What is Open Banking?

The financial services industry is undergoing a transformative shift towards an open ecosystem. This shift is sending waves throughout the economy, disrupting the way financial data is used across retail banking settings to offer consumers personalized value-added offerings.

Central to this shift is a novel financial services model known as open banking. As seen in every industry in today’s digital-first world, customers expect unfettered personalization and convenience with financial services.  In this context, the transition to open banking is principally driven by the need to:

• Make greater use of financial data to accelerate digital innovation in the banking industry
• Enable third-party providers (TPPs) secure access to financial data
• Enable more effective collaboration and partnership working with neobanks and challenger banks in exciting innovation spaces like embedded finance and banking-as-a-service (BaaS)

The increasing adoption of open banking together with an increasing emergence of open data regulations have propelled the industry to adapt to an ecosystem geared towards free, accessible, and secure data.

According to research, the number of financial service providers that offer open banking globally grew from 535 in 2020 to 4,394 in 2024. Today, open banking is a worldwide movement, with user adoption growing rapidly in hotbeds such as the UK, EU, US, Australia, Brazil, and many parts of ASEAN. In some emerging open banking markets like Brazil, the rate of growth is exponential, with over 22 million consumers registered for open banking at the end of 2023.

Whether it be an incumbent financial service provider or a new fintech startup, the numbers behind open banking are hard to ignore. According to Grand View Research, the worldwide open banking market was valued at $25B in 2023 and is predicted to grow nearly 30% over the next 7 years.

Open banking is a revolutionary financial services model that allows TPPs to securely access financial data from banking systems via secure and often regulated application programming interfaces (APIs). Founded on the premise of consumer empowerment, a level playing feel, and cross-industry collaboration nation, this innovative approach transforms the way financial data is utilized.

On one hand, open banking gives consumers more control over who their financial data is shared with in exchange for highly personalized services.. On the other hand, it gives financial service providers the ability to understand their customer needs across multiple channels of engagement, and in so doing, the ability to accelerate hyper-personalization.

The Genesis of Open Banking

Open banking was initiated in the EU and embraced by market leaders such as the UK, Sweden, and the Netherlands. While the open banking movement has been forming for many years, the EU officially translated this into an early version of its regulatory framework in 2009.. It wasn’t until the advent of the Payment Services Directive (PSD1) in 2015, that open banking would start its exponential growth and subsequent market adoption. PSD2 gave TPPs the right to access customer accounts, thus ending the monopoly over customer data held by incumbent financial service providers.

 In June 2023, the EU announced its policy intent for a new/revised regime with the Third Payment Service Directive (PSD3) and the Payment Services Regulation (PSR1). Combined with the proposed policy direction for the  Financial Data Access (FIDA) regulations, the EU has announced its intention to further strengthen open banking adoption, level the playing field across the industry, and further advance the cause of open data into new open finance use cases.

How Does Open Banking Work?

Through the use of secure APIs, open banking enables TPPs to access consumers' financial data for the purpose of delivering personalized, value-added offerings.

Traditional banking would see data isolated and confined to the institutions charged with processing the said data on behalf of their customers. In this model, data is not permitted to flow between TPPs and within the wider financial ecosystem, giving incumbents a competitive advantage, stifling innovation, and above all, limiting consumer choice and service personalization. Under open banking, this dynamic is transformed through secure APIs, standards, and consumer-driven consent management, enabling an open ecosystem that permits TPPs access to data for the purpose of delivering personalized services.

By removing data barriers and enabling seamless integration between platforms, open banking drives innovation and promotes customer lifetime value, average product holding, and loyalty, helping financial service providers to increase their customer stickiness as well as competitive standing.

How are APIs Used in Open Banking?

Secure APIs are the catalysts that enable the functionality of the entire open banking ecosystem. At the most basic level, APIs define how software can interact with other software. For example, a TPP such as a wealth management company would use an API to gain secure access to a customer’s online bank account.

There are several different classifications of APIs currently being used in open banking ecosystems:

Free/open APIs

Free/open APIs in open banking are publicly accessible interfaces that allow TPPs to integrate and offer value-added services without any usage fees.

Premium APIs

Premium APIs are paid interfaces that provide TPPs with advanced access to financial data and services. These APIs are often a means for businesses to generate revenue.

FAPIs

Financial-grade APIs (FAPIs) are built on top of OAuth 2.0 and OpenID Connect (OIDC) authentication and identification standards and provide a higher degree of security on API exchanges. These standards are becoming a standard for exchanging financial data across multiple ecosystems.

Benefits of Open Banking

The goal of open banking is to enhance customer personalization through tailored financial services. As a result, personalization is the main impetus behind this financial services model from which all other benefits grow.

As Forbes explains, “open banking has become an innovation catalyst, significantly impacting forward-thinking banks, a diverse range of B2C fintechs, national tax offices, corporates, climate tech companies, and the rent market.” In turn, the year 2023 alone saw over 100 billion API calls from open banking-related apps.

Data-driven decision-making in open banking allows businesses to access detailed financial data, enabling them to create tailored products and services with amazing accuracy and speed - a must in today’s digital-first world. People are taking notice, even in unregulated open banking markets where 87% of U.S. customers now have accounts linked with open banking TPPs.

Automated processes in open banking lead to more effective resource allocation. By freeing up personnel from routine tasks, businesses can dedicate more resources to developing customized financial services. Some organizations report saving 10-15 hours of labor per week for finance-related positions like global treasury managers.

By giving customers control over their own data, open banking helps meet compliance standards. In the UK, Open Banking Limited claims that with open banking “you choose which apps and websites you want to use – so you’re always in charge. You decide what information that firm can access, and for how long.” With customer data privacy infractions costing some banks over $30M, open banking can greatly reduce risks associated with regulatory fines.

When it comes to business development, partnerships with local fintech companies make for easier market penetration. Such localization ensures that customers in different markets receive the personalized financial products and services they’ve come to expect.

What Does Open Banking Power?

As an innovation catalyst in the financial services industry, open banking powers both individual customers and businesses.

Empowering Customers

Through seamless access to financial data, incumbent banks and fintechs are able to personalize financial services for customers. Examples include:

• Payment processing solutions: Since retailers can directly initiate payments from people’s bank accounts, customers enjoy quicker settlements and lower transaction fees.
• Consolidated account management: By gathering data from several accounts, financial service providers are able to provide personalized guidance to customers based on comprehensive insights.

Powering Businesses

While customers enjoy the immense personalization that comes with open banking, it also benefits businesses in several critical capacities. Examples include:

• Multibanking frameworks: Global enterprises can consolidate accounts from various banks into a single dashboard to streamline financial management.
• Automated invoicing: By leveraging open banking APIs, businesses seamlessly match invoices to transactions - thus minimizing administrative tasks and enhancing accuracy.
• Fraud prevention: By analyzing transaction data in real-time, businesses can swiftly detect unusual activity to prevent online fraud.

Open Banking Around the World

Open banking frameworks are highly differentiated around the world, reflecting local competitive dynamics, investments in digital innovation, and the reach of Governments and regulators in financial intermediation.  As is often seen with the emergence of new technologies, open banking practices evolve as more regions adopt this novel financial services model. There are a couple of key open banking markets that are driving innovation in the contemporary landscape.

Open Banking in the United States

Open banking in the United States, largely driven by the Financial Data Exchange (FDX), focuses on creating a secure and standardized approach for sharing financial data between consumers, financial providers, and third-party service providers. Unlike Europe’s regulatory-driven framework, the U.S. open banking model is industry-led, where FDX plays a pivotal role by setting data-sharing standards. The FDX API facilitates consumer-permissioned data access while ensuring security and interoperability across financial services. FDX emphasizes privacy, transparency, and consent-driven access to foster trust and innovation in the financial ecosystem. As adoption grows, the U.S. model balances industry needs with evolving regulatory expectations.

Open Banking in the European Union

Open banking in the European Union is primarily governed by the Second Payment Services Directive (PSD2), which mandates that banks open their payment services and account data to third-party providers with user consent. PSD2 has been a catalyst for innovation, enabling fintechs and other financial services to provide new products and services by securely accessing banking data. The proposed PSD3/PSR1 regulations aim to enhance and refine this framework, addressing gaps in customer protection, security, and the operational effectiveness of open banking. These new regulations will place greater emphasis on consumer rights, the harmonization of standards across EU member states, and enhanced supervision of third-party providers, fostering a more robust and competitive financial ecosystem in Europe. With PSD3/PSR1, the EU seeks to strengthen trust in open banking and accelerate its adoption across the region.

Open Banking in Brazil

Brazil is rapidly becoming the world leader in open banking. While Brazil implemented its open banking framework in 2021, it has witnessed exponential growth in uptake.. In less than a year, the country achieved five million connected accounts, a milestone that took the UK four to five years. By February 2023, 22 million Brazilian customers had consented to share their personal and banking information across participating institutions.

Open Banking in Australia

Open banking in Australia is part of the broader Consumer Data Right (CDR) initiative, which empowers consumers to have greater control over their financial data. The CDR framework allows individuals to securely share their banking information with accredited third parties, promoting competition and innovation in financial services. Unlike other regions, CDR covers not only banking but also other sectors like energy and telecommunications, making it a comprehensive data-sharing regime. Open banking under CDR emphasizes strong consumer consent mechanisms, privacy protections, and data security standards. As adoption increases, it is expected to reshape the financial landscape by providing consumers with more personalized services and greater control over their financial data.

Open Banking in the United Kingdom

Open banking in the UK is driven by Open Banking Limited (OBL), an entity established by the Competition and Markets Authority (CMA) to ensure the implementation of secure, standardized APIs for data sharing. Under this framework, the largest banks are required to allow customers to share their financial data with third-party providers, fostering competition and innovation in financial services. The UK’s open banking API specifications, developed by OBL, ensure interoperability, security, and consent-driven data sharing between banks and third-party service providers. These specifications are designed to enhance customer experience, promote transparency, and enable new financial products like account aggregation, budgeting tools, and personalized financial advice. As open banking evolves, OBL continues to refine the standards to meet the changing needs of the financial ecosystem.

Open Banking in ASEAN

Open banking in the ASEAN region is gaining momentum, with countries like Singapore, Malaysia, and Thailand taking significant strides toward implementing open banking frameworks. Unlike regions with formalized regulations, Southeast Asia's approach is often a mix of regulatory and market-driven initiatives. Singapore, for instance, leads with its API Exchange (APIX) platform, which encourages collaboration between banks and fintechs. Malaysia has introduced its own open banking guidelines, focusing on customer data protection and fostering innovation. As the region continues to develop its open banking ecosystems, there is a strong emphasis on enhancing financial inclusion, promoting digital banking, and supporting fintech growth across various markets.

Open Banking in the Middle East

Open banking in the Middle East is in its early stages, with countries like Bahrain, Saudi Arabia, and the UAE spearheading efforts to develop regulatory frameworks. Bahrain, a pioneer in the region, introduced open banking regulations in 2018, making it one of the first Middle Eastern countries to adopt an API-based financial data-sharing model. Saudi Arabia followed with its own open banking policy under the Saudi Central Bank (SAMA) to boost financial innovation as part of its Vision 2030 initiative. The UAE is also exploring open banking initiatives as part of its fintech strategy. Across the region, open banking is seen as a way to enhance financial inclusion, foster innovation, and drive competition in the banking sector while focusing on strong consumer data protection and regulatory oversight.

From Open Banking to Open Finance

Due to the innovation occurring between financial service providers and TPPs with open banking, the movement is taking on exciting new developments with open finance.

Traditionally, the main use cases for open banking include retail banking services and financial support - giving customers visibility across multiple banks and control over how and where their finances are managed. Yet, these practices are still somewhat limited by traditional bank/customer relationships.

Open finance is a natural evolution of open banking - as personalized services now veer into novel realms like automated financial planning and instant loans/credit checks. Open finance allows financial service providers to extend their reach with both new and existing customer bases. It uses banking data to drive personalized offerings in mortgages, credit, loans, wealth management, and more. In essence, open finance is a way for banking players to tap into new customers in other domains.

Open finance is the latest evolution of open banking - a realm where financial service providers act as intermediaries for just about every monetary decision a customer might make - from grocery shopping to travel. OpenX is a way to repeat the open banking process beyond the financial services vertical through business model innovations like embedded finance and banking-as-a-service (BaaS).

Small and medium enterprises (SMEs) account for the largest group of open banking users to date. Open banking presents game-changing opportunities for fintech and techfin entrepreneurs. As current research explains, "the majority of … [open banking] products are still fairly generic in nature. And we see a huge opportunity gap to create more API-enabled fintech to address specific customer segment needs.” TPPs and neobanks are stepping in to fill in these critical gaps.

Third Party Providers (TTPs)

TPPs collaborate with banks to deliver personalized, efficient, and secure financial services. Standout TPPs in the open banking space include Stripe, Plaid, and Tink.  While many TPPs in open banking focus on payment solutions, they take on unique aspects in different regions and markets. Moreover, organizations like Stripe, Plaid, and Tink also veer into open finance and openX.

Neobanks

Neobanks are disrupting the traditional financial services industry by offering digital-first, customer-centric services. They leverage APIs to deliver innovative financial products and increase market competition. Notable neobanks include Nubank, Revolut, and SoFi.

While certain neobanks like UK-based Revolut focus on traditional banking practices, others like SoFi deal with specific verticals like lending and student loans. Initial segmentation aside, many of these neobanks are migrating towards open finance and openX models - with offerings ranging anywhere from retail shopping to car insurance.

The principles and practices of open technology and customer-owned data used in open banking — allowing a user to authorize access directly with a bank before giving a developer access — extend well beyond the financial space and into other industries such as healthcare, utilities, transportation, and others. These trends indicate that we are moving toward a more secure, sustainable, and innovative future based on an API-driven economy.

Yet, for open banking to reach its potential, compliance with industry standards and regulations is imperative. Solutions that focus on API security, secure API endpoints, and strong customer authentication for onboarding, consent, and access authorization will help ensure safe data transfer.

To safeguard customer data and support the ongoing growth of open banking, industry leaders are regularly updating practices and standards. One key development is the upcoming release of the OpenID Foundation's FAPI 2.0 standards. According to the foundation, FAPI 2.0 offers enhanced interoperability and is more user-friendly while maintaining strong security measures. The new standard aims to ensure compatibility across compliant implementations by eliminating optional and alternative features, and streamlining the process for greater consistency and ease of use in open banking.

Ensuring the highest security standards across FAPIs is a top priority for the banking industry, regulators, and, especially, the individuals who own the data being shared.

When a customer accesses their banking app and gives an online budget app permission to help them track their spending or a payment app to easily transfer money, there's a complex set of events happening on the backend to secure the transfer of that data.

One of the most important ways to ensure that only authorized parties can access customers' financial data securely and seamlessly is to use a comprehensive and compliant identity and access management (IAM) solution. Important use cases for IAM solutions in open banking include:

• Strong customer authentication (SCA) / step-up authentication
• Customer consent to TPP data sharing / API access via policy-based access control
• Threat detection
• Fraud prevention
• Revocation of TPP apps

By addressing security, compliance, and UX concerns, IAM solutions can help unlock the immense potential of open banking. A significant value driver of open banking is the benefit of TPPs' innovative services, but this is also one of the greatest risks. Bad actors may see third-party providers as an easier target to attack than a large bank, and, if they gain access, they'll have access to individuals' transactions and account data. One way to mitigate this risk is to use an enterprise-grade IAM provider with a deep network of trusted partners - such as Ping Identity. In fact, our Business to Business (B2B) IAM Solutions are designed specifically to securely manage and streamline access to TPP apps and services.

Unlock the Power of Digital Identity in Open Banking

Open banking allows TTPs to securely access financial data from banking systems via APIs to deliver hyper-personalization and value to customers, while enabling digital innovation and cross-industry partnership working. Open banking gives customers unparalleled control over their financial data, it also heightens the need for strong identity security.

Ping provides identity solutions for 9 of the 9 top U.S. retail banks and 7 of the 9 CMA9 U.K. retail banks. By partnering with Ping and harnessing the power of open banking, organizations can leverage FAPIs, customer consent, and modern IAM solutions to:

• Secure the financial services ecosystem
• Meet digital transformation initiatives
• Provide diverse, personalized offerings
• Drive value-added revenue
• Stay ahead of the competition

Today’s digital-first banking customers expect smooth and personalized online experiences. However, financial service providers can’t afford to sacrifice security in the name of convenience.

With over half of the Fortune 100 as customers, Ping has the solutions needed for enterprise organizations to deliver seamless, secure, and scalable user experiences. By implementing our IAM solutions, you can take advantage of new business opportunities with open banking, without sacrificing security along the way.