Moving a dinosaur — OpenAPI in Česká spořitelna

Some familiarization on the beginning: who we are? We’re the oldest and the biggest bank in the Czech Republic, nearly 200 years old. Together with other banks from the Erste group, we’re part of one of the largest financial provider in the Central and Eastern Europe. Today I’m gonna tell you a story about our Czech bank and our API platform and how we approach the PSD2. We do have around 5 million clients, over 6 hundred branches, I don’t know how many thousands of ATM’s and the reputation of a Dinosaur.

Yes, Czech public definitely perceives us like this! Slow, non-innovative and conservative institution. Which partly is definitely right. They think that the biggest innovation in last 10 years was that photocell over the door to our branch. We do have 10 thousand employees and thousands of processes in behind, so any change in this environment is quite hard to enforce. And mainly in IT. Any of you who have some experience from working in big bank IT will, I think, agree with me when it comes up to the definition of the roles of IT and the business in the bank. Yes, they still perceive us like those guys in old jeans and shirt from the grandad, being closed somewhere in the bank’s garage picking up the telephone, asking: “Have you try to turn it off and on again?”. But nowadays it is actually us who have a big influence on the bank strategy — API people, developers, and digital-punkers. The business part of the bank has started to realize that we’re the essential part of the whole bank strategy. Why? Because if you have a great API platform, you can then build an API Economy above it. And that interested them. And now when they all know we have to be compliant with PSD2, API people in the bank became more and more visible.

Let me tell you the story of a castle, which some of you will definitely know from the Sleeping Beauty fairytale. When we go back in the time a bit, just a few years, we can imagine our bank as exactly this castle in the developer’s view: “Hey, I would like to write some application for the bank, you do have a great data!” Or: “We would like to write some great application, we’re your IT, bank!” How could we get to the bank IT systems? Exactly the way you see on the picture bellow.

You can somehow try to jump into it, but it will not be funny. There is no API, so enjoy the exploration of the middleware, enterprise service bus, countless number of backends written in a language of old Egyptians. “Stick to the waterfall and do not disturb us.”

So there was no motivation at all in this sleeping kingdom to make some major innovations, to change the way you can reach the bank systems. And no fear from PSD2. There was the PSD1, but it was more like a nice smiling dragon, you would like to give a hug to. Although we do have a reputation of a dinosaur, employee’s mindsets are not much to innovate the institution, I believe there are always islands of positive deviations inside every sleeping kingdom, maybe except Czech government institutions. We do have them and they’re really powerful and mind-blowing.

The kingdom’s API core team was set about four years ago. The team was not motivated by PSD1 or maybe the vision that there must be some PSD2 in the future because PSD1 was quite toothless. The main point was You, the developers! And both of them. Internal developers in the bank as well as the 3rd party developers. Another point was to build the platform on which we could innovate and prototype new stuff. And last but not least, when you built an API platform in the kingdom and set up the agile approach, you save a bunch of money to your king or queen and that should make him or her happy. And even more you can run the whole API economy on it, and that is the thing which every king or queen should deal with now!

Meanwhile, we were building our custom API platform, the PSD2 appeared on the horizon. The majority of Czech banks perceive PSD2 as a threat for their kingdoms, the evil dragon they have to fight with. This is not our case. We think that together with PSD2 comes a great opportunity too. But there is definitely one important condition, to use this opportunity: you have to be the first on the market with the perfect solution!

Because 3rd party developers, fin techs and many more will come and say: “Hi bank, we’re here to use your API!” And maybe to cannibalize your business. At that moment you desperately want to say: “No problem, here it is. Take it and enjoy.” On the background of this proposition, there must be two conditions fulfilled. You should have a long-term based, high-quality relationship with the outside community and your product, internet banking, mobile app, must be state of the art. Our kingdom, the one who is now waken-up as the first in the Czech Republic is here for 200 years, over two world wars, communist era and many more, so we really do have a potential and maybe a duty to build the best Open Banking platform in the Central Europe.

When you’re about to build some complex ecosystem, you need to laser-focus on one thing which is then present in every ecosystem’s part. Our team was from the very beginning clear about this. Our aim is the developer’s experience. We’re trying to build the gate to our castle as simple as possible. That the developer who wants to use our API has everything he needs at disposal. So at the time, when PSD2 adoption is just one year in front of us and other banks in the Czech Republic start to think that they have to build some API platform to open their data, we, in compare, do have for example SDKs for our API ready. But I will come to it later.

developers.csas.cz

In every castle, there is a gate. We do have one as well and we design it as simply as possible. What you see is what you get. 6 APIs with interactive documentation, API key in a short automatic registration up to the system test environment, and our API manifesto outline. The support forum is naturally based on the Github issues.

We also feel the needfulness of SDKs. Naturally your want your kingdom to prosper, so you must give to the people what they want and what they deserve. We analyzed the usage of our APIs and based on this research we defined which API will have the SDK. Due to the security processes, we do have them now in private repositories on Github, but we’re gonna release them public in a few weeks. Now we’re piloting them with chosen developers and internal teams.

Everything you have just seen (and that is definitely not all we’re doing and it is connected to PSD2 and the 3rd party community) we share directly with the community. Not just like we’re tweeting about it, but we go among the people and show our stuff, share our visions and plans for the future. We organize hackathons, we love it, watching developers using our API platform smoothly and developing such a great stuff! And what is maybe even better is the reaction of many of them when they realized we’re the sleeping castle bank, that dinosaur living here for 200 years and now standing in front of them and shouting: “Hey, do you want to see our homomorphic encryption API implementation?”

Reinventing the wheel is the way to the hell, so we’re sticking to the worldwide best practices, developing REST APIs with JSON payload, secured by OAuth2 protocol, writing quality interactive documentation in the Apiary Platform. We support developers with SDKs. I would say we’re technically ready to the PSD2 adoption. And this is our vision of our kingdom powered by API, not that heavy, slow dinosaur from the beginning, but the fast, reactive beast ready to compete in the future of the banking ecosystem.

This is the end of our story and I’m happy I could share it with you. When I should summarize it: don’t take the PSD2 just as a threat but as an opportunity too, love the developers, built the community and compete the kingdoms, because average doesn’t change the world. Thank you!