RuleWise
RuleWise
Research
--

Open Banking: Global Implementation Analysis and Future Directions

By Prof. David Kumar, Financial Innovation Research

Open Banking: Global Implementation Analysis and Future Directions

Introduction

Open banking has transformed from regulatory experiment to mainstream feature of financial services in major markets. This research analyzes implementation approaches, measures outcomes, and examines the evolution toward comprehensive open finance frameworks.

Global Open Banking Models

Mandated Open Banking (UK, EU, Australia)

United Kingdom - Most Mature Implementation:

Launched 2018 under Open Banking Implementation Entity (OBIE):

  • Mandated for nine largest banks (CMA90)
  • Standard APIs for account information and payment initiation
  • Over 7 million active users as of December 2024
  • 400+ third-party providers authorized

Key Metrics:

  • API call volume: 12 billion monthly (January 2025)
  • Account information requests: 89% of API traffic
  • Payment initiation: 11% of traffic
  • Consumer adoption rate among eligible customers: 23%

European Union - PSD2:

Payments Services Directive 2 implemented 2019:

  • All payment account providers must provide APIs
  • Account information service providers (AISPs) and payment initiation service providers (PISPs)
  • Strong customer authentication requirements
  • 27 member states, varying implementation quality

Implementation Quality (2024 Assessment):

  • Tier 1 (Excellent APIs): Netherlands, Poland, UK (post-Brexit alignment)
  • Tier 2 (Good): Germany, France, Spain, Sweden
  • Tier 3 (Adequate): Italy, Belgium, Portugal
  • Tier 4 (Poor): Greece, Bulgaria, Romania

Australia - Consumer Data Right:

More ambitious than pure open banking:

  • Started with banking (2020), expanding to energy, telecommunications
  • Consumer-centric data portability
  • Read and write access to accounts
  • Strong privacy protections

Adoption: Lower than UK (8% of eligible consumers) but high satisfaction (72% of users highly satisfied)

Market-Driven Open Banking (United States)

No federal mandate but significant market activity:

FDX (Financial Data Exchange):

  • Industry consortium developing standards
  • 70+ financial institutions, 50+ fintech companies
  • API standardization without regulatory mandate

CFPB Open Banking Rule:

  • Proposed 2023, final rule expected 2025
  • Consumer data rights framework
  • Will mandate API access
  • Implementation timeline 2026-2028

Current State:

  • Fragmented landscape with bilateral partnerships
  • Reliance on screen scraping continues (58% of connections)
  • APIs becoming more common but unstandardized

Regional Variations

Hong Kong:

  • Phased implementation since 2018
  • Initially for retail banks, now broader
  • Four phases covering different data types
  • Lower adoption than expected (5% consumer uptake)

Singapore:

  • Finance-as-a-Service API playbook
  • Industry-led with regulatory support
  • Focus on innovation rather than competition
  • Integration with digital government services (Singpass)

Brazil:

  • Comprehensive open banking mandate (2021)
  • Includes credit products, investments, insurance
  • Rapid implementation with 1,175 participants
  • 25% consumer adoption within 18 months

Japan:

  • Banking Act amendments allow third-party access
  • Self-regulatory approach through industry bodies
  • Slower adoption, focus on security over speed

Technical Standards and Interoperability

API Standards

UK OBIE Standard:

  • REST APIs with JSON payloads
  • OAuth 2.0 authentication
  • Detailed functional and non-functional requirements
  • Regular versioning with backward compatibility

Berlin Group NextGenPSD2:

  • European standard for PSD2 compliance
  • Similar structure to UK approach
  • Adapted by many EU banks
  • Variations in implementation reduce interoperability

FDX North American Standard:

  • Comprehensive data model
  • Based on RESTful principles
  • Covering accounts, transactions, statements, customer information

Interoperability Challenges:

  • Lack of global standard creates friction
  • Cross-border open banking limited
  • API gateway aggregators emerging to bridge standards

Security and Authentication

Strong Customer Authentication (SCA):

  • EU mandate for two-factor authentication
  • Friction in user experience
  • Exemptions for trusted beneficiaries and low-value payments

Delegated Authentication:

  • Third party never sees customer credentials
  • OAuth 2.0 redirect flow
  • Better security than screen scraping
  • Some UX challenges during initial setup

Ongoing Security Concerns:

  • API security vulnerabilities (though rare)
  • Social engineering targeting open banking consents
  • Need for ongoing monitoring and fraud detection

Use Cases and Applications

Account Aggregation

Most common application:

  • Personal finance management tools
  • Multi-bank visibility
  • Spending analytics and budgeting

Leading Providers: Yolt, Emma, Plum (UK); Linxo, Bankin' (France); Credit Karma, Mint (US)

User Value: Convenience of consolidated view, insights into spending patterns

Payment Initiation

Direct bank-to-bank payments initiated by third parties:

  • E-commerce checkout
  • Bill payment
  • Person-to-person transfers

Advantages: Lower cost than cards, immediate confirmation, reduced fraud Challenges: Slower adoption due to change management, consumer habits

Market Sizing: €45 billion in open banking payments (EU, 2024), up from €12 billion (2022)

Lending and Credit Decisioning

Bank account data used for credit assessment:

  • Income verification
  • Affordability assessment
  • Alternative credit scoring

Impact: 34% approval rate increase for thin-file borrowers using open banking data

Providers: Plaid (US), TrueLayer (UK), Tink (EU - Visa owned)

Small Business Finance

Particularly valuable for SME lending:

  • Real-time cash flow visibility
  • Automated accounting reconciliation
  • Faster lending decisions
  • Better pricing based on actual performance

SME Adoption: 31% of surveyed UK SMEs use open banking (vs 23% retail)

Emerging Use Cases

Sweeping and Savings: Automated transfer to savings accounts based on rules Tax Preparation: Automatic extraction of tax-relevant transactions Subscription Management: Identification and cancellation of unwanted subscriptions Property Rental: Income verification for tenancy applications

Competitive Impact

Market Structure Changes

Fintech Growth:

  • Open banking-enabled fintechs raised $47 billion (2022-2024)
  • 200+ new entrants in UK since 2018
  • Disruption primarily in payments and lending

Incumbent Response:

  • Banks developing own fintech offerings
  • Investment in API infrastructure
  • Partnerships with established fintechs
  • Acquisition of innovative startups

Big Tech Entry:

  • Apple, Google, Amazon offering financial services
  • Leverage existing customer relationships
  • Use open banking for data access
  • Regulatory scrutiny of market power

Revenue Impact

For Banks:

  • Cost of API development and maintenance: £15-50 million
  • Revenue loss from disintermediation: Estimated 3-7% of retail banking revenue
  • Offset by reduced fraud, better customer retention, new B2B2C models

For TPPs:

  • Freemium models common
  • B2B2C revenue sharing
  • Data monetization (aggregate, anonymized)
  • Premium feature subscriptions

Net Economic Impact: Bank of England estimates £1 billion annual consumer benefit (UK), €26 billion (EU by 2025)

Consumer Trust and Adoption

Adoption Barriers

Surveys identify key obstacles:

  • Lack of Awareness (62%): Many consumers unaware of open banking
  • Security Concerns (47%): Fear of sharing bank credentials
  • Trust Issues (41%): Skepticism about fintech providers
  • Perceived Complexity (38%): Onboarding friction
  • Limited Value Proposition (33%): Unclear benefits

Drivers of Adoption

Early Adopters tend to:

  • Be younger (18-34 age group 2.5x more likely)
  • Use multiple banks already
  • Be comfort with digital services
  • Have experience with fintech

Successful Onboarding Patterns:

  • Clear value proposition communication
  • Transparent security messaging
  • Simple consent process
  • Immediate value delivery (instant account aggregation)
  • Ongoing engagement (notifications, insights)

Trust Frameworks

UK Financial Conduct Authority:

  • Regulatory authorization of TPPs
  • Consumer protections including liability framework
  • Complaints and dispute resolution
  • Transparency requirements

Consumer Protections:

  • Right to revoke consent at any time
  • Liability for unauthorized payments
  • Data minimization requirements
  • Purpose limitation

Regulatory Evolution

Moving Beyond Banking: Open Finance

Scope Expansion:

  • Pensions: Accessing pension account data
  • Insurance: Policy details and claims history
  • Investments: Portfolio holdings and performance
  • Mortgages: Property and mortgage information
  • Consumer Credit: Loan and credit card data

UK Smart Data Initiative: Cross-sector data sharing framework EU Financial Data Access Proposal (FIDA): PSD3 creating comprehensive open finance

Prudential Considerations

Operational Resilience:

  • TPP dependencies create new risks
  • API availability requirements (99.5% uptime)
  • Incident response and communication

Data Protection:

  • GDPR compliance
  • Data minimization
  • Consent management
  • Cross-border data flows

Financial Stability:

  • Concentration risks if few large TPPs dominate
  • Systemic importance of open banking infrastructure
  • Potential for bank runs if automated alerts trigger withdrawals

International Interoperability

Cross-Border Challenges

Technical: Different API standards prevent seamless integration Regulatory: Varying authorization and liability frameworks Commercial: Business models not aligned across markets

Emerging Solutions

International Standards:

  • ISO 20022 for financial messaging
  • FAPI (Financial-grade API) security profile
  • Global open banking standards working groups

Regional Harmonization:

  • EU single market benefits from PSD2
  • APAC initiatives for regional alignment
  • Limited progress in transatlantic interoperability

Commercial Agreements:

  • TPPs operating in multiple markets
  • Banks forming cross-border partnerships
  • Technology vendors offering multi-region platforms

Future Directions

Technology Evolution

Embedded Finance:

  • Non-financial companies integrating banking services
  • Open banking enabling rapid integration
  • Regulatory questions about responsibility and oversight

Artificial Intelligence:

  • AI-driven financial advice based on open banking data
  • Automated financial management
  • Personalized product recommendations
  • Regulatory concerns about algorithmic bias and explainability

Blockchain and Digital Identity:

  • Self-sovereign identity for consent management
  • Immutable audit trails
  • Smart contracts for automated data sharing terms

Business Model Innovation

Data Cooperatives:

  • Customer-owned data pools
  • Collective bargaining for data value
  • Alternative to Big Tech data control

Freemium to Premium Evolution:

  • More sophisticated paid services emerging
  • B2B models (employers, landlords, government)
  • White-label infrastructure providers

Banks as Platforms:

  • Banking-as-a-Service (BaaS)
  • API product catalogs
  • Developer ecosystems

Recommendations

For Financial Institutions

  1. API Excellence: Invest in developer-friendly, reliable APIs beyond minimum compliance
  2. Data Strategy: Leverage own access to customer data for innovation
  3. Partnership Approach: Collaborate with fintechs rather than pure competition
  4. Customer Education: Proactively explain open banking value
  5. Platform Thinking: Explore BaaS opportunities

For Fintechs

  1. Trust Building: Emphasize security and regulatory authorization
  2. Value Clarity: Demonstrate concrete benefits immediately
  3. UX Excellence: Minimize friction in consent and onboarding
  4. Compliance Investment: Treat regulation as opportunity for trust
  5. Sustainable Models: Move beyond growth-at-all-costs to sustainable economics

For Regulators

  1. Proportionate Requirements: Balance innovation and protection
  2. International Coordination: Support cross-border interoperability
  3. Continuous Review: Adapt rules as market evolves
  4. Supervisory Technology: Invest in RegTech for API monitoring
  5. Expanded Scope: Progress toward comprehensive open finance

For Policymakers

  1. Competition Assessment: Monitor for anti-competitive practices
  2. Consumer Protection: Ensure vulnerable customers protected
  3. Digital Inclusion: Address digital divide in open banking benefits
  4. International Engagement: Shape global standards
  5. Innovation Support: Fund research and pilots

Conclusion

Open banking has proven successful in increasing competition, enabling innovation, and delivering consumer value where well-implemented. However, adoption remains below potential, and significant challenges remain in standardization, cross-border operation, and extension beyond banking.

The next phase—open finance—promises even greater transformation but requires learning from open banking experiences. Success will depend on sustained regulatory commitment, industry cooperation on standards, continued innovation in use cases, and effective consumer protection and education.

The trajectory is toward a more open, competitive, and innovative financial services ecosystem. Realizing this vision requires ongoing effort from all stakeholders: regulators to refine frameworks, incumbents to embrace platform strategies, fintechs to demonstrate value, and consumers to actively engage with new possibilities.

References

  • Open Banking Implementation Entity (2024). "UK Open Banking Annual Report"
  • European Banking Authority (2024). "Report on PSD2 Implementation"
  • Financial Data Exchange (2024). "North American Open Banking: State of the Market"
  • Commonwealth Bank of Australia (2024). "Consumer Data Right: Impact Assessment"