Working with IBM Business Partner IT Smart Systems, Banca Transilvania accelerated its compliance efforts and opened up its banking infrastructure for new fintech solutions—all without compromising security efforts. The open banking platform empowers the business to bring new, third-party services directly to its customers.
To keep pace with recent EU financial regulations, Banca Transilvania S.A. needed to create a new open banking platform.
The platform, once in production, will enable the bank to expand its ecosystem, drawing in new fintech services for customers.
Back in October of 2015, the European Parliament enacted its second Payment Services Directive (PSD2), which was intended to streamline transactions across borders throughout the union, promote open banking processes and better protect consumers when making online purchases. And at the heart of the initiative were several technical requirements focused on making banking customers’ financial information more readily available to be shared—with the customer’s permission, of course—with online businesses, credit card companies and other financial institutions.
The deadline for banks to fully comply with PSD2 was set for September 2019, with certain technical milestones set earlier. And for Banca Transilvania, one of those critical deadlines was rapidly approaching.
“It’s all about open banking,” explains Dan Moldovan, head of the Digital Fintech Department at the bank. “Open banking will let us integrate other players, such as fintechs, into the Banca Transilvania ecosystem. It will let us bring a superior digital experience to our customers. But that takes technology.”
Technology that Banca Transilvania didn’t have at the time.
Moldovan continues, clarifying: “We needed an open platform that would let us share customer data with partners. And we needed it fast. To comply with PSD2 we had to have a sandbox environment running by March 2019, and we had to be in full production by September. We were running short on time.”
After considering a handful of vendors, Banca Transilvania chose to coordinate the creation of its open banking platform with IBM Business Partner IT Smart Systems. And IT Smart Systems proposed a solution built around IBM software.
“It was the solution that could be done in time,” recounts Moldovan. “We had other offers, but we were not confident that those other solutions would be ready. And meeting PSD2 was the most important part that we needed.”
With a clear plan in place, the IT Smart Systems team moved quickly, developing the open banking platform and launching the necessary sandbox environment by the March 14th deadline.
The platform, the BT API Store, currently offers fintechs and other businesses the ability to model and test integration with Banca Transilvania’s existing systems and customer data to deliver new solutions built around such functions as online balancing, transaction monitoring and international payments. And the production environment, in turn, will empower these third-party businesses to bring these services directly to Banca Transilvania customers.
“IBM API Connect software serves as the heart of the platform,” explains Gabriela Mihalescu, IT Project Manager with IT Smart Systems. “The software lets them design new APIs for partners or other fintechs. And IBM Security Access Manager keeps the APIs secure.” For added protection, the platform also relies on IBM® DataPower® Gateway technology to secure transaction routing and connections with mobile devices.
With its sandbox environment now in place, Banca Transilvania is well prepared to go live for the September production deadline. But the bank is already looking beyond that milestone to the future, after PSD2.
“Open banking is where the market is going, we know that,” explains Moldovan. “But there’s a lot we still don’t know. We don’t know how many third parties will be calling on our APIs. We don’t know how many partners will be working with us. We don’t know how much demand our customers will have for these services.”
“What we do know,” he adds, “is that we’re going to publish a number of new APIs in the next few years, and we’re going to need to react quickly to what our customers want and what our competitors are doing. We will need to be flexible to meet those demands. Luckily, the IBM software we used for our open banking platform is also flexible.”
Beyond that flexibility, Banca Transilvania is pleased with the security-rich environment offered by the platform. “Other banks are using similar solutions,” comments Moldovan, “but without the same security tools. And that didn’t make sense to us. From the PSD2 point of view, we’re taking all the risk, so it’s very important for us to be 100 percent secure. We feel that IT Smart Systems helped give us that with the IBM security.”
Of course, Banca Transilvania isn’t the only one happy with the IBM technology. “The IBM software really cut our time to market,” explains Mihalescu. “It was easy to use, which made us more productive, and we had the documentation needed if we ran into a design question. That efficiency let us cut our development costs too.”
An efficiency that Banca Transilvania clearly noticed, as Moldovan explains: “The guys at IT Smart Systems really impressed us. They were ready when they said, and they helped us be compliant. That was the most important part of all of this.”
Founded in 1994, Banca Transilvania (link resides outside of ibm.com) began as a small, local bank, serving the needs of citizens and businesses in the city of Cluj-Napoca, Romania. But over the intervening decades, the bank has grown to become one of the leading financial institutions in Romania, boasting over 8,000 employees, nearly 600 branch locations and more than 3 million customers.
About IT Smart Systems
One of the first system integrators active in Romania, IT Smart Systems (link resides outside of ibm.com) launched back in 2002. The business now offers its business integration, web development and IT security services from development centers in Bucharest and Kishinev, and it maintains global partnerships with businesses across Europe and North America.
Legal
© Copyright IBM Corporation 2019. IBM Corporation, IBM Cloud, New Orchard Road, Armonk, NY 10504
Produced in the United States of America, July 2019.
IBM, the IBM logo, ibm.com, IBM API Connect, and DataPower are trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the web at “Copyright and trademark information” at ibm.com/trademark.
This document is current as of the initial date of publication and may be changed by IBM at any time. Not all offerings are available in every country in which IBM operates.
The performance data and client examples cited are presented for illustrative purposes only. Actual performance results may vary depending on specific configurations and operating conditions. THE INFORMATION IN THIS DOCUMENT IS PROVIDED “AS IS” WITHOUT ANY WARRANTY, EXPRESS OR IMPLIED, INCLUDING WITHOUT ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND ANY WARRANTY OR CONDITION OF NON-INFRINGEMENT. IBM products are warranted according to the terms and conditions of the agreements under which they are provided.
The client is responsible for ensuring compliance with laws and regulations applicable to it. IBM does not provide legal advice or represent or warrant that its services or products will ensure that the client is in compliance with any law or regulation.
Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed, misappropriated or misused or can result in damage to or misuse of your systems, including for use in attacks on others. No IT system or product should be considered completely secure and no single product, service or security measure can be completely effective in preventing improper use or access. IBM systems, products and services are designed to be part of a lawful, comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products or services to be most effective. IBM DOES NOT WARRANT THAT ANY SYSTEMS, PRODUCTS OR SERVICES ARE IMMUNE FROM, OR WILL MAKE YOUR ENTERPRISE IMMUNE FROM, THE MALICIOUS OR ILLEGAL CONDUCT OF ANY PARTY.