By Malin Fiedler, Timo Mauerhoefer, Nils Motsch, and Henning Soller
It’s no wonder banking-technology executives, including CIOs, chief architects, and CTOs, are exponentially increasing their use of application programming interfaces (APIs). With their ability to support interconnections among all manner of devices, applications, and data, APIs facilitate a growing range of internal and external bank strategies and activities. At a recent “APIs in Banking” roundtable hosted by McKinsey, participants from more than a dozen leading global banks and smaller regional institutions exchanged updates on their plans for using APIs and their progress to date.
Of course, most banks still rely heavily on complex legacy systems, so leveraging APIs to tap into the functionality and data embedded in them can be challenging, especially compared with companies, including some banks, that were born in the digital age. Nonetheless, banks increasingly view these multipurpose tools as true enablers of business value.
Banks often initially adopt APIs to comply with regulations, such as Europe’s Payment Services Directive 2 (PSD2), which aims to make electronic payment services more secure while also propelling innovation as part of a shift to “open banking.” PSD2 requires European banks to expose their APIs so that other banks and fintechs can access their customer data related to payments, accounts, loans, and more. Similar regulations are emerging in most other regions, including, for example, a recently instituted open-banking regulation in Brazil and a new fintech law in Mexico.
Banks also increasingly rely on APIs internally to reduce costs and complexity associated with IT integration, freeing up change capacity by as much as 30 percent. According to a 2020 McKinsey global survey on APIs in banking, roughly 75 percent of banking APIs are used for internal purposes, and banks plan to double the number of internal APIs within five years (exhibit). Nearly 20 percent of banking APIs are used externally to support integration with business partners, including suppliers. Banks also have plans to double the number of these APIs by 2025. Finally, 5 percent of banking APIs are used externally to generate revenue. Banks plan to triple the number of these “public APIs” by 2025. External APIs also support new business models, including orchestrating or participating in ecosystems.
Although the number of public banking APIs is proportionately small, McKinsey research found that 75 percent of the top 100 banks globally have made public APIs available. For example, the consumer division of one financial-services multinational launched a global API hub where developers can share best practices. A leading US investment bank is using APIs to help clients monitor customer sentiment and respond proactively based on the insights gathered. Another US bank has an open portal where developers can access and implement financial solutions for customers, such as direct payments or budgeting and planning.
Among the insights gleaned from the roundtable, a class of banking API leaders is emerging based on the sophistication of their API efforts across the four dimensions of strategy, operating model, technology, and people and on the tangible value they are deriving from their use of APIs. The banks whose API usage is most mature are based in the European Union and North America. Banks in South America and Asia still typically use APIs primarily to comply with local regulations akin to PSD2.
Hallmarks of banking API leadership
Banking API leaders have shifted from an unstructured to a programmatic approach to APIs and have distinguished themselves along the four dimensions of strategy, operating model, technology, and people:
- API strategy: Banking API leaders no longer view APIs simply as technical tools. Their ambitions extend even beyond monetizing APIs to using them to enable entirely new businesses through third parties and collaborations. For example, a bank may enter into an agreement with an insurer to offer an insurance product for small and medium-size businesses. IT and the business work collaboratively to craft a clear API strategy that supports the business’s priorities, and they develop a comprehensive road map for internal and external APIs.
- Operating model: Leading API operating models reflect a cohesive rather than a siloed approach to delivering the API strategy while also maintaining clear ownership of each API along the entire life cycle, from creation to decommissioning. Moreover, funding and governance are designed to promote API usage that is in line with the overarching business strategy. A leading “all-digital” European commercial and retail bank attributes its success with APIs in part to a fully dedicated product team that is driving development of a new API platform.
- Technology: Several banks have had success by starting small with a few internal APIs and then scaling from there. Now they are consolidating access in a single internal—and, with added layers of security, external—developer portal, with clear standards to ensure reusability and scalability. To support “compliance by design,” one bank has fully automated the documentation process by generating it from code.
- People: Building new capabilities is an ongoing challenge for most banks. A bank in the United Kingdom is using gamification as a fun and effective way to increase adoption of APIs and build technical capabilities. The bank rewards the team that builds the most-used API with badges or even monetary incentives and has seen usage of the API portal increase significantly. This approach has enabled the bank to quickly scale API usage, which fosters an API-first culture, and to speed the replacement of legacy integration technology.
The maturation of APIs in the banking sector continues, with leaders distinguishing themselves across multiple dimensions in ways that others can study and follow. The versatility of banking APIs suggests that they offer still-untapped sources of value and will be part and parcel of banks’ strategies to grow and expand their value pools.
Malin Fiedler is a consultant in McKinsey’s Frankfurt office, where Timo Mauerhoefer is an associate partner and Henning Soller is a partner. Nils Motsch is a consultant in the Munich office.