SlideShare a Scribd company logo

An Entry Point to Impactful Open Banking Architecture

WSO2
WSO2

Watch the on-demand webinar here: https://wso2.com/library/webinars/an-entry-point-to-impactful-open-banking-architecture/ Description: Banks in Europe, the UK, and Australia have been hard at work prototyping new use cases and operating models that leverage open data and collaboration. In regions like Africa, Latin America, and South and Southeast Asia, we are seeing customer demand and shifting expectations drive increased adoption of open banking models, even where regulation doesn't explicitly require it. A growing number of fintechs and “challenger banks” have emerged seeking to capitalize on customers looking for easier and more intuitive financial experiences. In this deck we’ll cover how you can make the most of these developments and invest in the long term. Discussion topics include: Open banking fundamentals as relevant to systems design with reference to PSD2 specifications and the Australian Consumer Data Standards, along with related concepts from the GDPR regime. Open banking reference architectures to create adaptable open APIs, open data, and open platforms for technical and business agility. Leveraging internal capabilities and data to craft a competitive advantage. Beyond open banking - Banking Product Design Canvas, the Banking 4.0: Digital Factory, and the SMB Capability Uplift.

Related slideshows

Open banking-Future of Banking
Open banking-Future of BankingOpen banking-Future of Banking
Open banking-Future of Banking
 
Open Banking Report Executive Summary
Open Banking Report Executive SummaryOpen Banking Report Executive Summary
Open Banking Report Executive Summary
 
National payment system architecture
National payment system architectureNational payment system architecture
National payment system architecture
 
1 of 31
Download to read offline
An Entry Point to Impactful Open Banking Architecture May 28, 2020
Hello! Dassana Wijesekara Director, Solution Architecture dassana@wso2.com
WSO2 Inc. Copyright © 2020 All rights reserved. This document or any portion thereof may not be reproduced or used in any manner whatsoever without the express written permission of WSO2. Agenda ● Global Open Banking Patterns ● Reference Architecture - PSD2, CDR, Mexico, Brazil ● Journey of an Open Banking Project ● Lessons Learnt ● Beyond Open Banking 3
Global Trends
WSO2 Inc. Copyright © 2020 All rights reserved. This document or any portion thereof may not be reproduced or used in any manner whatsoever without the express written permission of WSO2. Open Banking Across the World 5 9 Canadian National Debt Payment Framework 8 Mexico Fintech Law Open Banking for Brazil Banco Central do Brasil 10 Open Banking UK (OBUK) 1 Smart Nation Singapore Finance-as-a-Service Initiative Open Banking Foundation Nigeria 7 Consumer Data Right (CDR) that covers multiple industry verticals (banking, telco, energy) 5 NZ payments and Accounts API Standard - PaymentsNZ 6 3 Open API Program for Banking Hong Kong Monetary Authority (HKMA) 4 European Union (PSD2) 2
WSO2 Inc. Copyright © 2020 All rights reserved. This document or any portion thereof may not be reproduced or used in any manner whatsoever without the express written permission of WSO2. Conceptual Evolution of Open Banking 6 Payments Payments + Retail Banking 2003 2007 2015 2019 2020 Open API Framework + Phased Approach Consumer Data and Payments PSD1 (EU) PSD2 (EU) GDPR“Open Innovation” Concept OB UK CDR Australia Monetary Authority of Singapore (MAS) Hong Kong Monetary Authority (HKMA) Brazil Fintech Law 20182016 Finance-as-a-Service + API registry Consumer Data - Across Many Industry Verticals
WSO2 Inc. Copyright © 2020 All rights reserved. This document or any portion thereof may not be reproduced or used in any manner whatsoever without the express written permission of WSO2. What are the Drivers? ● Reduce friction ● Fair competition ● Collaboration ● Improved consumer experience 7
Reference Architecture
WSO2 Inc. Copyright © 2020 All rights reserved. This document or any portion thereof may not be reproduced or used in any manner whatsoever without the express written permission of WSO2. Maturity—Digital Transformation ● Maturity of business ● Maturity of technical leadership and engineering organization ● Maturity of systems ● Quality of data and clarity of processes ● Depth of understanding—compliance 9
WSO2 Inc. Copyright © 2020 All rights reserved. This document or any portion thereof may not be reproduced or used in any manner whatsoever without the express written permission of WSO2. Maturity—An Example 10 Embrace Open standards Data Science- Focused Startup Culture API CoEEcosystem Agile, Independent Teams Maturity Product Manager Innovation Manager Architect Compliance Manager Data Architect Full Stack Engineers Business Analyst Strong focus on 1. Agility 2. Being consumer-centric 3. Innovative business models ● POS financing ● SME real-time lending
WSO2 Inc. Copyright © 2020 All rights reserved. This document or any portion thereof may not be reproduced or used in any manner whatsoever without the express written permission of WSO2. High-Level Platform Architecture 11 Digital Banking Core Banking Payments Risk & Fraud Audit & Disputes API Gateway (Dedicated or Transient) Developer Portal API Analytics Monetization Identity & Access Management “Strong Customer Authentication” Client Registry Metadata Management Consent Regulator Sandbox Integration & Messaging security / Reporting TPP or ADR Developer Engagement
WSO2 Inc. Copyright © 2020 All rights reserved. This document or any portion thereof may not be reproduced or used in any manner whatsoever without the express written permission of WSO2. Consumer Data Integration 12 Integration & Messaging StandardInterface Consumer Account Product Payments Transactions Compliant Broker Local/Cloud Adaptor Connector Internal Gateway Monolith File Types System Roadmap SQL Datamodel Microservices Protocol Service Mesh Multi-Version Distributed Lifecycle NoSQL Non-Standard e.g: Apache Kafka, IBM MQ e.g: MS Excel, CSV, txt e.g: IBM AS/400, IBM Z360, UltraData, Finacle e.g: Oracle DB, Snowflake, Cassandra API Event File System Persistence Store
WSO2 Inc. Copyright © 2020 All rights reserved. This document or any portion thereof may not be reproduced or used in any manner whatsoever without the express written permission of WSO2. Consumer Data Integration—Challenges 13 ● Performance ● Availability ● Data model unique to the bank / system ● Access ● Non-standard interface ● Ownership Circuit Breaker Data Lake Inflight Transformation
WSO2 Inc. Copyright © 2020 All rights reserved. This document or any portion thereof may not be reproduced or used in any manner whatsoever without the express written permission of WSO2. KYC—Identity & Consent 14 Identity Store Integration Identity Federation Identity Bridging Entitlement IdentityInterface Consent Management External Identity Store Persistence Store Cloud System IdP Client Register LDAP / AD DB Digital Banking ISAM Core Banking Non-Standard API {SAML SSO, OIDC, SCIM} Consent Register
WSO2 Inc. Copyright © 2020 All rights reserved. This document or any portion thereof may not be reproduced or used in any manner whatsoever without the express written permission of WSO2. API Gateway 15 Elastic Scaling Control Plane Developer Content Synthetic DataMicro API Gateway Infosec API Monetize Structural Conformance Support Open Standards Partner (Commitment) Open API API Sandbox API Marketplace Services Micro API Gateway Micro API Gateway Spec. Version Handling Query & Pagination Other APIs Voluntary Data gRPC / GraphQL API Analytics Data Plane
WSO2 Inc. Copyright © 2020 All rights reserved. This document or any portion thereof may not be reproduced or used in any manner whatsoever without the express written permission of WSO2. A Reference Architecture 16 : OTP, Multifactor Auth : Identity Federation : Consent (ODC 1.0 Hybrid flow, FAPI-RW, public_key_jwt) : Throttling : Structural Conformance : API Security : Caching : API Usage Events DCR API Banking API Common API AdminAPI Data LakeADR API Sandbox API Marketplace API Analytics Dashboard Infosec API Identity Meta Store Certificate Store Metadata Cache ADR Registry SSA Validation API Token Lifecycle Management JWKS Cache Consent Admin Consent Selfcare ConsentAPI : Mediation : Protocol Switching : Payload Transformation (All EIP Supported) Fraud Dispute Resolution Data Services Notification Proxy ADR Registration Token / Revoke CDS Datasets Common Datasets Regulator Get Metrics Metadata Update getStatus JWKS Endpoint Metadata Cache Update Digital Banking System SMS Endpoint SMTP Endpoint
The Journey (Not a Destination)
WSO2 Inc. Copyright © 2020 All rights reserved. This document or any portion thereof may not be reproduced or used in any manner whatsoever without the express written permission of WSO2. Navigation Path and Waypoints 18 1 2 3 4 5 6 7 n Contract Negotiation Design Workshop Implementation Test Go Live! Beyond Compliance Bank 4.0 b Regulator Alignment Internal Culture Shift a Partner Alignment c Partner Update Agile 2 3 4 Reciprocal Collaboration c Compliance Date
WSO2 Inc. Copyright © 2020 All rights reserved. This document or any portion thereof may not be reproduced or used in any manner whatsoever without the express written permission of WSO2. The Design Workshop 19
WSO2 Inc. Copyright © 2020 All rights reserved. This document or any portion thereof may not be reproduced or used in any manner whatsoever without the express written permission of WSO2. Cultural Shift 20 ● The startup mindset ● Innovation ● Small, agile, full stack/DevOps team ● Free thinkers & open spaces ● Chaos theory
WSO2 Inc. Copyright © 2020 All rights reserved. This document or any portion thereof may not be reproduced or used in any manner whatsoever without the express written permission of WSO2. Reciprocal Collaboration 21 ● Build community ● Share ideas ● Share resources ● Build IP
Lessons Learnt(Acquired Knowledge) 22
WSO2 Inc. Copyright © 2020 All rights reserved. This document or any portion thereof may not be reproduced or used in any manner whatsoever without the express written permission of WSO2. Key Learnings 23 ● Banks struggle with their incumbent systems ● Re-use what you have ● Buy expertise, not the tool ● Culture needs to change ● Banks adopt a compliance-only mindset—Need support in their digital strategy ● This is digital transformation in disguise
Beyond Open Banking
WSO2 Inc. Copyright © 2020 All rights reserved. This document or any portion thereof may not be reproduced or used in any manner whatsoever without the express written permission of WSO2. The API Space—Value Addition 25 Fintech Developers Partners Additional APIs Support for Eventing Monetization Resources + + Attributes API Compliance Boundary Rich, Performant, Stable API Space
WSO2 Inc. Copyright © 2020 All rights reserved. This document or any portion thereof may not be reproduced or used in any manner whatsoever without the express written permission of WSO2. The Data Space—Value Addition 26 Merchant CodeBiller CodeDescriptionType Transaction Record ID Time Voluntary Data Set Smart LendingReal-Time Credit Scoring Wealth Management Direct Debit Transfer Payment Value Date Posting Date Execution Date 1 2 3 4 Consumer Behaviour Pattern Investment Pattern Choices Relationships Remove PID Deidentify
WSO2 Inc. Copyright © 2020 All rights reserved. This document or any portion thereof may not be reproduced or used in any manner whatsoever without the express written permission of WSO2. The Consumer Engagement Space—Value Addition 27 ● User journey optimization ⦿ Authentic consumer experience ● Cognitive analytics ⦿ Fraud detection ⦿ Risk underwriting ● Artificial intelligence & machine learning ⦿ Robo advice ● Blockchain—Smart contracts
WSO2 Inc. Copyright © 2020 All rights reserved. This document or any portion thereof may not be reproduced or used in any manner whatsoever without the express written permission of WSO2. Cross Domain Aggregation 28 Switching Energy Provider Red Energy Payment Transactions 20202019 Origin Energy Bank (The Trusted Advisor)
WSO2 Inc. Copyright © 2020 All rights reserved. This document or any portion thereof may not be reproduced or used in any manner whatsoever without the express written permission of WSO2. The Bank 4.0* and Beyond 29 ● Incubators and tight collaboration with startups ● Embedded banking ● SME uplift ● The “Banking Experience Canvas” * A term coined by Brett King in his book titled “Bank 4.0: Banking Everywhere, Never at a Bank”.
Question Time! 30
wso2.com Thanks!

More Related Content

An Entry Point to Impactful Open Banking Architecture

  • 1. An Entry Point to Impactful Open Banking Architecture May 28, 2020
  • 2. Hello! Dassana Wijesekara Director, Solution Architecture dassana@wso2.com
  • 3. WSO2 Inc. Copyright © 2020 All rights reserved. This document or any portion thereof may not be reproduced or used in any manner whatsoever without the express written permission of WSO2. Agenda ● Global Open Banking Patterns ● Reference Architecture - PSD2, CDR, Mexico, Brazil ● Journey of an Open Banking Project ● Lessons Learnt ● Beyond Open Banking 3
  • 5. WSO2 Inc. Copyright © 2020 All rights reserved. This document or any portion thereof may not be reproduced or used in any manner whatsoever without the express written permission of WSO2. Open Banking Across the World 5 9 Canadian National Debt Payment Framework 8 Mexico Fintech Law Open Banking for Brazil Banco Central do Brasil 10 Open Banking UK (OBUK) 1 Smart Nation Singapore Finance-as-a-Service Initiative Open Banking Foundation Nigeria 7 Consumer Data Right (CDR) that covers multiple industry verticals (banking, telco, energy) 5 NZ payments and Accounts API Standard - PaymentsNZ 6 3 Open API Program for Banking Hong Kong Monetary Authority (HKMA) 4 European Union (PSD2) 2
  • 6. WSO2 Inc. Copyright © 2020 All rights reserved. This document or any portion thereof may not be reproduced or used in any manner whatsoever without the express written permission of WSO2. Conceptual Evolution of Open Banking 6 Payments Payments + Retail Banking 2003 2007 2015 2019 2020 Open API Framework + Phased Approach Consumer Data and Payments PSD1 (EU) PSD2 (EU) GDPR“Open Innovation” Concept OB UK CDR Australia Monetary Authority of Singapore (MAS) Hong Kong Monetary Authority (HKMA) Brazil Fintech Law 20182016 Finance-as-a-Service + API registry Consumer Data - Across Many Industry Verticals
  • 7. WSO2 Inc. Copyright © 2020 All rights reserved. This document or any portion thereof may not be reproduced or used in any manner whatsoever without the express written permission of WSO2. What are the Drivers? ● Reduce friction ● Fair competition ● Collaboration ● Improved consumer experience 7
  • 9. WSO2 Inc. Copyright © 2020 All rights reserved. This document or any portion thereof may not be reproduced or used in any manner whatsoever without the express written permission of WSO2. Maturity—Digital Transformation ● Maturity of business ● Maturity of technical leadership and engineering organization ● Maturity of systems ● Quality of data and clarity of processes ● Depth of understanding—compliance 9
  • 10. WSO2 Inc. Copyright © 2020 All rights reserved. This document or any portion thereof may not be reproduced or used in any manner whatsoever without the express written permission of WSO2. Maturity—An Example 10 Embrace Open standards Data Science- Focused Startup Culture API CoEEcosystem Agile, Independent Teams Maturity Product Manager Innovation Manager Architect Compliance Manager Data Architect Full Stack Engineers Business Analyst Strong focus on 1. Agility 2. Being consumer-centric 3. Innovative business models ● POS financing ● SME real-time lending
  • 11. WSO2 Inc. Copyright © 2020 All rights reserved. This document or any portion thereof may not be reproduced or used in any manner whatsoever without the express written permission of WSO2. High-Level Platform Architecture 11 Digital Banking Core Banking Payments Risk & Fraud Audit & Disputes API Gateway (Dedicated or Transient) Developer Portal API Analytics Monetization Identity & Access Management “Strong Customer Authentication” Client Registry Metadata Management Consent Regulator Sandbox Integration & Messaging security / Reporting TPP or ADR Developer Engagement
  • 12. WSO2 Inc. Copyright © 2020 All rights reserved. This document or any portion thereof may not be reproduced or used in any manner whatsoever without the express written permission of WSO2. Consumer Data Integration 12 Integration & Messaging StandardInterface Consumer Account Product Payments Transactions Compliant Broker Local/Cloud Adaptor Connector Internal Gateway Monolith File Types System Roadmap SQL Datamodel Microservices Protocol Service Mesh Multi-Version Distributed Lifecycle NoSQL Non-Standard e.g: Apache Kafka, IBM MQ e.g: MS Excel, CSV, txt e.g: IBM AS/400, IBM Z360, UltraData, Finacle e.g: Oracle DB, Snowflake, Cassandra API Event File System Persistence Store
  • 13. WSO2 Inc. Copyright © 2020 All rights reserved. This document or any portion thereof may not be reproduced or used in any manner whatsoever without the express written permission of WSO2. Consumer Data Integration—Challenges 13 ● Performance ● Availability ● Data model unique to the bank / system ● Access ● Non-standard interface ● Ownership Circuit Breaker Data Lake Inflight Transformation
  • 14. WSO2 Inc. Copyright © 2020 All rights reserved. This document or any portion thereof may not be reproduced or used in any manner whatsoever without the express written permission of WSO2. KYC—Identity & Consent 14 Identity Store Integration Identity Federation Identity Bridging Entitlement IdentityInterface Consent Management External Identity Store Persistence Store Cloud System IdP Client Register LDAP / AD DB Digital Banking ISAM Core Banking Non-Standard API {SAML SSO, OIDC, SCIM} Consent Register
  • 15. WSO2 Inc. Copyright © 2020 All rights reserved. This document or any portion thereof may not be reproduced or used in any manner whatsoever without the express written permission of WSO2. API Gateway 15 Elastic Scaling Control Plane Developer Content Synthetic DataMicro API Gateway Infosec API Monetize Structural Conformance Support Open Standards Partner (Commitment) Open API API Sandbox API Marketplace Services Micro API Gateway Micro API Gateway Spec. Version Handling Query & Pagination Other APIs Voluntary Data gRPC / GraphQL API Analytics Data Plane
  • 16. WSO2 Inc. Copyright © 2020 All rights reserved. This document or any portion thereof may not be reproduced or used in any manner whatsoever without the express written permission of WSO2. A Reference Architecture 16 : OTP, Multifactor Auth : Identity Federation : Consent (ODC 1.0 Hybrid flow, FAPI-RW, public_key_jwt) : Throttling : Structural Conformance : API Security : Caching : API Usage Events DCR API Banking API Common API AdminAPI Data LakeADR API Sandbox API Marketplace API Analytics Dashboard Infosec API Identity Meta Store Certificate Store Metadata Cache ADR Registry SSA Validation API Token Lifecycle Management JWKS Cache Consent Admin Consent Selfcare ConsentAPI : Mediation : Protocol Switching : Payload Transformation (All EIP Supported) Fraud Dispute Resolution Data Services Notification Proxy ADR Registration Token / Revoke CDS Datasets Common Datasets Regulator Get Metrics Metadata Update getStatus JWKS Endpoint Metadata Cache Update Digital Banking System SMS Endpoint SMTP Endpoint
  • 17. The Journey (Not a Destination)
  • 18. WSO2 Inc. Copyright © 2020 All rights reserved. This document or any portion thereof may not be reproduced or used in any manner whatsoever without the express written permission of WSO2. Navigation Path and Waypoints 18 1 2 3 4 5 6 7 n Contract Negotiation Design Workshop Implementation Test Go Live! Beyond Compliance Bank 4.0 b Regulator Alignment Internal Culture Shift a Partner Alignment c Partner Update Agile 2 3 4 Reciprocal Collaboration c Compliance Date
  • 19. WSO2 Inc. Copyright © 2020 All rights reserved. This document or any portion thereof may not be reproduced or used in any manner whatsoever without the express written permission of WSO2. The Design Workshop 19
  • 20. WSO2 Inc. Copyright © 2020 All rights reserved. This document or any portion thereof may not be reproduced or used in any manner whatsoever without the express written permission of WSO2. Cultural Shift 20 ● The startup mindset ● Innovation ● Small, agile, full stack/DevOps team ● Free thinkers & open spaces ● Chaos theory
  • 21. WSO2 Inc. Copyright © 2020 All rights reserved. This document or any portion thereof may not be reproduced or used in any manner whatsoever without the express written permission of WSO2. Reciprocal Collaboration 21 ● Build community ● Share ideas ● Share resources ● Build IP
  • 23. WSO2 Inc. Copyright © 2020 All rights reserved. This document or any portion thereof may not be reproduced or used in any manner whatsoever without the express written permission of WSO2. Key Learnings 23 ● Banks struggle with their incumbent systems ● Re-use what you have ● Buy expertise, not the tool ● Culture needs to change ● Banks adopt a compliance-only mindset—Need support in their digital strategy ● This is digital transformation in disguise
  • 25. WSO2 Inc. Copyright © 2020 All rights reserved. This document or any portion thereof may not be reproduced or used in any manner whatsoever without the express written permission of WSO2. The API Space—Value Addition 25 Fintech Developers Partners Additional APIs Support for Eventing Monetization Resources + + Attributes API Compliance Boundary Rich, Performant, Stable API Space
  • 26. WSO2 Inc. Copyright © 2020 All rights reserved. This document or any portion thereof may not be reproduced or used in any manner whatsoever without the express written permission of WSO2. The Data Space—Value Addition 26 Merchant CodeBiller CodeDescriptionType Transaction Record ID Time Voluntary Data Set Smart LendingReal-Time Credit Scoring Wealth Management Direct Debit Transfer Payment Value Date Posting Date Execution Date 1 2 3 4 Consumer Behaviour Pattern Investment Pattern Choices Relationships Remove PID Deidentify
  • 27. WSO2 Inc. Copyright © 2020 All rights reserved. This document or any portion thereof may not be reproduced or used in any manner whatsoever without the express written permission of WSO2. The Consumer Engagement Space—Value Addition 27 ● User journey optimization ⦿ Authentic consumer experience ● Cognitive analytics ⦿ Fraud detection ⦿ Risk underwriting ● Artificial intelligence & machine learning ⦿ Robo advice ● Blockchain—Smart contracts
  • 28. WSO2 Inc. Copyright © 2020 All rights reserved. This document or any portion thereof may not be reproduced or used in any manner whatsoever without the express written permission of WSO2. Cross Domain Aggregation 28 Switching Energy Provider Red Energy Payment Transactions 20202019 Origin Energy Bank (The Trusted Advisor)
  • 29. WSO2 Inc. Copyright © 2020 All rights reserved. This document or any portion thereof may not be reproduced or used in any manner whatsoever without the express written permission of WSO2. The Bank 4.0* and Beyond 29 ● Incubators and tight collaboration with startups ● Embedded banking ● SME uplift ● The “Banking Experience Canvas” * A term coined by Brett King in his book titled “Bank 4.0: Banking Everywhere, Never at a Bank”.