Open Banking
What Is Open Banking?
Open banking is a regulatory and technical framework in which banks and other financial institutions share customer account data with licensed third-party providers through standardized application programming interfaces (APIs), subject to the customer's explicit consent. The framework enables software developers and fintech companies to build financial services products, including payment initiation, budgeting tools, and credit assessment services, using data that was previously siloed within individual banks. Open banking sits at the intersection of financial regulation, software architecture, and consumer data rights.
The practice draws on earlier internet-era trends in data portability but became a formal regulatory requirement with the adoption of the European Union's revised Payment Services Directive, known as PSD2, in 2018. PSD2 mandated that EU-regulated banks provide secure, standardized API access to authorized third parties, establishing an account information service category for data access and a payment initiation service category for transaction execution. Similar frameworks followed in the United Kingdom, Australia, Brazil, and other jurisdictions, though the specific rules governing consent, liability, and API standards vary considerably across regulatory regimes.
APIs and Technical Architecture
The central technical mechanism of open banking is the API, which exposes defined read and write operations on a bank's customer account data to external systems without requiring the external system to directly access the bank's internal infrastructure. API specifications define authentication protocols, data formats, error handling, and rate limits. The Berlin Group's NextGenPSD2 framework and the UK Open Banking Implementation Entity's standards represent two of the most influential API specifications in deployed open banking systems.
Authentication under open banking APIs typically follows the OAuth 2.0 authorization framework, in which customers grant scoped access to their data without sharing passwords with third-party applications. PSD2 additionally mandates Strong Customer Authentication, requiring at least two independent factors from the categories of knowledge (password), possession (mobile device), and inherence (biometric). The Basel Committee on Banking Supervision's report on open banking and API use examined how these architectural choices affect cybersecurity exposure, noting that the expanded network of API connections increases the attack surface that banks and supervisors must monitor.
Regulatory Frameworks
Open banking regulation takes two broad forms: mandated models, in which legislation requires banks to open their APIs, and market-led models, in which banks voluntarily share data under commercial agreements. PSD2 represents the mandated approach, as does Australia's Consumer Data Right. The United Kingdom created a dedicated open banking standard following a 2016 Competition and Markets Authority investigation into retail banking competition, leading to a phased rollout of standardized API access across the nine largest retail banks.
In the United States, the Consumer Financial Protection Bureau's Personal Financial Data Rights rule under Section 1033 of the Dodd-Frank Act established the right of consumers to direct their financial data to authorized third parties. The rule introduced requirements for API-based data sharing by banks, credit card issuers, and other covered institutions. The regulatory evolution in each jurisdiction reflects differences in whether open banking is framed primarily as a competition policy tool or as a consumer data rights instrument.
Applications
Open banking has applications in a range of fields, including:
- Personal financial management, aggregating accounts from multiple institutions into a single dashboard
- Credit decisioning, using transaction history as an alternative to traditional credit scores
- Payment initiation, enabling direct bank-to-bank payments without card network intermediaries
- Investment services, providing portfolio management tools with real-time account data
- Small business finance, automating bookkeeping and cash flow forecasting through accounting software integrations
- Financial inclusion, enabling credit assessment for consumers without formal credit histories