As new regulations and standards emerge as a result of the demand for better user experiences, digital payments, and data messaging, application programming interfaces (APIs) figure to play an increasingly important role in helping financial institutions and fintechs adapt to the changes.
Organizations charged with regulating and standardizing financial activity have struggled at times to keep up the banking dynamics.
However, as regs and standards have transformed the banking environment so have financial institution and technology providers needed to retool systems.
Reg Topics on the Banking Watch List
Among the topics presented in Deloitte’s “2022 banking Regulatory Outlook,” report on the evolution of banking.
Regulatory perimeter. Certain banking activities are always subject to federal oversight and fall within the regulatory perimeter of the Federal Reserve Board (FRB), Federal Deposit Insurance Corporation (FDIC), Office of the Comptroller of the Currency (OCC), Consumer Financial Protection Bureau (CFPB), and the Financial Crimes Enforcement Network (FinCEN). At the center is the FRB’s role in granting access to the U.S. payment system, including Fedwire and reserve accounts. Some regulators perceive non-bank fintech activity as essentially unregulated.
Governance and core risk management. “Over the past 18 months there have been several headline-grabbing governance, risk management, and control failures in financial services that resulted in nearly $14 billion in financial damage and public enforcement action,” the white paper reported. These events show that financial institutions have work left to shield themselves from “risks arising from operating cross-border businesses and legal entities, sustainably operationalize core risk management frameworks, principles, and requirements within the operating model and enable culture of their organizations to outcomes.” To deliver financial services in a safe and sound manner requires strong governance.
Consumers and consumer protection. The expectation is that banking and financial regulators will accelerate consumer-related supervision and enforcement activities. This increased scrutiny affects financial institutions, and entities operating at the edges of the regulatory perimeter such as fintech companies and technology companies.
Data infrastructure and technology resilience. “More than ever, data is critical to identify and manage emerging risk and develop risk mitigation responses.” For example, the need for near real-time data has increased for banks to comply with regulatory requirements (e.g., stress testing and standardized reporting) and supporting risk management, for supervisors to make evidence-based policy decisions, and as a critical asset needed to identify and manage emerging risks and develop risk mitigation responses. To address these problems, banks are shifting from siloed approaches and moving to an enterprise approach for storing data such as developing target-state architectures that bring data from approved data sources (ADS).
Third-party risk management. The FFIEC issued its “Authentication and Access to Financial Institution Services and Systems” guidance, which provides banks with examples of effective authentication and access-risk management principles and practices for customers, employees, and third parties that access digital banking services and information systems. To attain and sustain compliance, financial institutions must oversee regulatory deviation across agencies and jurisdictions, which could add to the complexity and slow the speed of information flow.
The Deloitte report emphasized the continuing expansion of the banking ecosystem and heightened use of outsourcing as increasing and highlighting the importance of a bank’s third-party risk management (TPRM) capabilities. Besides the perimeter, service providers TPRM programs require enhanced governance, monitoring, and compliance with applicable laws and regulations (which, in some cases, may be extraterritorial for the service provider).
NIST Addresses Open Banking
The National Institute of Standards and Technology (NIST) closed a public consultation on March 3, 2022 on its “Cybersecurity Considerations for Open Banking Technology and Emerging Standards” report, which detailed the advantages of open banking.
“Ecosystems are intended to provide new choices and more information to consumers, which should allow for easier interaction with — and movement of money between — financial institutions and any other entity that participates in the financial ecosystem.”
The report added that open banking “also aims to make it easier for new actors to gain access to the financial sector (e.g., smaller banks and credit unions), (which) is already in use in various countries,” NIST said in its report.
NIST also suggested that open data standards are important when considering API access. “Dashboard tools could help customers perform various transactions, aggregate information for analysis and optimization, set activity alarms, and so on.”
Helping to Deliver the Right Message
As the demand and adoption of more digital payments has grown, subsequently, so has the need for better data messaging to support transactions in the back office.
More contemporary payments networks are moving towards the International Organization for Standardization’s ISO 20022 standard, a multi-part international standard for describing and transmitting information about financial services
The ISO 20022 design functionally supports old data messaging standards, while still adding attributes that resolve any possible ambiguity remaining in the data contents. However, while integrating ISO 20022, any older messaging standard may not maintain the enriched data offered by the new standard, so until the switch is complete, there may be an interim period with some limitations.
Some networks shifting to ISO 20022 include:
- The Clearing House’s Real-Time Payments (RTP) network and The Clearing House Interbank Payments System (CHIPS) clearing system look toward a mid-2022 sign on date.
- The Federal Reserve proposes FedNow’s ISO 20022 specs operational in 2023; and Fedwire Funds Service’s implementation of ISO 20022, originally scheduled November 2023, now set for 2025’s first quarter.
- The Society for Worldwide Interbank Financial Telecommunications (SWIFT) begins its migration journey to ISO 20022 in November 2022.
Easing the Changes
The good news is that different third-party organizations will provide portal services to real-time data via APIs to mitigate financial institutions’ regulation/standardization complexities.
That falls in line with the growing number of financial institutions seeking an open-banking/fintech partnership to stay competitive. Many already utilize APIs to provide real-time and same-day banking services; and big data access.
NXTsoft helps find the right APIs with its OmniConnect Platform, an open banking marketplace for all API needs. NXTsoft has connectors built for as many as 40 different core accounting systems including systems from Fiserv, Jack Henry and FIS and established connectivity to numerous Fintech partners.