The document discusses the application of the Banking Industry Architecture Network (BIAN) to open banking, emphasizing secure access to financial information and the integration of services from multiple providers. It outlines a component model for banking activities that promotes operational reuse, mapping use cases to BIAN service domains and highlighting the importance of API management. Additionally, the document addresses security challenges and the role of regulations like PSD2 in governing access to customer data.

1. IBM Global Solution Center, Dallas
BIAN Applied to Open Banking
Thoughts on Architecture and Implementation
Biao Hao (biaohao@us.ibm.com)
Executive Architect, IBM Global Solution Center, Dallas
Guy Rackham
Lead Architect, BIAN
November 12, 2019
BIAN Open Day, New York

2. © 2019 IBM Corporation
Topics
• BIAN Applied to Open Banking
• Thoughts on architecture and implementation
- Use cases to BIAN mapping
- Implementation – less-CORE to CORE-less
• Summary
Global Solution Center | Dallas211/15/19

3. Copyright BIAN 2017 | Banking Industry Architecture Network
BIAN Applied to Open Banking
What is open banking? Many overlapping definitions
Open Banking is the secure way to give
providers access to your financial
information
q Customer
controlled access
to their financial
information
q Integrated services
from multiple
providers
q Synergistic 3rd
party service
innovations…
Re-working traditional banking
services, in collaboration with other
financial institutions and service
providers
q Payments and safe custody
q Loans & deposits/investments
q Financial advisory services and
financial risk management
All in the context of a life-time value
proposition, perhaps with associations
Open Banking is sharing banking data
between unaffiliated parties to deliver
enhanced capabilities to the marketplace
Open APIs provide simple, low cost, scalable, and secure way to realize the benefits

4. Copyright BIAN 2017 | Banking Industry Architecture Network
BIAN Applied to Open Banking
Instead of the conventional process view, BIAN defines service center components:
Its a different model: business functional partitions – BIAN “Service Domains”
Process models describe a
series of linked actions…
…usually assuming
‘shared’ data
Shared
Database
BIAN isolates discrete business
functions…
…with a shared ‘vocabulary’ and
encapsulated logic/data
Internal
Data
Internal
Data
Internal
Data
Internal
Data
Internal
DataShared
Message
Vocabulary
BIAN defines a ‘component’ model of banking activity
BIAN components can act as discrete business capabilities

5. Copyright BIAN 2017 | Banking Industry Architecture Network
BIAN Applied to Open Banking
Stand-alone applications have a high level of operational redundancy…
80-90% is reusable – as little as 10-20% represents a unique functional ‘core’
The component design is specifically useful to support operational re-use:
A Stand-alone Consumer
Loans System
Consumer Loans
Transaction Processing
CustomerInterface
Service Configuration
Operational Services
Customer File Transaction LogMaster File
Production
Services
Customer
Reference
Data
Offer
Processing
Product
Specification
Accounting
Customer
Credit
Rating
Customer
Preferences
Customer
Pointof
Service
Document
Services
Consumer
Loan
Fulfillment
Transactions
A Consumer
Property Insurance System
Consumer Insurance
Transaction Processing
CustomerInterface
Service Configuration
Operational Services
Customer File Transaction LogMaster File
Production
Services
Customer
Reference
Data
Offer
Processing
Product
Specification
Accounting
Customer
Credit
Rating
Customer
Preferences
Customer
Pointof
Service
Document
Services
Insurance
Policy
Transactions
Claims
Processing
Components
built for the
first system could
be reused in
the second
BIAN defines a ‘component’ model of banking activity
Service APIs help realize operational re-use

6. Copyright BIAN 2017 | Banking Industry Architecture Network
BIAN Applied to Open Banking
The opportunity for open banking solutions varies for the different business areas:
The BIAN Service Landscape V8.0
BIAN Value Chain Service Landscape shows different considerations
BIAN has specified a rich collection of service center designs

7. Copyright BIAN 2017 | Banking Industry Architecture Network
BIAN Applied to Open Banking
Customer
First, define the scope of APIs – A2A, B2B and B2C
The terms define the scope, and have distinct operational implications…
CustomersOperations
Finance & Risk Management
Channels
Resource
Management
Business
Direction
Products
Business Development
3rd Party
Provider
A2A
B2C
B2B B2B2C
A2A traffic is under internal control, all else is not...
BIAN Value Chain Service Landscape shows different considerations

8. Copyright BIAN 2017 | Banking Industry Architecture Network
BIAN Applied to Open Banking
The focus for today is on the delivery factory at the core of the model…
CustomersOperations
Finance & Risk Management
Channels
Resource
Management
Business
Direction
Products
Business Development
BIAN Value Chain Service Landscape shows different considerations
The component view of open banking varies by business area

9. Copyright BIAN 2017 | Banking Industry Architecture Network
BIAN Applied to Open Banking
And within that, Channels and Customer business areas in particular…
CustomersOperations
Finance & Risk Management
Channels
Resource
Management
Business
Direction
Products
Business Development
Governing Access
– Both at the Contact &
Servicing
Mandate/Relationship
Levels
Integrating
Customer Insights
& Preferences
Synergistic
Product/Service
Combinations?
Cross-product
Operations… A
role for DL
technology?
BIAN Value Chain Service Landscape shows different considerations
BIAN solutions for Customers & Channels business areas…

10. Copyright BIAN 2017 | Banking Industry Architecture Network
BIAN Applied to Open Banking
3rd Party
Provider
Fixing the security issues with screen scraping with only a partial solution
Finance & Risk Management
Resource
Management
Business
Direction
Business Development
CustomersOperations ChannelsProducts
CustomerCustomersOperations
Finance & Risk Management
Channels
Resource
Management
Business
Direction
Products
Business Development
3rd Party
Provider
Current
Account
Position
Keeping
Corresp-
ondence
Customer
CustomersOperations
Finance & Risk Management
Channels
Resource
Management
Business
Direction
Products
Business Development
Current
Account
Position
Keeping
Party
Authentic
ation
SCA
With ‘screen scraping’ the
customer provided their bank
log-in credentials to the 3rd
party to extract statements
and ’scrape’ the data…
PSD2 introduced SCA, 2FA,
OAuth 2.0 and some other
techniques and technologies
to protect the customer’s
credentials. But access
controls are limited
PSD2 – A case study in governing access (or not)
PSD2 has mostly implemented SCA in a narrow context

11. Copyright BIAN 2017 | Banking Industry Architecture Network
BIAN Applied to Open Banking
Current
Account
Basic authentication and service mandate handling build in the API gateway may not scale
API Gateway
Authentication
Service
(Customer & TPP)
Resource Access
Service
(Customer & TPP)
Type 1
Type 3
Channels
Servicing
Order
Customer
Workbench
E-Branch
Operations
Contact
HandlerExecute Initiate
Execute
The BIAN wireframe is a blueprint for incremental development
Bank’s building a Type 1 interface could be locking out future enhancements

12. Copyright BIAN 2017 | Banking Industry Architecture Network
BIAN Applied to Open Banking
A wide range of capabilities are integrated to govern external access…
Customer
Workbench
E-Branch
Operations
Contact
Handler
Point of
Service
Customer
Prod/Svs
Eligibility
Contact
Routing
Execute
Provide
Initiate
Initiate
Record
Party
Authenti-
cation
Issued
Device
Admin.
Issued
Device
Tracking
Evaluate Retrieve Retrieve
Retrieve
Channel
Activity
History
Customer
Event
History
Servicing
Event
History
Channel
Activity
Analysis
Customer
Behavior
Models
Retrieve
CaptureCapture
Retrieve
Contact
Dialogue
Current
Account
Transaction
Authori-
zation
Execute
Initiate
Execute
Capture
Servicing
Order
Servicing
Mandate
Broker
Agreement
Customer
Agreement
Fraud
Evaluation
Fraud
Diagnosis
Fraud
Resolution
Fraud
Insights
Fraud
Models
Initiate
Request
Request
Retrievet
Evaluate
Initiate Initiate
Initiate
Retrieve Retrieve
Retrieve
Capture Capture Capture
Customer
Reference
Data Mgmt
Customer
Access
Entitlement
Retrieve
Retrieve
Customer
Profile
Retrieve
Key real-time
“orchestrators”
for the contact
Channels
The full model is a quite complicated…

13. Copyright BIAN 2017 | Banking Industry Architecture Network
BIAN Applied to Open Banking
Reward
Points
Investment
Portfolio
Management
Custody
Admin.
Financial
Advisory
Services
Customer
Profile
Customer
Access
Entitlement
Party Life-
cycle
Management
Party Data
ManagementCollateral
Asset
Admin.
Broker
Agreement
Customer
Reference
Data Mgmt.
Customer
Position
Customer
History
Customer
Behavior
Models
Collateral
Allocation
Management
Customer
Credit
Rating
Customer
Insights
Finance & Risk Management
Resource
Management
Business
Direction
Business Development
CustomersOperations ChannelsProducts
The range of customer
insights and preferences
present multiple
opportunities for open
banking
Consolidated
financial position
q Cash flows
q Collateral
q Credit
Historical analysis
Servicing
Mandate
Customer
Agreement
Customer
Relationship
Management
Customer
Prod/Service
Eligibility
Life-time
relationship
development
history and plan
Product/service
usage – current
and desired
Bank and 3rd
Party contracts
and mandates
Relationship
history and
maintained/
developed
insights
Customer
holdings
Customer business area
Considering how customer information might be leveraged…
PSD2 has mostly implemented SCA in a narrow context

14. Copyright BIAN 2017 | Banking Industry Architecture Network
BIAN Applied to Open Banking
Finance & Risk Management
Resource
Management
Business
Direction
Business Development
CustomersOperations ChannelsProducts
The Banking Relations
Working Group will be
building out the
wireframe and
developing a wide
range of scenarios that
explore the potential…
Customer business area
Solutions are only now starting to evolve, the potential is however significant

15. © 2019 IBM Corporation
Operations Products API APICustomers Channels
Value chain decoupling and integration – meeting regulation
requirements and creating new business models
Operations Products API
3rd Party
Bank
APICustomers Channels

16. © 2019 IBM Corporation
Open Banking reference architecture
16
Channels & Partners
Distribution
Channels + Customers
API
Production
Products + Operations
API
Channels
Customers
Products
Operations
Open Banking
• API Management
• Access Level Security
• Consent Management
• 3rd Party Management
• Business Control
• More…

17. © 2019 IBM Corporation
Account Information – read only API that orchestrates data from
multiple service domains
17
Current
Account
Savings
Account
Credit /
Charge
Card
Loan
Customer
Product /
Service
Eligibility
Customer
Reference
Data Mgmt
Account
Information
SOR
Deposit
SOR
Customer
SOR
Loan
SOR
Credit Card
Position
Keeping
1. Retrieve existing
products/services
2. Retrieve customer
name and address 3. Retrieve
Current Account
4. Retrieve Credit /
Charge Card
3.1. Retrieve TXs for
Current Account
4.1. Retrieve TXs for
Credit / Charge Card
Will this perform?
Account Information Service
• Orchestrate multiple
services
• Transform to target
messages
• Expose target endpoints
BIAN Based Business Services
• Type 1: wrapped host
• Type 2: integration with ESB
• Type 3: microservices
Systems of Record
API
Distribution
Channels
Customers
Production
Products
Operations
API

18. © 2019 IBM Corporation
Account Aggregation – realizing value of Open Banking with better
customer insights
18
Customer
Behavior
Models
Customer
Behavioral
Insights
Customer
Position
Customer
Offer
Account
Aggregation
Customer
Product /
Service
Eligibility
Retrieve customer position
Account Aggregation Service & API
• Customer position aggregated from
multiple financial institutions
• Used by channel applications
BIAN Based Business Services
• Customer Position maintains …
• Customer insights from analytical
models
• Offers to customer
Account Access to other banks
• Account Access to multiple
banks
• Using FinTech offering to
simply the integration
Account
Access
Bank N
Account
Access
Bank 1
Account
Access
Bank 2
Account Aggregation
Service by FinTech
Customer
Position
Consent
API
Distribution
Channels
Customers
Production
Products
Operations
API

19. © 2019 IBM Corporation
BIAN service domain based microservices & APIs
19
Microservices Models
BIAN SDs + Physical
Generate &
annotate
Container Environment
(Kubernetes)
Service Models
Microservices Code First (A2A)
API Application
Models
BIAN SDs + Messages
4a
Swagger Models API Developer Portal
Generate & publish
APIs
API Specification First (B2B/B2C & A2A)
BIAN Service Domains
UML Models for
BIAN Service Domains
UML Models for
Conceptual (BOM)
(IM/ISO/RYO)
Industry Models
ISO 20022
Roll Your Own
1
2
UML Models for
Messages
UML Models for
Physical Models
3a
5a
3b 4b 5b
Control Record
Behavior
Qualifier
Behavior
Qualifier
Behavior
Qualifier
Sub Qualifier Sub Qualifier Sub Qualifier

20. © 2019 IBM Corporation
Implementation pattern – command query responsibility
segregation (CQRS)
Two types of operations
1. Design of a BIAN service domain
- Design of service operations with input and output messages
based on common models (BIAN BOM, ISO20022, IFW, Roll
Your Own)
- Mapping to API endpoints and generate Swagger files
2. Build of a service operation of COMMAND type
- Business logic (workflows/rules) with invocation of SOR
services
- Message transformation from message model based on
common models to SOR specific message format
- Invoking the SOR services
- Generating events on updating to SOR
3. Design and build of Local Data Store
- Data model/schema based on common models
4. Build of a service operation of QUERY type
- Query of the underlying Local Data Store
- Mappings from data model to message model that are based
on common models
20
COMMAND Service
Operations
Event Consumer
QUERY Service
Operations
Event Consumer
System of Records
Local Data Store
Event
BIAN Service Domain

21. © 2019 IBM Corporation
Account Information with CQRS pattern – less-CORE to CORE-less
is a journey, likely a long one
21
Current
Account
Savings
Account
Credit /
Charge
Card
Customer
Product /
Service
Eligibility
Customer
Reference
Data Mgmt
Account
Information
SOR
Deposit
SOR
Customer
SOR
Credit Card
Position
Keeping
BIAN Based Business Services
• QUERY operations read from
local DBs and return
• COMMAND operations publish
events
• Local DBs subscribe to
COMMAND events and apply
updates
• Further optimization possible
Systems of Record
• Subscribe to COMMAND
events and apply updates
Customers
Event
COMMAND QUERY COMMAND
Accounts
Event
Transactions Credit Cards
Event
Account Access Service & API
API
Distribution
Channels
Customers
Production
Products
Operations
API

22. © 2019 IBM Corporation
Summary
• BIAN applied to Open Banking, focusing on Channels, Customers,
and Products areas in BIAN service landscape value chain
• Example use cases mapped to BIAN service domains
• Thoughts on architecture and implementation
• Questions? Comments?
Global Solution Center | Dallas22