Digital Age & Banking System

Dhananjay Ganjoo Managing Director - India & SAARC, F5 NetworksHolding over three decades of experience, Dhananjay is responsible for driving F5’s growth strategy in India and SAARC.

1. How can India further advance the development of open banking to create an innovative, collaborative, and competitive financial services landscape?
The banking sector has undergone immense changes in the past few years as non-traditional players—including fintech’s and neo-banks—entering the global marketplace. ‘Open Banking’ is one such disruption that is going to change banking forever. In fact, according to the Twimbit and SOAS BFSI Report , India is seen high in rating for both regulatory and market initiatives in open banking. Application programming interfaces or APIs, are leading the wave that is transforming today’s banking scenario, standardized and easy-to-implement APIs are supplementing several other disruptive technologies that are making inroads into banks. Most banks are adopting such technologies wholeheartedly to gain agility and move ahead of the competition.

Here are a couple of areas where India can further advance in open banking ecosystem: -

Modernizing IT: Banks today realize that they are essentially technology companies operating under the rules of a banking license. Banks have a diverse portfolio of technology assets that they manage to create a better customer experience, compete with digital native challengers, and cope with the myriad new regulatory requirements that add cost and complexity. Yet the majority of banks find that their technology engines are sputtering and struggling to keep up with the competition. As such, banks need to have an aggressive approach towards IT modernization, processes, and infrastructure to support the long-term success of an open banking strategy.

Growing and maintaining a strong developer community: Banks should not try to drive Fintech out of the business landscape, but rather find out what aspects of the technology should be developed internally and what aspects can be partnered with Fintech. Essentially partnering with Fintech for a software solution that allows them to engage customers in a superior way will strengthen the bank’s API offerings and ecosystem that drives customer value creation.

Prioritizing security in the Digital Age: Banks must allay consumer fears about the risk of fraud or data breaches in adopting open banking practices. They need to begin developing strategies to modernize their applications by implementing an application security strategy for 360-degree protection that goes beyond just testing for software vulnerabilities. With this new era of data sharing, the Data Protection Authority will be tasked with rule making and deciding which companies are covered by the new data protection laws and which are exempt.

2. As data and systems are becoming more interconnected as we share transactional data through Application Program Interfaces (APIs), how can organizations ensure that user data
remains protected?
APIs have become a strategic element for innovation as organizations transform their digital experiences and the architectures that support them. Accordingly, a structured proposal by the Reserve Bank of India (RBI) that aims to set up a framework or sandbox outlining central body guidelines and initiatives for API-based product development. The federal body makes APIs available through India Stack, which provides government agencies, businesses, and developers access to technology platforms via the Aadhaar national identity number system. But amid this rapid adoption of technology and the emergence of new business models, these innovations have simultaneously ushered in implications on the stability and integrity of the financial system. Despite having guidelines and regulations to secure data, customer loyalty is at an all-time low as customers demand new methods of accessing banking details. Markedly, such actions of sharing user banking data across the fintech ecosystem require a security-first approach, which means banks have to focus on the following:

Encryption above and beyond what is provided by HTTPS/TLS should also be incorporated to provide additional security

Fighting fraud with depth in defense: All of the controls that institutions have in place for traditional banking infrastructures such as real-time fraud detection, anti-money laundering, compliance, and reconciliation also need to be in place for the new world of mobile and digital payments. Criminals are devising increasingly complex and innovative ways to execute payments fraud so the creation of a robust prevention and detection strategy is imperative for financial institutions to protect both themselves and their clients By providing user information access to multiple parties, open banking levels the playing field between traditional FIs and the new disruptors. To tackle such threats, Financial institutions must deploy strong authentication standards to understand user behavior and detect fraud.

Access to a limited set of customers/accounts: - Access to a limited set of customer accounts should be provided. Typically, an API accesses any or all customers/accounts, but in special cases—where a subset of accounts might be required—limiting access to a specific account subset can significantly reduce the impact of a security breach. This is especially the case when it is a third-party application that is fulfilling a specific use case.

Encryption Everything - Encryption above and beyond what is provided by HTTPS/TLS should also be incorporated to provide additional security. This requires the client and the server to mutually agree on the cryptographic algorithm and overall approach. For banking APIs, this is beneficial because you only want your intended and vetted clients to be aware of your encryption approach.

3. With the world contending with the COVID-19 pandemic presently, how can open banking play a transformative role as customers increasingly rely on online and mobile banking tools as alternatives?
COVID-19 and the containment policies aimed at controlling it has changed the way we work, consume, and pay. The payment ecosystem has been transitioning to a digital model for some time, and the ongoing pandemic has only accelerated this adoption across demographics. By placing the customer at the core of their business strategy, banks can still find a way to add some stability to their businesses by addressing these areas:-

Focusing on customer help:- Access to substantial levels of data means that banks can determine strategies and comms appropriate to different segments, repurpose existing products, and generally enable a broader set of personal and business customers to address and take control of their finances. Empowering these customers to digitally serve themselves through the crisis can maintain stability and longer-term growth.

Modernizing IT Infrastructure:- As customer demands for integrated financial services continue to grow, banking executives see the potential benefits of open banking—beyond regulatory compliance. However, there is no single model for open banking success. The needs of financial institutions vary, depending on their infrastructure. Legacy infrastructure increases the complexity of introducing new technologies. Integrating with existing, fragmented systems and providing the necessary communication and integration links often require additional work. However, modernizing IT infrastructure will support the long-term success of an open banking initiative.

Ecosystem growth. Successful open APIs have network effects, such as growth in the number and reach of influencers. To have the widest audience, even well-defined APIs should minimize customization to be useful across a range of environments. Those that are built to run anywhere, anytime, and in any cloud or datacenter are the ones that can be reused from a single investment- accelerating digital innovation.