Since they first began employing computers in the 1960s, Japanese banks have always limited themselves to closed and rigid approaches to system development. The Japanese banking industry has long pursued an integral model or vertically integrated model of business.

A Rigid System

Japanese banks are massive financial groups, with a headquarters, main offices, branches, administrative centers, computer centers, and a large number of affiliated subsidiaries offering financial services and banking. The majority of their financial product services are created and sold in-house. Even highly specialized product services procured externally focus on the product services of group-affiliated companies and keiretsu companies’ product services.

Today, cracks are appearing in these rigid foundations that have underpinned the banking system for more than half a century. For example, the need for foreign exchange is emerging with cross-border e-commerce and business expansion of Japanese companies in Asia.

As a result, SBI Ripple Asia is working on a new payment platform for financial institutions. The Japan Bank Consortium was established with banks in Japan in October 2016, and as of July 2017, 61 banks were participating.

The Rise of the API

An application programming interface (API) refers to a technical specification for operating a specific program by another program, and it defines command statements used when the program is operated, a format of data to be transmitted and received, and the like. For example, many businesses today display a Google map when publishing their location on the website. This is realized by outputting map data (Google Maps) using Google’s API (Google Maps API).

Over the past decade, the use of APIs has become ubiquitous across industry sectors, and now it has finally spread to what is perhaps the most conservative industry in Japan—banking and financial services.

The open API will be a powerful trigger for the value chain revolution and will definitely come about in the Japanese banking and financial services sector.

Starting To Change

In May 2017, the Japanese financial industry unveiled a new framework. The amended Banking Act introduced a registration system for electronic settlement agency service providers, so-called third-party providers (TPPs), and announced new policies of collaboration between banks and TPPs.

This has resulted in a major shift in Japan’s financial regulations. The Japanese Bankers Association’s (JBA) report decided the framework of the Japanese financial industry, promoting open innovation and protecting consumers from risks.

Risks of Leakage

When financial institutions disclose APIs to TPPs, the biggest system risks are data leakage, data tampering and illegal transactions, to name a few. API is a new communication path of information systems, but it can be misused. There is also a possibility that data included in the user’s account information and settlement instructions will be exposed to the risk of leakage or tampering via TPPs.

In response to this risk, various discussions emerged between 2015 and the establishment of a new framework in 2017. The outcome of the discussions was a shift from legacy authentication (scraping method) to open API (token authentication). Legacy certification will mean that the scraping method will no longer be accepted in the Japanese market in the future.

Exhibit 1: Service Formats and Authentication Mechanisms of TPPs

The Token Authentication Method

Token authentication means that after a financial institution authenticates a user, it generates data (token) indicating the range of data to be accessed by the TPPs and the range of available services, transmits the data to the TPPs, and uses it.

It is a method of sending and receiving data between TPPs and financial institutions. Compared to legacy certification, the burden of information system upgrading to implement this method falls upon the financial institutions. When TPPs use the web scraping method, financial institutions do not need to take any additional action. Under the API method, financial institutions need to overhaul their information systems so that they can be accessed externally via the API.

For users, however, registration of ID and password to TPPs becomes unnecessary, and the data range accessible by TPPs can be controlled.

The Japanese financial industry will now begin to thoroughly enforce these access rules—based on token authentication—as industry rules.

Revenue Opportunities

In parallel with the discussions about systematic means of implementing such access methods and authentication methods, Japanese banks have pursued profit from open APIs in various ways. Until now, they have provided API release and collaboration for specific business operators, mainly focusing on hackathon and accelerator programs.

In the future, banks will develop the community (third-party developed application store, the operation of open API platform for developers, application platform delivery). Under some frameworks, not only will open APIs be new revenue opportunities for financial institutions, such as business-to-business products, but API platforms will likely evolve into a platform for innovation, encouraging financial reform in financial institutions.

Exhibit 2: Spread of API Use and Growing Expectations

Embrace Change or Face Extinction

If banks stubbornly adhere to their old analog approach, digital customers can be expected to flee to emerging financial service offerings (such as Fidor Bank, Moven and UBank to name a few) that better cater to their needs. This will presumably precipitate the demise of traditional banks.

This shift will progress gradually at the very beginning, but then accelerate.