Topics covered in this month’s Interface are: UK government prepares PSD2 legislation despite Brexit, API management solutions for PSD2 compliance & beyond, milestone in US financial data aggregation market, hidden champions supplying vehicle data to insurers and finance providers, and what’s unique about ClearBank?

Simply click or tap on each toggle button [+] below to reveal further content

Member states of the European Union are required to have national level legislation that implements the EU’s 2nd Payment Services Directive in place by 13th Jan 2018. With around 6 months left to go, the UKs Treasury via the Financial Conduct Authority (FCA) and Payment Systems Regulator (PSR) is in the process of drafting up the UK legislation that will transpose PSD2 into UK law. The proposed approach is to transpose PSD2 into UK legislation in the Payment Services Regulations 2017 (PSRs 2017) which will update and replace the Payment Services Regulations of 2009. The draft approach is available here.

The government will also take the opportunity to make other updates. For example the FCA propose changes to its handbook – including rules, guidance and directions that apply to payment service providers, e-money issuers, and to other providers of retail banking services.

A public consultation process is underway during which industry stakeholders can provide input on approach and measures to be taken to applying PSD2. Deadline for comments using this response form is 8 June. All supporting documentation including the draft PSRs 2017 and consultation paper can be found here.

APIs are becoming mission critical for banks. They already support their digital platforms and will soon also support data exchange interfaces with 3rd parties as required by regulations such as PSD2 across the EU and the Open Banking Order in the UK.

Digital transformation in financial services is causing collaboration to be built into the value chain and leading to the emergence of ecosystem-based business models that have proved so successful in other sectors. FIs will probably deliver their best customer propositions on collaboration with a set of ecosystem partners. The net result is that API management will become a mission critical activity.

Banks need to develop a strategy for running an effective API program. In most cases this will require them to define an API solution that can:

  • Act as an interface to legacy applications, infrastructure and back end technology stack
  • Enable self service for partners and developers to easily find, register and use a banks APIs
  • Provide API security that detects, prevents and reacts to threats in near real time
  • Implement usage and governance policies across all APIs
  • Monitor API usage and generate analytics
  • Support integrated API development, testing, production and operations

The API management solution vendor landscape has developed rapidly since 2013. Analysis from Forrester, Gartner and others share a common evaluation. Leading vendors include IBM, CA, Akana and Axway, Mulesoft and ApiGee. Most have offerings for financial services as well as specific Open Banking and PSD2 compliant solutions.

Mulesoft is an interesting company. It launched its API management solution in 2013. The Anypoint platform provides a cloud based platform for API design, build, and management. Also in 2013, Mulesoft acquired ProgrammableWeb, the webs largest API directory and community. Based in San Francisco, it listed on Nasdaq in March 2017.

ApiGee likewise based in San Francisco is a pioneer in evangelizing and supporting API-led digital transformation. An early mover into the space, it was acquired by Google in Nov 2016.

Pure play API management platforms do face competition from vendors offering a broader middleware stack that go beyond API management and enable digital transformation of specific use cases.

API adoption in the financial services sector is of course only a sub set of the API economy. Enterprises in many different industry verticals have shown how APIs can help increase operational efficiencies and create new revenue streams. However, without an API management solution, banks that provide APIs will struggle to scale up their APIs whilst maintaining control over their usage.

In the US, data aggregation provider Finicity has signed a data exchange agreement with Wells Fargo. This is a milestone. It provides Finicity with an API-based method for accessing Wells Fargo customer information and sharing the data with the 3rd party apps and financial services that the Finicity platform in turn support via its own APIs. Providing end to end access via APIs provides for more secure authentication process and provides customers with greater control over which 3rd parties they authorize to access their account data. Moreover, the direct API access route method eliminates the need for users to share their credentials with third-parties. Instead they authenticate directly with Wells Fargo which then provides the 3rd party with access tokens.

Wells Fargo already has data exchange APIs set up. Last year it launched an API Gateway for commercial and corporate banking customers to integrate Wells Fargo products, services and information into their own digital environments. Finicity will gain access to these APIs.

This agreement is a milestone because up till now in the US financial app providers such as Mint have simply used screen scraping technology to aggregate customer data. Banks initially attacked these new entrants and attempted to block access via screen scraping. Nevertheless, consumers wanted these personal finance type services and the market continued to develop rapidly regardless. A new intermediary layer emerged featuring financial data aggregators such as Yodlee, Plaid and Finicity that focused on collecting bank data via various methods and offering FinTechs access via their own APIs. Whilst some banks continued to react negatively to the threat of disintermediation, other realised that they could attract new customers by supporting data exchange with third parties. The market is now maturing with bank attitudes becoming more accommodating and collaborative. Rather than resisting the fintech threat, banks are more likely to partner with data aggregators and the fintech community. The Finicity / Wells Fargo deal is the first such new data sharing agreement to feature APIs.

Yet this is a bilateral commercial agreement. There are no plans for PSD2 equivalent regulations requiring US banks to expose Open APIs to third parties. The US Consumer Financial Protection Bureau created by Frank-Dodd (Wall Street Reform) Act rules on access to bank data but no regulation is currently within view. President Trump’s plans to review the Frank-Dodd Act is probably unlikely to change the situation.

Instead various industry bodies are putting forward competing API standards. The front runner is OFX 2.2 which is an updated version of a somewhat outdated data exchange format. It has been created “to provide a tokenized authentication solution and create a more efficient transfer of data between the aggregation service providers and Financial Institutions.”

The provision of vehicle data to third parties via APIs is a rapidly growing and important niche market. Insurance and vehicle finance providers purchase data including independent vehicle valuation, vehicle history and mileage checks, vehicle specification and vehicle running costs.

In the US, Pricedigest has been providing data on vehicles and other assets since 1911. Sold for decades as a physical book known as the ‘Auto Red Book’, the digital version of the data was initially available as a flat file database and imported into internal systems and then via an online database. Now they are being digitally delivered via APIs that integrate directly with software applications, such as Insurity , commonly used by insurers, and loan and lease origination software like Ivory and Odessa used by finance companies. The most recent APIs provide further analytics and insights such as utilization, popularity and market price trending. From an insurers point of view, the data is used for underwriting purposes, as well as claims processing to create accurate values using detailed adjustments for asset options and mileage and utilization. For finance providers, the data is used for more precise asset valuation and to enable faster and more automated portfolio audits.

Outside of the US, Solera Holdings, another US based provider, has grown rapidly through a series of acquisitions to become a classic hidden champion. Taken back into private ownership in 2016 by a private equity consortia led by Goldman Sachs, it owns a series of market leading niche yet global companies. All are in one way or another focused on the collection, aggregation, normalization and supply of vehicle data.

For example, Solera owns Audatex a leading provider of vehicle technical repair estimates which leverages a database of approved repairers. It operates in 78 countries worldwide and processes millions of motor claims per year.

In the UK, it owns Cap-hpi, a similar company to pricedigest, providing comprehensive vehicle data via APIs to insurers and vehicle finance providers.

Solera is also in China and recently announced that it has managed to collect data on, “95 percent of all cars on Chinese roads. Solera’s comprehensive profile of more than 166 million vehicles in China marks an unprecedented milestone in the aggregation and normalization of automotive data for the largest car market in the world.” Wow!

ClearBank recently announced that it had gained regulatory approval to become a UK clearing bank. Set up by Nick Ogden, who previously founded Worldpay, the company is now running a test programme before going live in Autumn 2017.

ClearBank has been especially set up to provide agency banking services including access to all UK major payment schemes such as Faster Payments, to newly formed banks, fintechs, building societies, credit unions and other FIs.

This is a big deal. In the UK, only clearing banks have direct access to the payment schemes (Faster Payments, BACS and Chaps) and banking infrastructure necessary to provide a retail current account service.

The problem is that the number of clearing banks is currently very limited. After decades of banking consolidation in the UK, whilst 13 clearing banks with direct access to the payment systems remain, today only four (Barclays, HSBC, Lloyds and RBS) offer agency banking services to other banks.

Hence, any non clearing bank (including new bank entrants, fintechs and other FIs) seeking to provide a current account service, must connect to payment systems via one of these four banks. This not only means holding liquidity and reserve accounts with them, it also means difficult technical integration with their legacy IT systems – most of which are still based on technology developed in the ‘70s and ‘80s.

By contrast Clearbank has the advantage of being purpose-built from scratch. For example, its entire technology stack is built on Microsoft’s Azure cloud platform and it has a suite of APIs developed in accordance with Swift’s ISO 20022 standards.

ClearBank is also uniquely positioned in that it is now the only one of the clearing banks not conflicted by other internal business units offering retail banking services. Hence, ClearBank can “offer a truly neutral and independent banking service to the financial services market”.

You can read all previous posts at the EDC Interface page. Do get in touch to discuss any of the topics we raise.