2. About Me
● CTO at Moneyhub
● I’m an active contributor & now co-editor of
the FAPI specs
● FAPI WG Liaison Officer to UK
OpenBanking Implementation Entity
● UK Expert at ISO TC68 SC9/WG2 -
Financial APIs
● Technical Representative for the Financial
Data & Technology Association
● Key proponent of the use of CIBA spec for
financial use-cases
● Represent AISPs at OpenBanking & the
FCA.
3. About Moneyhub
● UK Based Fintech established since 2011
● We build an intelligent financial assistant
and work with our partners to improve the
financial wellbeing of their clients
● Founding member of FDATA
● Active with the Open Banking Working
Group
● Active in lobbying the CMA to require a
“common” OpenBanking API
● One of the first Account Information
Service Providers in Europe
5. The Road To OpenBanking
I’ve been a reluctant screen
scraper since 2013.
Nat Sakimura came to the UK in
June 2016 shortly after starting
FAPI.
The timing was perfect &
thankfully we were able to get the
evolving FAPI security profile
adopted by UK Open Banking
7. Moneyhub is core to any personalised digital proposition.
Available data sources are selected in priority order to form the most accurate, cost
effective aggregated account for your customer.
Budgeting
Categorisation
Smart
Nudges
Screen Scraping
e.g.
Yodlee
eWise
OTHER EXTERNAL
SOURCES OF DATA
Open Banking
Intermediated
e.g.
Platforms
Administrators
Third parties
e.g.
Fund data
House prices
Pension
dashboards
Credit scores
Socio-economic
e.g.
Demographic
Behavioural
ENTERPRISE
OWNED OR
SOURCED DATA
CORE
MONEYHUB
Manually
entered data
Enterprise
owned data
e.g.
Pensions
Investments
Insurance
Mortgages
Enterprise owned
products
e.g.
Voluntary benefits
ISA’s
Mortgages
Insurance Enterprise
agreed
Market place
Machine
learning
7
8. Initiatives happening in the
UK and Europe
Berlin Group - Open Finance
Pension Dashboard Project
Open Savings & Investment
Smart Data
10. FAPI
Financial-Grade API
➢ Producing specs that codify
OAuth security best practices
➢ Right people: authors of
OpenID, JWT & many OAuth
RFCs
➢ Right structure: active working
group at OpenID Foundation
with weekly calls and open
collaboration on Bitbucket
➢ Right IPR: Royalty free &
mutual non-assert
➢ Worldwide adoption (UK,
Japan, Australia, USA, etc)
11. ➢ Standardisation - the unsung hero of security and an aid
to innovation
➢ Conformance - boring but incredibly important
➢ Authentication and Authorisation - the hardest part of
any API