Connecting UK Open Banking

Are you a current or prospective third party provider (TPP) considering powering up your products with the latest Open Banking APIs but not sure where to begin?

This post discusses Yapily’s experiences over last two years integrating banks and building out our Open Banking API aggregation service. Trail blazing connections with new banks, supporting smaller institutions and TPPs as they begin adopt, and the frustrations of trying to integrate vapourware!

Firstly, consider how broad a regulation the PSD2 directive is.

Every retail bank in Europe is now mandated to deliver a sophisticated layer of connective API technology, to securely access a significant range of their core services, all to exacting technical standards.

This new connective technology must be highly secure, but open and constantly available. Open, means to any external provider deemed fit by a range of national competent authorities (which includes a complex technical protocol to prove this) and most importantly exposes clear consent to the bank’s customers to initiate.

APIs and screen scraping have been around for almost 10 years, but Open Banking APIs are new. They offer software developers a far more secure, accurate and detailed source of banking content that previously available under screen scraping techniques. It’s therefore no surprise that demand for this new approach is rocketing, so how is the supply faring?

High Street Banks

For the larger high street banks already offering commercial APIs and connectivity services, extending their infrastructure to support new open APIs has been relatively fast. The banks have leveraged their established technology and support teams expertise to deliver good quality and access. Yapily has enjoyed rapid integration success with these sandbox and production environments alike.

Online bank ‘developer’ sites are clearly laid out, documentation readily available, detailed, and with test accounts and registration processes well provisioned.

Yapily should also call out another key aspect of our integration success to date, the Bank’s helpful and dedicated support staff. Knowledgeable, friendly and with the capacity that larger teams can afford, they immediately respond to queries and frequently willing to jump on last minute calls if needed.

Building these strong working relationships has been an inspiring part of the Open Banking journey, but also invaluable in the longer term, when the inevitable ‘bumps’ in service delivery need to be raised and urgently resolved.

As a provider of an aggregated API, Yapily’s work doesn’t end at proving connectivity. We still uncover numerous areas that require normalisation before being passed onto our customers, some examples include:

• Standardisation. Content passed over JSON data types falls short of ISO standards (dates, times, amounts, currencies, transaction types, etc.)
• Consolidating End Points. Reducing the number of API calls needed to present basic content such as accounts and balances.
• Harmonising registration & Consent workflows. Various PSD2 conformant approaches to manage identification and authorisation are then mapped into a simple API toolkit.

Tier 2 & Challengers

For thousands or smaller institutions supporting API technology is new domain, a few having only recently launched online banking services! While some EU countries have adopted regional aggregators (Italy, Spain, Portugal), many are choosing to deliver this API connectivity themselves, and this new territory requires a more consultancy approach by Yapily to ensure conformance.

Focusing on the UK, we’re fortunate to have the Open Banking Implementation Entity (OBIE), the overseeing and corralling all institutions. Sharing domain intelligence, offering detailed guidance on best practices, and generally ensuring we make good practical, interpretation of the EBA RTS guidelines. Despite this, Yapily has encountered many smaller banks who’s API delivery is often sub-optimal, occasionally non-PSD2 conformant and on a few occasions non existent!

There are no shortcuts, Yapily will not advertise that a bank integration exists on our service until we have tested all end points (in sandbox and production) and are satisfied it is fully PSD2 compliant. Only then is an institution released on our dashboard and included in our Open Banking Monitoring.

To achieve this may take many hours of calls, testing and design feedback. The effort required by smaller banks is significant and can take longer to deliver, but like their larger peers, we’ve found development and support teams (If a little difficult to track down initially!) highly motivated and keen to work with Yapily. Again, valuable relationship building for the future.

In conclusion, there are no shortcuts, the number of deadline exemption being applied for clearly highlights this. But while some online discussion reports of huge challenges and roadblocks on integrating, and others claim to have integrated hundreds of PSD2 compliant integrations, the reality on actual supply is far more positive average of the two.

Hopefully this provides a useful insight for anyone looking to integrate Open Banking API content, and for those considering using an aggregated provider such as Yapily, the next question you might ask is, ‘Does the provider re-sell any of our data?’ (hint: Yapily certainly don’t.)