Our recent report analyses the performance of
open banking APIs from 29 UK-based bank brands, grouped into CMA9 banks, neobanks, and traditional banks. APIContext monitored Financial-grade API (FAPI) compliant consent endpoints for each bank brand using its active monitoring platform,
with around eight million API calls made between 1 July 2023, and 30 June 2024.
The report’s scope covers the performance of key metrics:
- Availability and reliability of API endpoints,
- Latency metrics (DNS, TCP connect, SSL handshake, processing, and total time),
- Performance by cloud provider (AWS, IBM, Azure, and Google),
- Comparative analysis between different bank types (CMA9, traditional, and neobanks).
APIContext’s proactive, outside-in API performance and quality monitoring system, APImetrics, was leveraged to conduct detailed performance assessments. Using a Software Statement Assertion (SSA), we initiated standardised, end-to-end FAPI consent calls
for 29 distinct banking brands. These calls were executed at approximately five-minute intervals, with APIContext’s software agents deployed across dozens of cloud locations throughout Europe. This distributed architecture allowed us to capture real-world
performance data reflective of diverse geographic conditions and network environments.
The raw metrics gathered from these API calls were analysed using our patented Cloud API Service Consistency (CASC) framework. CASC is a comprehensive scoring system that generates a quality score for each banking brand by integrating key performance indicators
such as availability, latency, and consistency. This score provides an easy-to-understand benchmark for evaluating and comparing the performance of various APIs.
Each API call follows a structured sequence of steps that occur before any data is exchanged with the server:
- Name Lookup (DNS): This step involves resolving the domain name of the API endpoint to an IP address, a crucial step that ensures the request is directed to the correct server.
- TCP Connect: Once the DNS resolution is complete, a Transmission Control Protocol (TCP) connection is established between the client (API requester) and the remote server.
- SSL Handshake: After the TCP connection, a Secure Sockets Layer (SSL) Handshake occurs, which ensures that the communication is securely encrypted.
Once the secure connection is established, the API call request is uploaded to the server. The server processes the request and then sends a response back to the client. The entire duration—from the initiation of the call to receiving the complete response—is
recorded as the Total Time or latency.
We then tracked and recorded individual call results for each API call. By aggregating those calls together and analysing them using the Cloud API Service Consistency (CASC) Score, we measured the overall performance and reliability of each API.
CASC scores combine multiple metrics (latency, availability, consistency) into a single performance score, allowing for easy comparison across banks and cloud providers. The CASC system provides the following ratings:
- Green: CASC score of 8.00 or higher indicates consistently high-quality API performance.
- Yellow: CASC score of 6.00-7.99, indicating some performance issues.
- Red: CASC score below 6.00, indicating poor performance requiring urgent attention.
No APIContext customer data was used in the generation of this report. All data points were generated independently through controlled, synthetic calls, ensuring that the data reflects the genuine performance of the APIs under analysis. We maintain substantially
similar methodology from year to year, in order to provide longitudinal analysis over time.
In this report period, we added a new cloud provider, Akamai Connected Cloud. Their offering is robust across Europe, and we see a number of financial services companies using Akamai services; as a result, we expanded our platform to measure performance
from these new data centres. Over time, we expect individual data centres and cloud providers continue to change, with some rotating in and others out. We continue to see cloud services as a competitive, dynamic landscape, and our results indicate that emerging
cloud providers can deliver outstanding results.
Recommendations
There are key takeaways and recommendations for various players in this ecosystem. Individual financial institutions must understand their competitive landscape and regulatory obligations. While there are many application-specific recommendations we could
make based on individual performance, there are some key concepts that will serve every Open Banking player.
- Prioritise Cloud Optimisation: TPPs or banks relying on connections to other banks, should prioritise shifting services away from Azure, particularly for applications requiring low latency. AWS and IBM provide the most consistent performance, and Akamai
provides excellent infrastructure where speed matters most.
- Pro-Active Monitoring: Continuous API monitoring is essential to maintain high performance. Banks should invest in real-time monitoring solutions that offer insights into performance bottlenecks and allow for rapid intervention.
- Focus on Traditional Banks: Traditional banks should invest in modernising their API infrastructure to close the gap with neobanks and CMA9 banks. Backend processing times remain a key bottleneck. There remains a real business risk for traditional banks
not offering the best in digital banking services.
- Global Implications: The UK’s leadership in open banking provides valuable lessons for other markets. As more countries adopt open banking regulations, ensuring a solid ecosystem with a variety of interoperable players is critical for long-term success.
Download APIContext's report
here.