Back to Banking & Securities matters

Reimagining transaction banking with B2B APIs

APIs can help global transaction banks move closer in the value chain to their clients amid rising competition.

Serves financial institutions in Asia on topics of technology architecture, IT strategy and digital transformations

Advises banks and financial institutions and digital transformation and strategy topics; with a focus on corporate and investment banking

Core leader of McKinsey technology practice. Serves financial institutions on a broad range of technology modernization, Enterprise architecture and cloud engineering topics

Serves banks, fintechs, payments and technology players on innovation and digital transformations

In a globalized economy, organizations need to manage diverse pools of liquidity, fund cross-border trade, optimize working capital, and keep a close eye on risk. Banks traditionally support these priorities through a range of global transaction banking (GTB) services. However, amid rising competition from niche fintechs and digital banks, the market share of many incumbents is under threat. To respond, banks can use B2B application programming interfaces (APIs) to move closer in the value chain to their clients. These connective technologies offer clients easier access to GTB services from their own platforms and enable seamless interaction with third parties.

Leading banks are focusing GTB integration efforts on products that promise most growth. According to a McKinsey survey, executives expect cash management and trade finance to be the growth engines over the next three years (Exhibit 1).1 This in the context of a business that already generates global annual revenues of $1 trillion.

We strive to provide individuals with disabilities equal access to our website. If you would like information about this content we will be happy to work with you. Please email us at: McKinsey_Website_Accessibility@mckinsey.com

As executives consider how to make the most of growth opportunities, four major regulatory and technology trends are reshaping the GTB landscape:

  1. Open banking directives are leading to a more fluid and innovative systems landscape
  2. Digital channels with smart personalization are replacing off-the-shelf applications
  3. Advanced analytics are improving liquidity forecasting
  4. Blockchain and distributed ledger technologies are supporting the digitization of supply-chain finance

API platforms enable a flexible and iterative response to these trends. However, many banks have not invested sufficiently, and thus risk losing out to better-integrated competitors that can respond faster and more flexibly to client needs. The bottom line? Effective integration through B2B APIs should be a GTB priority.

B2B integration: The state of play

Traditionally, many banks have relied on technologies such as host-to-host file transfer, based on legacy web services, or secure file transfer protocol (SFTP), to integrate their GTB services with their clients’ systems. These solutions are predominantly used for cash management services such as payments, transfers, and cash pooling. However, while they tend to work well for single-step transactions, they struggle when transactions require conditional routing. This prevents them from being used for integration of more complex products.

We see six major challenges around file-based integration:

  • limited exception handling on format mismatches
  • manual failure recovery following network or system outages
  • weak controls for file tampering and man-in-the-middle breaches
  • long customer onboarding times—as much as four to six months
  • bulky file formats for enterprise resource planning (ERP) integration, requiring customization for each corporate
  • higher operating cost to run and maintain the specialized software needed

Enter B2B APIs

B2B API platforms help banks make GTB services available to their clients and partners as discrete operations. They typically work in a closed network, helping embed GTB functionalities seamlessly and securely into client workflows. In one example, a leading Indian bank integrated its B2B payments APIs with an online delivery startup, enabling real-time settlement and instant salary payments. Similarly, many companies are leveraging cash management APIs to automate invoice reconciliation workflows in their ERP systems.

Emergence of open standards such Europe’s PSD2 and public goods infrastructure including India’s Unified Payments Interface are also driving adoption. Given the potential upsides, it is not surprising that over 85 percent of respondents to our executive survey say they plan to invest in cash management APIs in the next three years and close to 50 percent plan to expand trade finance APIs as part of their digital innovation agendas (Exhibit 2).

We strive to provide individuals with disabilities equal access to our website. If you would like information about this content we will be happy to work with you. Please email us at: McKinsey_Website_Accessibility@mckinsey.com

Building a B2B API platform: Five success factors

A common challenge in building an API banking platform is balancing corporate requirements on process flow and flexibility with internal security and operational risk controls. A well-designed B2B API platform will address these competing priorities and create a culture of co-ownership with clients and partners, thereby spreading the cost of innovation and reducing time to market. Leading GTB players that have made the most progress tend to leverage five success factors:

1. Embrace a product development mindset

APIs should be seen as products with their own lifecycles and requiring the same commitment to development, testing, and marketing as any other innovation. With that in mind, there are two critical elements:

  • Design for process control and orchestration: Banks should design process APIs to enable end-to-end workflows in activities such as domestic payments, import letters of credit advisory, and forex rate booking. IT teams should plan to create 40 to 50 build-to-stock APIs, ensuring that clients are able to orchestrate them in their ERP systems, perform necessary validations, and manage exceptions.
  • Weigh tradeoffs between a channel and product approach: Building transaction banking APIs as new product offerings would require teams to individually develop workflows and data structures, before plugging them in to existing systems. Banks can avoid costly repetition by building APIs as channels to existing products (internet banking, trade finance systems) and therefore leveraging account mapping, business logic, and security controls that already exist in their systems.

2. Set up a modern API lifecycle management platform

Banks can choose a cloud-based or on-premise solution that is open-source or part of an enterprise suite, while ensuring they offer the following key capabilities:

  • API gateway for API exposure, access control, rate limiting, security enforcement, and orchestration
  • API publisher for policy and version management, SLA performance management, and environment access (sandbox, UAT, and production)
  • API store and development portal for API discovery, developer onboarding and management, API documentation, reporting, and key management
  • API analytics for operational metrics, business metrics, billing, and metering

Individual application owners working on downstream systems can continue to own underlying business logic, error handing, logging, and enhancement. However, service contracts should be rewritten to make them RESTful2 and decomposed into microservices for easier maintenance and upgrades.

3. Extend risk management and operational controls to API-based offerings

Executives should extend risk and operational controls to API-based solutions, ensuring that the bank continues to meet its regulatory compliance obligations.

  • Align security and regulatory controls: B2B API services must conform to security and regulatory requirements by ensuring compliance with existing confidentiality, integrity, and availability models. These can be implemented with a combination of IP whitelisting, client ID and secret keys, digital signatures, and hashed payloads. One global bank chose to implement API security using a hardware security module (HSM) for dynamic key management in its collections API suite.
  • Amend client undertakings and legal contracts: Contracts with corporate clients may not incorporate the necessary terms for API-based integration. Banks therefore may need to draft new terms to facilitate system-to-system interactions and straight through processing (STP), and to define transaction limits. One Asian bank created an STP authorization form as an addendum to existing contracts to enable the API channel for its clients.

4. Leverage partnerships and self-service solutions for customer acquisition

By building out their ecosystems, banks can unlock innovation opportunities, expand their networks, and acquire new customers.

  • Form partnerships with software-as-a-service finance companies: GTBs can unlock new customer segments by providing downstream banking services to customers of cloud ERP providers and fintechs. An Asian bank was successful in onboarding new SME customers by partnering with a cloud CRM solution provider to offer back-end banking services for vendor payments and customer refunds.
  • Simplify customer onboarding: Banks that create marketplace offerings and design self-service onboarding flows can enable corporate client users with the appropriate authorizations to register their corporates to B2B API services. Several banks have set up API stores that provide test-and-learn platforms for customers to try out APIs and interact with API owners before incorporating them into their systems.

5. Define an API taxonomy to accurately assess system readiness, avoid proliferation of incompatible APIs, and prioritize for business value

An API taxonomy can help banks define ownership and governance rules. Banks should choose a taxonomy based on their own platform design. One common approach is to layer definitions as follows:

  • Experience APIs are designed for a specific user experience and enable all data consumption from a common data source.
  • Process APIs help manage workflows within a single system or across systems by simplifying the underlying implementation complexities of different source systems.
  • System APIs control CRUD (create, read, update and delete) operations that provide access to core system data, insulate users from the complexities of underlying systems, and enable reuse of data across multiple projects.

Experience APIs should be owned by channel teams and process APIs by business owners. System APIs should be controlled by application owners. Another approach, used by one European bank, is to create a prioritization framework based on important use cases, in this case using umbrellas such as regulatory APIs, build-to-stock APIs, and third-party APIs. The bank found that the approach helped drive internal innovation and monetize its APIs externally.


Successful GTB fintechs have achieved unicorn status (that is, valuations in excess of $1 billion) by providing best-in-class services coupled with a full suite of API functionalities, and integrating these into client systems. Forward-looking global banks, meanwhile, are investing their GTB IT budgets in technology enhancements, including API platforms. Banks that have not yet taken steps must therefore act urgently to enhance their own API propositions and partner with clients to ensure they keep pace and remain relevant in the fast-evolving landscape.

1 McKinsey Global Transaction Banking Survey, September 2019

2 Representational state transfer.