Choose Country

Banking redefined: the rise of open banking

By Christophe Duthoit, Neil Pardasani, Jay Venkat, Kaj Burchardi,
Filippo L. Scognamiglio Pasini, Trina Foo

July 10, 2016 - Banking is necessary, but rarely enjoyable. Chances are, you won’t hear anyone saying, "Honey, I‘m going to call the bank, can’t wait!". Nevertheless, few dispute that consumers need trusted and reliable providers of financial services.

Therefore, it is not surprising that banking executives have been exploring ways to find the next step-change in customer experience. Some argue that the last useful innovation was the ATM - Paul Volcker once famously termed it “the only useful thing banks have invented in 20 years”.

However, we believe we are on the cusp of a true innovation in financial services, driven in great part by the rise of the much-discussed millennials demographic – open banking.

We define open banking as the ability for digital firms to access or build services around financial institutions, without having to go through traditional “front doors” (such as a bank’s online banking log-in) – enabling them to carry out a range of functions automatically and in real time. This can be simple (such as accessing account information) or complex (such as executing multi-party cross-border transactions).

At the heart of open banking are “application programming interfaces”, or APIs for short. These are the digital equivalent of power-plug and wall-socket ISO standards – they allow different components made from different companies to work together. When they are well-made, they allow products and services to work just by “plugging in”.

In other industries, APIs have already taken off. Uber uses Google Map’s API. Social networks like Facebook have also built entire ecosystems around their core platforms with APIs for news, events and so on.

The time has now arrived for financial institutions to explore how opening up may transform their business models - no small degree of change. In this article, we will discuss what some potentially successful approaches are.

APIs are gaining momentum in the financial services industry

Certain parts of the banking world – notably those involved in trading and foreign exchange  – have long embraced APIs as an essential component of their business models. FIX (Financial Information eXchange protocol) is an example of a broader standard commonly used to submit orders in the brokerage industry. RASHPort and OUCH are examples of two major proprietary APIs that NASDAQ uses to show brokers what functionality they have.

However, retail and corporate banks have been more staid – and have to date relied on monolithic software systems and proprietary standards. There are exceptions, but they are few and far between and concentrated in the payments space. These include payment networks ACH (in the US), SWIFT (global network), and Apple Pay (driven primarily by Apple rather than banks).

Early efforts at defining common API standards in retail banking have had limited success, and we see three potential reasons for this. Firstly, most banks do not currently see incremental revenue opportunities from APIs. Secondly, banks are wary of risks associated implementing API-related technologies - especially where security, regulatory or compliance standards are not yet clearly defined. Lastly, many banks are wary of what they perceive as loss of control when opening up – especially where they may cede the end-customer relationship and interface to a third party. The Open Bank Project in Germany is an advocacy group which has gained some traction in its local market, but it has not driven broader uptake.

However, two parallel forces are now strengthening – which we believe will generate significant momentum for open banking. Firstly, leading banks are actively moving forward with significant bets. Secondly, regulators in Europe are forcing change on incumbents. Let’s look at each of these in turn.

Among top-tier global financial institutions, BBVA is arguably at the forefront of innovation in the open banking space. It made a number of significant moves in the past two years, to fulfil its ambition to be the best digital bank of the 21st century. It bought US digital bank Simple in 2014 for US$117m, and subsequently appointed its former founder Shamir Karkal as Head of Open APIs (a newly created role). It then added to its digital banking portfolio by acquiring a 29.5% stake in UK digital neobank Atom Bank for $68m in 2015; and also bought Finland-based Holvi in 2016. It also provided an early proof of the value of open APIs with its Dwolla partnership – customers of BBVA Compass in the US can leverage the service to make real-time payments, instead of having to wait the usual 3-4 days for funds to clear.

One major driver of increased interest in open banking from incumbent banks is that commercial-grade API management platforms are becoming more mature. Major providers include Apigee (which recently listed), TIBCO subsidiary Mashery, and CA (formerly known as Layer 7). Several large banks either implemented an API management platform from one of these vendors, or are in the process of evaluating such a move.

The second force is regulation – and Europe is at the forefront of this. The most advanced efforts are in the UK, where the authorities are attempting to define industry standards for banking APIs.

Also, in the European Union, the Payments Service Directive II (PSD2) is a piece of regulation taking effect in January 2018. It has three main strands:

  • Access to accounts: Banks must share certain account information with licensed third party providers that have received explicit customer consent
  • Payment initiation: Third parties can initiate payments directly from customer accounts, with robust methods of authenticating customers
  • Technical requirements: These include the requirement for banks to build APIs to enable information to be shared securely and efficiently with third parties

Widespread compliance with PSD2 is likely to lead to a shift towards "banking as a service". In this model, one “platform” player holds the main customer current account; and standardized APIs enable customer to buy banking products and services, as easily as they buy apps from an app store. Retail bank customers will then have the option to cherry-pick from the best provider for a particular need - without having to switch their main banking provider. The platform could play a key role in ranking products – so providers will see their margins squeezed in order to be ranked higher. The platform could also lead in putting together “mash up” propositions from different providers.

The immediate effect will be more competition between banks – giving an advantage to those who can leverage their agile organization and infrastructure to seize opportunities. The second-order effect may well be a wave of bank disintermediation – with third parties "owning" the customer through well-designed interfaces, link with payment services, and personal finance management. Such third parties could be aggregators or specialized financial service providers (e.g. investment brokers or consumer finance providers); but could also be tech firms such as Apple, Google or Amazon.

Traditional banking business models are under threat

Simply ignoring open banking is not an option. Already, the industry is aware that traditional business models are under threat from start-ups becoming massively successful by offering something that solves a customer’s pain points. Intuit’s Mint is the most high-profile textbook example of this – it recognized that consumers wanted a single comprehensive view of all their financial accounts in one place; while incumbent banks were still concerned with pushing additional products. Established banks have taken note – last year, US bank JPMorgan Chase dedicated a full page of its 2015 shareholder letter to the topic of account aggregators. In Europe, banks are widely tackling the challenges posed by PSD2 with the objective of avoiding being relegated to utility status. ING has launched a Europe-wide aggregator platform.

Leveraging new business models is no small degree of change for banks – successful approaches require doing several things differently

To succeed in open banking operations, banks should:

-  Operate as the technology startups do: Use small specialized in-house teams; adopt agile software development practices; leverage test-driven development focused on incrementally improving minimum viable products

-  Selectively open up your core functionality to third party players; e.g., consider partnering with car manufacturers and/or oil companies to enable automatic and seamless gas payments

-  Define fast-track approval processes to cope with regulatory, security and compliance requirements

-  Consider creating a dedicated API product development group that straddles the conventional barriers of business and technology. This unit should focus on partnering with third parties to enable new business models. It will also be responsible for defining the required operating model, adapting established security and compliance standards, identifying pilot / initial use cases, and creating a rollout roadmap.

-  Design services with high availability and performance in mind from the start


In particular, some elements of open banking require different ways of thinking from conventional digital banking. For example:

  • Partnerships: Engaging partners from the very beginning is key, because the key driver of value is network effects, rather than more traditional ideas of sales and distribution. Therefore, banks should look to recruit and retain skills required to create, manage, and serve a community of highly technical software developers
  • Operating model, capable at operating at speed of the client: Increasingly, third party developers can access fintechs’ software developer kits and generate an API key, and start accepting digital payments within 15 minutes. In this world, asking a developer to wait two weeks for Legal and Compliance to review an agreement will appear jarring
  • Pricing: In open banking, pricing can work “in reverse”. Rather than traditional volume discounts for unit-based services, players are using “freemium”, subscription-based or other pricing models. For example, using APIs it is possible to price and segment services by a wide range of dimensions - such as amount of data, number of API calls, recency of data, type of client and many other similar dimensions
  • Funding the journey: Banks need to be willing to invest in creating platforms and ecosystems. These may operate at a loss for some time, before the full value of network effects kick in and drive the platforms’ volumes to profitability
  • Technological infrastructure layer: This should be capable of supporting the paradigms of agile software development; and also provide the right level of access to core banking systems where needed and appropriate. API gateways and management systems can help speed up implementation if used wisely.

Conclusion: APIs have the potential to change the face of banking

New companies are emerging that will reshape the traditional banking experience into a frictionless, seamless experience, and may do so primarily through the use of innovative APIs. Banks face a clear choice – they can visualize the future that these new entrants are heralding, embrace open banking and use their existing clout to build a formidable partner ecosystem. Or they can expend resources to defend potentially obsolete business models, and find themselves in increasingly compromised and unsustainable competitive positions.

Making the change successfully into platform-focused organizations will require banks to shift paradigms in several areas. They should use small specialized in-house teams; adopt agile software development practices; and leverage test-driven development focused, on incrementally improving minimum viable products.

It is no longer sustainable to hope that traditional branch-based business models will serve digitally-savvy consumers. We believe banks should not fear the risk of intermediation. Instead, they should look to find a new role in the broader financial services ecosystem, and seize the opportunity to explore new ways of working with external partners. Those who don’t will heighten their risk of becoming irrelevant.


About the Authors

Christophe Duthoit is a senior partner and managing director in the New York office of The Boston Consulting Group. You may contact him by email at

Neil Pardasani is a partner and managing director in the firm’s Los Angeles office. You may contact him by email at

Jay Venkat is a partner and managing director in BCG’s San Francisco office. You may contact him by email at

Kaj Burchardi is a managing director in BCG Platinion in New York. You may contact him by email at

Filippo L. Scognamiglio Pasini is a principal in BCG’s New York office. You may contact him by email at

Trina Foo is a Knowledge Expert for Retail Banking in BCG’s Singapore office. You may contact her by email at


About BCG

The Boston Consulting Group (BCG) is a global management consulting firm and the world’s leading advisor on business strategy. We partner with clients from the private, public, and not- for-profit sectors in all regions to identify their highest- value opportunities, address their most critical challenges, and transform their enterprises. Our customized approach combines deep insight into the dynamics of companies and markets with close collaboration at all levels of the client organization. This ensures that our clients achieve sustainable competitive advantage, build more capable organizations, and secure lasting results. Founded in 1963, BCG is a private company with 85 offices in 48 countries. For more information, please visit