Solution guides

Cloudentity as an Open Banking Enabler

Maybe it is the market that drives your institution to become a member of the Open Banking ecosystem, or maybe it is required by law. Irrespective of what the driver is with the right tools you can achieve compliance faster and with less effort than you think. Learn how financial institutions can get compliant with Open Banking directives with Cloudentity as a data sharing enabler and a consent provider. Whether you look for general information irrespective of the jurisdiction, or directive-specific guidelines, you will find both here!

What is Open Banking?

Open Banking directives are created to enable financial institutions' customers to share their financial data stored in banks with third parties that participate in the Open Banking ecosystem.

The Open Banking Compliance Challenge

Open Banking regulators impose fundamental standards on financial institutions that participate in the OB ecosystem. Each participant must comply with a specific set of rules to ensure user consent, proper interoperability and security standards, as well as align with local customer experience guidelines to make sharing of data seamless and secure.

In the diagram below, you can see how customer’s sign in action triggers the flow of the data between fintech applications and financial institutions.

Right from the start of the flow, fintech applications need to get authorization (consent) from the customer to obtain customer’s personal information (for example, account’s information) being held by the financial institution. Looking at the big picture, you can see that financial institutions need to adjust their system in four main areas:

Open Banking Pillars

  1. Data APIs

    • Used to enable the data to flow between Open Banking participants, for example, APIs to get customer’s available accounts.

    • Adjusted to country-specific regulations

    • Exposed to fintech applications to allow them to request customer’s data, for example, to fetch available accounts

  2. Consent screen and APIs

    • Authorize data sharing consents and payments.

    • Prepared in a way that allows obtaining granular and informed customer consent before sharing customer data with fintechs

    • Ecosystem-specific Consent APIs must be exposed and support the local consent structure.

  3. Access control

    • API access must be controlled to prevent unauthorized access to customer’s data and is handled according to the security standards.

    • Fine-grained authorization is in place and allows to, for example, check if the customer gave their consent to share specified accounts.

    • Tech stacks must be adjusted to technologically cope with elevated security requirements like advanced OAuth profiles, Financial grade API compliance, mTLS for OAuth, Strong Customer Authentication, and much more.

  4. Support for customer journeys

    • All customer journeys, consent acquisition, and consent management variations are defined according to country-specific regulations such as Customer Experience Guidelines.

When financial institutions prepare their systems to fulfill all the requirements coming from the above four Open Banking pillars, very often such institution needs to make a technological advancement. Financial institutions must be prepared not only to adjust their software to be a part of a microservice mesh, but they must ensure the security and scalability of their solution. Additionally, each component of the destributed architecture must work flawlessly in terms of the interoperability to achieve proper and seamless communication between the system components.

Open Banking ecosystems grow at a huge scale. Individual components not only must be able to integrate with one another, but they also need to scale. For example, when UK Open Banking marked 4th year milestone, cumulative growth of the ecosystem was equal to 4.5 million regular users and noted, for example, more than 500% of increase in the area of online Open Banking payments.

Comply with Open Banking using Cloudentity

To be compliant with Open Banking directives it is not easy. We get it, however, we believe that with the right tools you can become a member of the Open Banking ecosystem faster and with less effort than one could think. It is very likely that your institution already has data APIs and you have the tools and resources to adjust them to make them Open Banking compliant. The bigger challenge is to get customers' consent and secure your data APIs with access control measures required by a particular directive. When you integrate your system with Cloudentity, all you need to do is to prepare your data APIs, as we handle the rest.

TLDR: What Cloudentity is

Cloudentity is a cutting-edge service that provides Identity and Authorization for applications. It makes sure that your data access is controlled across the entire application journey; from integrating identity data to ensuring that every API request is authorized, authenticated, and governed.

The Cloudentity platform is built having Open Banking in mind. In the context of Open Banking, Cloudentity is an information security (InfoSec) provider. We provide the mix of consents, authorization, and access control for APIs. Our workspaces can contain pre-built authorization servers that are compliant with various Open Banking directives like Open Banking UK, Open Banking Brazil, and more. We support all Open Banking customer journeys and we deliver consent APIs that you need to get customers' consents.

To learn more about Cloudentity, see Overview article.

When using Cloudentity as your InfoSec provider:

  1. You do not need to worry about implementing advanced access control (authorization and enforcement) tools.

    • We deliver fine-grained authorization (consent) capabilities which means that customers will have a direct control over the data they share. For example, consent can be limited to only one of many customer’s accounts.

    • Cloudentity provides FAPI compliant authorization servers which can be set to a profile compliant with a specific Open Banking directive where your developers, fintech companies, and partners can register their applications, issue tokens for service consumption, and more.

      FAPI? Not a problem

      Financial Grade API is a security and interoperability profile closely aligned with OAuth framework. It becomes a global standard adopted by most of the Open Banking jurisdictions. As Cloudentity is FAPI-compliant, we can easily help you achieve the same.

      If the innitiative your financial institution is driven towards does not require FAPI-compliance, do not worry. Your solution can be easily adjusted to include latest security standards and practices like OAuth grant types, client authentication methods, and more.

    • Cloudentity authorization servers support various OAuth and OIDC authorization grant types and client authentication methods.

    • We can leverage the authentication factors your financial institution uses to fulfill the requirement of Strong Customer Authentication (that some of the directives require).

    • Cloudentity comes with a built-in policy engine responsible for enforcing authorization policies on application and request levels.

    • You get two authorization policies types: Cloudentity policies with a built-in UI editor and OPA policies written in REGO language.

    • You can integrate major API gateways and Service Meshes to discover your APIs within the Cloudentity platform using our Authorizers and enforce all access control measures for your APIs.

    • Use Cloudentity multi-tenancy model to spin up multiple authorization servers. If your bank has branches in multiple countries and needs to follow different directives, this is a way to go! Additionally, you can have different tenants for development, testing, and production environments.

    • We provide a developer portal functionality that allows the developers to register and manage their client applications. Additionally, applications can be dynamically registered with the use of Cloudentity APIs compliant with various OB reforms.

  2. You can use Cloudentity Consent APIs compliant with Open Banking UK, Open Banking Brazil, and Australian Consumer Data Right reforms.

    • You do not need to develop APIs like getting consents, accepting or rejecting consents, revoking consents, and more. They are ready at hand and you can start building consent pages right away.

    • We support various strategies for acquiring consent including redirect flows, decoupled flow, CIBA, and app to app method.

    • We deliver a fine-grained consent application that you can easily integrate with. For example, you can fetch customers accounts that are displayed on the user’s screen. You can brand the consent application or adjust it in any way with ease - it’s Open Sourced!

    Need a Sandbox? Check out Open Banking Quickstart Project

    Cloudentity delivers Open Sourced Open Banking Quickstart GitHub project that you can use when creating your applications for a better understanding of how the Open Banking data sharing flow works and how you can integrate with Cloudentity platform.

    The Open Banking Quickstart project simulates an open banking ecosystem that consists of data recipient’s fintech application (Financroo) and financial institution (Go Bank). Go Bank exposes OB Data APIs and utilizes Cloudentity for user consent and authorization to enable access to APIs to fintech applications. The quickstart lets emulate read and read-write Open Banking scenarios that show how Cloudentity supports these flows. In particular, it lets understand the concept of sample consent application that renders custom fine-grained consent page that becomes part of the OAuth flow.

    Sounds interesting? Spin up a Docker container with your own sandbox: Open Banking Quickstart

  3. Elevate our support for customer journeys.

    • We implement our solutions for customer journeys according to the Customer Experience Guidelines and Principles of a given directive.

    • Journeys we support include data sharing with redirect flows, decoupled flows like CIBA, or embedded strategies that leverage Strong Customer Authentication.

  4. Last, but not least, scale!

    • Cloudentity platform components can be easily scaled to satisfy the needs that come with the rapid growth of the Open Banking ecosystem.

Open Banking Pillars and responsibilities

Ready? Join Us on OB Journey

To get you started with enabling your institution to become Open Banking compliant, we identified some steps that irrespective of the jurisdiction you may take first. For instructions, see the Open Banking Enablement Journey Quickstart article.