Application programming interfaces (APIs) are a critical part of open finance, and they are particularly important for enabling the secure exchange of information between different parties. Yet to achieve this, a certain level of standardisation is ne cessary, as well as agreements on the technical model which enables data to be shared. This report dives into these technical issues. The objective is to provide central banks with important elements according to which theintroduction of data-sharing infrastructures in their economies can be evaluated.
Data-sharing can be defined as the provisionof data by a data holder or data provider to a third party or data consumer with the consent of the dataowner. It is one of the main pillars of open banking initiatives and incorporates a collection of practices,technologies, architecture, cultural elements and legal frameworks that relate to the exchange of digital information between individuals or organisations. Introducing explicit data-sharing models has several benefits. It can promote transparency, competition and market entry,and contribute to reciprocity andcooperation in the financial ecosystem.It can improve the performance and value of services by combiningdata from diverse sources. Finally, it can enable better decision-making, deliver better products and empower citizen data ownership.
Account aggregators (AAs) are an intermediatetechnological platform responsible for managing and transferring data flows between data providers and data consumers. AAs are an important mechanism for the implementation of data-sharing. One of their functions is to develop interoperability between participants. But AAs are only intermediaries andcannot store the data or redirect it to unauthorised entities. An important feature of AAs is how they develop mechanisms to gain consent for data flows from and for the end users.
This report presents three types of data-sharing model: centralised, decentralised and trust ecosystem. In a centralised model, an AA collectsthe data. In a decentralised model, participating members agree to share their data with other participants individually. The trust framework is hybrid: it is decentralised for data-sharing and centralised for identity management. It integrates with a trusted third party instead of an aggregator. This last model requires operators to correctly establish the registration process for participants, as well as to ensure securityin communications and agree on a standard for the exchange of information.