With open finance increasingly coming to the public’s attention in Switzerland, discussions on API standards are accelerating. In July, industry trade group Swiss Fintech Innovations (SFTI) released a whitepaper outlining key considerations to address in regards to data security and data protection.

The whitepaper, produced by SFTI’s Common API working group, looks at different aspects of API security, provides examples of solutions already in use internationally and gives recommendations relevant to the Swiss ecosystem.

According to the paper, industry participants and SFTI members are open to using SIX’s bLink platform as the trusted intermediary. The platform would take the role of a hub through which banks and third-party providers connect with each other.

It notes that the majority of banks prefer the platform approach of bLink and many have already established a connection with the platform.

Launched in May 2020, bLink is a platform for standardized interfaces to financial institutions as well as software and service providers. Using bLink’s APIs, they can connect and exchange data to offer new services to their customers, such as the processing of account information and payment order directly from in an accounting software.

Currently, four banks and third-party providers are offering the services “Account Information (AIS) for accounting solutions and financial institutions” and “Payment Submission (PSS) for accounting solutions and financial institutions”, allowing users to automatically reconcile their bank accounts with online accounting software: Credit Suisse, UBS, Zurcher Kantonalbank and KLARA.

In a digital service ecosystem with a dynamic number of participants, a so-called trusted central authority (TCA) is needed to ensure that the rules of the game are defined and complied with, the SFTI paper says. This way, collaborations can be centrally facilitated, since, otherwise, peer-to-peer (P2P) negotiations, clarifications and coordination would be necessary.

An initial multi-banking proposition

API security addresses the protection of confidentiality, integrity, and availability of APIs respectively the corresponding services and information. It’s key to protecting users’ data all the while ensuring the smooth and secure transfer of critical data to take full advantage of open finance.

In regards to API security, the SFTI paper says that members are open to taking the steps towards a planned multi-banking minimum viable product (MVP) with bLink, while keeping an eye on international efforts and eventually reviewing the chosen procedure again at a later time to make appropriate adjustments.

Unlike jurisdictions like the European Union (EU) or Australia, no regulatory rules determine the implementation of open banking in Switzerland.

Instead, industry participants have taken a concerted approach towards implementing the concept and setting uniform industry standards.

Consortia like SFTI’s Common API working, and the Open Banking Project bring together numerous banks and third-party providers alike to define standards in areas such as payment services, lending and pensions, and promote their wider application.

In addition, several individual initiatives have been launched, which, in addition to the SIX bLink platform, include Avaloq.one, the Finnova Open Platform, the Lenzburg/Finstar Open Banking platform and the Swisscom Open Banking Hub.

For financial institutions and market participants, the lack of stringent rules provides them with the possibility to design themselves the conditions for open banking and experiment as they go.