Glossary

Open Finance

Open finance extends open banking beyond payments to include investments, insurance, pensions, and lending via standardized APIs.

Key Takeaways

  • Open finance extends open banking beyond payment accounts to cover investments, insurance, pensions, mortgages, and crypto-assets: all financial data becomes portable and API-accessible with consumer consent.
  • Regulatory frameworks are advancing globally: the EU's Financial Data Access (FiDA) regulation, Brazil's full open finance rollout with 70 million users, and Australia's Consumer Data Right expansion to non-bank lenders all demonstrate the shift from open banking to open finance.
  • Open finance and DeFi are converging: regulated APIs bring interoperability to traditional financial services, while blockchain protocols like stablecoins and tokenized assets bridge the gap between permissioned and permissionless systems.

What Is Open Finance?

Open finance is the practice of enabling consumers and businesses to share their financial data across institutions and third-party providers through standardized APIs, with explicit consent. While open banking focuses narrowly on payment accounts and transaction data (the scope defined by the EU's Payment Services Directive), open finance expands this principle to every financial product a consumer holds: savings accounts, investment portfolios, pension funds, insurance policies, mortgages, and even crypto-asset accounts.

The core idea is data portability. Just as open banking lets a fintech app read your bank transactions to offer budgeting tools, open finance lets a financial advisor pull your pension data, insurance coverage, and investment holdings into a single view. Consumers retain full control over who accesses their data and for what purpose.

The OECD formalized the distinction in its 2023 policy paper "Shifting from Open Banking to Open Finance," emphasizing consumer protection, interoperability, and technology neutrality as guiding principles. By mid-2025, over 40 countries had adopted or proposed open finance frameworks, with the global open finance market valued at approximately $50 billion and projected to reach 1 billion users by 2030.

How It Works

Open finance operates through a consent-driven, API-based data sharing model. The architecture involves three types of participants:

  1. Data holders: banks, insurers, pension funds, investment firms, and other financial institutions that store consumer data
  2. Data recipients: licensed third-party providers (fintechs, advisors, comparison platforms) that access data with consumer consent
  3. Consumers: individuals or businesses who grant and revoke access to their financial data

A typical open finance interaction follows this sequence:

  1. The consumer initiates a request in a third-party app (for example, "import my pension data")
  2. The app redirects to the data holder's authentication screen
  3. The consumer authenticates (often via strong customer authentication) and grants specific data permissions
  4. The data holder issues an access token scoped to the approved data categories
  5. The third-party app calls the data holder's API using this token to retrieve the data
  6. The consent remains active for a defined period (typically 90 days to 12 months) and can be revoked at any time

Technical Standards

Multiple API standards govern open finance data sharing across jurisdictions. All are REST/JSON-based and use OAuth 2.0 with OpenID Connect for authentication:

StandardRegionScope
FDX API (v6.5)US, CanadaBanking, tax, insurance, investments (600+ data elements)
NextGenPSD2 (Berlin Group)EUPayment accounts, expanding under FiDA
UK Open Banking StandardUKRead/Write API v3.1 for CMA9 banks
CDR StandardsAustraliaBanking, expanding to non-bank lending (2026)
Open Finance BrasilBrazilBanking, insurance, pensions, investments, FX

Financial-grade API (FAPI) security profiles provide enhanced protection for financial data exchanges, adding requirements like proof-of-possession tokens and stricter redirect URI validation on top of standard OAuth 2.0.

Example: API Data Request

A simplified open finance API call to retrieve investment account data looks like this:

GET /open-finance/v1/investments/accounts
Host: api.bank-example.com
Authorization: Bearer <access_token>
x-fapi-interaction-id: 93bac548-d2de-4546-b106-880a5018460d
Accept: application/json

// Response
{
  "data": [
    {
      "accountId": "inv-12345",
      "type": "STOCKS_FUND",
      "currency": "USD",
      "balance": {
        "amount": "15420.50",
        "currency": "USD"
      },
      "lastUpdated": "2026-07-08T10:30:00Z"
    }
  ]
}

Global Regulatory Landscape

EU: Financial Data Access (FiDA)

The European Commission proposed the FiDA regulation in June 2023, creating a comprehensive open finance framework for the EU. The Council of the EU reached agreement in December 2024, and formal adoption is expected in mid-2026 with phased implementation from 2027 to 2030.

FiDA extends data sharing beyond PSD2's payment accounts to cover mortgages, loans, savings, investments, insurance-based investment products, crypto-assets, and pension rights. The regulation explicitly includes crypto-assets in its scope, meaning that under the MiCA regulation combined with FiDA, crypto-asset account data will be subject to the same consent-based sharing rules as traditional financial data.

Brazil: The Global Leader

Brazil operates the most advanced open finance implementation globally. The Central Bank of Brazil mandated participation for all licensed financial institutions across four phases completed between February 2021 and April 2024. The system now covers banking, insurance, pensions, investments, and foreign exchange.

As of 2024, Brazil's open finance ecosystem includes over 800 participating institutions, 70 million users, and 102 billion API calls annually. Active consents reached 61.9 million (up 45% year-over-year), while payment initiation volumes grew 194%.

Other Jurisdictions

Australia's Consumer Data Right is expanding beyond banking to non-bank lenders in July 2026, including buy-now-pay-later products. The UK's FCA published its open finance roadmap in April 2026, targeting SME lending and mortgages as initial sectors with launch expected between 2028 and 2030. India's Account Aggregator framework, built on its Data Empowerment and Protection Architecture (DEPA), has reached over 140 million consents across 100 million linked accounts.

Open Finance and Crypto Convergence

Open finance and decentralized finance (DeFi) represent two approaches to the same goal: making financial services interoperable and composable. DeFi achieves this through permissionless smart contracts on public blockchains. Open finance achieves it through regulated APIs with consent-based access controls. The two are increasingly converging.

  • Stablecoin rails: stablecoins combined with open banking payment initiation APIs create end-to-end cross-border corridors where funds move from bank account to stablecoin, transfer on blockchain rails, then convert to local currency at the destination. This combination can dramatically reduce cross-border payment costs and settlement times.
  • Tokenized assets: real-world asset (RWA) tokenization bridges traditional financial products into on-chain environments. By 2026, non-stablecoin RWA tokens surpassed $25 billion, with major institutions launching tokenized Treasury and money market products on public blockchains.
  • Verified lending: DeFi lending protocols can use open finance APIs to verify borrower income and assets held at traditional institutions, then execute loans on-chain. This bridges the gap between overcollateralized DeFi lending and traditional credit assessment.
  • Fiat on/off ramps: crypto platforms use open banking account-to-account payments for fiat on-ramps, replacing card-based purchases with direct bank-to-exchange transfers at lower cost.

The EU's approach is notable because FiDA explicitly includes crypto-assets in its data-sharing scope. This means a consumer's crypto holdings at a regulated exchange would be accessible through the same API framework as their bank account or pension fund, creating a unified view across traditional and digital assets.

Why It Matters

Open finance shifts the financial system from institution-centric to consumer-centric. Instead of data being siloed at each bank, insurer, or pension provider, consumers can aggregate and port their financial lives to whichever service offers the best product.

For embedded finance providers and fintech builders, open finance unlocks new product categories: holistic financial planning that spans bank accounts, investments, and crypto holdings; automated credit decisions based on complete financial profiles; and insurance products priced against real-time portfolio data. Platforms that combine open finance APIs with blockchain-based payment rails can offer services that neither traditional banking nor standalone crypto can deliver alone.

For a deeper analysis of how open banking is evolving across jurisdictions, see the research article on the global state of open banking.

Risks and Considerations

Data Privacy and Security

Expanding API access to all financial data increases the attack surface for data breaches. Open finance requires robust security standards (FAPI profiles, mutual TLS, encrypted data in transit and at rest) and clear liability frameworks when breaches occur. Consent fatigue is also a concern: as more services request access, consumers may grant permissions without fully understanding what they are sharing.

Fragmented Standards

Each jurisdiction has developed its own API standards, making cross-border open finance difficult. A fintech operating in the EU, UK, and Brazil must integrate with three different API specifications. While FDX and the Berlin Group are working toward convergence, true global interoperability remains years away.

Implementation Costs

Data holders (banks, insurers, pension funds) bear significant implementation costs to build and maintain compliant APIs. Smaller institutions may struggle with these requirements, potentially concentrating the market among larger players who can absorb the investment. The question of who pays for API access: data holders, data recipients, or consumers: remains contentious in several jurisdictions.

Regulatory Uncertainty

In the US, the CFPB's Section 1033 open banking rule was finalized in October 2024 but subsequently enjoined by a federal court, with a rulemaking reconsideration opened in August 2025. This uncertainty affects the broader trajectory toward open finance in the world's largest financial market. Builders should monitor regulatory developments closely, particularly where stablecoin legislation and open finance rules intersect.

This glossary entry is for informational purposes only and does not constitute financial or investment advice. Always do your own research before using any protocol or technology.