Opening up data can make banks digital leaders


20 October 2017


Changing regulation dictates that banks become more open with their data. Far from being a burden, it is an exciting chance to reposition themselves as digital leaders. Kevin Hanley, director of innovation at NatWest, tells Bradford Keen how APIs form the foundation of this transformation. But, to make it work, the industry needs to favour collaboration.


If you’ve been in a discussion about application programming interfaces (APIs), you will likely have been exposed to analogy. The waiter as an API communicating between diner and chef is popular. A power socket communicating between lamp and electricity is another. Kevin Hanley, director of innovation at NatWest, prefers talking about LEGO blocks – after setting the scene, of course. “I engage our board in discussions around the future by explaining that the world is changing,” Hanley says. “The business of banking is being redefined; regulators are enforcing change; customers are demanding change; and it is enabled by technology that is becoming faster, cheaper and more ubiquitous.

“APIs are the foundation of that world. So we talk an awful lot about the business of banking and two super-trends: disaggregation and disintermediation.”

Simply put, with modern banking’s modular or unbundled nature, banks no longer own the end-to-end value chain (disaggregation) and nearly every element of banking can be provided by non-bank service providers (disintermediation).

The industry needs to adapt to this shift by combining its assets, services and capabilities with those of others to provide customers with unique, reliable and trustworthy solutions.

“This is broadly the way we see the world moving forward,” Hanley adds, “which is actually the reverse of much of what has made many of the incumbent banks successful today.”

The days of protecting and defending data by building walls are over. Banking is becoming more open, collaborative, innovative and agile.

Against this backdrop of necessary change, Hanley uses the LEGO block analogy: “How do we combine our bricks with the bricks of others to create new assets and services? If you think about that from an API perspective, the API is the means to ensure we are able to combine our bricks with others.”

Open data

It is worth noting that the use of open data spawned successes such as the navigational mobile app Citymapper. The company’s ethos rests on the assumption that if information is made accessible, it will invariably lead to someone making good use of it by providing a beneficial service to people.

Air-travel website Skyscanner works in the same way, by collating all the flight information from various airlines and delivering it via an API in easily navigable categories.

A bank’s board doesn’t need to understand all the technicalities of APIs, Hanley says, other than grasping that it’s an essential means of combining assets with others. Hanley’s team, however, is tasked with defining key technology and building services around them.

Accordingly, he is responsible for the bank’s development of digitally savvy partnerships to drive innovation. The network spans the globe, with permanent teams based in Silicon Valley in the US, Israel’s technology community, and closer to home in London and Edinburgh.

“Our scouting network is part of my world,” he says. “The physical place where we stand, prototype and pilot our thinking around the bank of the future is also part of my responsibility. We have seen well over 1,000 technology companies a year across all those locations. We measure success by the technology we place in the hands of our customers.”

For Hanley, a fundamental condition for banks to evolve is that they are “technically able and culturally willing to play in this new world”. APIs are the technical ability to bring about collaborative innovation; the framework that allows banks to plug and play their assets and capabilities with others in a standardised way.

Cultural willingness “is a whole other discussion”, Hanley says, but it is about fostering a new way of thinking about processes and structures.

“I’m much more excited about the opportunity to collaborate than the threat,” he adds. “Technology start-ups and banks have complementary strengths, and I get excited about bringing them together.

“It is difficult for technology start-ups to establish scale and trust from a zero base and, conversely, it is often difficult for large incumbent organisations to think about things in an unconstrained, truly innovative way. Ultimately, you need a blend of both of these strengths to give customers the best outcome.”

Play to your strength

Hanley is excited about NatWest’s direct-lending proposition, launched in collaboration with an Israeli-based technology company to offer SME customers unsecured loans of up to £150,000. The result of this is that customers can go from completing their application to having the funds in their account within 20 minutes, as opposed to waiting up to ten days as they had to in the past.

“This is the way the world is moving,” Hanley says. “It’s a more open, collaborative and, yes, competitive environment, which requires thinking about how we combine the things we are good at with the things others are good at in order to change the game.”

Transformation in banking comes from technology, of course, but attached to this is shifting customer demand: “Customers want instant gratification and deep personalisation,” Hanley says. “They want it all and they want it now.

“Looking in the rear-view mirror, the industry has been product-centric. Selling a mortgage is an example of this, but there is a significant difference between selling a mortgage and buying a home. It is a subtle difference, but as soon as you start to think about the underlying problem or the service the customer is looking for, you end up in a much broader and richer conversation,” he explains.

By thinking more about the position of customers, banks can occupy a space that helps to solve real problems faced by its users. Hanley predicts this will also lead to more lateral thinking: “What can we, as a bank, do? How do we work with others in ways we haven’t done before to help customers?”

Data protection

The UK Treasury’s ‘Data Sharing and Open Data for Banks’ report, released in September 2014, stated: “Greater access to data has the potential to help improve competition in UK banking,” and “current policy interventions to promote access to data are steps in the right direction, and could be taken further by the application of more widely used technologies and standards for data sharing.”

The report stressed the feasibility of third-party access to consumer data as being “perfectly compatible with both the Data Protection Act (DPA) and the principles of privacy by design so long as it is implemented carefully”.

Necessarily, there needs to be checks and balances built into this new system of data sharing, such as how the DPA governs the way banks and third parties access user data. This framework includes users being suitably informed about what is happening to their data and having control over the terms of its access. Third parties will need to undergo an industry-standard vetting process that is published as open data and conform to a bank-agreed open API standard. Security standards also have to be set by the Financial Conduct Authority.

Regulation is forcing banks to comply with data sharing at a “minimum speed limit,” says Hanley, “but there is, of course, opportunity to go much faster”.

Some banks have recently made reference data, such as locations of ATMs and branches, their opening times and product data shareable, and available to others on the Competition and Markets Authority (CMA) website.

“We’re making progress at an industry level and, as a bank, we are making our most basic data available to others,” Hanley says. “The next level of data sharing is much more technically complex.”

The adoption of APIs and other third-party applications raises pointed questions about customer consent, authorisation and identity. According to the CMA’s timeline, banks need to expose transaction data to third parties by the end of 2017. They have to be technically able to provide a platform for customers to initiate payment through a third party and have the security controls in place to make this safe.

This is doable and an exciting challenge but, Hanley notes, by sheer scale alone, “it is more difficult than the work we have done as an industry to date”.

Rocky road ahead

Within the regulatory framework, a significant concern lurks. The recent triggering of Article 50 and the resultant uncertainty surrounding the relationship between the UK and EU causes concern over “a broader regulatory harmonisation challenge”, according to Hanley.

“As EU regulators attempt to harmonise technical standards for banks and institutions across Europe through legislation such as PSD2, the challenge for the UK is one of timelines,” he says. “How do we avoid responding to UK regulations over the next nine months in this API environment that, in a worst-case situation, concludes, and means that, next year, we have to dig up the road because the standards were somehow subtly different at the EU level than a UK level.”

With many challenges, however, comes opportunity: “We are in the process of looking at our technology organisation and making sure it can deliver against this landscape we are describing,” Hanley says. He cites as an example the bank’s FXmicropay, which is already available to corporate customers for international ecommerce sites. Using NatWest’s currency capability, the service delivers multicurrency ability to the websites.

It is essential that, during this period of exploration, there exists a safe space for creation. For Hanley, having a sandbox environment encourages experimentation with third parties, developers and new start-ups.

In the past 12 months, NatWest has hosted ten ‘hackathons’ across Israel, India and the UK. “We take that sandpit environment and make it available to hundreds of people at the hackathons,” he explains. “We work collaboratively to come up with ideas we put live. We have APIs we are using in production at the moment.”

Whether banks choose waiters, power sockets or LEGO blocks to talk about APIs, the importance lies in not only having the conversation but also finding fresh, efficient and innovative ways – such as hackathons – to use this increasingly essential technology. By opening up and sharing data, banks can carve out a new role in this personalised, digitally driven world of finance.

APIs provide the technical means for data sharing and collaboration. Open data has resulted in novel solutions to meet evolving customer demands.
Sharing data can allow banks and other organisations to offer more personalised banking services.