third parties to act
as digital branches, enabling the bank to acquire new customers as well as earn
additional fees. JBFG has developed the JB Open Banking Platform (JBOBP). The
platform consists of middleware architected with a set of APIs supporting several banking
functions. Extending the platform via APIs allows JBFG to reach prospective customers
using alternative delivery channels. JBFG is establishing alternative channels by
establishing third party partnerships in South Korea, with plans to expand outward into Chapter: APIs for Banking as a Platform
Southeast Asia.

A member of the 2017 Forbes Global 2000: Growth Champions , JB Financial Group
Co., Ltd. has 3,690 employees and total assets of KRW 45.8 trillion. The firm was
founded in 1969 and is based in Jeonju, South Korea. Through its subsidiaries, JBFG
operates through three divisions: Banking, Credit-Specialized Financial Services, and
Collective Investment. The Banking division offers private and corporate banking and
long-term and short-term loan services. The Credit-Specialized Financial Services
division provides equipment leasing and installment and new technology business
financing services. The Collective Investment division encompasses asset management,
investment advisory, and discretionary investment.

2017 Forbes Global 2000: Growth Champions, Andrea Murphy, October 10, 2017
As part of its desire to provide innovative services and technologies in the financial
services space, JBFG sponsors hackathons. In its first hackathon in 2015, JBFG opened
its core banking system to the winner, PeopleFund, and the resulting interface and
subsequent developments received approval from the Korean Financial Services
Commission Institution and led to a patented business model. JB recently held its second
Quantum Leap JBFG Global Hackathon, providing fintech firms with a valuable
opportunity to demonstrate their technology and benchmark competitors.

JB Financial Group originated from the southwest region of South Korea. JBFG has
aggressively expanded since 2011 through traditional expansion activities like mergers
and acquisitions along with opening branches in other regions. Although JBFG is
relatively small, it has strong information technology capabilities. The technology team
successfully developed a Java-based core banking system for a leading digital bank in
South Korea. Building off this expertise, JBFG turned its attention to using its technology
strengths as an alternative growth engine.

Recognizing the potential for open banking, JBFG created its digital platform, JB Open
Bank Platform (JBOBP), which allows banks to create new financial services for
distribution by third parties. The platform features a modular, flexible, and customizable
architecture to allow various integration and use case scenarios (Figure 16).

Figure 16: JBFG Banking as a Service

Source: JB Financial Group

JBFG aims its platform at smaller banks with limited branch footprints. Using JBOBP,
smaller banks can distribute their services through third parties and attract prospective
customers outside of their regions. JBOBP helps larger banks to API-enable their legacy
Chapter: APIs for Banking as a Platform
systems and connect with third party providers.

JBFG envisions multiple use cases for its Open Banking Platform such as peer-to-peer
lending, mobile point of sale (mPOS), international remittances, deposit-based lending,
property rent management, artificial intelligence-based real estate, and white-labeled
cards. The deposit-based lending product allows migrant workers to deposit earnings in
the country where they are working, with a partner bank in their home country lending
funds to their family based on the deposit balance. AI-based real estate can help a
company evaluate the price for a potential real property purchase.

In addition to benefitting banks, third parties taking advantage of financial services

offered through the JBOBP can enhance their competitiveness over offline firms in
various industries. Third parties can offer financial services that leverage the underlying
bank’s license and regulatory expertise. Fintechs looking to expand into payment or
lending services avoid the hassle of navigating multiple regulatory jurisdictions.

JBFG spent two years developing its open banking platform. The company currently
offers the platform only on-premise but plans to launch a cloud-based platform. Similar to
decisions made by other organizations, JBFG chose open source software due to its
flexibility in connecting with various startups and financial institutions.

Developers often choose open source software because it is less expensive than
commercially licensed software, avoids vendor lock-in, and is built and supported by a
community of knowledgeable developers. JBFG’s open source approach makes it easier
to add new technologies and services, along with enhancing flexibility in connecting with
various startups and financial institutions. JBFG uses a variety of open source tools
including Java, Jason, Spring, Apache Camel, Apache Karaf, Quartz, Alfresco, Activiti,
and Hibernate ORM. Furthermore, the RESTful API-based architecture imbues the
platform with flexibility and scalability, which enables JBFG to implement the solution into
the core banking system without any technical difficulties.

In 2015, JBFG initiated a pilot project to certify that the platform could reliably handle
significant volumes of financial transactions, During the pilot project period, JBFG
validated that the platform could manage third party data such as peer-to-peer (P2P)
lending services provided by PeopleFund, along with connectivity to a core banking
system. After confirming that the platform was software and hardware agnostic, the IT
team began to implement the OBP at JB Financial Group’s subsidiary companies.

As the first financial services firm in Southeast Asia to develop an open banking platform,
JBFG strove to provide an innovative customer experience, openness, flexibility, and
scalability. A customizable user portal provides end users with options such as service
widgets. Depending on users’ preference, they can choose and place various widgets
such as account balances and transfers on the main portal screens. Analysis of users’
behavioral patterns and demographic data allows JBFG to recommend targeted financial

JBOBP’s framework consists of eight components, as shown in Figure 17.

Figure 17: JBFG Component-Based Framework

Chapter: APIs for Banking as a Platform

Source: JB Financial Group

Each of the eight components contributes to the overall architecture of the JBOBP
 Open Bank Portal: The platform supports three types of portals.
– The user portal contains the lists of financial services and products for both
banks and third parties.

– The developer portal provides third parties with access to APIs. After
gaining permission from JBFG, third parties can develop and publish their
services through the portal.

Figure 18: JBFG Developer Portal

Source: JB Financial Group

– The user community portal allows customers to provide feedbacks

regarding OBP services and supports discussions with other users.
 Customer eXperience: In this layer, an administrator manages existing widgets and
develops new widgets for users. Also, the administrator defines the targeting rules to
provide useful financial advice to customers.
 API Management: This component allows the API owner to monitor and analyze
each API transaction to check for errors, controls API traffic, and ensures API
 Open Bank Services: This module supports the development of banking and
nonbanking services and improving business processes to provide better services.
 Open Bank Integration: Banks use the integration module to easily embed the OBP
into an existing core banking system and other servicing or accounting systems.
 Open Bank Management: This module stores customer and transaction data, and
monitors the system to resolve technical conflicts.
 Digital Marketing Support: The marketing support tool analyzes the data stored in
the open bank management layer to provide advice to enhance customer
Chapter: APIs for Banking as a Platform
 Security: This component defines the security policy of each module including APIs,
customer data, and transaction data, and supports new regulatory requirements.

There are three potential revenue sources from the JBFG OBP model. The first and
largest is transaction fees. Each participant in the model has an opportunity to benefit.
For example, when a peer-to-peer lender uses a partner bank’s operational processes
and resources to underwrite loans or manage investors, the P2P lender pays fees to the
bank as well as the platform service provider.

The second revenue source is platform maintenance fees. JBFG earns maintenance and
upgrade fees from purchasers of the OBP. The third is consulting and third-party
registration fees. One of the success factors of JBFG’s model will be to find third party
breakout providers and to craft solid partnerships. JBFG will work with partners, using
professional services to help design new technology and business models. Also, as user

and transaction data is gathered and combined with external data sources such as credit
bureau information, analytics can be monetized.

JBFG successfully launched the Open Banking Platform in South Korea and Cambodia in
2017 and plans to expand into two more countries in 2018.

One example of JBFG’s success is its partnership with PeopleFund. PeopleFund is a

peer-to-peer (P2P) lender in South Korea. The P2P lending market in Korea is growing,
and PeopleFund combines finance and technology, eliminating the inefficiencies of
traditional lending. PeopleFund’s banking partner is Jeonbuk Bank, a North Jeolla
Province-based local bank (and JB Financial Group subsidiary) striving to expand its
presence beyond its local customer base. Their partnership created the first Korean
partnership between a bank and a peer-to-peer lender (Figure 19).

Figure 19: People Fund Partnership

Source: JB Financial Group

The partnership with Jeonbuk Bank allows PeopleFund to operate within the official
regulatory framework, giving it more options to offer different products such as derivative-
linked securities. Most other competitors are focusing on project financing for real estate
projects and individual loans. With the PeopleFund partnership, Jeonbuk Bank expanded
its P2P lending customer base by 30% the first year and grew loan amounts outstanding
by 130%.

Future Plans
JB Financial continues to create new business models across Southeast Asia, combining
its open banking technology platform with innovative approaches for leveraging its Chapter: APIs for Banking as a Platform
banking license and regulatory expertise to accelerate customer acquisition and new
revenue streams. JBFG aims to form a global banking alliance as a medium-term goal
and to serve as an aggregator platform for partner banks and third-party providers in the
longer term.

All three of the banks profiled in this section leverage their state of the art technology
platforms not only for Banking as a Platform but also as drivers of collaboration and


Externally facing APIs in financial services have been around a long time, with many
initially emerging in the e-commerce and cards space. The growth in APIs for payments,
banking, and other financial applications has skyrocketed over the past few years, with
more than 530 new APIs published from 2015 to 2017. Figure 20 shows a sampling of
those APIs.

Figure 20: New Financial Services APIs from 2015 to 2017

Source: Programmable Web, Celent Analysis


Regulatory requirements drive much of the growth in newly published open banking APIs.
The intent of open banking legislation is to provide consumers with more choice — by
allowing third party providers to create new financial services offerings with aggregated
bank account data. Regulators across the globe are moving towards open account
Chapter: APIs for Banking Innovation

access, and in some counties, payment initiation. Table 5 provides an overview of open
banking regulatory initiatives in various regions and countries.

Table 5: Open Banking Initiatives by Country/Region


EUROPEAN PSD2 The Access to Account (XS2A) provisions of PDS2 give any third
UNION party access to account-level information held by a bank and the
ability to initiate a payment from that bank account. The European
Commission believes that XS2A will create choice and competition
for consumers by allowing them to choose services not controlled by
the account-owning institution.

UNITED The UK Competition and Markets Authority (CMA) authorized the
KINGDOM Open Banking Open Banking Implementation Entity (OBIE) to manage the rollout of
bank and building society open APIs to drive competition and
innovation in UK retail banking. The Open Banking rollout began in
January 2018, with regulated third parties able to start integrating
with Open Banking and testing their products.

INDIA Unified As part of its “Less cash” India initiative, the Reserve Bank of India
Payments authorized the National Payments Corporation of India, a bank-
Interface (UPI) owned cooperative, to develop an instant real-time payment system
to facilitate interbank transactions. The resulting Unified Payments
Interface (UPI) is processing an average of 877 million transactions a
month, with an average monthly value of ₹9.5 trillion.

SOUTH KOREA Fintech Open In 2016 the South Korean Financial Services Commission (FSC)
Platform launched the Fintech Open Platform, claiming that it is the world’s
first fintech development and sandbox platform. The platform’s open
APIs span 16 commercial banks and 25 securities companies in a
unified format. The platform is managed by the Korea Financial
Telecommunications and Clearing Institution along with Koscom

SINGAPORE Finance-as-a- Issued Finance-as-a-Service: API Playbook in November 2016. The

Service: API Playbook addresses guidelines and best practices for API design and
Playbook usage; API candidates covering banks, insurers, asset management
companies, and government agencies; technical standards; and API
governance framework.

JAPAN 2017 Growth Japan adopted its 2017 Growth Strategy in mid-2017. One of its
Strategy and priority areas is to promote open innovation between financial
Amendments to institutions and fintech firms. Japan amended its Banking Act to
the Banking Act define Payment Initiation Services Providers (PISP) and Account
Information Service Providers (AISP). As part of the amendments, 80
banks must introduce Open APIs by June 2020.

HONG KONG New Era in Issued a consultation paper in January 2018 seeking feedback on the
Smart Banking proposed Open API framework. The framework includes categories
of Open APIs, technical standards, third party service provider
certification model, and measures to encourage Open API ecosystem

AUSTRALIA Consumer Data The Australian government published a final report on open banking
Right: Open is February 2018, seeking responses to its findings by March 2018.
Banking Review The report recommends a commencement date for Open Banking of
12 months after approval.

CANADA Review of the The Department of Finance Canada launched the second stage of
Federal consultations on its proposed 2019 Revisions to the Federal Finance
Financial Sector Sector Framework in August 2017. As part of the consultation, the
Framework Department requested views on the implementation of open banking
and the potential benefits and risks for Canadians. Chapter: APIs for Banking Innovation

Source: Country websites and press releases, Celent analysis

PSD2 and UK Open Banking Regulations

A perceived lack of competitiveness drove efforts to implement the European Union’s
PSD2 open banking provisions and the United Kingdom’s Open Banking remedies. As
discussed in “Payment Services Directive II: Dramatic Changes on the Horizon,” (August
2016), PSD2 takes a radical step to extend competition and to break up the payments
value chain. With PSD2, the European Commission believes that providing access to the
account (XS2A) to third parties creates choice and competition for consumers by allowing
them to choose a payment not controlled by the account-owning body.

Although the provisions of PSD2 apply from 13 January 2018, banks have until 14
September 2019 to fully implement open banking APIs with strong customer
authentication (SCA), and support third party payment providers in production. Banks
must make available a testing facility, including support, for connection and functional
testing six months in advance, from 14 March 2019.

The UK Competition and Markets Authority (CMA) and its resulting Open Banking
framework demonstrates several best practices for countries looking to implement open
banking regulations.

 Initiated calls for consultation: In February 2015, HM Treasury published a

consultation on Open Data and Data Sharing APIs, seeking market-driven
recommendations and feedback on proposed remedies to improve services for
consumers and small to medium enterprises (SMEs). In November 2016, the
CMA published its draft retail banking order, asking for feedback from interested
parties. Banks, providers, associations, and payment networks responded,
allowing the CMA to consider feedback from a broad stakeholder ecosystem.
 Established cooperatively governed implementation entity: The CMA
established the Open Banking Implementation Entity (OBIE) in 2016 to design
the API specifications, support banks and third party providers, create security
standards, manage the Open Banking directory (including enrolling third party
providers), and create standards for managing disputes and complaints. The
CMA and the nine largest UK banks (Allied Irish Bank, Bank of Ireland, Barclays,
Danske, HSBC, Lloyds Banking Group, Nationwide, RBS Group, and Santander)
— the banks required to implement the specific remedies set forth by the CMA,
govern the OBIE.
 Defined the required APIs along with API specifications:
– ATM Locator
– Branch Locator
– Personal Current Account (PCA)
– Business Current Account (BCA)
– SME Unsecured Loans (SME)
– SME Commercial Credit Cards (CCC)
 Implemented Dispute Management System (DMS): For ASPSPs and TPPs,
the DMS enables the communication and exchange of information for the
management of a payment initiation and account information service transaction-
related enquiry, complaint, or dispute.
 Centralized API tracking: The OBIE maintains an API Dashboard that lists all
available API endpoints and shows the API version supported by each provider
(Figure 21). Note: the OBIE website does not host the APIs; UK banks manage
their own open API developer portals.
Chapter: APIs for Banking Innovation

Figure 21: UK Open Data API Dashboard

Source: Open Data API Dashboard, Open Banking Implementation Entity, accessed on March 9, 2018

For banks unfamiliar with APIs, a number of technology providers (Table 6) offer UK
Open Banking and PSD2 accelerator platforms, tool sets banks can use to jumpstart API
development and management.

Chapter: APIs for Banking Innovation

Table 6: Vendors Offering Open Banking and PSD2 API Accelerator Platforms (Not Exhaustive)


AVANADE AND ACCENTURE Azure API Management Accelerator



CAPGEMINI PSD2 Open Banking Solution

DXC TECHNOLOGY The Open Banking Accelerator

ENTIROS INTEGRATIONS Open Banking APIs and PSD2 Value Added Network

FIGO XS2A Enabler


GOOGLE/ APIGEE Open Banking API Accelerator (APIx)

IBM Open Banking Sandbox

MULESOFT Catalyst Accelerator for Banking

NDGIT Open Banking Platform


ORACLE Open API Banking Solution

ROGUE WAVE/ AKANA Open Banking Solution

VOLANTE TECHNOLOGIES VolPay Channel for Open Banking

WIPRO Open Banking API Platform

WSO2 Open Banking

Source: Company websites, press releases, Celent analysis

For banks outside the EU and UK, accelerator platforms can serve as reference
implementations, helping project teams to jumpstart API development. Unfortunately,
outside of the UK, there is no global common standard for open banking APIs. However,
a handful of industry groups are working toward creating their own sets of standards to
make it easier for both banks and fintechs to connect to one another, as discussed in the
Celent blog post “Open Banking API Standards: What are the Options? How Do I
Chapter: APIs for Banking Innovation

Choose?” (December 2017).

Although PSD2 bans surcharging for the use of payment instruments and payment
services which are covered by the interchange fee caps or the SEPA Regulation, creative
banks and third party providers see an opportunity to charge for “premium APIs.”
Premium APIs provide access to product and payment types not covered by PSD2, such
as lending and credit data, card maintenance, cross-border payments, foreign exchange,
standing orders, and extended transaction history.

Market Driven APIs

A handful of market-leading banks launched open APIs long before regulatory mandates.
One example is BBVA, an early adopter and promoter of open APIs. BBVA began
hosting hackathons in 2013 under the InnovaChallenge brand. For the hackathons,

BBVA provided participants with anonymized credit card data sets, offering prize money
for the applications best adding value to BBVA’s data. BBVA launched its BBVA
API_Market to a pilot group of developers in mid-2016, with a commercially available
version launched in May 2017. The BBVA API_Market offers two sets of APIs, one
covering BBVA Spain and the other, BBVA US (Figure 22).

Figure 22: BBVA API_Market

Source: BBVA

In the US, BBVA Compass made a set of authentication and payment APIs available to
payment network provider Dwolla in 2015. Dwolla started as a person-to-person app and
has morphed into an API provider, allowing fintechs to process ACH debits and credits to
any US bank account. The bank and Dwolla worked together to develop a way to
authenticate customers and tokenize their credentials such that no personally identifiable
information passes to Dwolla. As a result, BBVA Compass became the first large
Chapter: APIs for Banking Innovation

financial institution to provide real-time transfers in the US.

While some believe that fintechs will eventually make banks obsolete, the current reality
is that banks and fintech companies are entering collaborative partnerships for
innovation, giving banks access to new technologies, and giving fintech companies
access to funding, scale, and customer reach. We continue to see press announcements
of banks enabling fintechs, and fintechs enabling banks, as shown in Figure 23.

Figure 23: API Partnerships Between Banks and Fintech Firms Provide Business Value to Both

Source: Company announcements and websites

In the new open banking ecosystem, APIs are a new channel for innovation and need
nurturing. The monetization of the API economy presents a new source of revenue, but
only if a bank’s APIs are adopted and used by other organizations and developers. APIs
need to be productized and marketed as a source of competitive advantage, like any
other traditional product. There is no value in having the best banking platform if
developers do not want to open the front door.

Successful innovation APIs require healthy internal and external developer communities,
and so APIs need to be easily found, understood, and used. The most robust developer
portals offer broad functional scope, straightforward registration, simple getting started
guides, comprehensive testing sandbox, and multiple support options.

To raise awareness of their portals and encourage fintech adoption, many banks are
hosting hackathons and API challenges. Other promotional materials include infographics
and videos, with examples in Figure 24.
Chapter: APIs for Banking Innovation

Figure 24: Promoting an Open Banking Developer Portal

Source: Banking websites and press releases

The launch of open banking developer portals for innovation and collaboration is
accelerating, some in response to regulatory requirements and others driven by market
forces. The Appendix contains a list of bank developer portals known to Celent. However,
it is difficult to track all available portals worldwide, particularly since some banks have
chosen to test their APIs in closed beta environments.

Although much of the focus on open banking APIs is to enable access to account
information and payment initiation for fintechs, several banks are working on using APIs
as a new customer delivery channel.

Chapter: APIs for Banking Innovation


As discussed, banks already embrace internal APIs to modernize and streamline back
office connectivity, especially for customer-facing digital channels. With the large volumes
of transactions and payments flowing externally between a bank and its corporate
customers, banks have begun to publish APIs for transaction banking products and

As outlined in an AFP article, transaction banking APIs have the potential to move
corporates beyond batch processes for payments, transforming intraday reporting into
real-time reporting. Historically, for treasurers to check on specific transactions, they must
log in to the bank’s corporate online portal. APIs offer instant visibility into payment
confirmations and electronic bank account management.

For its 2017 Corporate Payments and Bank Connectivity Report, FIS surveyed 132
treasury and finance professionals from corporations around the globe to understand how
they navigate or plan to navigate through their payments and bank connectivity
challenges. Thirty-five percent of respondents already have or plan to have an API
banking initiative in place within 18 months. Financial professionals value banking APIs
for their ability to facilitate real-time payment and information flows, including balance
inquiries, credit line availability, and vendor payments.

An example of using APIs for real-time visibility is SWIFT’s global payments innovation
(gpi), which went live in 2017. Banks, corporate treasurers, and treasury systems
vendors can connect their online portals to the Tracker using API calls, adding end-to-
end payments tracking to existing treasury and cash management solutions.

Several banks are working on API connectivity for corporate treasury management
systems, along with other financial software used by their business clients. Bank of
America Merrill Lynch (BofA) launched its API Developer Portal in January 2018 (Figure

Figure 25: Bank of America Merrill Lynch API Developer Portal

Chapter: APIs for Customer Communication

Source: Bank of America Merrill Lynch

API Advantages: Real-Time Processing & Visibility for Treasury, Andrew Deicher, www.afponline.org, August
9, 2017
BofA clients will be able to benefit from direct API connections to enterprise resource
planning (ERP) and treasury management systems (TMS), as well as other third party
partners. BofA embraces open APIs for expanded transaction services and is engaged
with clients, treasury system vendors, and fintech providers; exploring and piloting its API
services. For the bank’s European customer base, the API gateway readies BofA for

As many banks do, BofA started its API journey by implementing SOA-based web
services and APIs for internal systems connectivity. For example, BofA uses APIs to feed
data to the software it uses for data analytics, reporting, and visualization. In May 2017,
the bank announced that it was working with multiple financial data aggregators to share
data via an API, using a unique token that removes usernames and passwords from the
process. API data exchange is seen as more efficient and reliable than the existing
screen-scraping methods used by many providers.

In October 2017 BofA launched CashPro Assistant, which uses artificial intelligence and
predictive analytic capabilities to help clients easily access and analyze their banking
information. Central to the solution is CashPro Assistant Analytic and Forecasting, which
allows commercial and corporate clients to use APIs to populate account data directly
with Microsoft Excel spreadsheets used for treasury and risk management. BofA’s
solution to pull data from CashPro Online automates on demand data gathering, reducing
the risk of manual input error. A surprising number of treasury, finance, and risk teams
continue to rely on spreadsheets. For example, the 2018 AFP Risk Survey found that
97% of finance professionals report that spreadsheets are being used at their companies
to manage risk.

Two other banks focusing on APIs for client connectivity are Citi and YES BANK, profiled

Table 7: Citi at a Glance


INITIATIVE CitiConnect API (Application Programming Interface)

SYNOPSIS CitiConnect API allows clients and partners to integrate directly with
Citi’s applications for real-time access to their data and banking
services, with Citi becoming one of the first transaction banks to fully
enable a core set of cash management products and services.
Chapter: APIs for Customer Communication
KEY RESULTS  6 million API calls from clients and partners in 2016

 Expected onboarding savings of US$2 million annually

Source: Celent

Celent Perspective
As profiled in Citi: CitiConnect API (April 2017), Citi was the winner of the Celent Model
Bank 2017 Award for Open Banking. Citi’s Model Bank submission stood out as one of
the first universal banks to roll out integrated API capabilities for transaction banking.
Citi’s Treasury and Trade Solutions (TTS) business has focused its efforts on
transforming its business to deliver a seamless, end-to-end client experience through the
development of its capabilities, client advocacy, network management, and service
delivery across the entire organization. The CitiConnect API allows clients and partners
to integrate directly with Citi for real-time access to their data and banking services.

Based on Celent’s detailed analysis of open banking portals, Citi lists more APIs in its
global developer portal than any other bank, with more than 60 available (depending on
country) as of February 2018.

Citi, the leading global bank, has approximately 200 million customer accounts and does
business in more than 160 countries and jurisdictions. Citi’s Treasury and Trade
Solutions (TTS) business provides integrated cash management and trade finance
services to multinational corporations, financial institutions, and public sector
organizations across the globe. With the industry’s most comprehensive suite of digital-
enabled platforms, tools, and analytics, TTS leads the way in delivering innovative and
tailored solutions to its clients. Offerings include payments, receivables, liquidity
management, and investment services, working capital solutions, commercial card
programs, and trade finance.

Citi’s digital banking platforms support multiple transaction types across multiple
subsidiaries and currencies across the 96 countries in its geographic footprint. Citi’s
geographic reach gives it an opportunity to hear from customers, providers, and
regulators across its markets. Citi began hearing demand for real-time integration for
payments, e-commerce, and big data. Other influences were market infrastructures
promoting real-time interfaces, ERP software vendors preparing for APIs, and real-time
gross settlement systems such as SWIFT and EURO getting API ready. Citi then started
looking at the technology infrastructure needed for a differentiated real-time API
experience but with a harmonized approach across channels.

The CitiConnect suite of products offers a broad range of connectivity, security, and
format options to optimize direct corporate-to-bank connectivity. Multinational
corporations need solutions that work across many geographies, languages, and
constructs. For bulk transactions, the file channel is often the most sensible way for
corporations to interact with their bank. However, for high-value payments and detailed
remittance information, real-time transactions can enhance working capital management.

Based on the belief that client experience is the driver of sustainable differentiation,
CitiConnect API allows clients and partners to integrate directly with Citi’s applications for
real-time access to their data and banking services. It offers clients a global, flexible, and
fully automated delivery channel that provides full visibility into their working capital flows
across all accounts, allowing Citi to become one of the first transaction banks to fully
enable a core set of cash management products and services.


Chapter: APIs for Customer Communication

In late 2016, Citi launched its consumer-focused Global Developer Portal
(developer.citi.com) to connect with developers and enable them to develop client
solutions leveraging Citi banking services. The initial set of APIs spanned six usage
categories, including account management, peer-to-peer payments, money transfer to
institutions, Citi rewards, investment purchases, and account authorization, with
additional categories added over time. Today, in some geographies, Citi offers more than
50 APIs across eight usage categories.

The desired outcome of the CitiConnect API is to allow commercial clients to consume
treasury services à la carte. Citi’s TTS group leveraged the bank’s common API gateway
and management tools to build out APIs for transaction banking. The API Management
(APIm) platform is the key component which facilitated the success of this API program
and enabled the real-time integration of payment services. Figure 26 provides an
overview of Citi’s API products available in Australia.

Figure 26: Citi Developer Hub API Products (Australia)

Source: Citi

Citi’s API Gateway allows clients to access services they need in a way that is native to
their daily treasury business processes and treasury management software. The wire-
speed APIm platform is the front-facing component of all the incoming traffic, providing

Chapter: APIs for Customer Communication

API security, API onboarding, analytics, API lifecycle management, and developer portal,
enabling the businesses to compete with a new level of agility to take advantage of a
faster time to market and bringing core banking capabilities to the forefront.

With CitiConnect API, there is no need for additional providers or services. Global clients
and partners can integrate Citi’s cash management capabilities directly into existing
applications for a simple and intuitive experience for end users. This integration allows
clients to include API calls directly into the application of choice: a Treasury Workstation,
Enterprise Resource Planning (ERP) system, or multi-banking portal (Figure 27).

Figure 27: CitiConnect API Solution Overview

Source: Citigroup

Citi identified key use cases for transaction banking APIs, including:

 Collect real-time account balance information and view directly in a treasury

 Receive real-time transaction status notifications of critical payments.
 Initiate real-time payments directly from a Treasury Workstation.
 Collect detailed account statements directly in a treasury application.

A significant challenge for both Citi and its clients is the complexity and duration of the
onboarding process, including the cost of building and testing interfaces. Citi uses
SWIFT’s MyStandards Readiness Portal to allow Citi clients to test their SWIFT
messages against Citi guidelines, maximizing straight-through processing with minimal
intervention. When launching the CitiConnect API, Citi wanted to go a step further with its
testing toolkit.

To facilitate onboarding, Citi offers access to the CitiConnect Client Test Environment.
The Client Test Environment is a full replica of the production environment but not
connected to settlement systems. The environment allows developers to test the
interfaces and data exchange as part of the API implementation. Once the API is

Chapter: APIs for Customer Communication

successfully tested and working in line with expectations, the solution is eligible for
promotion to the production environment for a successful, coordinated activation. Citi
currently publishes API code, security, and encryption to allow developers to test their
APIs in a sandbox environment before moving to production. In the future, Citi will
provide developers with API monitoring and visibility tools.

Citi’s single API gateway across all its different businesses is provided by IBM,
supporting Citi’s omnichannel architecture. Citi currently hosts its API gateway on-
premise but is evaluating cloud to support open banking use cases. Citi’s API format for
financial transactions is based on the ISO 20022 XML standard to help customers make
the transition from file-based to API connectivity. For nonfinancial transactions such as
request to pay, Citi prefers a JSON format for its smaller payload.

Citi charges a monthly, lump sum fee for using its API gateway for production
applications. The bank feels that a monthly charge encourages higher adoption over an

itemized charge. For firms transacting via API, Citi charges per transaction similar to a
credit card transaction, but at a lower rate than current credit card interchange rates.

Compared to client onboarding to the CitiConnect file channel, Citi aims to reduce client
onboarding time by a third with CitiConnect APIs and achieve cost savings by eliminating
spending on building and testing file interfaces. Citi expects to be able to save over US$2
million annually, and based on feedback from clients, the bank anticipates client savings
may be the same or more.

More recently, Citi is focusing on real-time payment use cases such as request to pay
collections from bank accounts and electronic payment initiation from consumer-facing
websites such as an insurance portal.

In 2017, clients and partners made 6 million API calls through CitiConnect APIs. For Citi,
APIs opened the gates to different buying centers at its corporate clients. Client use
cases include:

 Delivery drivers: Request to pay from bank account

 Treasury staff: Self-service requests for holiday schedules, processing cutoff
times; intraday balance inquiries
 Finance staff: Payment investigations
 Insurance companies: Real-time payment and settlement via client portal

Treasury workstation vendors are beginning to API-enable their solutions, setting the
stage for a new connectivity channel for treasurers. Citi is working with those vendors to
build “Citi-ready” interfaces, further streamlining onboarding. One example is Citi’s
partnership with FIS, one of the world’s largest financial technology companies. FIS
connects its Trax corporate payment factory to Citi’s Treasury and Trade solutions using
Citi APIs. The connection allows joint customers of FIS and Citi to manage transaction
flows in real time, increasing cash management and visibility, and preparing treasurers to
take advantage of real-time payment opportunities.

“APIs are changing the game really fast. Everyone is starting to look at
services-based transactions rather than user interactions.” – Mayank
Mishra, Global Head of Digital Channel Services, Treasury and Trade
Solutions, Citi

Chapter: APIs for Customer Communication

Table 8: YES BANK at a Glance



SYNOPSIS YES BANK is the first Bank in India to publish application

programming interfaces (APIs), as part of its 'API Banking' service.
API Banking allows the client to do its banking-related activities
directly from its own enterprise resource planning (ERP) system with
auto-reconciliation. In doing so, it has significantly improved its clients’
businesses leading to enhanced end customer experience, yet at the
same time reducing its own cost to serve and winning new business.

KEY BENEFITS  Elevated CMS benchmark from a rigid file-based approach to an
agile API-driven solution.

 400+ clients have been onboarded to API Banking with overall

throughput value of INR 415 billion as of January 2018.

 E-commerce and other B2C clients have been able to improve

their customer satisfaction index by using IMPS through instant

 Superior customer experience and improved productivity for the

bank as well as its clients.

RELEVANT PARTNERSHIPS IBM (for middleware), OFSS (for core banking system and APIs),
Quantiguous Solutions Pvt. Ltd. (web service developer partner)

Source: Celent

Celent Perspective
YES BANK is the first bank in India to publish APIs as part of its corporate banking
product suite. API Banking allows the client to do banking-related activities directly from
its own ERP system, and carry out auto-reconciliation for each transaction. In doing so,
the Bank has significantly improved the efficiency of clients’ businesses, leading to
enhanced customer experience, yet at the same time reducing its own cost to serve and
winning new business mandates.

Furthermore, YES BANK is working with ERP solution providers to embed its APIs within
their ERP systems, which would make YES BANK’s services “plug and play” for any user
of that ERP system.

In business for 13 years, YES BANK is the fourth largest private sector bank in India, with
over 19,750 employees, and operates more than 1,050 branches and 1,700+ ATMs
nationwide. Headquartered in the Lower Parel Innovation District of Mumbai, the bank
now has a pan-India presence with a footprint across all 29 states and 7 Union Territories
in India. The bank is a member of the S&P BSE Sensex, Nifty 50, and Bank Nifty. The
S&P BSE SENSEX measures the performance of the 30 largest, most liquid, and
financially sound companies listed on the Bombay Stock Exchange. The Nifty 50 index is
a broad-based stock market index for the Indian equity market. The Bank Nifty comprises
12 state-owned and private sector banks.

YES BANK is committed to creating the future of banking through digitization. As an

Chapter: APIs for Customer Communication

example, the bank launched A.R.T. @ YES BANK, taking an Alliances, Relationships,
and Technology (A.R.T.) approach to digitized banking. It is partnering with more than
100 fintech firms to deliver innovative, unique, and innovative financial solutions to

Figure 28: A.R.T. @ YES BANK

Source: YES BANK

Every customer needs to make and receive payments — it's the very definition of
commerce. As a result, every bank offers receivable and payable solutions to assist the
customer’s working capital management. While the core payment products are
standardized, the process at the bank is highly fragmented owing to varied legacy
systems and processes. Therefore, banks that can integrate into the client’s own
processes make payments a transforming factor rather than a hygiene factor.

YES BANK has always prioritized investments in technology to build capabilities that
enable it to stay ahead of the curve. As a result, YES BANK’s technology stack has been
more agile and robust, being of state-of-the-art design and architecture. Indeed, YES
Chapter: APIs for Customer Communication
BANK believes one of its core differentiators is its IT capabilities. YES BANK recognized
that there was an opportunity that it was better placed to exploit than many, if not most, of
its peers in India. Even so, the move to adopt APIs and support this burgeoning
ecosystem faced a number of challenges.

The approach YES BANK has taken has some key features worth noting. It eliminates file
transfers by moving away from uploading transaction files through “Internet Banking” or
sending a hard copy to a bank branch in order to process a payment. File transfers were
originally designed for batch uploads, but National Electronic Payments System (NEFT)
and Immediate Payment Services (IMPS) used in API Banking allow each payment to be
processed as a single message. This allows the corporate to control exactly when they
can make the payment, because it will be triggered from within their own ERP system. At
the same time, the messages flow back directly into the ERP system as well, allowing
daily account statements and automatic reconciliation of payment transactions. This has
significant time and effort savings for the corporate. For 2017, transfer modes also
include real-time gross settlement (RTGS) and Aadhaar-enabled payments, with United
Payments Interface (UPI) in the pipeline. Aadhaar is a 12-digit unique identification
number issued by the Indian government to every resident of India. The Aadhaar Number
Enabled Payment System (AEPS) leverages Aadhaar online authentication to connect
Indian residents with their bank accounts. The UPI is a real-time payment system
developed by the National Payments Corporation of India (NPCI) facilitating inter-bank

The corporate ERP system makes an API call via a secure channel, and based on the
transaction type, (NEFT, IMPS, or RTGS), the transaction is processed and status is
returned as part of the synchronous API call. If a corporate wishes to check the pending
status of previously initiated transaction, this feature is also available as part of the web
service. Based on the status of the transaction, corporate can decide whether to notify its
end customer or to retry transaction. Even simpler services like Balance Enquiry and
Account Statement can be accessed with a click in customer’s own ERP.

Much of the initial work undertaken by YES BANK was to put the necessary technical
architecture in place. While APIs are widespread in other industries, they are relatively
new to banking, with limited expertise in India. YES BANK was the first bank in India to
successfully go live with IBM’s API Management Stack. The adoption of the API
Management Stack required certain changes to the security capabilities of the application
function, and so there was dependence on IBM product development teams to modify the
product in order to comply with the existing banking regulations. This project, therefore,
required close collaboration with IBM, as well as with clients, with a degree of evolution,
based on regular feedback, as to how best develop the APIs. YES BANK developed
custom APIs based on their use cases and regulatory compliance requirements.

The on-premise technology stack from IBM consists of three core elements:

 IBM Integration Bus: This acts as a central enterprise service bus, providing the
business logic and the integration with banks’ back end systems. The underlying
transport protocols implemented are consistent with industry standards, such as
 IBM Data Power: This acts as the security and transaction gateway for services
rendered by the IBM Integration Bus. It provides robust levels of security to
transactions across web and mobile. As a result, it has the ability to enhance the
security by being able to detect and mitigate such things as denial of service attacks.
 IBM API Management: This is the central API Management and Developer portal, a
solution to administer the API offerings in the enterprise. It provides self-service
capabilities for seamless onboarding of API consumers, allowing them to create,
assemble, and version an API, as well as analyze and monitor API usage.
Chapter: APIs for Customer Communication
YES BANK’s consent approach works on an invitation-only model, where the bank invites
clients to subscribe to the appropriate APIs. Connectivity between the client and the bank
is secured through SSL or VPN along with IP whitelisting. IP whitelisting ensures that
access is only provided to trusted IP addresses. The bank establishes organization-level
security using the client ID and secret credentials set by the customer at the time of API
subscription. LDAP credentials authenticate account-level access.

Although the underlying APIs are the same, clients use and benefit from the bank’s API
services in many ways. One example is the ability for a leading Indian e-commerce
company to process instant refunds to customers around-the-clock using the IMPS
facility. The previous process for refunds had multiple steps, starting with the collection of
goods from the customer, verification of the goods at the warehouse (e.g., whether it was
the correct item, undamaged, etc.), and subsequent confirmation to the finance
department that a refund was payable. The finance department would aggregate these

payments for file transfer of bulk payment of refunds into the customers’ bank accounts.
The process took, on average, between one and three days, and was very dependent on
the banks’ cut-off times for payment processing. Furthermore, often the client would only
know their return had been accepted when they had received the refund itself.

YES BANK worked with the company to understand their existing process and how API
Banking might help the company improve its operations. Much of the discussion was how
APIs could be used within the company’s workflow and business process. Given all the
process changes that were required, the total project time of four weeks is remarkable.

Now goods are verified at the point of collection, i.e., the customers’ doorsteps. For those
returns cleared after verification, instant payments are triggered using IMPS. In most
cases, customers receive their refunds while the collector is still on their doorstep (Figure

Figure 29: Instant Refund Disbursement

Source: YES BANK

This has led to greater operational efficiencies for the e-commerce company, rationalized
many stages of the previous process, and enabled more accurate and timely
reconciliation. For the end customer, it has led to delight by providing comfort and clarity
on returns and refunds.

Introduction of API Banking has led to the acquisition of many “new to bank” clients and
the deepening of relationships with existing clients. In the first 12 months after the launch,
62 clients were onboarded on API Banking, with overall throughput value over INR 50
billion. Since the original Model Bank case study was published (April 2017) the total
number of clients grew to 425 from 120, a 250% increase. Another 200+ customers are

Chapter: APIs for Customer Communication

in the implementation stage. The bank is averaging 5.4 million transactions a month, an
increase of 500% from the previous 900,000 transactions per month.

API Banking has enabled clients to improve operational efficiency through auto-
reconciliation of transactions which enables them to speed up many processes. API use
cases cross industries and include instant loan disbursement, mutual fund redemption,
and wallet withdrawals, sub-member bank payments under the Indian Centralised
Payment System (CPS scheme), fleet management for logistics, and daily commission
payouts to cab driver aggregator services.

YES BANK bases transaction pricing on the client’s cash management relationship with
the bank or a standard pricing structure offered for other cash management solutions.
The bank offers onboarding support for an additional fee as well as customized support
for developing and consuming its APIs.

Future Plans
The next level of API Banking services includes two activities of particular note.

The first is the process of getting its APIs embedded into key ERP systems as a standard
product offering, allowing “plug and play” with YES BANK, and allowing users of the ERP
system instantly to use YES BANK APIs. With many local and niche players, this is an
ongoing activity. API integration with ERP systems also provides a “bank in the box”
solution wherein customers are provided banking services when they onboard to niche
ERP solutions that offer accounting and payroll management.

The bank launched the other activity in 2017, focusing on businesses that don’t have
ERP systems. YES BANK has a strategic focus on enabling startups to evolve into
established businesses of the future. It begins with the premise that every startup needs
a bank account, will need to do accounting, payroll, comply with all state and central
government laws, etc. Partnerships with fintech partners like Numberz (accounts
receivable automation), uKnowva (business management), and Finly (spend and
expense management) provide a platform for the bank to pitch its API banking product
site to startups.

More recently, YES Bank was able to digitize supply chain finance by launching dealer
finance APIs, using its payments API to integrate into the larger ecosystem for trade

What stood out in YES BANK’s winning Model Bank entry was that API Banking enabled
the bank to embed themselves in the corporates’ processes, rather than being a stand-
alone and remote entry. YES BANK’s approach to using APIs meant that corporates
could use and control the payments from within the broader legacy process. After all,
payments are always a result of some business activity. For YES BANK, the use of APIs
meant that they could offer more flexible services, yet at the same time not have to
customize the underlying technology to deliver a more tailored service.


Historically, personal financial management (PFM) and small business accounting
applications relied on a method known as “screen-scraping” to extract financial data from
banks, brokerages, credit card companies, and mortgage providers. With screen-
scraping, the application stores the user’s login credentials and uses them to log into the
financial provider’s online portal, impersonating the user. Applications like Quicken,
Mint.com, and Yodlee rely on screen-scraping for ubiquitous access to financial data.

Envestnet Yodlee was a pioneer in data gathering and now aggregates more than 15,000

Chapter: APIs for Customer Communication

data sources. In response to concerns over storing user security credentials and a lack of
bounded permissions, Yodlee and others are shifting to data exchange using APIs and
tokenized access with OAuth2 authentication. Banks are opening partner APIs to
providers like Xero, Zoho, Finicity, and Intuit (QuickBooks, Mint.com, and TurboTax).

Cloud-based accounting software provider Xero is a leader in using APIs for data
exchange. Its first direct bank feed was from ASB Bank in 2007, and it now has over 100
direct bank feed connections globally. Xero is moving beyond information reporting with
payment initiation. In early 2018 the company announced a partnership with Singapore’s
DBS Bank which allows SMEs to initiate APIs on Xero and approved through the bank’s
corporate internet banking platform, DBS Ideal. DBS previously launched API-driven
bank feed integration with Xero. Also in early 2018, Xero announced a partnership with
Stripe to enable Xero users to accept ACH bank transfers. Stripe integration enables a
Xero user to add a “Pay Now” button on the invoices they send to their customers.

Another cloud-based accounting software provider, Zoho, has partnered with ICICI Bank,
automating data integration using APIs. Zoho users can execute banking transactions
within the accounting platform, eliminating the need to log in to ICICI Bank’s online
banking interface. According to ICICI Bank, the partnership helps businesses eliminate
data entry, automate reconciliation, provide multiple payment options to their customers,
request working capital loans, and pay suppliers directly from their accounting platform.

Chapter: APIs for Customer Communication


It is clear that internal staff, neobanks, fintech partners, and end customers all gain value
when banks adopt APIs for one or more of the four approaches discussed in this report.
For many banks, it is less clear how to begin their API journey.

Key How should banks begin their API journey?


3 Banks can follow a series of guideposts along

their journey to unlocking business value with

Many banks are already demonstrating business value with APIs. For banks just starting
their API journey, Celent recommends a series of guideposts (Figure 30):

Figure 30: The Journey to Unlocking Business Value with APIs

Chapter: The Path Forward

Source: Celent analysis

1. Establish API Innovation Team: For banks at the beginning of their API
journey, we recommend they start with a cross-functional API Innovation Team to
understand different API approaches along with API creation, security,
management, and maintenance.

2. Prototype Internal APIs: Once the bank has a solid understanding of the
potential for APIs, it is time to identify a handful of use cases for rapid
prototyping. Often, banks start with private, internal APIs, using them to eliminate
point-to-point integration and to standardize access to banking services.
3. Create API Developer Portal: The next step is to experiment with creating and
publishing externally facing, open APIs for a limited set of banking features. A
good starting point is the limited set of APIs specified by the UK OBIE.

4. Publish API Developer Portal: Once banks fully test APIs, they can move their
developer portal into production with a limited set of APIs. Banks can restrict
access to a handful of partners, or publish an even more limited set of APIs for
public access.

5. Expand Open APIs: Follow the path of leading-edge banks that are proactively
going above and beyond regulatory minimums, opening a broad array of APIs to
attract fintech partners and to create a new client connectivity channel as well as
integrating with accounting software, treasury management systems, and ERP

Find Partners Along the Way: Seek technology partners who can help you to
jumpstart your API journey.

Forward-looking banks are going well beyond open banking regulatory minimums,
recognizing that APIs can unlock significant business value, whether transforming legacy
integration, extending banking as a platform, driving innovative new services, or
accelerating connectivity to customers and clients.

Chapter: The Path Forward

Was this report useful to you? Please send any comments, questions, or suggestions for
upcoming research topics to info@celent.com.


Table 9: Open API Developer Portals (Not Exhaustive)



BANK OF AMERICA Bank of America Gateway United States

CAPITAL ONE Capital One DevExchange United States

CITIBANK Citi Developer Hub United States

PNC BANK PNC Developer Portal United States

SILICON VALLEY BANK Silicon Valley Bank API United States

WELLS FARGO Wells Fargo Developer Gateway Beta United States


BANCO DO BRASIL BB for Developers Brazil

BANCO ORIGINAL Banco Original Devs Brazil

BANREGIO BanRegio Developers Mexico

NEQUI BY BANCOLOMBIA Nequi Connect Columbia


ABN AMRO ABN Amro Developer Portal Netherlands

ADAM BANK Open Data API United Kingdom

ALLIED BANK Open Data API Ireland


BARCLAYS Barclays API Store United Kingdom



BNP PARIBAS BNP Paribas OBP API Sandbox France

BUNQ Bunq Developers Netherlands

COUTTS Open Data API United Kingdom

Chapter: Appendix


DANSKE BANK Open Banking API Denmark

DEUTSCHE BANK Deutsche Bank Developer Portal Germany

ESME Open Data API United Kingdom

FIDOR BANK/ GROUPE BPCE Fidor API Documentation Germany

FIRST TRUST Open Data API United Kingdom

GRUPPO BANCA SELLA platfr.io Italy

HALIFAX Open Data API United Kingdom

HELLENIC BANK Hellenic Bank Open APIs Greece

HSBC (FIRST DIRECT, M&S HSBC Developer Portal United Kingdom


LLOYDS BANK Lloyds Bank Developer United Kingdom

MONZO Monzo API Reference United Kingdom



NATWEST Open Data API United Kingdom

NORDEA Nordea Open Bank Norway


RABOBANK Rabobank API Playground Netherlands

ROYAL BANK OF SCOTLAND #BankOfApis Developer Portal United Kingdom


SANTANDER UK Open Data API United Kingdom

SAXO BANK Saxo Bank Developer Portal Denmark

SOCIETE GENERALE SocGen Sandbox France

STANDARD CHARTERED Straight2Bank API Banking United Kingdom

STARLING BANK Starling Bank Developer United Kingdom

SWEDBANK Swedbank Open Banking Sandbox Sweden

ULSTER BANK Open Data API Ireland


ABSA API Platform South Africa

EMIRATES NBD NBD Group Sandbox United Arab



ASB (COMMONWEALTH BANK) ASB API Developer Portal New Zealand

Chapter: Appendix

DBS DBS Developers Singapore

MACQUARIE BANK Macquarie devXchange Australia

MAYBANK Maybank FinTech Sandbox Malaysia



MIZUHO BANK Mizuho API Banking Japan

NATIONAL AUSTRALIA BANK NAB Developer Portal Australia



YES BANK YES BANK Developer Portal India

Source: Celent analysis, last updated March 2018

Chapter: Appendix


If you found this report valuable, you might consider engaging with Celent for custom
analysis and research. Our collective experience and the knowledge we gained while
working on this report can help you streamline the creation, refinement, or execution of
your strategies.


Typical projects we support related to innovative technologies include:

Vendor short listing and selection. We perform discovery specific to you and your
business to better understand your unique needs. We then create and administer a
custom RFI to selected vendors to assist you in making rapid and accurate vendor

Business practice evaluations. We spend time evaluating your business processes,

particularly in adopting innovative technologies. Based on our knowledge of the market,
we identify potential process or technology constraints and provide clear insights that will
help you implement industry best practices.

IT and business strategy creation. We collect perspectives from your executive team,
your front line business and IT staff, and your customers. We then analyze your current
position, institutional capabilities, and technology against your goals. If necessary, we
help you reformulate your technology and business plans to address short-term and long-
term needs.


We provide services that help you refine your product and service offerings.
Examples include:

Product and service strategy evaluation. We help you assess your market position in
terms of functionality, technology, and services. Our strategy workshops will help you
target the right customers and map your offerings to their needs.

Market messaging and collateral review. Based on our extensive experience with your
potential clients, we assess your marketing and sales materials — including your website
and any collateral.
Chapter: Leveraging Celent’s Expertise


The New Architecture for Core Systems: What It Is and How Quickly Vendors Are
Adopting It
March 2018

Honey, I Shrunk the Services: Microservices and Insurance

December 2017

Microservices: Software Engineering Revolution above the Cloud (JP)

November 2017

Top Trends in Corporate Banking: From Disruption to Transformation

July 2017

Citi: CitiConnect API

April 2017

CBW Bank: Leveraging Modern APIs

April 2017

YES Bank: API Banking

April 2017

Banco Original: Open Banking Initiative

April 2017

Top Trends in Retail Payments: 2017 Edition

January 2017

Payment Services Directive II: Dramatic Changes on the Horizon

August 2016

Celent Model Bank 2016 Part IV: Case Studies in Corporate Payments and Infrastructure

Fidor: Celent Model Bank of the Year 2015

March 2015

Chapter: Related Celent Research

Chapter: Related Celent Research

Copyright Notice
Prepared by

Celent, a division of Oliver Wyman, Inc.

Copyright © 2018 Celent, a division of Oliver Wyman, Inc., which is a wholly owned
subsidiary of Marsh & McLennan Companies [NYSE: MMC]. All rights reserved. This
report may not be reproduced, copied or redistributed, in whole or in part, in any form or
by any means, without the written permission of Celent, a division of Oliver Wyman
(“Celent”) and Celent accepts no liability whatsoever for the actions of third parties in this
respect. Celent and any third party content providers whose content is included in this
report are the sole copyright owners of the content in this report. Any third party content
in this report has been included by Celent with the permission of the relevant content
owner. Any use of this report by any third party is strictly prohibited without a license
expressly granted by Celent. Any use of third party content included in this report is
strictly prohibited without the express permission of the relevant content owner This
report is not intended for general circulation, nor is it to be used, reproduced, copied,
quoted or distributed by third parties for any purpose other than those that may be set
forth herein without the prior written permission of Celent. Neither all nor any part of the
contents of this report, or any opinions expressed herein, shall be disseminated to the
public through advertising media, public relations, news media, sales media, mail, direct
transmittal, or any other public means of communications, without the prior written
consent of Celent. Any violation of Celent’s rights in this report will be enforced to the
fullest extent of the law, including the pursuit of monetary damages and injunctive relief in
the event of any breach of the foregoing restrictions.
This report is not a substitute for tailored professional advice on how a specific financial
institution should execute its strategy. This report is not investment advice and should not
be relied on for such advice or as a substitute for consultation with professional
accountants, tax, legal or financial advisers. Celent has made every effort to use reliable,
up-to-date and comprehensive information and analysis, but all information is provided
without warranty of any kind, express or implied. Information furnished by others, upon
which all or portions of this report are based, is believed to be reliable but has not been
verified, and no warranty is given as to the accuracy of such information. Public
information and industry and statistical data, are from sources we deem to be reliable;
however, we make no representation as to the accuracy or completeness of such
information and have accepted the information without further verification.
Celent disclaims any responsibility to update the information or conclusions in this report.
Celent accepts no liability for any loss arising from any action taken or refrained from as a
result of information contained in this report or any reports or sources of information
referred to herein, or for any consequential, special or similar damages even if advised of
the possibility of such damages.
There are no third party beneficiaries with respect to this report, and we accept no liability
to any third party. The opinions expressed herein are valid only for the purpose stated
herein and as of the date of this report.
No responsibility is taken for changes in market conditions or laws or regulations and no
obligation is assumed to revise this report to reflect changes, events or conditions, which
occur subsequent to the date hereof.
For more information please contact info@celent.com or:

Patricia Hines phines@celent.com


USA France Japan

200 Clarendon Street, 12th Floor 28, avenue Victor Hugo The Imperial Hotel Tower, 13th Floor
Boston, MA 02116 Paris Cedex 16 1-1-1 Uchisaiwai-cho
75783 Chiyoda-ku, Tokyo 100-0011
Tel.: +1.617.262.3120
Fax: +1.617.262.3121 Tel.: + Tel: +81.3.3500.3023
Fax: + Fax: +81.3.3500.3059

USA United Kingdom China

1166 Avenue of the Americas 55 Baker Street Beijing Kerry Centre

New York, NY 10036 London W1U 8EW South Tower, 15th Floor
1 Guanghua Road
Tel.: +1.212.541.8100 Tel.: +44.20.7333.8333 Chaoyang, Beijing 100022
Fax: +1.212.541.8957 Fax: +44.20.7333.8334
Tel: +86.10.8520.0350
Fax: +86.10.8520.0349

USA Italy Singapore

Four Embarcadero Center, Suite 1100 Galleria San Babila 4B 8 Marina View #09-07
San Francisco, CA 94111 Milan 20122 Asia Square Tower 1
Singapore 018960
Tel.: +1.415.743.7900 Tel.: +39.02.305.771
Fax: +1.415.743.7950 Fax: +39.02.303.040.44 Tel.: +65.9168.3998
Fax: +65.6327.5406

Brazil Spain South Korea

Av. Doutor Chucri Zaidan, 920 – Paseo de la Castellana 216 Youngpoong Building, 22nd Floor
4º andar Pl. 13 33 Seorin-dong, Jongno-gu
Market Place Tower I Madrid 28046 Seoul 110-752
São Paulo SP 04578-903
Tel.: +34.91.531.79.00 Tel.: +82.10.3019.1417
Tel.: +55.11.5501.1100 Fax: +34.91.531.79.09 Fax: +82.2.399.5534
Fax: +55.11.5501.1110
Tessinerplatz 5
1981 McGill College Avenue Zurich 8027
Montréal, Québec H3A 3T5
Tel.: +41.44.5533.333
Tel.: +1.514.499.0461