By Abel Abeijon, CTO – FinConecta
As a result of the ever-expanding distribution channels for financial services, most businesses are electing to install commercial solutions that already have the capabilities their consumers and business units demand.
In addition to the learning curves associated with designing, developing, and operating an open API environment, financial institutions have to convince digital solution providers to adopt their proprietary and unique protocols and data structure.
Open Finance from AWS ISV Partner FinConecta is a full-fledged API management platform that allows financial institutions to quickly expand their product offerings by enabling secure, reliable, and faster integration of third-party digital solutions.
Open Finance enables businesses to reduce development effort and accelerate the implementation of new digital services by publishing a normalized and universal set of financial services.
By implementing Open Finance, institutions will have quick access to valuable digital services, developed by third parties, without requiring the execution of traditional software development and implementation projects, in a secure and controlled manner.
In this post, I will cover the architecture and security principles of Open Finance’s global integration engine.
Why Open Finance?
Every business is continually searching for new customers and new markets. One of the avenues being widely explored by financial institutions today is the launch of an API portal that can allow deeper and easier engagement with third-party developers, therefore expanding the reach of their products and services.
The direct link between systems was a popular solution in the past when just a small number of systems needed to be integrated.
In this architecture, both programs’ unique qualities are visible to each other, and they must alter their code in order to create a functional interface. In general, how services are structured and consumed is dictated by the underlying system. This condition generates a one-of-a-kind protocol, which the application must follow.
Implementing a switch solution is the most effective way to connect multiple systems. This architecture establishes a facilitator entity that regulates the acceptance of changes across the ecosystem and separates issues among the apps. This means changes to one application will not have an immediate effect on all other participants.
Figure 1 – From traditional model to Open Finance model innovation.
How it Works
Open Finance is built around APIs using a microservice architecture, making the platform highly maintainable and testable. It publishes loosely coupled services that are independently deployable and organized around API products.
Key features of the Open Finance platform include:
- Enables open banking model adoption without development, maintenance, and support of internal resources.
- Facilitates compliance with regulatory requirements.
- Allows cost-effective integration with third-party solutions.
- Supports replacement of service providers without new development effort.
- Leverages the cost effectiveness of a secure and scalable cloud hosting facility.
- Enables personalized services through fit-to-purpose digital solutions.
The construction of a trusted connection between the core switch platform and the institution’s core system environment is required to execute Open Finance as an open banking enablement engine capable of seamless interfacing with a vast pool of digital apps.
This implies the platform must be managed as an agent by the main system, with access to products, accounts, and clients allowed based on functional access permission. Through modern and changing security procedures, this method allows Open Finance to regulate end user access to digital capabilities.
Figure 2 – Open Finance architecture.
Open Finance provides security and management capabilities of an individual and/or corporation’s sensitive data—including personal, demographic, and institutional private information—and permanent and temporary access consent, as well as the memory of transactions executed across multiple parties.
The Open Finance Consent module provides a unique mechanism to secure digital transactions executed by third parties, including artifacts such as account and card details, as well as client personal information.
Open Finance security principles:
- Enable quick adoption of global security standards such as OAuth2 and decouples interaction methods.
- Create a secure and cost-effective mechanism to monitor suspicious activities and prevent fraud.
- Establish a centralized and universal method for managing transaction bounds.
Authentication and Authorization
The Open Finance engine implements the OAuth2 standard for securing access to information and resources from third-party applications.
Looking at the diagram in Figure 3 below, when clients and/or prospects interact with financial technology (fintech) applications, they (A) select specific resources to be used. The fintech applications then send an authorization request to 4WRD (FinConecta’s middleware); (B) this, in turn, validates if the institution has given fintech access to the specific resource, and with users if they have requested the resource (C).
Figure 3 – Authentication and authorization.
Upon positive confirmation, the fintech application is given a temporary access token (B) that will be used for accessing the resources and completing the desired transaction. Each access is validated again internally (D) to ensure it has not been compromised.
The Open Finance integration model relies on multiple connections being established for different solutions and service providers to fulfill specific use cases.
Figure 4 – Open Finance integration connections.
End users are clients of the institution, prospects to whom the institution wants to sell a product, or employees of the institution interacting with clients and/or prospects.
The fintech product is subscribed to a set of APIs that are suitable for the proper operation of their product, and then proceeds to adopt the respective APIs as a mechanism of gathering data into their application, or initiate processes that depend on external engines.
Some engine products offer software developer kits (SDKs) to be installed in the end user application. These modules are often linked to capabilities associated with device features such as camera, geolocation, and fingerprint scan.
Data can be transferred from 4WRD to the fintech product database through streaming.
A fintech product may provide extended capabilities to financial services, exposing interfaces to be consumed by another application. The product interface is integrated to the Open Finance engine following the specifications of their product documentation. These services are, in turn, incorporated into the APIs 4WRD exposed to other fintech applications.
In addition to their own capabilities, some of the fintech engines aggregate services from other providers. This is common in services for a specific market such as payment gateways, telephone carriers, credit bureaus, and governmental agencies.
Open Finance offers a secure sandbox environment for validating fintech digital solutions using actual financial institution core system’s test data. It allows innovation teams to quickly engage with fintech products in an environment that delivers access well beyond product presentations.
Open Finance supports the engagement of employees and/or partners to quickly verify the proposed value proposition and use case associated with candidate digital solutions.
Finally, the sandbox solution can be a valuable instrument for financial institutions to facilitate fintech due diligence, and demonstrate new fintech services to a variety of key stakeholders including boards, investors, and regulators.
By implementing the Open Finance solution, any entity will have a secure, safe, and easy-to-use environment to test third-party solutions in fintech.
The platform allows the verification of use case features and usability aspects, all while utilizing the financial institution’s (or other company’s) own core system test data. It gives tech and business teams the same familiar context as if they were testing their own internally developed applications.
Benefits of the Open Finance platform include:
- Ensure high probability of success on new solutions, as testing is secure and dedicated to your company’s real tech environment.
- Run proof of concepts (POCs) prior to fully committing to the solution.
- Reduce cost of testing third-party digital solutions.
- Reduce overall implementation risks.
- Facilitate engagement and visibility to all key stakeholders, including regulators or other key internal and external organizations.
The Open Finance core engine offers an orchestration layer that allows financial institutions to publish additional capabilities offered by third-party providers and aren’t supported on their core banking systems, enabling secure and reliable connections.
Gateway: Manages API subscription services providing client authentication and API requests.
Throttling Coordinator: Processes the API request based on a micro-services architecture.
The Authorizer or Customer Resource Access Consent module provides different authorization methods that will be implemented based on the financial institution’s capabilities and the user experience that will be provided to the final customer.
- Customer credentials must be provided as part of the API request payload when using an OAuth2 token-based API. The process continues as the three-legged authorization code flow, in which the consumer is sent to the financial institution’s login page; Authorization server, which prevents the third-party provider solution from revealing customer credentials.
- Customers must submit a login suggestion (username or national ID number, for example) in order to verify themselves, and then obtain an authorization code in their preferred authentication method (SMS token or email authorization code).
- End-to-end encryption based on global security standards.
- Implements hooking techniques and interceptors to augment API calls processing behavior that are dynamically managed at the API flow level.
- Extensions allow API providers to complement their capabilities with services offered by other players of the integration ecosystem.
- Service builders provide data mapping capabilities to normalize data following API international standards.
Figure 5 – Open Finance orchestration.
The Open Finance platform is deployed to a customer-dedicated AWS account to an AWS multi-region, multi-server infrastructure utilizing Amazon Virtual Private Cloud (VPC). Each critical workload component is deployed to a segregated AWS Elastic Beanstalk environment, which utilizes auto scaling, Amazon Elastic Compute Cloud (Amazon EC2), and Elastic Load Balancing to ensure high availability and automatic redundancy.
Employing Amazon Route 53 and AWS CloudFormation allows easy deployments to segregated AWS regions for low latency, high availability, and disaster resilient infrastructure that’s able to satisfy the most stringent recovery time objective (RTO) and recovery point objective (RPO) targets.
The environment is configured with Amazon CloudWatch health checks, AWS Security Hub, AWS Config, and AWS CloudTrail implementations combined with AWS Key Management Service (AWS KMS), AWS Identity and Access Management (IAM), and resource access policies.
The platform aligns with data encryption policies and segregation requirements, allowing it to meet customer compliance requirements, as well as regional data regulations.
Open Finance from FinConecta is a turnkey solution that enables financial institutions to progress in their digital transformation journeys, supporting enterprise partners and their end clients in the transition to open banking and a true API economy.
Based on a cloud infrastructure built on top of a wide range of AWS services, Open Finance enables financial institutions to implement their own open banking solutions. This supports a comprehensive set of normalized APIs and a complete portfolio management tool for administering third-party solutions, including robust tracing of progress, metrics, and key performance indicators.
Join the Open Finance platform to leverage the benefits of open banking.
The content and opinions in this blog are those of the third-party author and AWS is not responsible for the content or accuracy of this post.
FinConecta – AWS Partner Spotlight
FinConecta is an AWS ISV Partner focused on accelerating the digital transformation of the financial industry.
*Already worked with FinConecta? Rate the Partner
*To review an AWS Partner, you must be a customer that has worked with them directly on a project.