All articles
PR Manager

Open Banking in Ukraine: how Kong simplifies API development and implementation for banks

What is Open Banking?

Open Banking is actively developing worldwide. Ukraine is no exception despite the war, as it is essential to harmonise Ukrainian legislation and the financial market with the European one. 

Thus, in August 2023, the National Bank of Ukraine approved the Open Banking Concept.

It provides free financial information exchange between different institutions (banks, fintech companies, and other providers). 

Open banking allows third-party providers to access consumers' financial data via APIs. As a result, consumers can control who has access to their finances and easily and conveniently use the services of different providers simultaneously.

The role of PSD2 standards

PSD2 is a European Union directive aimed at regulating payment services. It finally came into force at the beginning of 2019, marking a new stage in the development of the European payments market. Its main objective is to stimulate competition, protect customer rights and integrate innovative technologies into the financial system.

PSD2 is a continuation of the first Payment Services Directive (PSD1), which was adopted in 2007. PSD1 standardized payment rules laid the groundwork for SEPA (Single Euro Payments Area) and opened the door for the development of fintech companies. PSD2 significantly expanded these opportunities by opening up access to bank accounts to third-party developers (TPPs) via APIs, stimulating the creation of new products such as personalized financial planners or multi-bank expense accounting systems.

Adaptation to PSD2 in Ukraine was realized with the adoption of the Law of Ukraine "On Payment Services" on August 1, 2022, and subsequently the Open Banking Concept.

The Concept stipulates that open banking will start in Ukraine in August 2025, so all banks will have to open their APIs. This raises the issue of security: how to ensure that confidential customer information is protected?

Therefore, financial institutions in Ukraine must choose a specific solution that will allow them to implement the Open Banking Concept in their operations, meet all the requirements of the National Bank, and effectively overcome the risks associated with 

Kong Gateway - a solution for Open Banking

Kong Gateway is a powerful API management platform that provides functionality to meet the needs of Open Banking. This banking model involves integration between banks, fintech companies and customers through standardised and secure APIs. Kong Gateway provides all the key aspects of Open Banking such as scalability, security, regulatory compliance and development flexibility.

Key features of Kong Gateway for Open Banking:

  1. Centralised API Management. Kong Gateway allows you to manage APIs from a single point, ensuring the same security and monitoring standards. This is especially important for Open Banking, where it is necessary to meet regulatory requirements.
  2. Extensibility through plug-ins. Kong's plug-in architecture allows you to add special features such as request rate limiting, OAuth2 authentication, or analytics monitoring. These features can be easily adapted to the specific needs of Open Banking.
  3. High level of security. Open Banking requires reliable protection of customer data. Kong Gateway provides encryption, token management and role-based access control (RBAC) to ensure that transactions are secure.
  4. Scalability and Performance. Thanks to its lightweight architecture and dynamic routing capabilities, Kong Gateway easily adapts to traffic changes, ensuring stable operation even under heavy load.
  5. Integration with AI Gateway. Kong Gateway supports Artificial Intelligence (AI) integration capabilities to provide visibility, API orchestration, and centralised management of machine learning services.
  6. Deployment Flexibility. Kong Gateway can run on a variety of platforms: in the cloud, on-premises, in a hybrid environment, or in containers. This makes it easy for banks to move from legacy systems to a modern open banking architecture. 

Why is Kong Gateway ideal for Open Banking?

Kong Gateway delivers the security, performance and regulatory compliance that are key to Open Banking. With monitoring tools and advanced API integration, the platform drives innovation and efficiency. With Kong Gateway, banks and fintechs can create APIs that meet the modern needs of their customers.

The Importance of Open Banking for the Ukrainian Banking System

The Importance of Open Banking for the Ukrainian Banking System

Undoubtedly, the introduction of Open Banking in Ukraine will bring huge benefits to the financial market and users: 

  • Convenience (customers can manage their finances in all banks and fintech institutions through one application)
  • Competition between financial institutions (banks will improve their services and reduce their costs)
  • Security (the security of financial transfers and the protection of customers' data will be improved through a series of regulatory requirements);

New services (financial institutions will start offering new services and products to customers).

Let's take a closer look:

  • Innovations in the financial industry

Open Banking opens new horizons for financial innovation by creating an environment where banks, fintech companies and other service providers actively collaborate. This model encourages the development of technologies and services that transform the approach to finance, making it more accessible, transparent and convenient.

  • New services created due to Open Banking:
  1. Automated budget management. Third-party developers use APIs provided by banks to create financial planning applications. For example, a user can combine data from multiple bank accounts into one interface to analyse and automatically categorise income and expenses, or forecast future financial needs.
  2. Fast loan processing. API integration allows financial organisations to quickly access a customer's credit history (with their permission). This simplifies the decision-making process and enables almost instantaneous lending. For customers, this means quick access to funds without complicated paperwork.
  3. Digital payment services. Open Banking encourages the development of new payment platforms. For example, it makes it easier to transfer funds between accounts at different banks without intermediaries. This increases the speed of transactions and reduces maintenance costs.
  4. Personalised financial recommendations. Analytics tools integrated with banking APIs allow you to create personalised advice on investing, saving or optimising spending based on the user's financial habits.
  5. Service comparison platforms. Open APIs allow customers to use services that compare banking products in real-time, such as deposit and loan rates or currency exchange rates.
  • Benefits for banks and fintech companies:
  1. Competitive advantage. Traditional banks can use Open Banking as an opportunity to expand their service offering by partnering with fintech companies. For example, to offer new financial services that meet the modern demands of customers.
  2. Access to innovation. Fintech companies can gain access to customer data (with users' consent), enabling them to develop innovative products tailored to market needs.
  3. Stimulating competition. Open Banking creates a level playing field for banks and fintechs, stimulating the development of new solutions that increase the efficiency of the financial market.
  • Impact on customers:
  1. Giving customers more control over their finances.
  2. They can get the services they need more quickly.
  3. Reducing the cost of services through competition between service providers.

The digital transformation of banks and fintech companies will be much faster thanks to Open Banking, allowing them to create innovative services that meet the modern needs of consumers and businesses.

Challenges for banks in implementing Open Banking

Despite the significant benefits of open banking, its implementation is a major challenge for financial institutions. Banks are forced to adapt their processes and infrastructure to the new standards and face difficulties:

  • The technical complexity of API integration

Most banks have legacy IT systems that make it difficult to integrate the latest open banking technologies. These systems are not always compatible with modern API platforms and require significant upgrades or a complete migration to more flexible architectures. The main issues causing difficulties:

  1. High cost of infrastructure upgrades. Modernising systems requires significant financial investment in software, servers and specialist services.
  2. Lack of flexibility in legacy systems. Legacy systems cannot quickly adapt to changing market and regulatory requirements, making the modernisation process lengthy and complex.
  • Compliance with regulatory standards

Open Banking is based on regulatory frameworks such as the Revised Payment Services Directive (PSD2), which sets strict requirements for data processing, transfer and protection. Banks are being challenged:

  1. The need for strong access control. PSD2 requires the implementation of multi-factor authentication (MFA) mechanisms to protect customer data.
  2. Ensuring transparency. Banks will need to open their APIs to third-party service providers while maintaining compliance with regulatory data protection standards.
  • Security of customer data

Open Banking reduces barriers to data access, but it also creates new risks. Open system architecture is becoming an attractive target for cybercriminals. Key security challenges:

  1. API security. Attackers can exploit API vulnerabilities to gain unauthorised access to data.
  2. Implement modern authentication mechanisms. For example, OAuth 2.0 and OpenID Connect help protect customer data, but their integration requires technical expertise.
  3. Permissions management. Ensure that access to customer data is only granted with their permission.
  • Scalability of solutions

As the number of Open Banking users and API requests grows, there is a need for platforms that can efficiently handle large loads:

  1. Server load. Banks need to invest in scalable solutions that can handle peak loads.
  2. Response time. Open Banking involves processing requests in real-time, which requires high system performance.
  • Cultural and organisational change

The implementation of Open Banking requires a change of mindset in banks. Traditional business models need to adapt to the new realities, with a focus on working with fintech companies. This includes:

  1. Staff training. Staff need to be familiar with new technologies and understand the specifics of working with Open Banking.
  2. Resistance to change. Many institutions are reluctant to abandon traditional processes, making transformation difficult.

Implementing Open Banking is a challenging but necessary step for banks that want to remain competitive in the digital age. Overcoming technical, regulatory and organisational challenges paves the way for innovation and the creation of modern financial services that better meet the needs of customers.

How Kong Gateway simplifies API development and implementation for banks

How Kong Gateway simplifies API development and implementation for banks

  • Speed of development. With Kong's modular approach, you can quickly create new APIs and adapt them to your customers' needs.
  • Flexibility. Kong supports REST and gRPC protocols, as well as other modern protocols, simplifying API integration for banks and fintech companies.
  • Security. Integration with OAuth 2.0 and OpenID Connect ensures that access to customer data is protected.
  • Scalability. The platform easily adapts to growing transaction volumes with automatic load-balancing capabilities.
  • Process automation. Kong provides centralised API management, including real-time performance monitoring.

Key features of Kong Gateway for Open Banking

  • TPP (Third Party Providers) access management

Kong Gateway provides granular access control to customer data in line with PSD2 requirements, enabling banks to:

  1. Use authentication mechanisms such as OAuth 2.0 and OpenID Connect to protect data.
  2. Create access policies for third-party service providers (TPPs) to ensure access is only granted with customer consent.
  3. Perform access auditing to track who has accessed data and when.
  • Integration with cloud services

Kong Gateway offers integration with cloud platforms, which is important for Open Banking:

  1. Support for multi-cloud architecture. This allows banks to integrate services across private and public clouds, ensuring high scalability and efficiency.
  2. Rapid implementation of new APIs. The cloud infrastructure makes it easy to set up APIs to work with fintech solutions.
  3. Data protection. Ensures business continuity and minimises risk in the event of a main server failure.
  • Monitoring of API requests

Kong Gateway provides tools for detailed monitoring of API requests to help banks optimise performance:

  1. Real-time analysis. The systems allow you to track API load, identify bottlenecks and respond quickly to problems.
  2. Anomaly detection. Built-in automated analytics help identify unusual behaviour, such as suspicious activity that may indicate cyberattacks.
  3. Reports for optimisation. Analyze data to make decisions about scaling resources or changing the architecture to improve efficiency.
  • Easy to set up

Kong Gateway's flexible architecture makes it ideal for adapting to changes in the regulatory environment:

  1. Quickly adapt security policies. The interface allows you to quickly implement new policies in line with regulatory changes.
  2. Modularity. Banks can add or remove features without significant changes to the underlying infrastructure.
  3. Scalable to your needs. The platform adapts to the growing number of requests or increasing volume of data.

Kong Gateway is a powerful Open Banking implementation tool that ensures high performance, security and regulatory compliance. Its capabilities allow banks to integrate modern technologies while maintaining the flexibility and control needed to operate in a digital transformation environment.

Examples of Kong Gateway implementation in financial institutions

Case Study: GCash saves resources and speeds development with Kong Gateway Enterprise

About GCash

GCash is a leading mobile platform and fintech service in the Philippines, providing more than 65 million users with access to financial services via mobile phones. Founded in 2004, the company offers a wide range of financial services such as payments, money transfers, savings, insurance, investments, etc. GCash is actively working on international expansion in countries such as India, Malaysia, Mexico, UAE, UK and USA.

Challenges

As the number of users and transactions grew, GCash needed to scale its infrastructure while ensuring its reliability and security. The company was using Kong Gateway Community Edition, but needed to upgrade to Kong Gateway Enterprise for further development. 

Solution

By migrating to Kong Gateway Enterprise, GCash:

  1. Implement a distributed architecture. The API gateway provided a consistent approach to security, limiting the speed of requests and controlling access.
  2. Integrate legal services. Legacy systems were gradually transformed into microservices with well-defined APIs.
  3. Extend functionality. Plugins allowed GCash to integrate authentication with internal identification systems.

Results

  1. Cost savings: The infrastructure modernisation resulted in a monthly savings of approximately $70,000.
  2. Training of technical specialists: More than 40 GCash engineers have been certified with Kong Gateway, having mastered both basic and advanced levels.
  3. API monetisation: The introduction of a centralised hub for API monitoring and management has reduced API duplication between teams, strengthened standards and launched a monetisation programme.
  4. Stability and flexibility: The new infrastructure focused on monitoring and management, allowing for the elimination of redundant components.

This case study shows how Kong Gateway Enterprise is helping GCash meet the challenges of the modern financial market, optimise costs and scale its infrastructure for global growth.

Case Study: Fubon Financial reduces API security risks with Kong Gateway Enterprise

About Fubon Financial

Fubon Financial Holdings aims to become one of Asia's leading financial institutions by offering the most comprehensive portfolio of financial products and services through its network of subsidiaries, which include Fubon Life, Taipei Fubon Bank, Fubon Bank (Hong Kong), Fubon Bank (China), Fubon Insurance, Fubon Securities and Fubon Asset Management. These companies deliver consistent results and help Fubon remain a market leader.

With total assets of more than US$300 billion, Fubon Financial is one of the largest financial holding companies in the region and has been repeatedly ranked in the Fortune Global 500 and Brand Finance's Top 500 Most Valuable Global Brands.

Challenges

Fubon Financial faced the challenge of centralising business operations in a decentralised deployment environment. The team decided to implement API management to build a reliable and scalable technology foundation. However, despite the variety of API management solutions available, the team quickly realised that not all of them could meet the specific needs of its subsidiaries, which required flexibility in deployment.

Solution

After evaluating several options, Fubon Financial chose Kong as its API management solution. Kong enabled centralised security management and standardisation across the company, despite the diversity of environments used by its subsidiaries. 

Results

  • Reduced API security risks. Previously, Fubon Financial relied on a physical IP firewall configuration to support authentication and authorisation of its systems, which was a complex and error-prone process. By switching to Kong, the company was able to mitigate the security risks of open APIs and scale operations without compromise.
  • Audit and governance. With centralised control, Fubon Financial was able to accelerate API service development, facilitate auditing, and define security policies and specifications.
  • Improved security. The security and management capabilities of the Kong API platform, including authentication and authorisation, improve Fubon's overall security.

This case study illustrates how Fubon Financial uses Kong Gateway Enterprise to reduce API security risks and standardise management in a decentralised business operation, bringing efficiency and flexibility to its operations.

How to get started with Kong Gateway

1. Select the installation method:

  • Kong Konnect: a global control plane for centralised API management running in the cloud.
  • Local installation: Install Kong Gateway using Docker or directly on your platform.

2. Basic steps to get started:

  • Use Konnect:
    • Sign up for a Kong Konnect account to get quick access to the Gateway functionality.
    • Use the Kong Academy training materials to learn key features.
  • On-premises installation:
    • Download the Kong Gateway (Open Source or Enterprise).
    • Follow the installation and configuration instructions in the Quick Start Guide.

3. Explore the extension options:

  • Use the built-in plugins or create your own to customise the API.
  • Integrate Kong Gateway with Kubernetes using the Kong Ingress Controller.

4. Tools for working with Kong:

  • Insomnia: Accelerate API development with automated testing and Git integration.
  • decK: Declarative configuration management of Kong Gateway.

5. Testing and customisation:

  • Use the free version of Kong Gateway for testing.
  • Enable management features using the Kong Manager (user interface).

Users who choose the Enterprise version receive several additional benefits:

  • Gateway Mocking 
  • GraphQL 
  • Request Validation
  • jq Transformations
  • Advanced caching 
  • Advanced Rate Limiting 
  • Advanced Authentication 
  • Role Based Access Control (RBAC) 
  • Advanced Authorisation (OPA) 
  • Secret Management
  • FIPS 140-2 Support
  • Signed Kong Images 
  • Kong Images Build Provenance
  • Enterprise Support 
  • Security CVE and Bug Fix Backports
  • Performance Tuning Guidance
  • Customer Success Packages - Add-on

Conclusion

Open Banking opens up new opportunities for the Ukrainian financial sector by offering more transparent, efficient and personalised financial services to consumers. With rapid technological development and changing customer needs, banks must adapt to new challenges. Successful implementation of the Open Banking concept requires modern tools that not only ensure compliance with regulatory requirements but also the ability to respond quickly to market changes.

Kong Gateway is the optimal solution for banks as it offers flexibility, security and scalability. Its capabilities allow organisations to effectively manage APIs, control access to customer data and integrate different services, which is extremely important in the context of Open Banking. Using Kong Gateway not only improves data security but also ensures easy customisation and integration of new functionality.

In addition, by supporting standards and recommendations such as PSD2, Kong Gateway enables Ukrainian banks to confidently enter the international market, expand their service offerings and attract new customers. This in turn will increase the competitiveness of the country's financial sector.

Start your bank's digital transformation with Kong Gateway! Contact an Integrity Vision specialist today!

shareLink copied
Integrity_Vision_logo

Contact us to start your journey to innovative IT solutions

Get in touch

Let's have a talk

Contact us
to start your transformation journey

    Your Name*

    Phone number

    E-mail*
    What would you like to talk about?

    info@integrity.com.ua

    +380445971070
    "Integrity Vision" LLC
    Ukraine, 04114, Kyiv City,
    Avtozavodska street, 54/19, 2A
    Tax Number: 37096369