Experts discuss business models and IT security at the Airlock Security Breakfast
From 14 September 2019, European Union banks will need to adopt an open approach towards third-party providers under the new PSD2 Directive. Swiss banks are opening up without regulatory requirements. Standards and platforms are being created with the aim of simplifying access to bank accounts for FinTechs. During the Airlock Security Breakfast, the current situation in Switzerland was examined closely; with both the effects on the banks’ business model and secure access management being discussed.
Jürgen Petry, New Business Innovator at Raiffeisen Switzerland, and founder of the API Working Group of the Swiss Fintech Innovation Association (SFTI), gave an overview of the numerous API standardisation initiatives currently being undertaken in Switzerland:
It is important to build a knowledge platform across the entire API environment in Switzerland, and to provide full-featured test systems as well as simple sandboxes, so as to enable developers to carry out developments in these sandboxes and gain additional knowledge via the knowledge platform.
In addition, Petry explained why a Swiss API payment standard is needed, and why it is not possible to simply adopt the European NextGenPSD2 API. He explained that there are features of the ISO20022 message standard for payments that are specific to Switzerland and need to be considered. He also noted that the API initiative of the SFTI addresses not only payment transactions but also other business areas in banking (loans, portfolio management, etc.). Finally, Jürgen Petry emphasised that the various national standardisation initiatives must be able to work alongside one another, and also be in tune with international committees so that a sustainable solution can emerge.
Marianne Wildi, CEO of Hypothekarbank Lenzburg, also presented a business model that has successfully reconciled the modern API economy with the transformation of the Hypothekarbank from traditional bank to digital financial services provider. She pointed out that
technology is important, but in the end you have to know where you position yourself in the market. It all comes together, Open API alone is not enough. The financial institution must know which unique selling propositions it has and on which a business model is based.
The Hypothekarbank Lenzbung has already integrated various Fintechs via APIs and, thanks to innovative providers, is reaching new customer groups who are now depositing their money in Lenzburg.
Martin Zahner, Business Development Manager at Airlock, spoke of the effects of open banking on IT security and access management:
Banks have to offer their customers an attractive user experience via digital channels, otherwise they migrate to the FinTechs. This requires, among other things, trouble-free authentication. Likewise, as the APIs open up, there are also new weak points that have to be protected. User and identity management, such as the Airlock IAM - part of the Airlock Secure Access Hub - is able to define and enforce accurate access policies. Thus, only authorised persons can call up the data and services – also on the API. Banks have to offer their customers an attractive user experience via digital channels, otherwise they migrate to the FinTechs. This requires, among other things, trouble-free authentication. Likewise, as the APIs open up, there are also new weak points that have to be protected.