Exploring Banking

Middleware Solutions
 Exploring Banking Middleware Solutions | 2

Contents
Executive Summary.................................................................................................3

Introduction.............................................................................................................4

What is Banking Middleware?.................................................................................6

What are APIs? .......................................................................................................7

Case Study: Lewis & Clark Bank Stands Up Its Risk Management
Platform With Middleware.......................................................................................11

Banking Middleware U.S. Vendor Landscape..........................................................13

State of Bank-Core Provider Relationships.............................................................15

Considerations for Banks .......................................................................................16

Glossary of Terms....................................................................................................18
 Exploring Banking Middleware Solutions | 3

Executive Summary
Delivering innovative products and services is critical for community financial
institutions to remain competitive. But the speed with which community banks can
deliver innovation is largely dependent on the state of their core banking platforms.
APIs are the industry’s best practice for connecting applications, and today’s
middleware platforms pull together a set of tools and technology needed to help
document, deploy and manage multiple API connections. These API-led middleware
platforms act as a translator between a financial institution’s core banking platform and
other systems that utilize business logic and data stored on the core banking platform,
including external, customer-facing interfaces and third-party apps as well as newer
cloud-based, internal applications.
This report explores three strategic benefits that financial institutions can realize by
leveraging middleware in the banking tech stack:
• Reducing reliance on a legacy core to deliver products faster and make future
conversions easier
• Building a single source of truth for customer data, leading to a better customer
experience
• Fostering partnerships with fintech companies
Additionally, this report provides a set of considerations on internal readiness and
external partner selection that banks should evaluate to determine their fit for
middleware adoption.
Using middleware will not, in itself, make a bank “innovative” or solve all the
technology challenges it faces. This report is aimed to kick off discussions on how
financial institutions looking to gain control over their strategic technology roadmap
can do so by first modernizing the foundational systems their banks rely on.
 Exploring Banking Middleware Solutions | 4

Introduction
For decades, community banks have played critical roles in ensuring that people and
businesses have access to affordable products for payments, savings and credit. As
such, they are key parts of the foundation of local economies. But as the definition
of “community” extends past physical borders and new business models emerge,
community banks seek innovative ways of delivering their products and services.
The degree to which community banks can innovate is largely dependent on the state of
their core banking platforms, which are back‐office banking systems that process daily
transactions and post updates to accounts and other financial records. In many ways,
core banking systems are part of the foundation of a bank’s operations. Unfortunately,
legacy architecture in most core platforms limits the ability to support innovation.
Analysts estimate that more than two in five U.S. banks still run their core banking
processes on legacy, back-end systems designed nearly four decades ago1.
Legacy architecture once built for stability and reliability now generates pain points for
bankers: multiple disparate systems operating independently, hundreds of applications
relying on point-to-point integrations, and asynchronous front-office and back-office
processes, among others. This arrangement results in nearly unscalable systems and
operational inefficiency. To make matters worse, maintaining these systems is expensive,
with banks spending upwards of 80% of their IT budgets on simply preserving their
technological status quo2.
Based on analysis from McKinsey3 and Protiviti4, three pragmatic options exist for
banking leaders who have yet to start their core modernization efforts: 1) greenfield
transition, where a bank builds products from scratch on a new, cloud-native core
under a distinct brand; 2) progressive migration, where a bank can migrate capabilities
over one-by-one and run them in parallel to the legacy core until it is retired; and
3) a middleware platform surrounding the core that allows for improved external
connectivity to third-party products and services.
Each option carries its own set of benefits, risks, costs, complexities and outcomes. The
optimal choice for a given bank is driven by the current state of its tech stack, business
objectives and the unique constraints on its operating model, including organizational
risk tolerance.
For institutions that don’t want to replace or convert their core systems but instead
wish to extend the core system’s functionality, the third option (middleware solutions)
can help bridge legacy technologies with new applications and is popular among banks
with substantial investments in legacy core infrastructure that want to mitigate the risk
of change. Adding a middleware layer also can better prepare a bank for an eventual
migration away from the legacy core.

1 http://fingfx.thomsonreuters.com/gfx/rngs/USA-BANKS-COBOL/010040KH18J/
2 https://www.fnlondon.com/articles/banks-face-spiraling-costs-from-archaic-it-20170912
3 https://www.mckinsey.com/industries/financial-services/our-insights/banking-matters/next-genera-
tion-core-banking-platforms-a-golden-ticket
4 https://www.protiviti.com/US-en/insights/modernizing-legacy-systems-financial-institutions
 Exploring Banking Middleware Solutions | 5

The API-led middleware acts as a translator between a financial institution’s core

banking systems and the various customer-facing systems of engagement that utilize
business logic and data stored in the core banking platform, whether for internal
business applications and dashboards, a fintech partner’s platform, or the bank’s
customer interfaces. The middleware path to core modernization is gaining attention
from smaller institutions as it carries a relatively lower price tag and risk potential, while
limiting changes made to legacy core systems.

Leveraging middleware in the banking tech stack can give

rise to three key benefits:
1. Reducing reliance on a legacy core to deliver
products faster and make future conversions easier
2. Building a single source of truth for customer data
leading to better customer experience
3. Fostering partnerships with fintech companies

The use cases supported by middleware are numerous, from deposit operations and
contact center management to branch activities and back-office operations. API-based
middleware is flexible and can be applied broadly across any banking function that
would benefit from rapid access to customer or internal data. This report provides an
overview of middleware technologies, how they fit into the overall innovation strategy
for community banks, and a market map of middleware providers. A full glossary of
additional terms used throughout the text is provided at the end of this report.
 Exploring Banking Middleware Solutions | 6

What is Banking Middleware? Figure 1.

The core banking landscape has developed over several decades. Simplified banking infrastructure with
Core systems range in their architecture from closed legacy API-based middleware layer
versions to mature approaches with open APIs to next-gen open,
cloud-based designs. While the newer systems widely use APIs to Systems of Engagement
communicate between various components of banking software,
legacy architectures need a translator — or API-led middleware —
to sit in the stack between it and newer applications, to facilitate Bank-Owned Third-Party
data flow. Channels Fintechs
Middleware is needed when a bank’s systems of record do not
have a native way of communicating with the various systems of
engagement that employees and customers might use, or if the APIs
available from the core are insufficient to meet the bank’s needs.
By using an API-based middleware layer, banks can more easily API-Based Middleware Layer
plug new digital experiences and third-party applications into
legacy systems and allow for data exchange between them without
requiring point-to-point integrations customized to each new app
API Gateways API Manager
or data stream.
Whereas integration platforms are focused on creating one-time
connectivity between two points — the core and an application
— middleware takes a broader approach and is not targeted to a Data Integration/
specific application or use case. Multiple providers can utilize the Dev Portal
Transformations
same middleware platform to connect to the core. The middleware
layer typically contains business logic abstracted from the legacy
core to translate data and leverages API gateways to manage the
exchange of data both from and to legacy core.
As shown in Figure 1, middleware is a set of four major modules:
API gateways, API manager, data integration and transformation Systems of Record
tools, and a developer portal. Together these modules equip banks
with the ability to create secure API access points between external
Core Banking
and internal parties, and view and manage data being shared CRM
Systems
between those connections. Such platforms typically include a set
of rules governing the creation, publication, use and access of APIs,
transforming and integrating data for compatibility as well as a
Data
developer portal containing API documentation, tutorials, code
snippets and sandbox capability.
Warehouse/
Lakes
Exploring Banking Middleware Solutions | 7 Exploring Banking Middleware Solutions | 7

What are APIs?

Gartner defines APIs as “programming interfaces” that allow
applications access to service functionality and data within other
applications or a database.5 Simply put, APIs are software programs
that allow different applications to communicate and share
information with one another. They provide an architecture for
creating requests and handling responses so data can be transferred
between two applications.
APIs are used routinely across digital services. Some common
examples include: third-party login allowing users to sign in with
their Google, Apple or Facebook accounts instead of making an
account directly; e-commerce payments where consumers can use
their preferred digital wallet to complete a transaction (e.g., Pay
with PayPal); streaming services like Netflix or Spotify being able
to distribute content to any device or screen type; or even checking
the weather on Google that relies on sending API requests to the
National Weather Service.
In banking, APIs can be used internally to simplify systems
and enhance the efficiency of bank operations. Use of internal
APIs typically begins by improving and modernizing basic
banking services and then can be progressively extended across
other functions, including analytics, automation tools, account
authentication, risk management and payment processing.
According to a 2020 McKinsey global survey on APIs in banking,
banks are increasingly relying on APIs internally to reduce costs
and complexity associated with IT integration.6
These private APIs can accelerate new application development
by allowing data held in disparate systems to be exchanged more
easily. Typically, banks experiment and pilot small projects with
a few internal APIs and then scale out once the applications prove
successful. From there, API access can be consolidated in a single
internal developer portal with documented standards that ensure
reusability and scalability. Banks can also leverage APIs externally to
enable collaboration with third-party partners such as fintechs and
large corporations by allowing secure access to core banking data.

5  https://www.gartner.com/en/information-technology/glossary/application-pro-
gramming-interface
6  https://www.mckinsey.com/capabilities/mckinsey-digital/our-insights/tech-for-
ward/whats-new-in-banking-api-programs
 Exploring Banking Middleware Solutions | 8

Community banks can use middleware platforms to achieve three key benefits:
• Reducing reliance on a legacy core to deliver products faster and make future
conversions easier
• Building a single source of truth for customer data, leading to a better customer
experience
• Fostering partnerships with fintech companies
We will now take a closer look into these benefits.

Reducing reliance on a legacy core to deliver products

faster and make future conversions easier
By integrating a bank’s core and other back-office systems to an API-based middleware
platform, banks can gain rapid access to their data — with less complexity and less
staff commitment, generating new opportunities for revenue growth. Banks looking
to respond to rising competition and customer expectations for on-demand, digital
self-service understand that speed-to-market is crucial and that they can’t rely on their
legacy systems for fast product delivery.
Many institutions find themselves with ROI-positive projects in the pipeline that are
constrained by a lack of ready-access to the core. Banks often face a protracted timeline
in getting approval from their core provider for third-party fintech access. Without
needing to rely directly on the core to launch new apps, middleware equipped with
business logic makes it faster for a third-party service to get connected to the core data
without waiting on a legacy core vendor to build the connection.
Adding a middleware layer also can better prepare a bank for an eventual migration
away from the legacy core. By connecting applications through the middleware first,
the bank reduces its dependency on the legacy core system. Eventually, the legacy core
can be replaced by connecting a new core to the middleware, without reconnecting
each application to the new core. Moreover, the bank can do so without experiencing
downtime across all other front-end systems that have integrated to the middleware —
because they’re reliant on the middleware layer, not on the core.

Building a single source of truth for customer data,

leading to a better customer experience
Banks can use middleware platforms to unify disparate sources of customer and
internal data into one platform forming a single source of truth to build better products
and customer experience. Despite its promise of being a centralized repository of data,
legacy core systems have been decentralized for a very long time, with multiple sets of
customer data stored in different places and in various formats. Banks can leverage APIs
 Exploring Banking Middleware Solutions | 9

and the middleware integration layer to help deliver a 360-degree view of the customer
across lines of business for a seamless, connected experience across channels, such as
mobile apps, in-person locations, contact centers, wealth and marketing.
Banks consistently identify integration as the main obstacle to meeting their customer
experience needs. 7 Ideally, customers should be able to transact easily online with
real-time updates across all back-office apps. But in reality, many bank customers have a
disparate experience on digital banking channels; for example, because their credit card
and debit card data are stored in two different places, they need to log into two different
apps. Another example would be if the customer changes their address, but that change is
not reflected in real time across various back-office systems, including the core platform.
As a result, the customer experience suffers from these back-office inefficiencies.

Fostering partnerships with fintech companies

APIs are also gaining traction in financial services as an enabler of bank/fintech
partnerships. In 2019, Capgemini8 found that a majority of banks globally leverage APIs
to connect with fintech firms as part of their business strategies, and the pace of external
API sharing is accelerating, with two-thirds of banks saying they currently share APIs
with their partners and more than a quarter planning to share APIs within a year.
Banking leaders welcome a shift away from competition and toward collaboration
with fintechs. Survey data collected by Finextra9 in 2019 found that 81% of banks
globally view collaborating with fintech partners as the best strategy to achieve digital
transformation. Among U.S. financial institutions, that sentiment is even stronger —
97% of banks surveyed for a 2019 Finastra study10 agree that collaboration with third-
party entities and fintech firms will serve as a driver of their businesses’ successes.
By connecting with a range of external players including payment cards, investment
and brokerage firms, and fintech companies, banks can explore new revenue streams
and offer personalized experiences to their customers. These types of connections are
supported by partner APIs, which represent roughly 20% of banking APIs, according
to the 2020 McKinsey survey11 and are used externally to support integration with
business partners. The survey also showed that banks have plans to double the number
of partner APIs by 2025.
In addition to supporting bank/fintech partnerships, middleware can enable external-

7 Aite Group-Avanade, “CX: Why do banks struggle to put the customer first?”
8 Capgemini, Leverage Open APIs – the glue that will hold your ecosystem together
9 https://www.finextra.com/researcharticle/90/the-future-of-payments-how-to-accelerate-digital-transfor-
mation-in-payments
10 https://www.finastra.com/viewpoints/research/open-banking-and-collaboration-state-nation-sur-
vey-2020
11 https://www.mckinsey.com/capabilities/mckinsey-digital/our-insights/tech-forward/whats-new-in-bank-
ing-api-programs
 Exploring Banking Middleware Solutions | 10

facing activities for banks, including banking-as-a-service and third-party risk

management.
• Banking-as-a-Service (BaaS): The provision of banking products and services
through third-party distributors12, is emerging as yet another use case for
middleware-enabled third-party partnerships. In this scenario, banks act as
modular platforms that supply core banking functions that fintechs source to build
their own financial services.

API-based middleware’s role here is similar to how middleware platforms enable

external connectivity or partnerships with fintechs generally. The distinction,
however, is that the bank gives up some control over the customer journey and
instead focuses on back-office activities. Playing the role of the sponsor bank for a
fintech won’t be suitable for every institution but can be a sound strategic move for
some institutions.
• Third-Party Risk Management (TPRM): Middleware can also play a role in
helping banks conduct third-party risk management. Historically, TPRM programs
focused on point-in-time assessments such as annual due diligence and review
processes. As the financial services environment evolves and becomes more
dynamic, however, real-time observability is mission critical. Banks can contract
with third-party companies to perform activities on their behalf, but reputational,
financial, regulatory and operational risks all remain with the bank.13 Just as banks
establish key performance or risk indicators, banks can establish triggers and
metrics to monitor change in their fintech relationships.

With middleware sitting in the data flow between the bank and its external
partners, banks can build out risk management applications to actively monitor
transactions. This approach puts a greater emphasis on information gathering on
a regular cadence rather than an annual checklist exercise. A middleware based
TPRM application can help monitor risks, as they emerge, based on critical risk
factors identified during the due diligence phase of onboarding a fintech partner.

The case study below illustrates how an Oregon-based community bank utilized
middleware to stand up its risk management platform for monitoring data flow between
its core and the bank’s third-party partners.

12 https://www2.deloitte.com/cn/en/pages/financial-services/articles/importance-of-banking-as-a-service.
html
13 ABA Webinar, Managing FinTech Relationships, 9/14/2022
Exploring Banking Middleware Solutions | 11 Exploring Banking Middleware Solutions | 11

Case Study: Lewis & Clark Bank Stands Up Its

Risk Management Platform With Middleware
How can a bank be sure that its third-party partners, particularly those in charge
of mission-critical functions, are acting in compliance with applicable laws and
regulations? This is exactly the question that $373 million-asset Oregon City-based
Lewis & Clark Bank wanted to answer regarding subsidiary transaction ledgers run on
its partner platforms.
Banks often rely on an ecosystem of third-party companies to perform critical aspects
of its operations, from payments processing to Know Your Customer. Just as any activity
that a bank performs internally, regulators like the Office of the Comptroller of the
Currency expect banks to practice effective risk management when it comes to banking
activities performed by third-party service providers.
To better understand and manage risks associated with its third-party services, Lewis &
Clark Bank recognized it needed to build out a risk management platform that would
tap into the data stream between its third-party applications and its core banking
system. “The onus is on us to manage the risk associated with every banking product
and service deployed through a channel partnership or third party,” said Trey Maust,
executive chairman and co-founder of Lewis & Clark Bank. “We need to have an
awareness of who those customers are, just like we would if it were on our own core
system.” To do so, the bank needed to leverage an automated process to bring the data
onto its system.
Maust and the Lewis & Clark Bank team, after consulting with subject matter experts,
identified API-based middleware as a means for achieving their goal. In addition to
risk management associated with onboarding and account opening, middleware also
will enable the bank to monitor raw transaction data for fraud detection and BSA/AML
purposes. Using middleware made up of API connectors and a data transformation
layer, the bank will be able to automate the process of tapping into the data flow,
transform it into a standardized format and drop it in a database or document
repository for data visualization and analysis.
Without middleware, the bank would have to rely on the highly complex manual
process of downloading files and then pulling those into a transaction monitoring
system for analysis. The manual process is potentially feasible when dealing with
low volume of accounts but becomes untenable as the volume scales. Maust predicts
that over time, as banks expand their use of third-party services to conduct various
functions on their behalf, middleware will play an important role in enabling
connectivity, data transformation and analytics.
 Exploring Banking Middleware Solutions | 12

Middleware is not a magic bullet. While banks can use middleware to temporarily
prolong the lifespan of their legacy core systems, the reality for many banks is that an
eventual core replacement is likely unavoidable, especially given the pace at which
technology is advancing. Workarounds like middleware buy banks time, but the likely
long-term solution for most banks involves the implementation of cloud-based core
banking platforms.
Other potential downsides of a middleware setup that banks should consider when
building their strategies include:
• Additional entry points for cyberattacks. Adding a new layer of technology,
particularly one provided by a third-party solutions provider, increases the number
of entry points in the overall technology stack and thus, the probability of a security
breach. It’s important to review any third-party vendor’s security protocols and
their track record in thwarting breaches when evaluating a potential partnership.
• Lack of real-time visibility. Legacy cores typically update data in batches and
usually only a limited number of batches per day. But transactions in the real world
do not take place in batches; they happen in real-time. While middleware eases
integration with fintechs, batch updates limit the fintech’s ability to display real-
time account information.
• Concerns regarding data handling and management. Traditional core providers
have deep experience in compliance and regulations, which might not necessarily
be the case for third-party technology companies or service providers. For banks
utilizing third-party partners to perform a critical function (such as KYC or
loan origination), understanding how customer data is used and managed by
middleware providers, as well as having bank oversight over this data exchange, is
critical for satisfying banking regulators.

This section outlined the basics of API-led middleware and how banks can benefit from
adoption. The next section explores the two main categories of middleware solutions in
the marketplace.
 Exploring Banking Middleware Solutions | 13

Banking Middleware U.S. Vendor Landscape

APIs are the industry’s best practice for connecting applications, and middleware platforms
pull together a set of tools and technology needed to help document, deploy and manage
multiple API connections. Without these platforms, banks would have to connect hundreds
of applications individually and end up with an expensive build that adds even more
complexity to their IT systems.
Historically, banks interested in middleware needed to have some level of in-house
technical and software development capabilities to properly operationalize APIs across their
systems. Today, there is greater innovation in the space around making platforms that are
more user-friendly and less reliant on technical proficiency. Several vendors offer low-code
or no-code tools that assist in automating specific integration tasks and provide robust
visualization experiences for business analysts at banks.
The use cases supported by middleware are numerous, from deposit operations and contact
center to branch activities and back-office operations. API-based middlewares are flexible
and can be applied broadly across any banking function that would benefit from easy and
rapid access to customer or internal data.
Two broad categories of middleware platforms have emerged to help banks modernize
their banking infrastructure and reduce their reliance on legacy core banking systems: API-
based connectivity platforms and cloud-based Integration-Platform-as-a-Service (iPaaS)
offerings. An illustrative (but not exhaustive) subset of vendors is shown below in Figure 2.

Figure 2. U.S. service provider landscape for banking middleware

API-Based Banking Middleware Platform

Capability:
Connectivity platforms help banks integrate legacy core systems to Cloud-based integration platform as a service (iPaaS) vendors provide
third-party apps using API-based adapters and connectors; includes full-service middleware implementation and management services;
API management, developer portal, marketplace. includes low-code/no-code tools, workflow management, advanced data
procession, etc.
Outcomes:
• Extends core banking functions as APIs and provides tools to • Provides full-service delivery and management
manage those APIs • Enables 3rd-party partnerships
• Enables 3rd-party partnerships

Connectware

Communicator Open

jXchange
ABA Associate Members
API-based middleware from
legacy core providers

Explore additional resources and providers in the ABA Industry Provider Network.
Note: The intention of this diagram is not to exhaustively map the universe of providers in this landscape, or to provide a comparison of the
vendors shown, but instead to provide examples in each category for banks to undertake vendor comparison and assessment processes.
 Exploring Banking Middleware Solutions | 14

API-based connectivity platform vendors primarily perform the task of legacy-to-

modern integrations by providing an API platform that sits on top of the legacy core and
exposes core banking functions and data. API connectivity platform vendors typically
offer third-party onboarding and management, a developer portal, an API marketplace
and support various banking functions including payments, loan origination solutions,
native mobile apps and digital banking offerings, among others.
Vendors in this category supply the technology platform and solutions guidance needed
for a bank to complete integration but typically require an in-house bank IT staff to
maintain the middleware post-implementation. Some third-party vendors have an
exclusive focus on the banking vertical (e.g., Sandbox Banking, FinMain, Finconecta) that
market pre-integration with commonly deployed legacy core processors and API-based
data access as selling points to banks.
Legacy core processors such as FIS, Fiserv and Jack Henry have also built API middleware
layers that fit in this category. Core processors typically offer in-house development and
integration expertise for banks to utilize. Connectivity platforms from core processors
carry the immediate benefit of not having to rely on an additional vendor but do little to
free the bank from its dependence on the incumbent core provider. Moreover, legacy cores
can place tollgates to limit access to the middleware platform exclusively for approved
and pre-integrated partners. Availability of the core-provided middleware could also vary
significantly depending on the specific core platform.
Integration-Platform-as-a-Service (iPaaS) vendors go beyond providing technology
and implementation guidance by delivering end-to-end services from initial middleware
integration to ongoing maintenance, development support and third-party onboarding.
In addition to API management, iPaaS vendors provide services and tools for workflow
management, data set processing, and data hub functionality, among others. Providers
in this category typically offer built-in customer consent management, consumer
authentication, a developer portal, an API marketplace, data analytics, fraud detection and
risk analysis tools.
Among the highlighted vendors in Figure 2, ModusBox and Core10 have a banking-only
focus, whereas the other vendors have experience across multiple verticals, though they also
possess deep in-house compliance and regulations expertise specific to the banking industry.
In many ways, the industry-agnostic group of solutions providers (e.g., MuleSoft, Boomi)
are perhaps the most mature in the middleware integration space and likely have more
exposure to integration challenges and potential pitfalls. Most iPaaS vendors also offer pre-
integration with commonly deployed core platforms across the major legacy providers.
Some iPaaS providers, like ModusBox and Boomi, offer coding-optional environments
(i.e., low-code or no-code) that are browser-based visual solutions. These tools are designed
for product managers and business ops users but can just as easily be used by enterprise
architects and developers. These tools help those closest to business and operational
decisions deploy solutions without needing to shuttle them through an IT team.
Community banks with available IT staff and resources to manage middleware
implementation in-house should explore API connectivity platforms. iPaaS solutions are a
better fit for banks seeking full-service delivery and ongoing management, as well as those
with a need to knit together multiple legacy on-premises and cloud-based systems.
Exploring Banking Middleware Solutions | 15 Exploring Banking Middleware Solutions | 15

State of Bank-Core Provider Relationships

The architecture of a bank’s core processor platform and the bank’s relationships with its core providers
are crucial in being able to roll out competitive innovations. The 2022 National Survey of Community
Bankers14 found that nearly three in five banks surveyed rely primarily on their core service provider
(e.g., Jack Henry, Fiserv or FIS) for digital banking products and services.
Given the centrality of core systems to a bank’s operations, it’s not surprising that supporting community
banks to improve their relationships with core providers and open opportunities for innovation in the
core provider space is a critical issue for the American Bankers Association (ABA). Data from ABA’s
2022 Core Platform Provider Survey15 clearly indicate that core processor relationships have room to
improve. Of banks surveyed, 42% say they’re dissatisfied with their core provider and 21% indicate they
are unlikely to remain with their core when the contract expires.
What’s the source of discontent for banks when it comes to core providers? In the same 2022 ABA survey,
banks point to the following areas where their core platform provider is least effective: reasonable pricing
structure for API usage and access, integration with third-party providers, availability of API documentation,
and responsiveness around providing API access. Despite this perceived lack of agility and customization
on the part of core providers, banks are generally reluctant to opt for a core conversion. According to a 2021
Cornerstone Advisors study16 of community-based financial institutions, 72% said that replacing a core
operating system was not part of a 2021 digital transformation strategy, compared to just 14% indicating core
conversion was a priority.

Data from ABA’s 2022 Core Platform Provider Survey clearly indicate that core processor
relationships have room to improve. Of banks surveyed, 42% say they’re dissatisfied with
their core provider and 21% indicate they are unlikely to remain with their core when the
contract expires.

Part of the challenge with a core conversion is the potential for service disruption and the staff time
required to oversee the transition. Bankers must balance these concerns on top of a lengthy average
timeline of 18-24 months needed for core replacements. Analysis from McKinsey17 identifies several
issues preventing banks from replacing their core, including difficulty in untangling preexisting,
third-party integrations from the old system and re-integrating to the new core banking system. Cost
estimates for such a maneuver at a medium-sized bank could exceed $50 million depending upon its
complexity, and for larger banks, roughly between $300 million and $400 million18.
Even if a bank assesses that it’s ready for a core modernization project (or less commonly, to replace
their current core systems entirely), the ability to do so is often impacted by the bank’s contract terms
with its core processor. Renewal discussions are prime opportunities for banks to work with their core
provider to enable third-party integrations into its core banking system and address future innovation
goals. And that moment is approaching rapidly for a large swath of banks. According to the ABA 2022
Core Platform Provider Survey, 63% of banks, at the time of the survey, had four years or less left in their
contract term — 25% up for renewals by end of 2024 and another 38% up for renewal by end of 2026.

14 https://www.csbs.org/newsroom/adapting-digital-age-how-are-core-services-providers-viewed
15 ABA 2022 Core Platform Provider Survey
16 https://agoraservices.us/modular-banking-whitepaper.html
17 https://www.mckinsey.com/industries/financial-services/our-insights/banking-matters/core-systems-strategy-for-banks
18 Ibid.
 Exploring Banking Middleware Solutions | 16

Considerations for Banks

This report has outlined the basics of an API-based middleware platform and described
how banks can leverage middleware to reduce their reliance on a legacy core for
innovation, build a single source of truth for customer data, and foster partnerships
with fintech companies. To help banks operationalize those benefits, the report also
presented two broad categories of middleware vendors aimed at the financial sector:
API-based connectivity platforms and cloud-based Integration-Platform-as-a-Service
(iPaaS) offerings, along with a subset of vendors in each grouping.
The decision to implement a middleware solution is based on several interrelated
factors, including the bank’s priorities, risk appetite, investment budget, talent
availability, time horizon, current technology stack and organizational readiness for
change. Buy-in from the entire organization is critical to success as these projects are
decidedly not IT-only initiatives. Stakeholders from the business, compliance, legal,
finance, risk, IT and vendor teams must collaborate from the outset to ensure alignment
with the roadmap and strategic vision of the bank.
Banks should consider the below recommendations as they evaluate whether an API-
based middleware solution is the right approach for their institution, and if so, which
type of platform/provider might be best:

Evaluating if middleware is an appropriate strategy:

• Evaluate customer need. Are there new applications or use cases that will benefit
customers? Do these use cases have the potential to be revenue drivers? Whether
the bank wants to provide its customers with a faster way to add new accounts or
borrow money, or offer customizable payment cards, middleware platforms are
flexible and adaptable to support a wide array of banking use cases that require fast
access to data.
• Define business objectives. Does the bank want to continue focusing on
supporting customers within its physical geography or seek out new segments?
Core modernization via middleware can help the bank do both. Whether the bank
wants to serve its current customers with new digital tools or carve out new digital
customer segments that are outside of its branch footprint, middleware adoption
can help fast-track relevant initiatives.
• Assess ability to roll out innovations. Is it currently possible for the bank to roll
out new innovations rapidly to its customers with its tech stack or readily partner
with innovative fintechs? If the bank’s core systems seem insufficient to support
these initiatives, middleware could extend the functionality of existing back-office
systems. Investing in in-house development capabilities can chart a vendor-
independent path forward for the bank. In turn, APIs developed in-house that are
shown to drive revenue can also be monetized for external use.
 Exploring Banking Middleware Solutions | 17

Choosing the right middleware implementation partner:

• Evaluate if core-provided middleware solution is sufficient. Does the core
vendor’s middleware sufficiently meet the bank’s needs regarding speed-to-
market and effectiveness? Along with a pre-integrated middleware platform, core
processors also typically offer in-house development and integration expertise for
banks to utilize. It’s pragmatic for banks that would prefer to stay within their core’s
ecosystem to adopt a middleware solution from their incumbent core processor
instead of bringing in a third-party service provider.
• Assess in-house ability to manage middleware implementation. Banks need to
assess their ability to manage a middleware implementation on their own versus
relying on the expertise of a service provider. A key limitation for many community
banks is the lack of technical staff able to manage an in-house-run middleware
layer. A managed services provider would be an appropriate fit in such scenarios,
with the service provider delivering application, infrastructure and security services
via active administration and ongoing, regular support.
• Validate a vendor’s relevant experience. Banks must ask prospective vendors
about their ability to integrate with the bank’s existing core platform, breadth of
the marketplace of pre-integrated fintech solutions, and to simulate key business
scenarios in its solution using sufficient synthetic data to cover various real-world
scenarios and demonstrate must-have functionality. Review plans for data security,
including sensitive functions like payments and authorization requirements, and
conduct due diligence to understand the vendor’s credibility, its financial health,
and review customer testimonials regarding past implementations.
 Exploring Banking Middleware Solutions | 18

Glossary of Terms
Term Definition

Application programming APIs are “programming interfaces” that allow applications access to service functionality
interface (API) and data within other applications or a database. Simply put, APIs are software programs
that allow different applications to communicate and share information with one another.
They provide an architecture for creating requests and handling responses so data can be
transferred between two applications. In financial services, three generic API models are
applied in combination: one is focused on internal processes, systems, services and data,
and two are external-facing and oriented either to commercial partners or the general
public.

API gateway An API gateway is an API management tool that sits between a client and a collection of
back-end services. Most enterprise APIs are deployed via API gateways. It’s common for
API gateways to handle common tasks used across a system of API services, such as user
authentication, rate limiting and statistics.

API management API management refers to the processes for distributing, controlling and analyzing the APIs
that connect applications and data across the enterprise and across clouds. The goal of API
management is to allow organizations that create APIs or use others’ APIs to monitor activity
and ensure the needs of the developers and applications using the API are being met.

API sandbox An API sandbox is an environment that testers can use to simulate the characteristics of the
real-world environment and create simulated responses from all APIs the application relies
on. API sandboxes make it possible to reduce the cost and risk associated with calling third-
party APIs during testing.

Banking-as-a-Service Banking-as-a-Service describes a model in which banks integrate their digital banking
(BaaS) services directly into the products of other non-bank businesses. In a BaaS model, a
non-bank business can offer its customers digital banking services such as mobile bank
accounts, debit cards, loans and payment services, without needing to acquire a bank
charter of their own.

Core banking modernization Core banking modernization refers to the replacement, upgrade or outsourcing of a bank’s
existing core banking systems and IT environment. These systems perform mission-critical
operations for the bank, including processing accounts, loans, payments and securities.

Core banking system Core banking system is a back-end system that processes daily banking transactions and
posts updates to accounts and other financial records. Core banking systems typically
include deposit, loan and credit processing capabilities, with interfaces to general ledger
systems and reporting tools.
 Exploring Banking Middleware Solutions | 19

Term Definition

Data warehouses/data A data warehouse contains structured data that has been cleaned and processed, ready
lakes for strategic analysis based on predefined business needs. A data lake contains all of an
organization’s data in a raw, unstructured form, and can store the data indefinitely (for
immediate or future use).

Developer portal A developer portal is a common best practice for API management. Developer portals
typically provide API documentation along with developer onboarding processes like sign-up
and account administration.

Integration-Platform-as-a- Integration-Platform-as-a-Service (iPaaS) is a suite of cloud services enabling development,

Service (iPaaS) execution and governance of integration flows connecting any combination of on-premises
and cloud-based processes, services, applications and data within individual or across
multiple organizations.

Internal API Internal APIs are designed primarily to streamline software development and simplify
systems and operational processes. These currently represent the vast majority of use
cases.

Legacy core banking Legacy core banking systems are often decades-old, mainframe-based platforms that
systems support a bank’s back-end operations across core functions such as account opening,
transaction processing, deposits processing and loan processing, among others.

Low-code/no-code Low-code is an app development approach that enables automated code generation
through visual building blocks like drag-and-drop and pull-down menu interfaces. No-code
is also an app development approach and is often treated as a subset of the low-code
development approach. While in low-code there is some handholding done by developers in
the form of scripting or manual coding, no-code has a completely hands-off approach, with
a complete dependence on visual tools.

Middleware Middleware is software that lies between applications, essentially functioning as a hidden
translation layer. It’s sometimes called “plumbing,” as it connects two applications together
so data and databases can be easily passed between the “pipe.” Many middleware services
are accessed through APIs, which are sets of tools, definitions and protocols that allow
applications to communicate with each other.

Next-gen core banking Next-generation core banking platforms are financial processing systems built on cloud-
systems based, flexible, scalable and open frameworks. Compared to legacy banking systems, next-
generation core banking platforms and modern banking platforms are created with four key
factors in mind: cost-effectiveness, future readiness/resilience, real-time transaction system
and are often natively API-accessible.
 Exploring Banking Middleware Solutions | 20

Term Definition

Partner API Partner APIs allows external firms to access data that can enhance products and services or
create new ones.

Point-to-point integration Point-to-point integration involves the use of custom code to tightly couple two or more
endpoints. For example, a designated integration between two sources (such as Salesforce
and an ERP system) with a single transformation of data in the process. Point-to-point is
considered the simplest form of integration, and its popularity is growing, in large part due
to the increased ease of access to APIs.

Public API/Open API Public APIs open up bank data, products and services to communities of developers, with
the aim of encouraging rapid development and commercialization. Public APIs are typically
more restrictive than open APIs in terms of sharing assets.

Third-party risk Third-party risk management is the process of analyzing and minimizing risks associated
management with outsourcing to third-party vendors or service providers. There are many types of digital
risks within the third-party risk category, including financial, environmental, reputational and
security risks.
Exploring Banking Middleware Solutions | 21 Exploring Banking Middleware Solutions | 21

About the American Bankers Association

The American Bankers Association is the voice of the nation’s $23.7 trillion banking industry,
which is composed of small, regional and large banks that together employ more than 2 million
people, safeguard $19.6 trillion in deposits and extend $11.8 trillion in loans.

For more information, please contact:

Brooke Ybarra
SVP, ABA Office of Innovation
bybarra@aba.com

Sayon Deb
Senior Director, ABA Office of Innovation
sdeb@aba.com

© 2023 American Bankers Association, Washington, D.C.

This document makes descriptive reference to trademarks that may be owned by others. The use
of such trademarks herein is not an assertion of ownership of such trademarks by ABA and is
not intended to represent or imply the existence of an association between ABA and the lawful
owners of such trademarks. The views and opinions expressed in this document are meant to
stimulate thought and discussion. As each business has unique requirements and objectives, these
ideas should not be viewed as professional advice with respect to the subject matter discussed.