Issue link: https://go.axway.com/i/1137349
Internal governance Banks are instituting a range of internal governance approaches to ensure risks are managed and to encourage standards are used in API creation. Common tools and successful strategies are emerging to help large, multi-branded banks to navigate their open banking journey. While banks may each have different approaches to governance, some best practices are now becoming evident. Internal governance refers to the way a bank manages an open banking API platform overall. Governance includes: ◊ Ensuring alignment of the open banking platform across all lines of business ◊ Assessing and managing risks associated with creating and releasing open APIs ◊ Providing security oversight ◊ Confirming adherence to regulatory requirements ◊ Signing off on business model and pricing strategies ◊ Monitoring impacts of partnership and customer agreements to use the APIs. The processes banks use to manage internal governance vary, and with open banking platforms being so new, many have not yet established a coherent, comprehensive governance approach. But amongst some of the early movers, common patterns are emerging. 65% of survey respondents indicated they have an API standardization document that is used internally. Almost half (44%) have a central API team that helps support lines of business to create standardized APIs and to help them build out other API- as-a-product approaches such as developer engagement resources and to help them work on future monetization models. 38% make use of a style guide. Between a quarter and a third have SLAs in place for internal usage (27%), partners (30%) and third party providers (25%). A quarter (25%) make use of automated rules. Disturbingly, only 27% have a governing body reviewing all APIs, and 11% indicated they have no internal governance processes in place. Around half (54%) of survey respondents have an internal developer portal or intranet site to help engineering teams find APIs that have already been built for internal reuse. One North American bank described their governance structure: "We have a governance committee: There is an executive steering committee that is chaired by the VP of enterprise, and every SVP attends, and they meet monthly. Then there is an architectural committee that oversees approved patterns, and that is governed through a council. Every project has to be reviewed at those committees, and they meet weekly." A European bank had a similar process, but made more use of internal catalogs to encourage reuse: "We have an architecture governance procedure so they are already controlling and contributing to the APIs. For the responsibility of the APIs, they have the interest, and they have to communicate in the repository and that is our master dictionary and they must communicate there. We have communication protocols to get understanding of why to use APIs. We try to avoid the redevelopment of APIs as much as possible. If you use the repository, and you see what is there, it is more business efficient because you reuse what we have." Internal developer portal/intranet site with internal APIs (N=62) Internal Governance processes used (N=63) 53,2% Yes Standards document Ad hoc reviews/governance processes Governing body reviews all APIs Central API team SLAs in place for partners SLAs in place for lines of business Risk management review process Style guide API center of excellence Automated rules in API lifecycle manag. No governance processes used SLAs in place for third party consumers Other 0 10 20 30 40 No 46.8% 27 InTeRnal gOveRnance