Building an API Program - Lessons from Deutsche Bank
6 years ago, Deutsche Bank started building its API Program. It went live 2 years later, 2 years before the regulatory technical standards of PSD2 started to apply in Europe. Joris Hensen was there from the beginning. Still, today he is co-leading the program.
We invited him to talk about his lessons learned, and we realised that despite the many discussion on open banking, there is so much more to learn.
Regulation stimulates innovation
The regulatory technical standards of PSD2 apply since September 14, 2019. That is the moment every bank needed to provide a narrow set of APIs to help third parties connect with banks to access account information and payment initiation.
PSD2 was more than a regulation. It was a game-changer. It forced banks to change their perception of data ownership, communication with third parties and product development.
Joris: "I feel regulation helps because it stimulated the industry to change, even though it's just a tiny subset of information that banks have to open because of PSD2. Still, it's a starting point." Banks got used to APIs. They reflected on additional options, best practices and new partnerships.
He summarised it very well by saying that "it's like an internal muscle you have to train." It takes practice, and in the case of open banking, having a regulation that enforces banks to train that muscle accelerated change and innovation in the industry.
Realising the dream
Yet, PSD2 was not Deutsche Bank's reason to start the API Program.
The trigger for Joris to found the program was not regulation. It was a foresight exercise, an imagination and re-imagination of a future and a desired future. Joris: "Our decisions of today influence our potential future and the better we envision what would be possible on a scale from like, maybe in 10-20-30 years, the higher likelihood is that this will be the future one day."
That future scenario was that open banking would help banks ease the lives of their customers through partnerships in life-changing events. Joris: "We provide partners with banking data, and they can build products. As a bank, we have added value we can offer to our customers, a way to retain customers, and the customers benefit from additional products throughout these life events."
Looking back, the evolution to that future was slower than expected, but overall, the scenario still makes sense. The industry voice may have changed from being very present in life-changing events to being embedded in customer journeys while remaining invisible. Still, the framework behind that remains a constant: having an API Program to facilitate this.
How to grow the idea of an API program into a corporate vision
Back in 2015, open banking was completely new, and clearly, the organisation needed to get used to this new concept. Joris explained that the evolution from a foresight scenario of open banking to an API Program passed through, roughly speaking, three phases.
The first phase, the kick-off of the initiative, started with an internal hackathon at Deutsche Bank. Joris: "For the first time both IT and business people came together, they worked in teams, no PowerPoint slides allowed." The management that was invited was so convinced of the results in such a short period that the project moved to phase 2.
The second phase was a bigger hackathon, an external one, with the support of Christian Sewing, their CEO, being part of the jury. Having also departments like compliance and security onboard helped to grow the buy-in of the entire organisation, as Joris explained: "And this was a breakthrough because what started on the technology side became a business initiative, and having Christian Sewing on board was a clear signal to the organisation. Well, technology is the enabler. Bottom line though, what this is all about is to do real business."
The third phase was the demonstration of real live use cases. The API Program started to work with external partners, which led to success stories that convinced everyone in the organisation to make this API Program a success. Today Deutsche Bank partners with many external organisations in supporting them to make finance easier, more transparent and insightful.
If you don’t do it yourself, others will
From the audience came the comment that banks still too often hide behind security, regulation or compliance reasons for not opening up enough. This person warned that FinTech companies would find other ways to overcome these hurdles if banks don't open up enough.
Joris agreed with this conclusion and warned that this is a potential risk for the banking industry. He explained: “The worst thing that could happen is that FinTechs no longer want to work with banks anymore. That is why we invested much time in a lean onboarding process that takes you, for instance, just a maximum of two weeks to get on board.”
“It's essential to build this trust in the community of partners because it's a small community, and once they lose the trust in you, as a partner, in the bank they have to cooperate with, it isn't easy to regain it.”
Not every bank needs an API program
Does this mean that every bank should invest in its own API program? There was some discussion, but the majority of the audience believed that this is not the case. It predominantly depends on the bank's strategy.
Not every bank will focus on being invisibly present everywhere. Even more, a majority of banks will avoid being a front runner in innovation. These banks will instead closely look at the market and copy success stories whenever relevant.
So it depends on strategy, but also size, as Joris explained: "It's also a question of resources. Not every bank has a huge IT department now to set up an API program."
Of course, this doesn’t stop at the launch of an API Program. That is just when the hard work starts. APIs should reduce complexity in a bank’s IT infrastructure. This permanent reduction in complexity is only possible with rigorous API management.
Joris: “At Deutsche Bank, we have put an API design guidelines service repository in place. What makes the trick is the role that we call API product managers, who are responsible for the APIs throughout their lifetime, from the invention to maybe the shutdown of an API.”
“I think it is super important to have this responsibility for an API, which forces us to think about what is really necessary, also what kind of data you want to expose to the outside, and not to reinvent different APIs that can be used for the same purpose.”
I loved this session, not just for all the insights but also for the openness on how it all started and the nuance in the message that not every bank needs an API Program. Banks that want to invest in an API Program need to ensure the entire organisation stands behind it and that good governance is implemented to ensure successful implementation, maintenance and growth.
Banks that do not have that focus, the resources or the knowledge can perhaps fall back on organisations like Isabel Group, with whom we have another open banking session on September 16.