API Lifecycle ManagementSustainability

Open Banking Challenges and Hurdles


Maurizio Garzelli is the Chief Technological Officer of apiida. apiida are API management experts. The company is from Germany.

This article is about the hurdles and challenges of open banking and PSD2.

Classic Banking

Classical banking is a closed ecosystem. Banks are companies. They have their systems. Any FinTech that wants to connect to a bank to give their customers a good user experience regarding payment or account management will have to integrate themselves with the bank. The connection is based on the bigger fish (Bank or FinTech). So there is no standardization. The TPP must be approved, registered, and audited by each bank. There is a lack of a global financial grade API specialized team because every bank institution has its own APIs.

Open Banking

With the introduction of open banking, this has changed. The bank becomes a closed but also open ecosystem because of the standardized open API interface. TPP can be centrally registered. So the TPP doesn’t need to go to every bank to show who they are and why they are good. The registration holds at the legal, regional, and national levels. Banks do not need to make their own security checks. They can check for the validity of the certificate.

We can use reusable logic and APIs. It will be financial grade API compliant as the team that looks after standards is a national or global team. The bank doesn’t need to have its own experts; they can look outside the bank for that, reducing costs.

It starts with the TPP, which needs to talk to the national authority and get registered. The National Authority will audit that the TPP is valid. Then they would go to the QTSP. They will get a digital certificate proving that the TPP is who they are with their claims. Once that’s done, the PSU can delegate banking, account information, or payment initiation actions to the TPP. The ASPS should have a management interface for the PSU, just like in OAuth.

Open Banking – Challenges and hurdles

Central Authority –

  • A central authority needs to be established.
  • The API framework needs to be as open and secure as possible
  • QTSP and TPP auditing framework needs to be in place.


  • Integrate their existing bank APIs with Open Banking Standards.
  • Integrate and adapt the authentication and authorization process.
  • Have a consent and authorization management system in place for the PSU.
  • Implement TPP verification logic and functional checks.
  • Develop a sandbox for early adoption.


  • Implement the TPP logic in their own app.
  • Demonstrate AISP and PISP functionality for QTSP and NA.

Solution pack from APIIDA

The solution pack is a package that includes both the logical framework and expert services to help plug in the solution for the banks and TPP. This solution pack has been developed for faster time to market and to ensure the banks’ compliance with set standards. It can also be customized and adapted to any changes within these standards.

We also provide expert services. Expert services can help central authorities with API frameworks. Newcomers may need expert help to adapt to the standards. We cannot help set up central authorities or legal or auditing frameworks.

We try to be as holistic as possible with our offerings to help overcome any challenges and hurdles that banks or TPPs have in adopting the frameworks from their own open banking standards.


  • Faster time to market– Faster time to market is not just an advantage and an economical advantage over the competition; it is how quickly you can be operational in the market.
  • Compliance to Standards
  • Integration with an API framework
  • Consultancy
  • Expert Services
  • CI / CD and operations automation

To conclude, apiida has a solution to seamlessly address hurdles of open banking and future hurdles with a maintainable solution.

Maurizio Garzelli
I have worked in different fields, ranging from teaching secondary school students to adult education to formation courses, I also worked in the IT industry, where I am to date. I have worked as a contractor for those IT industries and as internal helpdesk agent, I have been dealing with various types of problems and issues, I have also worked on projects to ameliorate services and went to courses to ameliorate such skills. I do see myself as a bit of a Jack of all trades, with different specializations, especially in web and API management and security as well as backup and restore solutions and telecommunication, making me a versatile asset for a company. I like to think that I am the best in what I do, and that I give 110% in what I do. Thank you for your attention, Feel free to contact me Specialties: PKI, TLS, SOA, UNIX/Linux, Servers and connectivity, SQL, scripting, LAMP, CMMI, 6 Sigma, Software Engineering, Training, Teaching, BRMI

APIdays | Events | News | Intelligence

Attend APIdays conferences

The Worlds leading API Conferences:

Singapore, Zurich, Helsinki, Amsterdam, San Francisco, Sydney, Barcelona, London, Paris.

Get the API Landscape

The essential 1,000+ companies

Get the API Landscape
Industry Reports

Download our free reports

The State Of Api Documentation: 2017 Edition
  • State of API Documentation
  • The State of Banking APIs
  • GraphQL: all your queries answered
  • APIE Serverless Architecture