Often an open API initiative starts when a digital financial services (DFS) provider sees the potential for scaling the exposure of services, such as payments, to partners and third parties. However, internal resistance can squelch the initiative, as management grapples with potential security, data privacy and brand reputation risks. While these concerns are valid, if providers believe open APIs make sense from a commercial perspective, they should think about how to address risks rather than miss out on the opportunities of open APIs altogether. One way to do this is through the use of fair, standardized legal contracts with partners and third-party providers.
A resource from CGAP and law firm Hogan Lovells, “Key Considerations When Developing Legal Terms and Conditions for Financial Services APIs” aims to help DFS providers address potential risks when exposing open APIs. It describes the risks a DFS provider will need to consider and includes a contract template that can help DFS provider’s initiate discussions internally. Sound legal contracts can complement operational risk management practices. And like APIs themselves, standardized legal contracts can reduce on-boarding time when working with external partners.