Case Study: Banco Santander - Delivering Open Banking at Scale

Client Overview

Banco Santander, one of the world's largest retail and commercial banks, needed to evolve its digital infrastructure to meet Open Banking requirements across multiple sub-brands and customer journeys. With affiliates spanning retail, business, and mono-product offerings, Banco Santander faced the challenge of delivering a seamless, standards-compliant experience across web and mobile channels.

The Challenge

• Multiple sub-brands, each with different authentication experiences.
• Journeys for both retail and business customers across web and mobile.
• Secure app-to-app and app-to-web-to-app authentication flows.
• Onboarding requirements for third-party providers (TPPs) using dynamic client registration (DCR) and software statement assertions (SSA).
• Conformance with FAPI standards.
• Differentiation of affiliates within a single PingFederate instance.

Our Approach

This engagement was delivered in collaboration with Raidiam, with Craig Greenhouse (through his consultancy, then Obsequio Software Ltd - now Opendata Consult Ltd) acting as the principal consultant and lead architect. Working as part of a small, highly capable team including colleagues Dan, Alan, and Barry, Craig designed and delivered the following:

1. Baseline Review

   • Analysed Banco Santander's existing architecture (Apigee, PingFederate, microservices).
   • Identified what could be reused vs. what needed to be built from scratch.

2. Hybrid Security Model

   • Coarse-grained access control in Apigee (token validation, introspection).
   • Fine-grained consent enforcement in microservices (account-level permissions).

3. Authentication Journeys

   • Assessed security trade-offs between app-to-app and app-to-web-to-app flows.
   • Introduced the PingFederate Auth Widget to support secure back-channel authentication.

4. Multi-Brand Enablement

   • Supported multiple well-known endpoints, JWKS, and registration endpoints.
   • Delivered brand-specific client ID strategies linked to SSA.
   • Designed policies to differentiate Banco Santander's 10+ affiliates within a single identity platform.

5. Consent and Onboarding

   • Defined consent journeys, including customer visibility of active consents.
   • Delivered DCR + SSA templates with example payloads and sequence diagrams.
   • Supported FAPI conformance across retail and business APIs.

6. Knowledge Transfer and Documentation

   • Worked closely with Banco Santander's architects and development teams throughout the project.
   • Delivered comprehensive documentation of the entire solution.
   • Conducted structured knowledge transfer sessions to ensure Banco Santander's internal teams could support and evolve the platform independently.

The Results

• A scalable Open Banking architecture capable of supporting multiple brands and regulatory obligations.
• A single PingFederate instance securely differentiates affiliates, reducing duplication and complexity.
• Streamlined TPP onboarding with reusable SSA/DCR patterns.
• More secure customer journeys via safer app-to-web-to-app patterns.
• Accelerated delivery by leveraging a hybrid Apigee + PingFederate approach rather than replacing core systems.
• Internal teams fully enabled to operate and extend the platform, ensuring long-term sustainability.

Takeaway

This project demonstrated how Opendata Consult's expertise combines deep knowledge of Open Banking standards with hands-on delivery and enablement. By leading Banco Santander's multi-brand Open Banking platform design and ensuring full knowledge transfer, Craig Greenhouse and the team established a proven blueprint for banks worldwide. Today, Opendata Consult draws on this real-world experience to help other banks and fintechs deliver Open Banking faster, more securely, and with less risk.