I'm pleased to announce that the OpenID Foundation has published the Financial-grade API (FAPI) Parts 1.0 and 2.0 final specifications. This is a true accomplishment for open banking initiatives worldwide. The Foundation couldn’t have reached this important milestone with the FAPI specification without the leadership of the FAPI Working Group led by Chairman Nat Sakimura, Anoop Saxena (Intuit), Dave Tonge (MoneyHub), and a diverse group of experts with the technical chops, persistence and patience for the painstaking work of open technical standards development.
In many respects this is old news. Hundreds of organizations, large and small, from around the world, have for years adopted FAPI in the most important way, they’ve implemented it. They’ve implemented it after publicly self-certifying their conformance. In doing so they’ve confirmed:
- FAPI is good for adoption (A standard is only as good as its adoption)
- FAPI delivers on its promise of reliability, repeatability and security
- FAPI is being adopted by others
Ultimately FAPI has reached a tipping point in the lifecycle of a standard where there is positive feedback:
- A standard is only as good as its adoption
- A standard’s adoption is driven by its value of the reliability, repeatability and security of its results
- A standard’s value is measured by the number of instances of certified conformance extant in the market
Few areas of the increasingly noisy, fragmented global ecosystem demonstrate the importance of a standardized, certified approach better than open banking. Despite the potential, many stakeholders are still struggling to keep to open banking rollout schedules more than two years after the UK Open Banking Implementation Entity and PSD2 came into effect. The lack of a standardized security approach is acknowledged as a key factor in this, and one the OpenID Foundation is trying to right through ongoing collaboration with the American, Australian, Brazilian and European colleagues. And if standardization is essential, certification has a critical role to play:
- Ensuring implementations’ interoperability and security, while bringing clarity and stability to a complex functional standards environments
- Helping enforce the secure data exchanges between banks, Fintechs, and schemes to facilitate meeting the complex and changing regulatory requirements
The best way to celebrate the final publication of FAPI 1.0 is to note its unheralded but important adoption in Brazil. When visiting “Welcome to the Open Banking Brasil Portal developer area”, the references to Financial-grade API (FAPI) are clear even without the English translation. And there are indications of FAPI adoption in Bahrain and the Russian Federation.
But our collective efforts lack a home. Whether in an OIDF, FDX, Berlin Group or STET Group container there is no single, trusted place where anyone, at any time, at no cost can reliably find an authoritative listing of all open finance technical standards. Simply described we need a database, an online library of libraries, of all the technical standards in the open finance ecosystem. While simply described, it is not without challenges. While modest, it solves a burning business problem and one that requires a solution that best comes from an international collaboration of organizations, perhaps beginning with the OpenID Foundation.
Non Executive Director