Open API banking: New framework, threats, and opportunities in Japan
Key research questions
- Why the focus on open APIs?
- What is the regulatory framework for open APIs in Japan?
- How can companies approach open APIs given their potential to be both a threat and an opportunity?
The open API will be a powerful trigger for the value chain revolution sure to take place in the Japanese banking and financial services industry.
When financial institutions disclose application programming interfaces (APIs) to third-party providers (TPPs), the biggest system risks concern issues such as data leakage/tampering, illegal transactions, and more. API is a new communication path for information systems, but it could be misused. There is also a possibility that data included in the user’s account information and settlement instructions will be exposed to the risk of leakage/tampering via TPPs. In response to this risk, various discussions emerged from the viewpoint of financial institutions, TPPs, and users regarding risk types and convenience with respect to the service form of TPPs and the data transmission and reception methods that have been mainstream in Japan so far. The outcome of the discussions was a shift from the legacy screen scraping method to open APIs and token authentication. The screen scraping method will no longer be accepted in the Japanese market in the future.
Open API framework in Japan
Sources: Bank of Japan, Japanese Bankers Association, Celent