View the full report here.
MARKET TRENDS
Core Contract Renewals
The average bank has just 2.5 years left on its core contract, according to Cornerstone Advisors. The implication is that a wave of banks will soon decide whether to stick with their current provider or follow BankSouth’s lead and go elsewhere.
It’s rare for banks to leave their core provider, but the renewal window provides a convenient opportunity to do so — or to negotiate for API access. Not enough banks take advantage of this opportunity, says Raj Patel, co-founder of MANTL, a digital account-opening solution that reads and writes to the core.
“If you’re a bank, you need access to your core systems for yourself and also to provide to a third party,” Patel says. “That has to come from your core provider, and too many banks in the country today do not have an agreement with their core for that access.”
Few banks take advantage of full core connectivity because they’re focused instead on triage, addressing a multitude of immediate issues. Bank leaders typically negotiate a scope of work for a single project to optimize costs, according to Patel. When they do that, they miss the bigger picture of API access, which he says will become increasingly critical.
A base connectivity layer, or middleware, is “one of those things that you will have to add in the next 10 years if you don’t already have it,” Patel says. “The real question is, can you negotiate good products and access up front — or are you going to get hit by it in the back end?”
Embedded Finance
APIs create opportunities around point-of-sale financing, e-commerce and other embedded financial experiences. Ravi Balasubramanian, co-founder and CEO of Sandbox Banking, which provides a universal adaptor for bank systems, points to the exercise bike from Peloton Interactive.
Pelotons are expensive, so the company gives customers access to installment financing. The loans are made through Affirm, but they’re backed by Cross River Bank, a $2 billion bank in Fort Lee, New Jersey.
Why does Cross River, as opposed to any other bank, originate these loans? “If my wife was going to buy a Peloton, why wouldn’t the financing just be provided by the bank we bank at?”
Balasubramanian asks. The only reason, he says, is that their bank doesn’t have the APIs it needs for real-time communication between all the parties involved.
In another example, a South American bank relies on APIs to complete payments for ships traversing the Panama Canal. The bank is a client of the U.S.- based API provider OpenLegacy. Hans Otharsson, OpenLegacy’s customer success officer, explains that the bank created an app for captains to pay tariffs and duty fees without leaving the ship.
“It’s almost like putting a teller on board,” Otharsson says. “That was a line of business that [the bank] never even thought about. Now they’re looking at how they can take that to airports. It’s a whole new revenue stream for them.”
Data Governance and Ownership
PNC Financial Services Group made headlines recently when it prohibited customers from connecting their accounts to Venmo, a peer-to-peer payments company.
Venmo collects customers’ login credentials and uses them to access those customers’ bank accounts through a combination of screen-scraping technology and APIs. PNC said it was concerned about Venmo’s data security — or, more accurately, about the data security of Plaid, an API aggregator used by Venmo. Instead, PNC urged customers to use Zelle, a competing payments platform established by the country’s biggest banks and embedded in PNC’s app.
Customers revolted, inundating PNC with complaints about their inability to access Venmo.
The moral of this story is less about PNC than it is about Venmo. The world of apps that connect to banks — willingly or unwillingly — will continue to grow, as will the need for banks to build API strategies that address data privacy, sharing and consent.
Outside the private sector, regulators are crafting guidance around section 1033 of the Dodd-Frank Act, which codifies the idea that customers own their data. Meanwhile, the California Consumer Privacy Act went into effect in January 2020, creating onerous requirements for banks holding the data of California residents.
To comply with these new rules and regulations, as well as to serve customers in the ways they want to be served, banks will need APIs.
Banking as a Service
While APIs are powering a re-bundling of products and the opening of new markets, they’re also helping banks make the most of their most valuable assets — their charters and access to payment rails — by partnering with fintechs to provide Banking as a Service (BaaS).
BaaS refers to the provision of financial products and services to nonbanks that, in turn, provide financial products and services to end users. The model presents new revenue streams that banks can access simply by doing what they do best — managing balance sheets, risk and compliance. But it also takes a healthy dose of technology to make these arrangements work.BaaS providers like Cross River Bank have constructed API stacks to support partners, which include household fintech names like Affirm, Stripe and Visa. Other banks pursue a wholesale BaaS strategy, wherein fintechs like Cambr, which is backed by Q2 Open, provide banks with the APIs they need to deliver BaaS and help recruit fintech clients.
Regardless of how the program is constructed, BaaS is a potentially lucrative business line that’s only available to banks that embrace APIs.