Managing Corporate Consents with OBP

Until now, banks have primarily introduced APIs that are mandatory for compliance with country regulations and have presented and documented their API offerings mostly for developers. While these APIs have opened up new service possibilities, they have mainly been geared towards consumer needs, leaving corporate clients with limited options.

While this approach has clear benefits for corporates as well, it is not fully interoperable with the existing Open Banking ecosystem as authorization varies depending on the payment amount – multiple confirmations from multiple users in the case of payment initiation, for instance.

Moreover, there are no corporate-level consents yet in any Open Banking standard.

Another aspect is that innovative banks tend to reserve their premium services for corporations and focus on a few specific use cases for their big clients, making it difficult for a wider range of daily services to become available for SMEs.

It’s clear that SMEs play a major role in most economies, particularly in developing countries, representing about 90% of businesses and more than 50% of employment worldwide. Like any other client, this group has high expectations for seamless and sophisticated banking services that are specifically tailored to their industry and unique needs. And if we know that the main purpose behind using APIs is to automate business, we can think of many ways to find applicable cases like automating functions so that you don’t need a user interface at all.


Why stop at consumer banking?


So why is Open Banking regulation only targeting end consumers?

Some banks have decided to address this market segment and develop Corporate Banking APIs. Below we have some examples of corporate APIs from Nordea, ING, Deutsche Bank, ABN AMRO and OP Financial Group.

APIs for Corporate Clients
Accounts Information
Payment Initiation
Beneficiary Account Validation


However, there aren’t many API products that target cases where the corporate client has more than one signatory. In these scenarios, the client is usually requested to authorise only one person to sign an agreement with the bank.

Multi-sig Authorisation for Corporates


Introducing the OBP solution, which is flexible in terms of consent and is extended to seamlessly handle corporate consents. For instance, banks can validate transactions for SMEs via payment transaction requests with the multi-signature approach described below.

  1. The quorum required for consent confirmation is set in an Account Attribute.
  2. Possible members of the quorum are users with Account Access on the Account.
  3. The consent is built up via successive authentication and SCA challenges until a quorum is reached.

When it comes to Consents and Access Control, OBP provides fine-grained access to account data and payment methods, which can be encoded into Consents. In addition, entitlements to specific APIs can also be encoded into Consents. Consents may be listed and revoked by the user who created them or by admin users directly.

Banks and corporates that embed Open Banking within their strategic DNA are more likely to achieve the best results.

For a more comprehensive analysis and to learn how the Open Bank Project can help you extend your Corporate APIs, reach out to