Open banking in Romania: banks’ APIs rated between „excellent performance” and „extremely unreliable”. Finqware tested 16 banking APIs, within a specific use case of Corporate Treasury Automation. Three of them just don’t work!

Two years ago Finqware went live with open banking account information in Romania, as a technical service provider for Banca Transilvania. What happened since then and how does the current Romanian banking APIs landscape look like? Are the APIs working for Romanian companies that want to access their bank statements? What’s the good news? Yes, APIs work!

What about the other aspect which has the power to drive or stop adoption, the mighty UX?
User experience: are the bank APIs flawless? No. Is the user interaction with those APIs simple and straightforward? Not yet.

Basically any of the main principles of the PSD2 RTS and of the EBA clarifications on obstacles that Finqware analysed in this article „are a source of bad UX if not respected„, according to the company. However, „tremendous steps forward have been taken this year by many banks in improving their APIs„, as a result of increasing usage and feedback.

Finqware have been testing most of the bank APIs, over a period of more than one year now, within a specific use case of Corporate Treasury Automation based on real time aggregation of cash positions and bank transactions across multiple banks, entities and currencies.

Details for each bank’s API performance below, as well as the progress achieved throughout 2022.

Unicredit API: reliable and excellent performance
GOOD: it is reliable and it works; the consent experience has been working without errors; the data is well structured and comprehensive
OBSTACLES: the transactions data lacks a unique reference id and it may come duplicated when paginated; the IBAN list needs to be provided explicitly before the SCA
PROGRESS: the most critical issue we experienced this year was being flooded with millions of transaction records coming in a loop, multiplied, but the bank support team reacted and solved it. Also, access to PSD2 API for businesses used to be enabled on a request basis, now it is by default.

Raiffeisen Bank API: reliable and good performance
GOOD: it is reliable and it works; the data is well structured and comprehensive.
OBSTACLES: the IBAN list needs to be provided explicitly before the SCA (for corporate users); lacks reference id’s for some types of transactions and completeness of fields; errors at large transaction history due to expiration of access token; lengthy requests duration in case of large number of accounts.
PROGRESS: this year, the bank moved to a new API portal and their transition support for TPPs was excellent.

ING Bank API: reliable and excellent data content
GOOD: it is reliable and it works; the consent experience has been working without errors; the data is well structured and comprehensive, including bank reference id and a category for each transaction; IBAN selection in the bank app.
OBSTACLES: the main obstacle is in the lack of support that a bank customer can get from the front line teams in terms of getting access to the API as well as the errors and the delays associated to this offline flow.
PROGRESS: this year, we experienced improved support for corporate customers access.

BCR API: reliable and excellent support
GOOD: by default, all accounts accessible by the user are provided via the API; simple redirect flow; the data is well structured and comprehensive; transaction reference id provided, though some duplication may appear due to pagination.
OBSTACLES: sometimes offline configurations are necessary for Corporate customers, but the
support is extremely responsive.
PROGRESS: this year, the API performance improved and the support was excellent.

Banca Transilvania API: reliable and excellent support
GOOD: the data is well structured; no duplication effect of transactions; legal entity & IBAN selection in the bank app.
OBSTACLES: some performance issues related to deactivation of consents before the 90 days,
but excellent support provided.
PROGRESS: this year, authentication for business customers was enabled, resulting into direct access to SCA for consent, no obstacles involved

Garanti Bank API: excellent performance and access to many types of accounts
GOOD: by default, all accounts accessible by the user are provided via the API; simple redirect flow; the data is well structured and comprehensive; transaction reference id provided, though some duplication may appear due to pagination; excellent performance even for consents carrying more than 100 bank
accounts; most comprehensive span of account types provided via the API
OBSTACLES: some transactions duplication may appear.
PROGRESS: until this year, it has explicitly required consent for every API call and the transactions data was extremely poor, we needed to rework the connector to test the new improved version.

Libra Bank API
GOOD: simple consent experience, errors solved.
OBSTACLES: missing important data fields such as debtor/ creditor name; data refresh may have delays.

Alpha Bank API
GOOD: it is reliable and it works; the consent experience has been working without errors; IBAN selection in the bank app.
OBSTACLES: offline flow for opening API access, with poor support in front line; transactions’ data is very unstructured.

BRD API: extremely unreliable
GOOD: errors on decoupled SCA flow solved and now working; very good data content for
transactions.
OBSTACLES: unavailable half of time; returns data as zip file with bank statements, instead of
continuous data records.
PROGRESS: access to PSD2 API used to be enabled on a request basis, now it is by default.

OTP Bank API
GOOD: it is reliable and it works; the consent experience has been working without errors
OBSTACLES: the user is only able to get up to 4 data updates a day.

CEC Bank API
GOOD: by default, all accounts accessible by the user are provided via the API; the data is well structured; no duplication effect of transactions
OBSTACLES: some performance issues related to deactivation of consents before the 90 days

CITI Bank API: premium data content
GOOD: by default, all accounts accessible open with a company are provided via the API; the
data content is comprehensive.
OBSTACLES: some performance issues related to the lengthy response time; access to API is
enabled through an offline project; authentication only available through dedicated
certificate, no OAuth.

Credit Europe API: fantastic improvements this year
GOOD: very good data content for transactions.
OBSTACLES: consent for corporate a bit complicated due to required input; too many errors in the consent flow and quite low API availability
PROGRESS: a lot of effort has been put by the bank in making the API work, this year, on all
aspects: consent flow, balances & transactions, data content and quality.

First Bank API: progress on TPP onboarding
GOOD: it is reliable and it works.
OBSTACLES: most of missing transactions data & details have been solved and they are complete now
PROGRESS: access of a TPP to PSD2 API used to be enabled manually, after a KYC check by the bank, but after the clarification received from the National Bank of Romania, the bank got rid of the KYC step.

As a conclusion, there’s still room for improvement in terms of open banking APIs user experience, across all banks. Considering the relevance of the cash management product, we do believe that once many of these obstacles are solved or provided appropriate support, adoption is going to ramp up tremendously. The challenge is still on the banks side as to how quickly can these APIs be improved beyond their first “compliant” version and, most importantly, why? Are compliance reasons enough or should banks also find superior motivation?