Enabling open finance through APIs
Report by the Consultative Group on Innovation and the Digital Economy (CGIDE) established at the BIS Representative Office for the Americas
In response to the need to facilitate payment services and expand the public's access to them, this report explores the development of an identification and authentication application program interface (API) that could be used to implement privately and publicly administered open finance solutions with seamless scalability. An open finance ecosystem can benefit financial system participants and society in general by creating an environment in which the competitive advantage of different players can be used to provide people with better financial services.
The Technical Task Force of the Consultative Group on Innovation and the Digital Economy (CGIDE TTF) analysed the relevance of an efficient and reliable identification and authentication method, and delved into a centralised API implementation for this objective. The report highlights the importance of open finance for the development of the financial system, lists the trade-offs regarding implementation schemes for open finance and serves as background for the other, more technical, documents: (i) a technical flow diagram of identity validation based on a centralised API architecture ("Centralised validator API proposal") (unpublished); (ii) general hardware requirements to implement the centralised solution ("Minimal technological requirements for central validator") (Annex A); and (iii) technical requirements for third parties on the central validator API architecture ("Technical requirements for third parties") (Annex B).
Remote and secure identification and authentication of users is the main requirement for parties in an open finance ecosystem to interact, since this ensures different entities that a given request has indeed made by their users. Moreover, an open and standardised API scheme can provide the interoperability needed for all interested parties to participate in the open finance ecosystem. In particular, the CGIDE TTF has been analysing an API scheme based on mobile devices to support the remote, secure and efficient identification and authentication of users of financial institutions. The analysed scheme is based on the establishment of a central validator (CV) that allows secure relationships to be created between financial institutions and third parties, without the need for them to come into direct contact with each other. This is accomplished by establishing secure connections between the CV and third parties on the one hand, and between the financial institutions and the CV on the other. The security schemes used by the CV would ensure that all connections in the scheme are established between previously certified entities for the orderly provision of financial services through third parties. Furthermore, the CV provides the necessary elements to guarantee that each party involved in the provision of services through this scheme accesses only the user information strictly necessary to allow the provision of a specified financial service.
The work of the CGIDE TTF did not include a review of all possible alternatives to achieve secure and remote identification and authentication through APIs. From that perspective, this document should only serve as a general reference for individual countries that want to develop their own payments initiatives, and consequently no member is endorsing the adoption of open banking or the analysed identification and authentication API and CV scheme.
Comments are welcome and should be addressed to: CGIDEreport@bis.org, preferably by 31 January 2021.