Open finance is the extension of the open banking model — where customers can securely share their financial data with authorised third parties — beyond payment accounts to encompass the full range of financial products: savings accounts, mortgages, insurance policies, investment portfolios, pension pots and consumer credit agreements. While open banking in the UK has focused on current accounts and payment initiation under PSD2 (now the PSRs 2017), open finance represents a significantly broader data-sharing ecosystem that has the potential to transform how consumers and businesses manage their financial lives. This article examines the UK regulatory roadmap for open finance and the practical implications for regulated firms.
What Is Open Finance?
Open finance builds on the principle established by open banking: that customers own their financial data and should be able to share it securely with authorised third-party providers (TPPs) to access better products, services and financial management tools. In an open finance ecosystem, a consumer could — with a single consent — allow a financial adviser to access their pension valuations, mortgage balance, savings accounts, investment portfolio and credit commitments, enabling holistic financial planning that is currently fragmented across multiple providers and platforms.
The key difference between open banking and open finance is scope. Open banking, as implemented in the UK through the CMA's Open Banking Implementation Entity (OBIE) and the PSRs 2017, is limited to payment accounts held at the nine largest UK banks (the CMA9). Open finance extends data sharing to all financial products, all providers and potentially all customer segments — including SMEs and corporates as well as retail consumers.
UK Regulatory Framework
The legislative foundation for open finance in the UK is the Data Protection and Digital Information Act 2024 (DPDIA), which grants the Secretary of State powers to establish 'smart data' schemes across sectors — including financial services. The DPDIA provides the mechanism for mandating that financial services firms provide API access to customer data upon authorised request, subject to customer consent.
The FCA's role is to design and supervise the regulatory framework within which open finance operates in financial services. The FCA published its Feedback Statement on open finance (FS21/7) in 2021, outlining its vision, identifying key challenges and setting out principles for implementation. Since then, the FCA has been developing its approach through engagement with industry, consumer groups and technology providers.
Incremental implementation. The FCA has signalled that open finance will not be implemented as a 'big bang' — instead, it will be rolled out incrementally across product categories, starting with those where the case for data sharing is strongest and implementation complexity is manageable. Savings accounts are expected to be the first product category beyond payment accounts.
Regulatory perimeter. Firms accessing customer data under open finance will require appropriate regulatory permissions — likely an extension or evolution of the existing Account Information Service Provider (AISP) regime. The FCA will need to define the regulatory requirements for different types of data access, including authentication standards, consent management, data security and liability frameworks.
Standards and APIs. Technical standards for open finance APIs will need to be developed — building on but extending the Open Banking Standard. Interoperability, data quality and performance standards will be critical for the ecosystem to function effectively.
Implications for Payment Institutions and EMIs
Payment institutions and EMIs are positioned at the intersection of open banking and open finance:
AIS providers. PIs and EMIs that currently provide account information services (AIS) under their PSR 2017 permissions are natural participants in the open finance ecosystem. Their existing infrastructure for accessing and aggregating financial data provides a foundation — but will need to be adapted to handle a much broader range of product types and data formats.
Data holders. EMIs that hold customer funds in e-money accounts may be classified as data holders under open finance, required to provide API access to account data upon customer consent. This would require investment in API infrastructure, consent management systems and ongoing compliance with technical and security standards.
Product innovation. Open finance data creates opportunities for PIs and EMIs to develop enhanced products — holistic financial dashboards, automated savings tools, personalised financial recommendations and integrated financial management platforms.
Competitive dynamics. Open finance levels the playing field between traditional banks and challenger firms by democratising access to customer data. PIs and EMIs with strong technology capabilities and customer-centric propositions are well positioned to benefit — but must invest in the infrastructure to participate.
Implications for Banks
For banks, open finance extends the data-sharing obligations they already face under open banking to a much broader product range:
API expansion. Banks will need to build and maintain APIs across savings, mortgage, investment and potentially pension and insurance products — a significant technology investment beyond the current payment account APIs.
Customer consent management. Managing customer consent across multiple product lines and multiple TPP relationships requires robust consent management infrastructure that goes well beyond current open banking implementations.
Strategic response. Banks can respond defensively (complying minimally) or offensively (using open finance to strengthen customer relationships through aggregation and advisory propositions of their own). The strategic choice will shape investment priorities.
Key Challenges
Consent complexity. Consumer consent for open finance data sharing is more complex than for open banking — consumers may want to share savings data but not mortgage data, or investment data with one TPP and pension data with another. Consent management must be granular, intuitive and easily revocable.
Data standardisation. Financial products are far more heterogeneous than payment accounts. Standardising data formats across savings products, variable-rate mortgages, investment portfolios and defined-contribution pensions is a substantial technical challenge.
Liability framework. Defining liability when things go wrong — data breaches, incorrect data transmission, decisions made on inaccurate data — requires a clear framework that balances consumer protection with proportionate risk allocation.
Consumer trust. Open banking adoption has been slower than anticipated, partly due to consumer concerns about data security. Open finance, which involves more sensitive financial data, will need to build trust through robust security, transparent consent and effective consumer education.
What Firms Should Do Now
- Monitor the FCA's open finance consultations and participate where relevant to your business model.
- Assess your current API infrastructure — is it capable of supporting data sharing beyond payment accounts?
- Review your consent management framework — can it handle granular, product-level consent across multiple TPP relationships?
- Evaluate the commercial opportunities — what products or services could you develop using open finance data?
- If you are a potential data holder, begin planning the technology investment needed to provide compliant API access across product categories.
- Engage with industry working groups developing open finance technical standards.
Regulatory Context and Outlook
Open finance is a strategic priority for the FCA and HM Treasury as part of the UK's broader fintech and smart data agenda. While implementation timelines remain uncertain, the legislative framework is in place and the direction of travel is clear. Firms that begin preparing now — investing in API infrastructure, consent management and data security — will be better positioned to participate in the ecosystem as it emerges. The alternative — waiting for mandated deadlines — risks being caught unprepared and losing competitive ground.
Regulatory Counsel advises payment institutions, EMIs and banks on open finance preparedness, API compliance, AISP regulatory requirements and strategic positioning. Contact us for a free initial consultation.
Frequently Asked Questions
Open banking covers payment account data at major banks. Open finance extends data sharing to all financial products — savings, mortgages, insurance, investments, pensions and credit — across all providers.
The legislative foundation exists through the DPDIA 2024. The FCA is taking an incremental approach, starting with savings accounts. Full implementation across all product categories is expected over several years.
Likely yes — an extension of the AISP regime or new permissions are expected. The FCA is still developing the detailed regulatory framework.
Firms will need API infrastructure supporting multiple product types, granular consent management systems, enhanced data security and compliance monitoring capabilities.