1、Open Banking Ecosystems and the Need for a New Connectivity ModelA report from Kapronasia in collaboration with EquinixSeptember 2021ContentsExecutive Summary 2Introduction:The Drivers of Digital Transformation 4The Evolution of Open Banking in Asia-Pacific 6Challenges to Open Banking 11What is Need

2、ed for Open Banking Today?12Conclusions 15Methodology The Open Banking Ecosystems report was based on both primary and secondary research.Primary research included discussions with relevant players across the ecosystem,including associations,Fintechs,and industry experts.Secondary research sources i

3、ncluded but were not limited to market intelligence reports and studies by industry experts and professional services networks,white papers,educational materials,media articles,and marketing collateral.2Open Banking EcosystemsExecutive Summary 1 Charles Green,“How Agile Helps Drive Digital Transform

4、ation Forward,”CMS Wire,https:/ COVID-19 pandemic will be looked back upon in years to come as a key milestone in the digital transformation of financial institutions(FIs).Having become almost a clich,it is nevertheless important to start with the important function that digital transformation is pl

5、aying in the role of open banking.A quick Google search on the definition of digital transformation will turn up millions of search results,but for the purpose of this report,we will define it as“creating a company with technology at its core one that uses the power of todays technologies to create

6、new forms of business and customer value.”1 Beyond just piecing together digital components,technical or otherwise,digital transformation requires a holistic approach to embracing digital that needs to permeate the institution.Historically,the financial services industry(FSI)was characterized by its

7、 staid,uncompetitive operating landscape.However,shortening technology cycles and pervasive disruption from new challengers has shaken up the sector,as have changes in customer expectations where consumers now expect services on demand.Digital transformation is the FSIs response to an increasingly c

8、omplex and volatile environment.Coupled with methodologies such as Agile and DevOps,it tackles the question of how to deliver innovative solutions to demonstrate business value at speed and scale to respond quickly to changes in customer needs and stay ahead of the competition.The exigency is especi

9、ally pressing in the era of digital-first,and often cloud-native,digital banks that are increasingly giving traditional organizations a run for their money.FIs are also responding to their shifting environment by increasingly embracing coopetition.While in the past incumbents would have developed al

10、l their products and services in-house,there has been a change in mindset at both incumbents and Fintechs.These now understand and appreciate the gains to be had through leveraging each others strengths.That has led to new banking models where incumbents either allow Fintechs to use their services(B

11、anking as a ServiceBaaS),or incumbents utilize Fintechs offerings to expand their own range of products and services(Banking as a PlatformBaaP).This collaboration is enabled by the use of Application Programming Interfaces(APIs).Where does open banking fit in to all of this?There are both narrow and

12、 broad definitions of what exactly open banking is.Technologically speaking,open banking is the use of APIs to enable third-party providers(TPPs)and Fintechs to build services around FIs.A narrow definition is that it is the provision of customer data held by an FI to a TPP or Fintech at the behest

13、of the customer.The TPP Technologically speaking,open banking is the use of APIs to enable third-party providers(TPPs)and Fintechs to build services around FIs.3Open Banking Ecosystemsthen uses that data to offer products and services to the customer.Taken further,open banking can also include the i

14、nitiation of a transaction from a customers account by a TPP or Fintech that has been authorized by the customer.Finally,a broader definition of open banking is that it is the opening up of product,service and consumer data by an FI to be used by a TPP or Fintech.The terms open banking,BaaS and BaaP

15、 often get used interchangeably,as there are overlaps.For example,the broader definition of open banking looks a bit like BaaS,while Nordea,a Nordic bank,has recently partnered with Tink,a Fintech,to give its customers a comprehensive view of all their finances,including mortgages,savings,loans and

16、current accountseven from other banks(BaaP).Closer to home,Singapores DBS has more than 300 published APIs and partnered with more than 90 businesses around API-driven cashless payments including AIG,McDonalds and a number of Fintech start-ups in Singapore.Because open banking is seen as engendering

17、 competition and innovation,which ultimately benefits the consumer,some jurisdictions such as the European Union(EU),UK,Australia and Hong Kong have legislated open banking as law,mandating FIs to open up their data to TPPs or Fintechs through the provision of guidelines and recommendations.In other

18、 jurisdictions such as Singapore and Japan,while open banking is not mandated,the regulator encourages it through the provision of guidelines and recommendations.Finally,in jurisdictions such as the United States,open banking has been purely market driven with no intervention on behalf of the regula

19、tor at this moment.While the benefits to the consumer provided by open banking are great,the multiple approaches taken by individual nations and organizations thus far constrain and even prevent the emergence of regional or even global product and service offerings by TPPs or Fintechs via the open b

20、anking model.This report looks specifically at the emergence of open banking in Asia-Pacific(AP),the different approaches taken by jurisdictions in the region,and how open banking in APAC is different compared to elsewhere.The report looks at the challenges constraining the greater take-up of open b

21、anking and argues that while a global prescriptive framework may not be the answer,a universal set of guidelines and recommendations that follows best practices adopted by various jurisdictions around the globe would go a long way to facilitating pan-regional or pan-global open banking for consumers

22、.4Open Banking Ecosystems Introduction:The Drivers of Digital Transformation Even before the COVID-19 pandemic,Asian FIs had their work cut out for them.An increasingly fickle retail and commercial customer base was demanding lower cost and higher value products and services.Fintechs were growing ra

23、pidly and started to encroach on FIs traditional businesses.Regulators,although pragmatic,were both increasing compliance requirements and opening up the market for new entrants,including Fintechs,super-apps and the regions potentially game-changing digital banks.And then came COVID-19the pandemic t

24、hat few predicted,but one with practical day-to-day business implications.FIs immediately needed to re-think their business models.In some ways,the pandemic was a boon for FIs.Suddenly,money that used to be spent on commuting,eating out and other day-to-day activities was being re-allocated to wealt

25、h management,insurance or savings products.With physical lockdowns in many countries,remittances went online,and large FIs like DBS consolidated their position in cross-border payments.E-commerce grew along with card transactions as more people moved online,further boosting FIs revenue streams.Altho

26、ugh the pandemic helped certain business lines,banks faced other challenges.Many did not have this sort of black swan event in their business continuity planning,so they struggled to shift to work from home.Branches were shuttered as sales moved online.Loans,especially to SMEs in travel and retail,h

27、ad to be backstopped by the government.But likely one of the starkest challenges was the“digital-readiness”of the regions financial institutions.Many of the regions self-proclaimed“digital-enabled”or even“digital-first”banks were shown to be anything but and had to rapidly change their business mode

28、ls and move to digital.Indeed,in the age of COVID-19,digital is no longer an option,but a requirement for banks and is being driven by a few different factors:Pressure to stay competitive:The competitive landscape in the financial sector has changed rapidly over the past decade as Fintechs compete w

29、ith traditional providers for customer share of wallet.By creating digital-first products and services,new Fintech entrants are giving incumbents a run for their money by offering better,cheaper,faster products and services directly to customers through digital channels.Need to meet complex complian

30、ce requirements:With an ever more complex regulatory environment,FIs are facing increased scrutinyespecially in meeting compliance of their customer-facing apps.The shift to digital has highlighted key challenges for banks as they deal with customer onboarding and servicing through pure-digital chan

31、nels.Heightened consumers CX expectations:Popular social media and entertainment platforms have reset customer expectations.Customers are now looking for that same mobile-first,hyper-personalized,on-demand experience from their bank.For many of the players,including the regions new digital banks,a d

32、igital-first technology infrastructure allows them to offer customized products and services,creating extremely specific“micro journeys”to engage customers on a new levelsomething that traditional players struggle to match.Margin pressure:Many of Asias Fintechs are digital-only offerings that,by esc

33、hewing a physical presence,are able to provide products and services at a much lower costadding to the margin pressure on banks that were already struggling to reduce their cost-to-income ratios.Increasingly,banks are looking for new ways to drive profitability in a way that allows them to scale up

34、and down with demand,both in terms of technology and physical footprints.By creating digital-first products and services,new Fintech entrants are giving incumbents a run for their money by offering better,cheaper,faster products and services directly to customers through digital channels.5Open Banki

35、ng EcosystemsTo address these challenges,the answer for many of the banks is increased agility:the ability to adapt quickly to market changes to serve customers cost-effectively and efficiently.While it sounds straightforward,achieving it is anything but.FIs,by their very nature,tend to be large org

36、anizations built on brick-and-mortar foundations.Twenty years ago,agility was not a priority as most organizations existed in a mostly uncompetitive market where 35 players typically controlled a majority of retail and commercial deposits and business.That size and footprint was initially an asset t

37、hat provided the appearance of stability,created trust and ensured a certain amount of longevity.Today,it is liability.Their competition is the fast-moving Fintechs who are often digital-first and incredibly agile.Although many banks have made a shift toward digital and agile practices,it is unreali

38、stic that banks will be able to change all of their legacy infrastructure,mindset and organization to be able to directly compete with new market entrants who are digital-first from the beginning.Thus,many are turning to partnering with Fintechs in a form of coopetition that is increasingly becoming

39、 the norm in financial markets across Asia.Many financial centers are turning toward open banking and the various banking models that it is enabling.Open banking,at its core,is a banking practice that provides third-party financial service providers open access to consumer banking,transaction and ot

40、her financial data from banks and non-bank financial institutions through the use of application programming interfaces(APIs).The development of the open banking ecosystem has enabled a couple of additional business models:Banking as a Service(BaaS)an on-demand service that enables third parties to

41、access and utilize financial services over the internet.BaaSs most typically form is when a bank offers up their systems to third-party service providers,including Fintechs,typically through APIs.E.g.,a Fintech using a banks payment infrastructure to enable cross-border payments.Banking as a Platfor

42、m(BaaP)a digital marketplace,owned and operated by an entity(bank or possibly non-bank),that provides banking and sometimes nonbanking services.BaaP is not strictly open banking,but rather is enabled by open banking.As an example,a bank(or Fintech)may provide a mortgage product,but also help custome

43、rs buy related insurance,remodeling services,etc.Different markets have had different approaches to developing open banking,which has led to differing standards,regulations and operation considerations around open banking.This is especially the case in Asia-Pacific,where there is no regional regulat

44、or to guide standardization as there would be in homogenous jurisdictions such as the U.S.or EU.There are several considerations that should be kept in mind in order to enable a more robust open banking framework,but first,it is worth benchmarking where APAC is today.6Open Banking EcosystemsThe Evol

45、ution of Open Banking in Asia-PacificThe Asia-Pacific region has become a center of Fintech development.Due to the regions massive population,challenges around financial inclusion,and less-developed financial markets,Fintech has grown rapidly in Asia as firms seek to bring new products to market to

46、serve an increasingly digital and fickle customer base.As one might expect from such a diverse region,the roadmap for open banking development has been uneven across Asia-Pacific(APAC).While some countries are laying the foundation more proactively,some are more reactive,be it with regard to regulat

47、ions around open banking or data protection laws.Despite the differences,Asia-Pacific has been a forerunner in adopting open banking and has developed a large number of financial API products.Broadly,the adoption of open banking in Asia-Pacific can be broken into three different approaches:mandated,

48、guided,and market-driven:Approaches to Adopting Open Banking in Asia-PacificApproach DescriptionProsConsExampleMandatedThe regulator mandates banks adopt open banking,i.e.,banks must share data with third-party providers(TPPs).Ensures that open banking moves forward.Potentially enables innovation.Ub

49、iquity and potentially uniformity of processes across FIs.Higher costs of compliance for banks regardless of if open banking services are being consumed.Standardization of APIs might add development costs to the banks and may not consider different user journeys,restricting FIs ability to design bas

50、ed on use cases required.Hong Kong AustraliaGuidedIn this model,the regulator sets standards and guidelines and nudges different banks to adopt open banking;however,implementation is not mandatory.Flexibility and freedom of pace of adoption.Lower costs of compliance for banks.Slower adoption,especia

51、lly by smaller FIs.Lack of standardization of APIs might make it difficult for TPPs integration across FIs.Singapore JapanMarket-driven This model is purely market-driven,with the regulator taking a hands-off approach.The regulator may or may not publish guidelines and set standards.It is left to th

52、e industry to adopt open banking initiatives.Increases competition among FIs,as they adopt open banking as they deem fit.Lack of direction for the industry.Lack of standards,leading to disparate levels of adoption within the jurisdiction itself.China7Open Banking EcosystemsSingaporeSingapore is a re

53、latively small market but with a well-developed and competitive financial industry.Singapores open banking journey began in 2016 with the publication of an API playbook to encourage development of API-enabled services.This was followed up by the launch of an API register and the API Exchange(APIX).S

54、ingapores open banking initiatives:2016:Published an API playbook to help and encourage organizations to adopt APIs and promote Finance as a Service(FaaS).2017:Commissioned the Financial industry API register,which tracks all open APIs available in Singapores financial industry.Open banking APIs inc

55、reased from 238 in 2017 to 1,686 in 2020.2018:Launched the API Exchange(APIX),an open-architecture platform to promote innovation and cross-collaboration in ASEAN.The objective is to help FIs and Fintech discover,design and deploy APIs for both domestic and cross-border use cases.2021:Launched SGFin

56、Dex,a financial data exchange that allows data portability for consumers to share and aggregate consent to sharing their data,thereby enabling open banking in the country.The Monetary Authority of Singapore(MAS)has taken a guided approach to open banking.While in some cases,a guided,rather than mand

57、ated,approach might result in slower adoption,banks in Singapore have been relatively quick to adopt open banking at every stage of the industrys development.All three of the local banks have developed their own API initiatives,although actual adoption is less clear.One of the most visible initiativ

58、es from Singapore has been SGFinDex,a centrally managed online consent system that is integrated through the national digital identity platform,SingPass,for customers to consent to usage of their personal finance data from participating banks.This integrates into third-party platforms and allows cus

59、tomers to view consolidated personal finance data on the financial planning application of their choice.Role of the regulator:The MAS has been very proactive in driving industry standards and frameworks to encourage adoption.Related legislation:In the guided approach,there is obviously no legislatio

60、n that is mandating the adoption of open banking.However,a critical piece of open banking legislation is Singapores Personal Data Protection Act(PDPA),that provides a legal provision for data portability with the customers consent.This regulation,while still in its formative stages,would facilitate

61、seamless open banking functions by giving consumers a simple way to aggregate and port data across different TPPs securely.2622377Europe and ScandinaviaUKAsia-PacificAPI Products and Platforms across Selected JurisdictionsNumber of financial API productsNumber of financial API platformsSi

62、ngapores open banking journey began in 2016 with the publication of an API playbook to encourage development of API-enabled services.8Open Banking EcosystemsAustraliaAustralia was the first country in APAC to legislate open banking,with the country passing the Consumer Data Rights(CDR)legislation in

63、 2019.CDR is initially applicable to only open banking;however,the regulator aims to extend it to other sectors such as telecommunication and energy in the future.Through this legislation,consumers now have greater control over their data and can choose different TPPs to access newer products and en

64、hance existing services.Australias open banking initiatives:In Australia,open banking initiatives are to be undertaken in phaseswith consumer data relating to credit/debit cards,deposit accounts and transactions available since July 2020(Phase 1),and data relating to mortgage and personal loans avai

65、lable since November 2020(Phase 2).The country expects open banking to be fully implemented by November 2022,when data relating to business finance,investment loans,asset finance,etc.will also be made available(Phase 3).Currently,only the customers of the big four banks in Australia(Westpac,ANZ,Nab

66、and Commonwealth Bank)can access CDR and open banking services,while the smaller banks were given until the end of the first half of 2021 to opt-in for open banking.It should be noted that only Australian Competition and Consumer Commission(ACCC)accredited players are able to receive consumer data t

67、hrough banks APIs for open banking.The ACCC has a set of standards and templates through which data is transferred,and these specifications are similar to the UKs open banking technical specifications.Related legislation:Though the CDR covers rights,competition,privacy and confidentiality clauses,Au

68、stralia lacks a federal-level data protection and privacy law.However,different state governments have enacted various state-level legislations such as the Information Privacy Act 2014(Australian Capital Territory)and the Privacy and Data Protection Act 2014(Victoria).Though this does not hinder ope

69、n banking(as CDR governs available banking operations),in the future,when data becomes portable across sectors and countries,common data privacy legislation might be imperative.9Open Banking EcosystemsOther APAC MarketsApart from Singapore and Australia,other APAC jurisdictions are also developing o

70、pen banking initiatives;however,most of them are either industry-led and/or are in the nascent stages of development.Indonesia:While Indonesia predominantly has a market-driven approach in adopting open banking,its regulator,Bank Indonesia(BI),has signaled that it will implement open API standardiza

71、tion to promote open banking initiatives.Hong Kong:Hong Kong Monetary Authority(HKMA)in 2017 announced its commitment to faster payment systems,API interfaces and a framework.In 2018,HKMA organized a stakeholder consultation to determine the roadmap for open banking and API interfaces in Hong Kong.A

72、s a result,in 2018,HKMA released 130 APIs and also mandated large banks to adopt open banking,while smaller banks can follow suit in the near future.Hong Kong plans to initiate open banking in four phases.Japan:Japan has enacted multiple open banking initiatives starting in 2015such as launching a c

73、onsultation with different stakeholders and introducing a legal framework for electronic payments(as outlined by PSD2).More recently,the Bank of Japan,the regulator,mandated 80 banks in Japan to open their APIs by 2020 and a registration system for TPPs was established by the regulator to help facil

74、itate open banking.South Korea:South Koreas advancement of open banking places particular focus on the security of the platforms handling such transactions,thereby ensuring they are also in line with General Data Protection Regulation(GDPR)concepts.Its Financial Services Commission(FSC)launched a re

75、gulatory sandbox in April 2019 following an announcement that it would be revising its Electronic Financial Transaction Act to create a secure open banking foundation.A pilot platform was opened several months later for 10 South Korean banks.It should be noted that South Korea has thus far taken a m

76、arket-driven approach toward open banking,but along with Hong Kong,Japan and Singapore is among the markets focusing on API development to push open banking forward.As a general observation,the more nascent open banking adopters/emerging markets in APAC(such as Thailand,Indonesia,and Vietnam)seem to

77、 have followed a more market-driven model,whereas the mature adopters/markets in APAC(such as Australia and Hong Kong)have adopted the mandated model.Open banking in Asia-Pacific vis-vis the EU and the UK Unlike Asia-Pacific,open banking in the EU and UK is characterized by a unified approach in ter

78、ms of standards and timelines,making it easier for the stake holders involved to navigate the system.In addition,countries in the EU,and the UK are considered as mature adopters of open banking.In the EU,the Payment Services Directive(PSD2)was enacted in 2018 and directed banks to provide APIs to sh

79、are their customers financial data with TPPs securely.In the UK,the Open Banking Implementation Entity(OBIE)was established to help design APIs,support regulated TPPs,manage the Open Banking Directory,which maps out services available and digitial certificates required,and even set standards for ope

80、rations and mechanisms for dispute resolution.Unlike Asia-Pacific,open banking in the EU and UK is characterized by a unified approach in terms of standards and timelines,making it easier for the stake holders involved to navigate the system.10Open Banking EcosystemsThere are three main differences

81、when it comes to open banking in APAC and the EU:Firstly,the EU has unified open banking legislation and standards that apply to all countries across the region(i.e.,all countries in the EU follow a mandated approach).In contrast,the jurisdictions in APAC have adopted different models due to a lack

82、of common standards across the region.Secondly,the EU has a unified data privacy regulationthe GDPR.Whereas in APAC,countries have enacted different data privacy laws at different times.For instance,Singapore enacted PDPA in 2014,whereas Thailand passed its law in 2019 and Malaysia in 2020.In additi

83、on,some countries such as Indonesia and Vietnam do not yet have a full-fledged data privacy law at all.Not only have these markets enacted data privacy laws at different times,but they also have varied compliance requirements.For instance,while the PDPA in Singapore allows the right of data portabil

84、ity,Thailands PDPA law does not.Similarly,Singapore mandates data localization,whereas Thailand and Malaysia do not.Thirdly,while all countries in the EU(and the UK)adopted open banking at the same time,countries in APAC have followed different roadmaps.For instance,the MAS in Singapore has staggere

85、d its initiatives,starting in 2014 with the PDPA.However,the MAS has not explicitly mentioned a legislated rollout across different phases.In contrast,Australia adopted a three-phased legislated approach,and Hong Kong adopted a four-phased legislated approach.Unlike the EU and the UK,the approach ta

86、ken by the US is different yet againthe US follows a market-driven approach with no open banking frameworks in place.This has led to most open banking efforts being driven by market participants.For example,Wells Fargos data exchange agreement with Intuit in 2017 expanded the horizon of services off

87、ered to its customers.While Plaid,a prominent US open banking player,delivers an API platform to connect third-party institutions with financial institutions.Summary of Open Banking Regimes in Singapore,Australia,EU,UK,and the USCountriesSingaporeAustraliaHong KongJapanEUUKUSRegulatory ApproachGuide

88、dMandatedMandatedGuidedMandatedMandatedMarket-drivenAvailability of API Standards by regulatorsYesYesYesNoYesYesNoData Privacy and Protection Laws(Federal-level)YesNoYesYesYesYesNo11Open Banking EcosystemsChallenges to Open BankingWhile open banking promises to shake up financial services through in

89、creasing competition,reducing costs and driving innovation,there are a number of hurdles that need to be overcome first.Not least are the disparate models,frameworks,regulations and standards that have been adopted across jurisdictions and organizations,complicating the access and sharing of data se

90、curely across borders.Examples of existing disparities include:A lack of standardized regulation:The only international regulation governing open banking to date is the European Unions PSD2 that covers all its member states.All other open banking initiatives exist at either the national or the indus

91、try level.The lack of standard regulations is especially challenging in a fragmented region like APAC,with regulators adopting their own regulations and guidelines based on their individual markets characteristics and policy objectives.The lack of uniform standards and regulations makes it difficult

92、 for TPPs and Fintechs to innovate and expand beyond the geographical limits of an individual jurisdiction due to the high compliance costs of having to operate across disparate regulatory environments.A lack of standard data privacy regulation:Disparate regulations also exist around data privacy,an

93、d in some jurisdictions,there are no regulations at all.Consumers may question whether their data will be kept safe and secure,especially as cybercrime is on the rise and open API endpoints become an attractive target for cybercriminals.According to a survey by Simon-Kucher,44%of bank customers woul

94、d like the convenience that open banking brings,yet 75%said they are unlikely or very unlikely to allow their banks to share information with third parties.A further constraint holding back open banking is the often-overlooked consideration of how liability is shared in the event of a data breach.Th

95、e disparate regulations or lack thereof around liability sharing adds to frictions around the emergence of an open banking ecosystem.A lack of common data sharing standards:APAC is renowned for its strict data sovereignty laws.Complying with strict data sovereignty regulations and the lack of common

96、 data sharing standards across countries or even guidelines within them makes compliance complex for TPPs and Fintechs.Such disparity hinders innovation and the offering of products and services across multiple jurisdictions.API infrastructure and interoperability:The lack of a common,interoperable,

97、open API standardnot only across jurisdictions,but also across and within organizations themselvesmakes it complicated and time-consuming for TPPs and Fintechs to have to integrate with multiple FIs across and within markets.This is especially the case in a fragmented region like APAC with multiple

98、jurisdictions.The question of whether a standard API is the answer will be discussed in the next section.A lack of harmonized fraud reporting requirements:The increase in digital financial transactions across borders have raised fraud and other cybersecurity threats.The absence of harmonized fraud r

99、eporting requirements and confusion around strong customer authentication(due to disparate standards)among different markets further hinders the adoption of open banking.12Open Banking EcosystemsWhat is Needed for Open Banking Today?Due to the myriad banking systems,different circumstances,and level

100、s of financial market maturity across jurisdictions,there will be no one-size-fits-all open banking framework that will be applicable to everyone.It will be important for jurisdictions to adopt their own approaches according to their market characteristics and policy objectives.There are,however,two

101、 main focus areas that are essential for a healthy,vibrant open banking ecosystem to succeed.Having a universally accepted set of guidelines and recommendations in these two areas would go a long way to bringing uniformity to open banking regimes across the globe.Such guidelines and recommendations

102、will need to be flexible enough to be adapted to the needs of the individual market but uniform enough to facilitate a TPPs implementation of a pan-regional or pan-global integration strategy.The two main focus areas where agreeing on a common set of guidelines and recommendations would help bring u

103、niformity to open banking are:data privacy,security and exchange,and open API infrastructure and interoperability.We will look at each one in turn.Data Privacy,Security and ExchangeFirstly,data privacy laws are an essential prerequisite for open banking.Regulations around data should also mandate th

104、e right to data portability.Such a mandate would compel banks to share consumers data where the consumer has given their consent.Whether the EU GDPR,seen as the gold standard for data protection and privacy,could be the basis of a global standard remains to be seen,but what is certain is that the pr

105、ivacy and security of consumer data will have to be ensured in an open banking ecosystem.There are common technical security controls that emerge across the various open banking regulations and guidelines.These controls center around authentication controls,authorization and consent management,trans

106、action security,security standards,and operational risks.Source:F5 LabsSecurity controls included in open banking guidelines and recommendations13Open Banking Ecosystems Authentication controls:All regulations and guidelines note the importance of authentication.The three distinct identification cas

107、es include:TPP and bank authentication;user authentication;and API authentication.Authorization and consent management:End users need to provide their explicit consent to authorize TPPs to access their data or make transactions on their behalf.Transaction security:The integrity of data needs to be m

108、aintained during transit between a TPP and an FI.Security standards:Some guidelines explicitly recommend standards for open banking,while others inherit them from overarching banking regulations.Operational risks:Some regulators have called out the need for FIs to have capabilities to mitigate again

109、st malicious actors introducing fraud into the ecosystem.Any universal guidelines and recommendations must include guidelines and recommendations on each of the common technical security controls outlined here to ensure that customer data remains safe and only accessible by authorized TPPs.More gene

110、rally,a universal set of guidelines also needs to include an exchange and technical communication framework to provide a suitable interoperability model for ease of data sharing between FIs and Fintechs.Such guidelines will also need to establish a clear liability framework in case of data breaches

111、or fraud.On a practical level,one of the challenges of open banking is that it does not have a centralized network.It is,by nature,a distributed any-connectivity model.The open banking experience is delivered by a complex value/supply chain of numerous companies,operating numerous servers,over multi

112、ple cloud environments and colocation facilities like Equinix.In order to tap into these ecosystems and successfully deliver on the promise of open banking,FIs must have the ability to connect“any-to-any”with APIs.That will have to be done securely,at low latency,over a multitude of different enviro

113、nments and locations,all while complying with the data sovereignty laws across different jurisdictions.Infrastructure will play a key role in enabling FIs to do this.We often hear of the need for flexibility,scalability and adaptability at the application and platform level,but these terms increasin

114、gly apply to the infrastructure level,which will support open banking APIs and gateways.As open banking scales,FIs do not want to have to expend extensive time on how they are going to deploy an API gateway in Hong Kong and Singapore,or how they are going to connect with a Fintech in this cloud or a

115、 partner in a different data center.Luckily,they will not have to.The industry is shifting away from FIs running infrastructure on servers in their own operated data centers toward“as a Service”models.FIs adopting Infrastructure as a Service(IaaS)will be able to leverage a data centers fabric to hel

116、p bridge that gap of connecting infrastructure that may sit within the data center to the cloud.Open API Infrastructure and InteroperabilityThe second critical area that a set of universal guidelines needs to address is the question of a single established API standard.There are pros and cons of est

117、ablishing such a standard.On the pro side,standardizing APIs would mean that FIs would all have similar APIs and processes,making it a lot easier for Fintechs to integrate with these.However,on the cons side,good APIs are complex to write,and their design will be very much dependent on the specific

118、customer journey that they are looking to serve.A standard API,by contrast,will have been modeled on a single customer journey leaving little room for deviations in design to build something tailored.The result is a suboptimal market offering and digital experience.Instead of having a prescriptive A

119、PI standard,it therefore might be better to have a governance body that guides and defines standardized practices for the data format and behaviors of an API.From a 14Open Banking Ecosystemsdevelopers point of view,they will then know how the API is going to behave.The governance body could also put

120、 forward an“intelligence scaffold.”This is a framework for API design which outlines what must be included,what should be included,and what would be nice to have included in the design of the API.It is then up to organizations or groups within organizations to decide how far to take“musts,”what are“

121、should”elements,and what are“nice to have”elements.A further alternative to a single settled API standard would be to have regional platforms or indeed a global platform that could provide full seamless interoperability between all accepted API formats:“A platform that acts as a conversion switch an

122、d that has the ability to harmonize and hide the differences between various APIs,making the whole interface simple and frictionless.”2 Such an interoperable open banking hub or hubs would mitigate against having to be wedded to a single API standard and the frictions caused by multiple API standard

123、s.Instead,developers could integrate with any one of a FIs published APIs,no matter which standard they chose,via other APIs in a transparent and interoperable manner.In this“interoperable”scenario,there is no need to be limited to standardizing to a single“aggregator”API.3 Here too,a data center pr

124、ovider such as Equinix can play a role by providing a neutral environment to 2 Abhi Desai,“The promise and possibilities of Open Banking,”Finextra,https:/ ibidhost the APIs or provide access to the APIs if they are in the cloud.Transactional functions require low latencies,so having infrastructure a

125、djacent to the cloud is important.Connectivity is also an important aspect for providing consistent performance and security.When one looks at the complexity of a process accessing APIs,there may be numerous points of authentication before any process starts and then several data sets that may be ac

126、cessed or updated that are likely to be encrypted.Security is critical to ensure there are no breaches of users data.For traditional banks,their systems of record are often in legacy mainframe systems.Banks have middleware(service bus)interfacing between these systems and the web-based systems of en

127、gagement.Optimizing the connectivity is key for performance and the end user experience.The systems of engagement need to be closer to where the users are at the edge.Finally,universal guidelines will also need to mandate that FIs implement open APIs to interact with third parties,as is the case und

128、er the PSD2.Whether or not FIs should be able to choose which TPP has access to these,as is the case in Hong Kong under its July 2018 Open API Framework,or whether consumers should be able to share their data with whichever authorized third parties they choose,as is the case under Australias CDR wil

129、l need to be determined.Transactional functions require low latencies,so having infrastructure adjacent to the cloud is important.15Open Banking EcosystemsConclusionsRising consumer expectations for hyper-personalized services and increasing competition from Fintechs to meet these expectations bette

130、r and at a cheaper cost have pushed the incumbent FIs to rapidly adopt digital transformation and collaborate with the new digital entrants.This has given way to the emergence of different collaborative banking models.With access to consumer data and facilitated by open APIs,open banking ecosystems

131、hold the key to the future of banking by enabling the provision of products as and when the consumer demands them.While markets across APAC have taken different approaches tailored to best suit their domestic needs and landscape,open banking is still in its nascent stage,with a myriad of challenges.

132、However,creating a standard set of guidelines and recommendations around data privacy,sharing and open API infrastructure will go a long way in creating an enabling environment for both the regulators and the industry to take up open banking more proactively.Moreover,connecting securely and efficien

133、tly to the ecosystems underpinned by open bankings distributed,any-connectivity model will require flexible,scalable,adaptable infrastructure and a software-defined network to deploy API gateways at a global scale and connect with partners across a multitude of different environments.Leveraging an i

134、nfrastructure platform,such as Platform Equinix can help bridge that gap of connecting infrastructure securely,at low latency,over a myriad of environments and locations,all while complying with the data sovereignty laws across different jurisdictions.It also enables technologists or solution archit

135、ects to build out their open banking infrastructure,without these having to commit to buying hardware or making hardware infrastructure decisions.With banks and non-bank entrants collaborating to provide personalized products and services to consumers,the industry boundaries are fast-blurringwhere b

136、anks are providing non-traditional services and non-bank entrants are providing banking services.This increased attention given to open banking will make the future of banking integrative,personalized and consumer-demand driven.16Open Banking EcosystemsKapronasia is a leading provider of market rese

137、arch covering finTech,banking,payments,and capital markets.From our offices and representation in Shanghai,Hong Kong,Taipei,Seoul,and Singapore,we provide clients across the region the insight they need to understand and take advantage of their highest-value opportunities in Asia and help them to ac

138、hieve and sustain a competitive advantage in the market.Please visit https:/ 2021 Kapronasia Pte.Ltd.All rights Equinix is the worlds digital infrastructure company.Digital leaders harness our trusted platform to bring together and interconnect the foundational infrastructure that powers their success.We enable our customers to access all the right places,partners and possibilities they need to accelerate advantage.With Equinix,they can scale with agility,speed the launch of digital services,deliver world-class experiences and multiply their value.For more information,visit:https:/