CategoriesIBSi Blogs Uncategorized
Krzysztof Pulkiewicz, CEO and Co-Founder of banqUP
Krzysztof Pulkiewicz, CEO and Co-Founder of banqUP

By Krzysztof Pulkiewicz
CEO and Co-Founder of banqUP, a Polish-Belgian API aggregator connected to 78 banks in 10 European countries.

On 14 September 2019, PSD2 went into full effect all over Europe. It made possible for a third party to connect to banking APIs to obtain the history of clients’ accounts, make a payment or check the availability of funds. In theory, it would cause a new generation of banking apps that will bring new quality to banking clients. However, the development of new solutions is not as fast as many would like to.

The UK, with its Open Banking Directive that came into force in January 2018, is far more evolved than the rest of Europe. Therefore many Open Banking solutions (like Revolut’s account aggregation) are only available in the UK.

Even the most innovative banking players, like KBC or ING, are locally connected with 4-5 different banking partners at most.

Why is it hard to get into Open Banking as a new player? banqUP – a platform that aims to create ‘one API to connect all banking APIs’, similarly to what Plaid is doing for the US Market, and already connected to over 50 banks from 8 countries in their aggregator platform, has some interesting views on this subject.

Lukasz Chmielewski, banqUP’s CTO, says that the APIs provided by banks are pretty different across different API standards, but not only – “each bank has a different approach to how it complies with PSD2 directive. There are a number of pain-points that we observed across very different national and multinational API standards and their implementations in Europe”.

Too little sand in the sandboxes
Very often sandbox/test APIs provided by banks significantly differ from the final API.

“We have encountered sandboxes that, by design, offer around 10 per cent of the functionalities of the production API. When asked – the bank’s response was ‘it’s to make it easier for third-party providers (TPPs)’. Not sure in which way,” Chmielewski says.

Why is this a problem? Sandbox should be a tool for a TPP company to test their solution to later seamlessly connect to access real data. It should also allow any entity without a TPP license to build its solution.

“Before we got our TPP license in December we basically had no idea how accurate our connector is. Only after deployment to our TPP client, we have learnt about the scale of differences. And most third-party service providers are still in this inconvenient situation,” the banqUP’s CTO notes.

Lukasz Chmielewski, CTO, banqUP
Lukasz Chmielewski, CTO, banqUP

Sandbox stability may also be an issue. It seems logical that the sandbox environment may be less stable than the production one, but the banks are obliged to inform their partners about any changes to a production API that may cause failure to connected applications (usually a few months prior to their release) but not to the sandbox. However, some basic level of reliability is required to make sandbox useful.

Piotr Szyperski, banqUP’s Lead Developer, explains: “When it comes to sandbox change reports, we have had cases where the changes have been communicated to us 20 minutes before their release to the sandbox Automatic tests depending on sandbox APIs almost never work for a full set of banks. We had to design the process to automatically disable/enable sandbox tests based on health checks, as instabilities occur very often.”

Non-standard standards
Another issue TPPs face is the differences within a single API standard. Mostly stemming from different approaches to the guidelines. There are banks that only support most basic scenarios, ignoring the fact that according to their API standard they should support much more. For example, some of them allow only standard payment and neither recurring payment nor scheduled ones are supported. These seem minor issues but often whole business cases can be (or are being) built around those missing features.

“Some banks follow standard to the letter, some decide to add additional functionalities or features. Others decide to ignore some elements of the standard, claiming that they are not useful,” Szyperski says.

“Standards are usually treated by banks as guidelines or inspiration only. Even if they are strictly followed, they still leave a lot of room for interpretation. Multiple optional fields, a lot of alternative paths and missing elements that most REST APIs possess – all these make the banking APIs far from perfect,” he adds.

“However, there are standards with more precise requirements. One good example is the Polish API. It is precise enough to result in very similar implementations of both AIS and PIS services across the whole country.”

Growing pains
Chmielewski says: “From our perspective it seems that both people responsible for PSD2 standards and those implementing them have been focused either on maximizing the security of the API or minimizing the effort of implementation, having internal banking architecture in mind.”

“Moreover, it seems that in some cases, after the bank has addressed the minimum regulatory requirements regarding PSD2, they invest much less of their resources and focus on improving the quality of API, especially sandbox. It may be somehow understandable, but still may slow down changes related to Open Banking.”

On the bright side, most banks approach support very seriously. They have appointed contact persons to handle API reports or even set up small departments. There are only rare cases where the answers are not helpful or take longer than one day on average.

“Many of the issues we have described stem from the fact that we are often one of the first entities that connect to a given banking API. We are observing a steady increase in stability and usability of the APIs, even though it is not necessarily rapid,” Chmielewski says.

“Reactions from banks to our feedback are also usually very constructive and positive. We believe Open Banking, with a proper set of tools simplifying connectivity, might soon become a game-changer it was hoped to be,” the banqUP’s CTO concludes.

Leave a Reply

Your email address will not be published. Required fields are marked *

Call for support

1800 - 123 456 78
info@example.com

Follow us

44 Shirley Ave. West Chicago, IL 60185, USA

Follow us

LinkedIn
Twitter
YouTube