Open banking

on AWS
Reshaping the future of banking

Open banking provides open access AWS cloud for open banking
AWS cloud provides required agility for meeting business and
to a customer’s financial data from regulatory demands, as well as security needs for integration
banks and other financial institutions with third-party providers and client registrations. AWS cloud
also provides customer experience for better engagement
using application programming through highly scalable AWS Lambda and container services
interfaces (APIs). offerings. API development, management and consumption
insights with API gateway makes AWS cloud a powerful
This banking solution takes advantage of the next-generation foundation platform for open banking. AWS data analytics
API for accelerating revenue-generating opportunities. Built on capabilities can be used for effective business decision
cloud, open banking platforms are facilitating ever-increasing making by analyzing the data generated through open APIs.
on-demand needs of financial data. This can include transactions While new banks are embracing an end-to-end open banking
and consumer experience for third party providers (TPPs), architecture through open APIs, more and more banks are
payment initiation service providers (PISPs) and account adopting a hybrid strategy of core banking services integration
information service providers (AISPs). Banks are fast-tracking with open APIs on AWS.
digital transformation initiatives with cloud, providing resilient
infrastructure and scalable services.
Open banking The reference architecture depicts an open banking platform with shared virtual
private cloud (VPC) on AWS where retail and corporate banking systems can access
platform on AWS the backend system of records. AWS shared VPC service is managed by a central
account. Subnets are shared among other AWS accounts, eliminating the need of
VPC peering, thus reducing network management complexities. This also ensures
communication between resources of different accounts within a trust boundary.

1
Account/Payment Information Service Provider(AISP/PISP)

AWS Public Account (Internet facing Account) 3 2

Public Subnet AWS Shield

API Endpoints AuthZ Endpoints

Reverse Proxy Shared Subnet Identity and Access Management OAuth2.0

Reverse Proxy

§ Open APIs management – Open Banking Account Developer Sandbox Account 9 Security Account
AWS API Gateway 4 5 (Mock APIs)
§ Consent APIs Data Insights and Analysis
Shared Subnet HSM Shared Subnet IDP Shared Subnet
§ AISP APIs
§ PISP APIs 6
§ Dynamic Client Registration
APIs Shared Subnet
§ Consent Management Data Cloud HSM Identity Providers
§ Metadata for Retail
Corporate APIs
Retail Banking Account Corporate Banking Account
7 7
Business Process APIs Business Process APIs

Shared Subnet Shared Subnet

Shared Services Account

8
Shared VPC Management Core Banking Integration Layer

Core Banking Systems

Customer Data Saving and Current

Management Account Management Onboarding Services Payments Services Card Services Lending Services

The reference architecture: Open banking platform on AWS

Open banking on AWS Page 2

Open banking on 1 6
AWS: How it works Users access account The request is further
information service provider routed to retail banking or
(AISP) and payment corporate banking business
initiation service provider process APIs, depending
(PISP) services through on the configuration of
mobile and web applications. AISPs, PISPs and users.

2 7
AISPs and PISPs route Retail and corporate
the request to the bank’s banking accounts exploit
AuthZ endpoints for the required services from
identification and acquire the underlying system of
access token from identity records through the shared
service providers. services account.

3 8
Once the identification Data analytics and insight
process is complete, services such as AWS Glue,
AISPs and PISPs access Amazon Athena and Amazon
actual API endpoints to QuickSight are used to
initiate the required open analyze the data generated
banking services. Banks by these open banking APIs.
trigger an explicit consent
management flow to provide
authorization for AISPs and
9
PISPs to access user data. Developers can also use the
API portal page for banks
to understand APIs exposed
4 by the bank and test the
The request is then passed expected response before
to the open banking account, live deployment.
AWS API gateway, which
provides API management,
traffic management, tracing,
tracking and monitoring
capabilities.

5
API gateway further passes
the request to compute
services like AWS Lambda,
AWS EKS, AWS ECS or AWS
EC2 instances, depending
upon the computes selected
for hosting the open
banking services.

Open banking on AWS Page 3

Open banking platform Author
Biswajit Mohapatra
Consumers Partner, IBM Cloud Migration
Multi-account access in one place, customized Factory and AWS Services
product offerings, service personalization, ease
of payment services and one-click access to
financial positions

Banks
Improved customer engagement, increased
revenue, ecosystem collaboration and opportunity
to increase client base as it allows access to user
data from other financial institutions

FinTechs
Seamless access to user data, enhanced
customer experience and new revenue streams

The future of banking is open

Open banking is revolutionizing the banking industry
at pace and scale. Banks are accelerating their digital
transformation journey through open banking. There
is increased focus on inside-out modernization and a
cloud adoption strategy to meet the growing business
and regulatory demands. It’s time for banks to optimize
their IT landscape to exploit the full benefit of open
APIs in the AWS public cloud infrastructure.

Learn more about IBM Services for open

banking on AWS. Schedule some time with
an expert who can answer your questions.

Start your journey

© Copyright IBM Corporation 2021. IBM, the IBM logo and IBM Services are
trademarks of International Business Machines Corp., registered in many
jurisdictions worldwide. Other product and service names might be trademarks
of IBM or other companies. A current list of IBM trademarks is available on the
web at “Copyright and trademark information” at ibm.com/legal/copytrade.shtml.

80037880USEN-00