API Management

Yorkshire Building Society Group: Embracing Open Banking with Apigee

Editor’s note: Today we hear from Jonathan Abbott, program manager, PSD2, at YBS Group, the third-largest mutual building society in the UK. Learn how this forward-thinking financial services organization is using Apigee to comply with PSD2 regulations in the UK and help support a digital transformation.

In the UK, the Payment Services Directive 2 (PSD2) is creating quite a stir, particularly among the largest banks that will now be required to release their data in a secure, standardized way. The idea behind the new open banking requirements, set out in the revised Payment Services Directive, is to facilitate secure data sharing to enable next-generation products and services. At YBS, we believe in the possibilities of PSD2 as we move into a more digital world, and are therefore moving as quickly as possible toward PSD2 compliance.

In complying with PSD2, we saw an opportunity not only to tick a regulatory box, but to build future strategy by using open APIs to enable a rich ecosystem of connected services for our customers.

At this point, full PSD2 compliance requirements are being finalised. As it stands right now, banks need to move to an API model by September 2019 to meet the regulations. After that, screen scraping of customer data can no longer take place. To meet this timeline, we needed an API management platform and expertise to help accelerate our efforts and reduce risk.


After comparing several solutions in a formal RFP process, we decided to use the Apigee Edge API platform and work with our trusted consulting partner Tata Consultancy Services (TCS). As a financial services organization, enterprise-grade security was one of the most important considerations for us.

Apigee offers the application access controls and adaptive threat protection we need to use open APIs in a banking environment. We also found the people we worked with at Apigee to be very transparent and accommodating, and they worked collaboratively with TCS and our internal teams to understand our needs in this very new world.

To remain nimble, we took a phased approach, concentrating initially on business process transformation and system changes. In phase two, Apigee became crucial as we put our API gateway in place and began incrementally building our capabilities. We launched our Developer Services portal, Developers.ybs.co.uk, very quickly and began by making available a number of sandbox APIs, with plans to build on this over the next 12 months by offering production APIs in time for the regulatory deadline.

One year ago, YBS didn’t have any API gateway capabilities. Thanks to Apigee and TCS, by next summer, we’ll have everything we need in place for phase three, in which regulators will come in to verify that we’re in compliance with PSD2. Without Apigee, we would have faced a far harder task advancing our digital strategy and complying with Open Banking regulations in such a compressed time frame.

With all the challenger banks, fintech companies, and new potential partnerships emerging as a result of Open Banking, it’s more important than ever for YBS to offer innovative and engaging digital services. By using Apigee to get a head start on API-based banking services, we can be more competitive in the coming years, which will no doubt be a crucial period of disruption, change, and opportunity for UK banks.