Opening new doors to possibilities within APIs

Application Programming Interfaces (APIs) are not new. Software has always depended on these subroutines, protocols, and tools to build applications. It offers a clearly defined pathway for different software components to communicate and share data.

Recently, APIs have taken on a new meaning. As more open APIs enter the market, firms are now able to get and exchange information between partner tools and third-party startups. They promise a new era of collaboration and co-creation.

It is already occurring in the Financial Services Industry (FSI). Industry regulators, like the Monetary Authority of Singapore (MAS), are encouraging the sharing of information between incumbents and Fintech startups through Open APIs. MAS co-published an API Playbook with the Association of Banks in Singapore. It took a step further on November 11, 2016, by publishing 12 APIs to broaden the opportunities for FSI players and Fintech companies to serve the public better.

At a recent roundtable, organized by Enterprise Innovation and hosted by NCS, senior executives from financial institutions across Singapore discussed API development for FSI, and how the players view APIs’ rising importance. 

Delegates to the roundtable on "Realizing the commercial possibilities of API"

Photo caption: Delegates to the roundtable on "Realizing the commercial possibilities of API"

Understanding the API advantage

Video 1: Open API versus Closed API

Source: Enterprise Innovation, 2017

Kenneth Wong, Practice Director, Strategic Domains Consulting, FSI, NCS, began by examining the reasons for APIs becoming vital.

“The growth and rise of Fintech and high demand for new banking and insurance services are driving financial institutions to look at how partner with third parties by actually publishing some of APIs for consumption and create new avenues for revenues,” said Wong.

Fritz Perpignand Jr, Director, Information Technology, Credit Suisse AG agreed. “We typically develop new applications on APIs because they are more agile and [offer] new capabilities for improving the user experience. Regarding managing the infrastructure, we like to leverage APIs to let users get the information they need,” he said.

APIs simplify collaboration with partners, Lim Koon Chai, CIO, Sompo Insurance Singapore Pte Ltd pointed out.

“It allows interaction with both internal and external parties,” Quy Doan Do, Head of Front Office Technology, Global Markets, BNP Paribas added.  

They also allow firms to find new synergies.

APIs enable companies to collaborate together with partners and external organizations more efficiently. The net effect of this simplicity is improved business speed. One delegate noted that once you have simplified [integration], the speed to get business going is a lot faster.

Panchal Ravi, Lead Architect, FSI, NCS highlighted that APIs offered two main benefits—efficiency and reusability. “If you think in those terms, you will want everything to be API driven,” he added.

The case for standardization

Video 2: Technical and operational challenges when executing Open API strategy

Source: Enterprise Innovation, 2017

However, the lack of an industry standard framework is becoming a hurdle to the rapid adoption of APIs.

Participants to the roundtable recognized that Fintech partnership is a way forward for most financial institutions. One delegate, however, raised the need for an industry framework that answers the liabilities concerns, the role of regulators and RegTech, and funding.

A lack of standards can lead to chaos cited another delegate to the roundtable.

Mahendra Singh Rathore, a senior executive at a regional bank based in Singapore concurred. “Standardization is the biggest limitation. To come up with an API that can work anywhere, you need first to get the process standardized,” he said, adding that firms need to examine their daily processes.  

It is also an industry effort that needs to occur now pointed David Tam, CIO, Liberty Insurance Pte Ltd. “The whole purpose of APIs is to get systems to talk to each other. It remains to be seen how as an industry we are going to come together and find out how we should talk to each other. And if we do not address it now, it will only get messier,” he added.

Communicating the benefits

For standardization to occur, you need IT and business to collaborate. It means the business value needs to be fully appreciated by business users in a way that they understand.

Francis Seo Wei Ming, Head of Distribution Risk & Compliance, Great Eastern Life Assurance Co Ltd noted that it is important to understand the business benefits. "I think it is important for the business to understand the capabilities and some fundamental knowledge on how it works,” he said.

All participants agreed that it was important for all stakeholders, from the senior management to the staff and external partners, to understand the value of APIs. One way was to explain APIs based on business benefits.

“We need to approach it from the business perspective, especially on how it makes it easier to work with [external partners]. And once they know that APIs are reusable, they will be able to see the benefits because they can use them to build the next partnership,” Sompo Insurance Singapore Pte Ltd’s Lim said.

However, participants agreed that explaining APIs to business partners was not easy. Business partners tend to focus on hitting revenue targets. The challenge is to show how APIs will be able to get them that.

In addition to its potential to introduce new revenue streams for the business, Vijay Chotturam, Vice President, Technology Solutions Asia-Pacific, TD Securities also added that “a comprehensive, cross-disciplinary API strategy can help the company expand its market share as well as reduce cost through enhanced operational efficiencies and the capability to benefit from skills and expertise from outside the original core development team.”

For Prashant Agarwal, Director EDGE, Group Innovation, AIA Group, it was time the IT team took the initiative to learn how to articulate API benefits, instead of waiting for business to understand it.

“It requires you to be able to take the lead and understand how the business works. Secondly, it should be usable and useful for the parties are going to work. So, people should want to use them to create value,” he added.  

Tackling security fears

Another critical area that FSI players worry was API security. It was not just about building more secure APIs either. For example, participants queried how one could ensure that data and application security was not compromised by third parties? Some participants also raised questions about addressing liabilities, especially who would be accountable when a data breach occurred.

One participant suggested that the first step to mitigating these risks was to have the right security framework.

Here, NCS’ Ravi saw MAS’ efforts pointing the industry in the right direction for API security. “API development will require a security standardization. The MAS document has given a starting point for API security. They have even given what should be mandatory and what is desirable,” he said.  

NCS’ Wong observed that security has always been primary concern; API security should not be looked at as a separate issue but holistically.

“Your approach needs to be consistent across the board, whether you are using APIs or non-APIs to connect systems. You should not be reinventing additional steps [for security] with APIs. And you need to choose the right platform to manage the APIs,” he added.
Key takeaways

Video 3: Determining if your API strategy is sound

Source: Enterprise Innovation, 2017

Overall, the discussion highlighted three areas where firms can bolster their API development.

The first, which all participants agreed on, was having an API strategy in place. The strategy must also be comprehensive, and is able to protect firm while keeping it compliant with evolving regulations.

You cannot ignore the legacy question, noted participants. Many firms have grown their infrastructure organically, and you cannot rip and replace this processes without creating concerns. Instead, they urged firms to examine ways to integrate modern APIs with legacy systems and processes without compromising performance, data security policies and business continuity processes as the next step.

Lastly, they noted that APIs can be a double-edged sword. By making it easier to “interface” with partners and customers, they offer immense benefits as well as risks. Participants noted that firms need to understand this when inking their API strategy and driving their development. Working with an established partner is well advised.