Imagine that you are riding an Uber or Didi Ride back home. In the middle of the ride, you realised that there’s nothing cooked for dinner at home and time is short as you are already late. And you suddenly placed an online order for some fancy food with a newly discovered app and paid it by Paypal or VISA. When you reach your destination, you pay Uber by Paypal and a few minutes later, Mint app pops up a message notifying that you have overspent for this month and getting chauffeured too much!
The interconnectivity of applications and network infrastructure is made possible by APIs, which allows apps and systems to talk to each other, a kind of advanced technological loop. API is the simplest form of standardized protocol for computer programs to talk to each other and is integral to modern software development (Banking Tech Website). An API, specifics the connection mechanism, the data, and functionality that are made available and what rules other pieces of software need to follow to interact with this data and functionality.
An organization can use API to allow third parties to access their data or services in a controlled environment. Using an API is like using a particular desired part of the software and not the entire one which remains protected. An example would be a Facebook “like” on third party website. Additionally Google, Facebook and Apple have created their own digital ecosystems through the use of public APIs and by allowing third parties to add functionality to their core services, these companies become for third party innovation.
The API Universe
—————– ” The year 2014 saw the advent of a secure and convenient way to pay at stores using an iPhone 6 or 6+ with Near Field Communication (NFC) and finger-print Touch ID. Apple has provided APIs and SDKs to third party developers to allow them to integrate Apple Pay in their apps. This has seen Apple Pay integrated in a number of payment systems, especially in the case of in-app purchases. More and more banks have been able to integrate Apple Pay thanks to the APIs.“ —————– |
Source: MEDICI, Fintech Enabler Website
Figure 1: Life and Apps Intertwined.
Source: Marmore Research
However, open data sharing by institutions, data collection and analysis is not risk proof altogether. Issues like consumer consent, data-protection, data-safety, limits to sharing with third parties, validation and ever rising threat of massive data-breaches, data-hacks and data-compromise will shore up. Financial institutions may rightly be worried about allowing third-party vendors, some without any prior business relationship, to access data that leads back to their systems of record. And to make this work, banks need to begin where they feel comfortable, such as by creating APIs that support their internal development (Open Legacy and Open Innovation website ). This is the area where regulations and regulatory bodies sweep in attempting to redress consumer and their data concerns.
Adoption in the GCC ICT Ecosystem
In pursuit of having stronger digital partnerships, Kuwait Based Zain telecom, launched its APIs (with Google Cloud acting as API platform provider) in a bid to connect its operating companies across the region onto a single enablement platform (CommsMEA website). The primary objective of launching APIs across the region is to achieve greater agility and consider new market opportunities.
According to Strategy& and Siemens 2017 survey, only 3% of surveyed companies (306 companies from Qatar and UAE) are at the advanced stage of digital transformation, and only 18% of these companies use cloud computing(Strategy& Siemens Survey website). The pace of digitization is sluggish in many parts of the region, both in public and private sectors. There is a huge potential for digitization in sectors such as transportation sector (including airports, airlines, and public transportation companies) (Strategy & PwC Report 2017).
Slow pace of digitization implies less spending on IT infrastructure and thereby low advancement of process of digitization. But at the macro level, Information and communication technology spending across the MENA region recorded growth of 2.7% on year-on-year basis, reaching more than USD 230bn (International Data Corporation 2018). As the pace of digitization picks up in the future, more and more APIs will be launched. APIs generally help bring customers to a single entry point across platforms and regions. However, with the growth in APIs to unify multiple digital platforms and services, the question of how to effectively protect data integrity and privacy will keep growing.
Some international developments offer a leading indicator of what to potentially expect as trends for the future. For e.g., new compliance requirements, such as the Payment Services Directive version 2 (PSD2) and the European General Data Protection Regulation (GDPR) are handing more power back to the consumer, giving them more control over how and who they transact with and what happens to their personal data.
GDPR, for example, will give European consumers more control over their personal data and the information organizations can collect on them, while also setting out regulations to enforce better protection of such information. GDPR specifically stipulates that when it comes to organizations gathering or sharing information on consumers, “opt out” measures are no longer sufficient. Instead, consumers will have to “opt in” to share their information or receive communications, and they will be able to expressly say whether or not their data can be shared with third parties.
Payment Services Directive 2 will fundamentally change how consumers access their financial data as well as how, and with whom, they transact. At the moment, consumers holding accounts at multiple institutions need to log into each account via that institution’s digital interface, whether this is via a mobile app or an online portal. But to promote competition in financial services and improve ease of use for consumers, PSD2 makes provision for data aggregators, which allow for a single view of accounts at multiple providers (insurance companies, payments services, credit card issuers, mortgage lenders, etc.). All account information, all financial products, and all transactions will be visible on a single dashboard. To make this possible, PSD2 will require banks and other financial service providers to open their data and payment initiation capabilities to third parties.
In conclusion, it can be said with confidence that financial services entities in the GCC will increasingly join forces with FinTech companies through open APIs. How regulators cope with this development will be an interesting space to watch.
Never miss a patch or an update with Marmore's Newsletter. Subscribe now!
The convergence of technology and finance is reshaping the GCC Financial Ecosystem. The blog explores key players, regulatory framework and market dynamics of Fintech in the GCC region.
Read MoreThe blog examines the impact of cyber attacks on financial institutions and the resiliency of GCC banks compared to their global counterparts
Read MoreThe blog discusses how net interest margin of Kuwaits banks has moved across interest rate cycles, in light of awaited policy rate cuts.
Read More