I want to give an overview of the different options for bank connections from host-to host, direct connections through regional standards and SWIFT. On top of that we’ll also take a look at open banking APIs and what possibilities they might hold for the future.
In the next post, I will follow this up with a few ideas about how to best evaluate which strategy is the best for your company.
Bank connections enable corporate customers to exchange messages with their banking partners. Companies need to have a relationship with at least one bank, in practice there are typically several banks involved, for example to exchange account information and sending payments. Bank connections are so to speak the backbone of your treasury department because they ensure the uninterrupted flow of information between your business process tools and banks, allowing you to create accurate cash forecasts, manage liquidity and the likes.
Bank connectivity will remain a topic that corporate treasury departments need to decide how to approach. Now, let’s look at the different options for creating bank connections.
Direct host-to-host connections
As our webinar poll showed there are still 30% of our respondents who maintain host-to-host connections with their banks. This means that typically the IT department sets up bank connections to specific banks. How those work in specific then depends on the bank. With some banks a host-to-host connection is needed for each country where the company is operating. Luckily many banks offer single point of entry connectivity which means that once you’re connected, you can use it to operate cash management messages in all or multiple countries where the bank has branches.
Since the bank is hosting the service, it also means that the bank is dictating all technical requirements and corporate customers need to adapt to changes the banks might make.
And change is imminent, especially when it comes to messaging formats, communication protocols and security requirements. There are for example client certificate renewals that come up usually every two years. Root certificates expire more infrequently but cause more maintenance work.
Another quite timely example is the Transport Layer Security (TLS) protocol version upgrade. TLS certificates not only have to be renewed from time to time but older TLS protocol versions (1.0 and 1.1) have known vulnerabilities and the banks are enforcing their clients to use version 1.2. This is happening in Finland at the moment actually and it may require significant security updates.
Maintaining direct host-to-host connection requires you and especially your IT department to make a commitment to maintain these connections day in and day out. It also requires special technical expertise from the IT department. If that’s a given then they can provide a secure and reliable way to connect with your banks, especially if you don’t have a wide array of different banks in your ecosystem.
Direct connections through regional standard protocols
Talking about standards we don’t get far without meeting some Germans. The EBICS (Electronic Banking Internet Communication Standard) is a standard that is used in Germany, Switzerland, and France. Also, banks in other countries are testing this standard.
The challenge with EBICS has been that different countries have their own local flavor of the standard and even using different versions. In 2018 EBICS 3.0 was launched with the goal to harmonize the differences and to make it easier to communicate across borders. In practice Germany and Switzerland are still using EBICS 2.5 and it will take until November 2021 until EBICS 3.0 becomes mandatory for banks in Germany.
Some international banks have adopted EBICS into wider use. Which means that corporations familiar with EBICS may use it for message exchange and authorization in other countries as well. Only the future will show if EBICS fulfills its vision of becoming the pan-European standard protocol for bank communication.
Connections through SWIFT
Companies can connect directly to the SWIFT network and with that get connected with over 11 000 financial institutions in more than 200 countries. SWIFT is hosting and maintaining the global network for that. It’s highly secure and reliable. It’s a single gateway that almost sounds like it opens the door to paradise for you. That is in the mind of someone who spends his time building host-to-host bank connections for single banks. You are empowered to change banking partners based on your business needs without having to worry about establishing new connections.
SWIFT has a sort of do it yourself approach by providing Alliance Lite2 to companies. But here comes the other side of the coin. A direct connection to SWIFT is costly and requires time and resource-demanding integration. In addition, you need to comply in full scope with the SWIFT Customer Security Programme (CSP) that requires all their members to protect their endpoint, because naturally, they need to protect their network.
Most corporate customers use a SWIFT Alliance Lite2 Business Application (L2BA) provider or a Service Bureau for the connection. In the L2BA model, a service provider takes care of handling all necessary requirements to connect to the Swift network and you buy your bank connections pretty much as a service. Often this comes in connection with other products and solutions you might use.
Open banking APIs
I think open banking APIs are one of the most interesting developments. I already see banks all across Europe offering premium APIs for corporates that go beyond what is possible today.
Open banking APIs are set to bring a real-time component to the game that hasn’t been there so far. In the past there was no way for external systems to fetch for example real time balances from banks but this is about to change. While as previously, corporations would execute batch payments, with open banking APIs this will be possible whenever a payment is needed with instant effect. Looking at balances and payments is the beginning of new solutions that will be available to corporate treasury.
Open banking APIs is something that companies and providers such as Nomentia will need to take into account and on their roadmap because this is clearly where we will be able to provide innovative solutions for our customers in the future.
What’s the verdict?
It would be great to give an easy answer to this question. But it’s just not that simple. As I outlined above, all connection methods have pro’s and con’s and it really depends on your needs and internal structures what you need. In my next post, I will provide you a short checklist on how to best evaluate those needs and requirements to help you choose the bank connection strategy that fits your business.