Allied Irish Bank: Building Digital Foundations with APIs

Allied Irish Bank (AIB) is a leader among European banks in meeting requirements of the new EU open banking regulations, thanks in large part to its visionary API team. We spoke with AIB’s Niall Buckley, Head of Digital Ecosystems, Ivan Jennings, Program Delivery Manager, and John Daly, Digital Development Manager, about how they’re using APIs to lay the digital foundation for current and future bank products and services.

How do your roles at AIB relate to APIs and the Apigee platform?

Niall: As Head of Digital Ecosystems for AIB I have business ownership for our new API channel, and within that everything that’s going on in the regulatory space in terms of open banking. So, I'm responsible for keeping us compliant from a regulatory perspective, and the strategic direction in establishing an ecosystem with digital partners and using our API channel as the tool to do that.

John: As the Digital Development Manager for AIB, I look after the Apigee API management platform and am also responsible for the development of microservices and digital strategy. I’m very much involved in the technical design and development of the APIs and the microservices behind them.

Ivan: As the API Delivery Manager I oversee the delivery of programs leveraging digital technologies like APIs and microservices. I work very closely with John's engineering team to build out those programs.

How does AIB use Apigee?

John: The EU’s open banking regulatory deadline required us to expose APIs by January 2017, so that really drove our initial adoption of Apigee. Now we’re using it for developer app onboarding so that third parties who are regulated entities can register themselves and their apps. We also use Apigee to do authentication and authorization of those apps. The third parties use the developer portal to view our API documentation and to self-register and then they communicate to AIB through Apigee. We're using Apigee in the cloud, but all the service calls get routed into on-premises software where we host the microservices that effectively service the APIs.

What kinds of microservices are we talking about?

John: The initial batch is around account information services, like showing balances, viewing transactions, viewing standing orders, viewing direct debits of particular accounts that you may have as a customer with the bank. You can also grant access to third-party applications to view these. We also offer the opportunity to initiate payments from your accounts. Both of these arose from European-wide regulation that banks had to expose candid information and payments services to third parties. So that's what we started with, and that's what we have live at the moment.

How do the EU open banking regulatory requirements figure into your API strategy?

John: Before we had to consider the deadline for meeting the open banking requirements, we had a digital strategy in place that was API-led and embraced a sort of outside-in thinking. Our goal was to make it simpler and easier to consume our own services in-house. Of course, our initial strategy had one eye on the regulation, but we always viewed it as a strategic opportunity to move into the API world rather than a burden. So, we've focused on the regulation because that's the program that has the resources, but there's a lot we already wanted to do in the API space. Our current focus is on changing our own channels so that we can consume APIs via Apigee—using our own APIs as customers as well as providing them to third parties.

Niall: AIB Group has four different brands; AIB bank and the Educational Building Society in Ireland, First Trust Bank in Northern Ireland, and AIB GB which is a boutique business bank in Great Britain. We've only opened the API channel in the UK since the open banking legislation regulation effectively became active there in January. We have 15 third parties that have all connected to our API channel in the UK and we're very shortly going to open our API channel in Ireland as well.

What’s been the reaction from the AIB ecosystem to interacting with AIB’s Apigee platform?

Ivan: The reaction internally to the platform has been really positive because it’s quite easy to use. We made an effort with the user interface and tried to ensure that the content is relevant, so it was nice to get some positive feedback. The primary use cases up until now have been regulatory, but we are starting to see more and more use cases coming from across the bank for commercial propositions seeking to leverage the platform.

What lies ahead for your API program?

John: We’re looking at some other types of information that we may be able to productize. For example, we may be able to have an identity-as-a-service type functionality where we offer customers a login with an ID for third-party financial services. There are several things that banks can't offer customers that may be useful to certain third parties. It’s also important to note that the open banking rules don’t allow charging the third parties or the customer for using the APIs.

We're looking at whether we have information that customers would benefit from being allowed to easily share with a third party, but also the third party would benefit from not having to do themselves. For example, compliance with the Criminal Justice Act and those sorts of things that can be a pinch point for customers, but once it's done perhaps, we could attest to that sort of thing. We are looking at other ways that we could potentially provide a service that a third party would be willing to pay for.

I guess that the nice thing about what we've done so far is that we have the API rails now that we have Apigee in place. We have the patterns defined and we have the means to get APIs delivered quickly, which we didn't have this time last year.

Does Apigee’s monetization feature figure in AIB’s strategy?

Niall: Yes and no. I suppose the reality right now is that this is early days for banking across Europe in terms of how banks go about monetizing API capabilities. There are a lot of options as to how we could approach things. We’re taking the view that we want to focus on productization rather than monetization to promote usage. Maybe we offer APIs for free, but we can work with potential partners on what I call future credit opportunities. As a bank we rely heavily on interest income and we do want to expand and diversify our income beyond that. We’re looking at propositions where we could provide API capabilities that allow us to extend our credit product placement into other marketplaces where we might not be present at the moment. That actually could be the commercial angle on it.

In terms of the monetization capabilities with Apigee, the benefit to us is the fact that it has this flexibility that helps ensure whatever business model we come up with - making API products, turning them into packages, having rate plans against them – we can feel confident, especially given all the flexibility and variability that we can then implement and configure services. As we make our journey and try new things, I know that we have the base capability and the products to allow us to do what we want.

AIB is a financial services group operating predominantly in the Republic of Ireland and the UK, providing a comprehensive range of services to personal, business, and corporate customers.


Apigee's Top API Editorials of Q2

A look back at the articles and blog posts we published in the past quarter.

From the nuances of managing microservices to best practices for ecosystem participation to the ways digital disruption has rippled across specific industries, a wide variety of trends and topics has been on the minds of developers, IT architects, and business leaders.

It has given Apigee’s deep bench of “thought leaders” a lot to write about during the past three months. Over the last quarter, we’ve published 16 new columns to help organizations harness their APIs to develop new services faster, improve efficiency, and accelerate their digital transformations.

In case you missed some of them, here’s a look back at the editorials we published in the past quarter.  

Digital transformation best practices

Digital Transformation: Necessary vs. Sufficient by Jim Haar in CIO Dive

Digital transformation is a multifaceted challenge. Many technologies are necessary but few if any of them are likely to be sufficient on their own.

When Culture is a Cop-Out by John Rethans in Forbes

Why the tendency to label complex organizational operations as “culture” can be counterproductive.

Your Demand Chain is Dying by Michael Endler in Medium

The ways we buy things and consume services in a world of ubiquitous connectivity, proliferating mobile devices, and agile software experiences are different than the ways we did those things in the analog days.

Avoiding Digital Disaster: The 5 Things You May Be Doing Wrong by Becca Thomas in Medium

A poorly-executed strategy can topple even previously successful companies.

“Digital Transformation” is a Misnomer by Michael Endler in Medium

Digital transformation is neither just about digital nor about transforming from one thing into another; it’s about gaining the ability to perpetually evolve the entire business.

Busting 5 Digital Transformation Myths by John Rethans in Medium

As enterprises continue to invest in digital transformation, numerous anti-patterns have emerged—and businesses that want to succeed should take care to avoid them.  

The Phases of Digital Transformation by Anant Jhingran and Michael Endler in CIO

How enterprises are accelerating their digital transformations by focusing on small, fast-moving teams, ecosystem participation, and machine intelligence.

Moving Faster with a Product Mindset by John Rethans and Michael Endler in Medium

Why businesses looking to evolve faster should focus on three core tenets: outside-in thinking, minimum viable products, and product maturity through iteration.

API management best practices

Using Metrics to Measure API-Driven Ecosystem Value by Chris Von See in Medium

A business can’t manage what it can’t measure—which is why businesses that are serious about digital transformation should embrace new metrics.   

How to Ensure APIs Drive Everlasting Organizational Value by John Rethans in Programmable Web

Often, the difference between a future of options and a future of dead ends involves how a company designs and manages its APIs.

Understand the Power of Internal APIs by Brian Pagano in InformationWeek

Why missing the transition from legacy integration to using APIs to connect internal systems may prove the difference between success and failure.

How Microservices and APIs Make Beautiful Music Together by Brian Pagano in EnterpriseTech

Many enterprises have leveraged APIs and microservices to transform their businesses—but to succeed, it’s important to understand how these technologies work together.

So You Want to Monetize Your APIs? by John Rethans in Medium

Some APIs provide access to data or functions that are so valuable, the API provider can charge developers for access and even use the API to create new lines of business—but how does an enterprise know if its APIs are right for monetization?

Open Banking, PSD2, and GDPR

Will Branches Survive the Shift to Digital? by David Andrzejek in The Financial Brand

With the ubiquity of mobile apps, many people’s banking habits rely less and less on ATMs and other forms of physical infrastructure. What is the right branch strategy for the digital era?

Banking After GDPR: Consent and Agility by Paul Rohan in BankNews

As a consequence of technological and regulatory forces, new cornerstones have emerged in banking: consent and agility.

Do You Really Want to be the Next Big Banking Platform? by Rob Parker-Cole in Medium

For many banks, the most lucrative path may not be aspiring to be the platform at the center of an ecosystem so much as leveraging other ecosystem participants to offer better services and reach new customers and markets.

Interested in more tips for managing APIs and driving digital business? Check out the Apigee eBook, “The API Product Mindset.

Yorkshire Building Society Group: Embracing Open Banking with Apigee

Editor’s note: Today we hear from Jonathan Abbott, program manager, PSD2, at YBS Group, the third-largest mutual building society in the UK. Learn how this forward-thinking financial services organization is using Apigee to comply with PSD2 regulations in the UK and help support a digital transformation.

In the UK, the Payment Services Directive 2 (PSD2) is creating quite a stir, particularly among the largest banks that will now be required to release their data in a secure, standardized way. The idea behind the new open banking requirements, set out in the revised Payment Services Directive, is to facilitate secure data sharing to enable next-generation products and services. At YBS, we believe in the possibilities of PSD2 as we move into a more digital world, and are therefore moving as quickly as possible toward PSD2 compliance.

In complying with PSD2, we saw an opportunity not only to tick a regulatory box, but to build future strategy by using open APIs to enable a rich ecosystem of connected services for our customers.

At this point, full PSD2 compliance requirements are being finalised. As it stands right now, banks need to move to an API model by September 2019 to meet the regulations. After that, screen scraping of customer data can no longer take place. To meet this timeline, we needed an API management platform and expertise to help accelerate our efforts and reduce risk. 



After comparing several solutions in a formal RFP process, we decided to use the Apigee Edge API platform and work with our trusted consulting partner Tata Consultancy Services (TCS). As a financial services organization, enterprise-grade security was one of the most important considerations for us.

Apigee offers the application access controls and adaptive threat protection we need to use open APIs in a banking environment. We also found the people we worked with at Apigee to be very transparent and accommodating, and they worked collaboratively with TCS and our internal teams to understand our needs in this very new world.

To remain nimble, we took a phased approach, concentrating initially on business process transformation and system changes. In phase two, Apigee became crucial as we put our API gateway in place and began incrementally building our capabilities. We launched our Developer Services portal,, very quickly and began by making available a number of sandbox APIs, with plans to build on this over the next 12 months by offering production APIs in time for the regulatory deadline.

One year ago, YBS didn’t have any API gateway capabilities. Thanks to Apigee and TCS, by next summer, we’ll have everything we need in place for phase three, in which regulators will come in to verify that we’re in compliance with PSD2. Without Apigee, we would have faced a far harder task advancing our digital strategy and complying with Open Banking regulations in such a compressed time frame.

With all the challenger banks, fintech companies, and new potential partnerships emerging as a result of Open Banking, it’s more important than ever for YBS to offer innovative and engaging digital services. By using Apigee to get a head start on API-based banking services, we can be more competitive in the coming years, which will no doubt be a crucial period of disruption, change, and opportunity for UK banks.

Banking 2.0: Navigating the Chaos

Until recently, retail banking has been a comparatively stable, if complex, business. One might say it was a period of evolutionary rather than revolutionary change, with a relatively small number of incumbents dominating markets in which regulations and economic factors produced relatively few truly radical new initiatives. Change could be slow, innovations far apart.

As new digital technologies have gained mass adoption, the landscape has changed. Mobile apps, cashless systems, and many other advances have changed the stakes, relatively quickly — just look at the number of branches closing as more customers do their banking on-the-go in purely digital environments.

On the 13th January, the new Open Banking (OB) regulation in the United Kingdom came into force, mandating compliance with the second Payments Service Directive (PSD2). This is a significant development in the new period of rapid evolution in banking. As regulatory changes unroll alongside rapidly evolving technologies, the range of participants shaping financial services is likely to expand and the pace of disruption is likely to accelerate.

Specifically, the new OB/PSD2 regulations are encouraging new companies to enter the market by mandating that previously-closed banks provide system-to system-interfaces, i.e., application programming interfaces (APIs). These APIs enable companies vetted and approved by the Financial Conduct Authority (FCA) and permissioned by account holders to access transaction data and request or initiate payments.

Put another way, in the past, customers of a bank could only expect the bank and its immediate partners to offer useful financial services using a customer’s personal information. Now, those apps can come from a much wider range of developers, increasing the likelihood of new innovations to help people manage their finances.

Continue reading this article on to learn about the challenges banks face and some steps they can take to move toward operating at Internet speed and competing with startups. 

PSD2: It's Time to Act

The updated Apigee Open Banking Accelerator gets you up to speed fast

I recently sat down with Sarah Lockett, chief correspondent for the Wall Street Journal’s Business Debate at the London Stock Exchange, to discuss APIs and the upcoming PSD2 regulation. It was a short but energizing interview. Check it out:

We’ve been talking about banks and APIs a lot, at Apigee open banking summits, in podcasts, at the BAFT Payment Symposium, at the TechUK Payments Innovation Conference, and more. There’s been a lot of talk, a lot of ink, and a lot of pontificating dedicated to the upcoming PSD2 regulation.

For good reason. In case you haven’t been paying attention for the last couple years, European Union regulators introduced PSD2 in an effort to increase competition and promote innovation in the banking and payments landscape. The implementation date is fast approaching (PSD2 takes effect Jan. 13), which means it is time to stop talking and start doing!

If your organization has been talking about open banking and PSD2, but you haven’t yet executed, the good news is that it is not too late. We just released a new version of our Open Banking Accelerator (APIx) this week that will help financial institutions get up to speed fast.  

Major updates in this version include Open Banking UK V1 API Specification and Open ID Connect FAPI support for improved security. In addition to API support, the Open Banking Accelerator provides an API sandbox, a developer portal, and a comprehensive set of test cases. You can download this accelerator from GitHub and deploy it on the Apigee Edge platform.

If you want to see it in action before downloading, try out our sandbox here:

And if you’d like to talk some more about open banking, catch me at SIBOS in Toronto on Oct. 17.

Worldline & Apigee: Partnering for PSD2

With regulators around the globe pushing for more openness and competition via APIs, led by the European Commission’s PSD2, the payments industry is headed toward an API-powered, programmable future.

There’s no turning back. By January 2018, PSD2 will require 5,000 financial institutions across Europe to provide open access to customer, transaction, and payment information via APIs.

As banks ready themselves for this onrushing future, shockwaves of the effort are being felt throughout the financial industry. Banks that must comply with PSD2 and Open Banking regulations are turning to their vendors and ecosystem partners and asking for APIs.

Those companies are looking not only for ways to serve their customers better, but also how to compete in the API economy.  

Worldline has been an aggressive and highly successful competitor and an innovator in payments services across Europe. The company recently announced the Apigee Edge API platform as the cornerstone of its API strategy.  

In the words of Worldline chief technology officer Christophe Duquenne: “We chose Apigee Edge since it enables us and our customers to accomplish our time-to-market objectives and, at the same time, meet important requirements in terms of security and scale.”

We’re very excited to help Worldline chart and execute its API journey as built-out internal and external API ecosystems. We have a shared vision of these ecosystems being built by developers, and the importance of providing first class, self-service developer experiences.

As Worldline handles billions of payment transactions every year, we’re gratified that they trust Apigee to secure their APIs. The future of payments is APIs, and we are excited to be part of Worldline’s journey there.  

What Bankers Can Learn From AI Assistants

Why a series of mobile experience projects doesn't constitute a digital strategy

As PSD2 is set to open data sharing between banks and third parties, banking and fintech professionals should heed this warning: Don’t confuse digitization with digital strategy. You need to build mobile apps and digital experiences for your customers. They expect it, so you should deliver. But a series of mobile experience projects doesn’t constitute a digital strategy.

To appreciate the difference, we’ll look at a topic outside of banking and fintech—AI (artificial intelligence) assistants.

It’s easy to assume that most of us have experience with a major AI assistant, such as Siri, Alexa, or Google Assistant. It’s increasingly difficult to guess which devices any of us use to interact with these assistants, however, given that they’ve spread from smartphones, tablets, and computers to a growing array of traditionally “dumb,” unconnected devices, such as speakers and televisions.

The variety doesn’t stop there. Even within a single device, many assistants integrate with a wide range of both first and third-party apps, causing the assistants to function less as one-off resources than as guides in a cohesive ecosystem. For bankers, this diversity and extensibility of apps and devices is a salient point.

The virtuous platform cycle

Putting an AI assistant into just a speaker or any single product is analogous to a single great banking app: it’s valuable, but may not be a digital strategy in and of itself. Rather, the digital strategy is baked into the service and its overall business model, which is then distributed by the ecosystems built around these assistants—ecosystems that leverage APIs to expand assistants’ capabilities and integrate them into new products and services.

And these assistants are just the newest iteration of this virtuous platform cycle. Decades ago, Microsoft Windows enabled developers to build applications that made computers more useful. This triggered a virtuous cycle in which more computers ran Windows, more developers built applications for the Windows installed base, better and cheaper computers hit the market as the installed base grew, economies of scale improved, and so on.

Apple’s iOS and Google’s Android represent similar virtuous cycles between developers and platforms. Ditto for Facebook, which brokers users’ interests and attention with advertisers. Or Google Maps, which enables thousands of mapping applications, or Uber, which creates a new ecosystem around delivery and logistics, or Nike+ for fitness tracking. The examples go on.

What do all of these virtuous platform cycles have in common beyond their shared platform mentality? They’ve executed their platforms in part by by opening their systems via APIs and enabling developers to build new and interesting experiences that rapidly expand the user base into many niches they might otherwise not have acquired.

They’ve set up a business for third parties, giving them ways to differentiate or monetize. They’ve used those third-party applications to make the platform more valuable by reinvesting data from user interactions or simply expanding the depth of functionality attached to their services.

For bankers who follow this model, it may well be the difference between providing decent online experiences that customers intermittently use and building an omnipresent model that not only integrates into customers’ daily routines, but does so intelligently with real-time data analysis.

The banking platform model

So the big question is, what is the digital banking platform model? Which bank or fintech can successfully execute a platform strategy? Will an established aggregator evolve its model to fully become the BankOS for retail customers? Or will a “new challenger bank” revolutionize the experience and data access?

These questions should be intensely important to bank executives, as platforms that achieve the virtuous cycle can end up being “nuclear weapons” for competitors in their markets, with all but two or three competitors squeezed out over time.

I don’t know all the answers but history and intuition tell me the companies who find the right recipe will likely follow these steps:

  • Build digital experiences with APIs. Development teams should expose their data and functionality through APIs.  Make those APIs externalizable and self-service from the start, even if you don’t think you’ll ever expose them to third parties.  
  • Identify your most valuable systems. Identify the systems that define you as a company (and likely define your industry). Prioritize building APIs for these systems and start shopping them to partners. The APIs can be invitation-only but the process of productizing those APIs and taking them to market with partners can be hugely educational for your company. There is no way to learn to swim by standing on the shore. You have to get wet.  
  • Understand that business leaders should be involved in the productization of APIs from the beginning. This is not an IT-only effort.  You may need to reorganize some teams, and you’ll likely need a different funding model for this than the other twenty IT projects you are currently running.  

Don’t become a cautionary tale

It wasn’t too long ago that Netflix, Amazon, Uber, AirBnb, and many others were seen as too small to challenge industry incumbents. Modern AI assistants hit the scene only a few years ago, and they are already in a virtuous cycle as voice controls for not only mobile devices but also, increasingly, the connected home.

This could very well become the story for tiny fintechs and upstart banks that might look too small to compete right now. Its quite easy for a bank executive to dismiss all the “noise” about platforms and APIs because there have traditionally been very wide moats around banks. That mentality could be a mistake.

Image: Flickr Creative Commons/Ofer Deshe

Metro Bank Chooses Apigee's API Platform for Digital Innovation

We’re excited to announce that Metro Bank, a leading UK bank, has selected Apigee to power its compliance with PSD2 and build a platform for digital innovation.

When founded in 2010, Metro Bank was the first high street bank (what might be called a “community” or Main Street bank in the U.S.) to launch in the U.K. in over 100 years. The bank’s focus has been to offer unparalleled levels of service and convenience, through whichever channel customers choose—whether that’s in a branch, online, by phone, or through an app.  

PSD2 mandates that by January 2018, approximately 5,000 financial institutions across Europe must provide open access to customer, transaction, and payment information via APIs. This, alongside the opportunity for digital innovation, extra speed and agility, were key drivers in the bank’s push for an API platform.

An API platform will support Metro Bank with processes from on-boarding partners faster to providing new experiences and offerings for its customers.

“At Metro Bank we are focused on making banking easier for our customers. The Apigee platform offers us the ability to partner with many organisations quickly and build compelling digital products and experiences for our fans," said Paul Riseborough, chief commercial officer at Metro Bank.

Nationwide: Building Trust with APIs

Like many executives in the highly regulated financial services industry, Simon Hamilton initially viewed the upcoming European Commission’s directive on payment services as another potential compliance headache.

"When I first found out about the PSD2 and open banking requirements, it was, 'Well here’s another regulatory project’,” said the chief technology officer of Nationwide Building Society. But it didn’t take long for the potential upside to become clear. 

“We can also … build more trust, add to the service that we provide with customers, and also think about APIs that we can consume from others and do more to open up our IT environment and collaborate with other frims,” Hamilton said. “Open banking and PSD2 have been the catalyst for us to look really seriously at API technology.”

For more on Nationwide and PSD2, read "How PSD2 Changes the Banking Game."


PSD2: An Opportunity for Lenders to Leap Into Open Banking

Taking deposits and offering credit has been a steady business for banks for thousands of years, so it isn’t suprising that lenders are often behind the curve when it comes to adopting new technologies.

But now banks have an unprecedented opportunity to buck that trend and leap ahead, thanks to PSD2, the European Commission’s directive on payment services that requires financial institutions to provide third-party access to account information via APIs.

So says Paul Rohan, technology consultant and specialist advisor to the EU Payment Services Directive. 

Certainly financial institutions will be required to open up and enable fintechs and others to access their data on the January 2018 PSD2 compliance deadline. But APIs enable much more than that, Rohan argued. The possibilities surrounding data consumption could be a game changer for banks, he said.

“They have to put extra data into the market to help the ecosystem grow, but on the other side, they can take data into their organization to improve their decisionmaking,” Rohan said. “That’s actually the thing that changes people’s mindsets to having an API strategy rather than having a PSD2 compliance strategy.”

Besides promoting the importance of API data consumption, Rohan urged banks to focus on educating employees with monetization responsibilities on the power of APIs, and to make permanent appointments to manage their API programs.

“PSD2 gives a focus to [banks’] projects—it gives a purpose to their investment in software architecture,” Rohan said. “I think there’s a strong opportunity for them to open themselves up."

Simplify and accelerate the process of open banking as required by PSD2 with Apigee's Open Banking APIx solution