The engine that will power the future of banking is fueled by Open APIs.
At Continuity, our mission is to relieve banks and credit unions from the increasingly untenable burden of regulatory compliance. As an integral part of the Compliance Core™, Continuity’s Assurance program provides regular, independent assessments of the state of compliance within your organization.
We put technology to work in order to make compliance easy. But no matter how efficient or effective an engine we build, it can’t run (or add value) without fuel. In the case of our Assurance program, data is that fuel. Everything is data, and auditing is just data validation.
One of the challenges we face is that the data of financial institutions is often locked in impenetrable black boxes built decades ago. Technology may have evolved considerably since then, but many bank cores remain comparatively stagnant. We can’t power our engine without a fuel pump.
On the surface, it would seem that the companies who sell these core banking systems have little incentive to modernize. After all, their customers are heavily reliant upon them in order to keep operations afloat. Ceding even a small amount of that control could ultimately translate to a decrease in recurring revenue. But similarly to what has occurred with the decaying legacy systems of other sectors like education, modernization and openness bring many benefits that might not seem obvious at first.
While the ever-increasing regulatory burden might be a mere annoyance to some of the core provider’s bigger customers, it can be a credible threat to the continued health of smaller community financial institutions. If the burden of compliance grows to a level that forces leadership to reconsider the long-term viability of the business, the core provider might lose a customer. Now rather than a decrease in revenue from that customer, the core provider realizes none at all. Suddenly modernization and openness don’t seem so inconceivable.
When was the last time you switched TV or Internet providers for your home? Do you remember how you were feeling about the old provider at the time? What about the new one? Did it feel like a sucker’s choice between the lesser of two evils? Would you have bothered with the inconvenience of switching if the old provider could have responded more effectively to your needs? Banks don’t migrate from one core provider to another very often, but it does happen. And a bank that’s unhappy with what they’re getting (or not getting) from their current core provider is more likely to migrate. Financial institutions are increasingly demanding more flexibility in their technology to improve compliance management. If a particular core provider emerges as a leader in technological flexibility, it achieves differentiation through innovation. It’s no longer in consideration among lesser evils… the customer’s choice becomes clear.
Another factor to consider is data security. Even selectively opening up a bank’s core systems would increase the likelihood of a data breach, right? Not so fast. Think about the way in which traditional audits utilize bank data. What safeguards are in place to ensure data security with the traditional process? Data must first be exported from the core system, typically in printed form. It may then be scanned, faxed, emailed, or shared via various online collaboration tools as the auditing process moves forward. By that point, a number of potential security compromises have already been introduced into the workflow. There are multiple points of potential failure along the chain, many of which are entirely beyond the institution’s control.
Now let’s return to the challenge of fueling our engine with data. We’ve already established that closed systems are starving the engine. Consider the modern alternative of an application programming interface, or API. An open API is our fuel pump. It’s predictable and consistent. Precedent already exists for secure third-party connectivity in the realm of personal financial management; web-based tools such as Mint and FinanceWorks are trusted and used daily by millions of people. With a properly-secured API utilizing strong encryption technology, there is a single point-to-point connection between the bank and the intended recipient of the data. Both the data channel (think: road) and the payload (car) are secured. The open system is actually more secure than the closed one. Our engine now has the fuel it needs to deliver unprecedented value to our clients.
Financial institutions must adapt to survive. Their core systems should do the same.