Open Banking Landscape: A Global Revolution

Key Takeaways

• Strong Momentum: Embrace open banking to accelerate revenue growth
• More Than Just Compliance: Anchor customer benefits at the centre of open banking
• API-First Mindset: Monetise customer data across ecosystem
• Open Banking is Challenging: Get the right partners to streamline implementation

The financial services industry is in the midst of a profound transformation, with open banking emerging as a key catalyst for innovation and enhanced customer experiences. Globally, open banking is experiencing significant growth, with 95 jurisdictions making its benefits available for customers and businesses. This expansion is underpinned by the rise of the Application Programming Interface (API) economy, where APIs act as the secure conduits for sharing financial data with customer consent. This shift marks a move away from less secure methods of data sharing like screen scraping.¹

The development and adoption of standards are crucial for the seamless and secure exchange of data within the open banking ecosystem. Organizations like the OpenID Foundation (OIDF) and the Financial Data Exchange (FDX) provide technical standards for secure and reliable consumer-permissioned data access, aiming to align the industry around common, interoperable APIs. This standardization facilitates easier integration and fosters trust among participants.

An API-first mindset is becoming increasingly prevalent among financial institutions. This approach prioritizes the development and deployment of APIs as the foundational building blocks for new products, services, and internal systems. By adopting an API-first strategy, banks can foster greater agility, enable collaboration, and unlock new revenue streams through the provision of premium APIs.

The United Kingdom has been a pioneer in open banking, with a regulation-led approach mandating standardised practices across the financial services ecosystem since 2018. This has resulted in a track record of successful implementations, fostering competition and innovation by enabling customers to access a broader range of financial products, including those offered by non-bank entities.

Similarly, the European Union's (EU) Second Payment Services Directive (PSD2) has driven open banking adoption across member states, promoting innovation and competition in the payments landscape. Australia's Consumer Data Right (CDR) represents another mature market where regulatory frameworks are facilitating data sharing beyond banking, like the energy sector, demonstrating the potential for open data economies. These mature markets provide valuable lessons for other regions on establishing technical and customer experience standards for secure data sharing.

¹ Screen scraping is a method where third-party applications access a user's account by logging in with their credentials and extracting data from the user interface, which is insecure because it exposes sensitive login information and offers a poor customer experience due to frequent connection failures, lack of transparency, and limited control over shared data.
² Open Banking in Latin America

Emerging Open Banking Markets: Investment and Momentum

Beyond the established markets, emerging economies are increasingly recognizing the transformative potential of open banking and open finance, leading to significant investments and the development of their own frameworks. Latin America is a region with considerable momentum, with countries like Brazil implementing a comprehensive and rapidly evolving open finance framework, driven by its central bank, which has now become the largest open banking system in the world.³ This initiative has seen significant adoption and is expanding beyond payment accounts. Mexico, an early adopter with its Fintech Law in 2018, is also preparing for further implementation, while Colombia is strategically focusing on payment initiation services. A key driver in Latin America is the strong emphasis on financial inclusion, aiming to extend financial services to underserved populations.

Open Banking Market Sizing and Growth

Source: Various.

The United States formally shifted toward a regulatory model for open banking with the Consumer Financial Protection Bureau’s (CFPB) issuance of the Personal Financial Data Rights (PFDR) rule in October 2024, under Section 1033 of the Dodd-Frank Act. The rule requires financial institutions to provide consumer-authorized access to financial data in a secure, digital, and interoperable format, enabling data sharing with authorized third-party providers (“data recipients”).

This establishes both technical and policy foundations for open banking beyond the voluntary FDX framework, which the CFPB formally recognized as a standard-setting body in January 2025. The PFDR introduces a phased compliance schedule starting with large institutions by April 2026. While the CFPB’s authority and future direction have come under increased scrutiny by the current White House administration, the rule remains binding and enforceable under existing law.

³ OPEN BANKING IN BRAZIL: Growing at an accelerated pace

Benefits of Open Banking: Empowering Customers, Banks, & Fintechs

Open banking offers a multitude of benefits for various stakeholders within the financial ecosystem.

For Customers

Open banking empowers consumers with greater control over their financial data, allowing them to securely share it with trusted third parties to access innovative and personalised services. This leads to augmented product and service choices, enabling consumers to access tailored financial solutions that better meet their individual needs. Examples include holistic financial overviews, improved budgeting tools, and personalized lending products. Open banking can also enhance convenience and simplicity by embedding financial services into non-traditional channels.

For Banks

While initially viewed by some as a compliance obligation, open banking presents significant commercial opportunities for financial institutions. By participating in the open API economy, banks can develop new products and services, offer "banking-as-a-service" (BaaS) capabilities, and forge partnerships with fintechs, unlocking new revenue streams. Access to shared customer data from various sources provides banks with a more holistic view of their customers' financial lives, enabling them to offer more relevant and personalized services, strengthening customer relationships. Furthermore, collaboration with fintechs and the adoption of open APIs can drive innovation and improve operational efficiency within traditional banking institutions. Proactive engagement in open banking initiatives can also strengthen a bank's competitive position in an evolving financial landscape.

For Third-Party Providers (TPPs) and Fintechs

Open finance provides TPPs with access to a broader range of financial data beyond payment accounts, with customer consent fuelling innovation and the development of new services. Open finance frameworks lower barriers to entry and foster a more competitive environment in the financial services market, allowing fintechs to offer innovative alternatives to traditional services. This has led to a rise of fintechs in both mature and emerging open banking markets, offering specialized and innovative solutions. TPPs can focus on specific niches and collaborate with banks to deliver tailored, innovative solutions to consumers.

⁴ Juniper Research
⁵ Statista

Importance of Standards: Driving Investment and Interoperability

Standards are a cornerstone of a thriving open banking ecosystem, playing a crucial role in driving investment, ensuring interoperability, and fostering innovation. In mature markets like the UK and Australia, regulatory bodies have mandated technical standards for APIs, which has provided clarity and certainty for both financial institutions and TPPs, encouraging investment in open banking infrastructure and services. For example, the U.K.'s Open Banking Standard has facilitated the development of a vibrant ecosystem of third-party applications. Similarly, in emerging markets, the development and adoption of standards are crucial for fostering trust and facilitating data exchange. The work of organizations like FDX in the U.S. aims to create a common, interoperable API, which can reduce complexity and encourage broader participation. In Colombia, while the initial open banking decree was silent on specific technical standards, the need for these to ensure a level playing field for Payment Initiation Service Providers (PISPs) has now been recognized. The absence of standardized APIs in market-driven environments can hinder the full realization of the potential that both open banking and open finance offer. Therefore, the establishment of clear, consistent, and widely adopted standards is essential for unlocking the full benefits of open banking and driving sustained investment across both mature and emerging markets.

API-First Mindset: Transforming Financial Innovation and Revenue Growth

Adopting an API-first mindset signifies a strategic shift for financial institutions, placing APIs at the core of their technology and business strategies. This approach involves designing and building internal and external-facing APIs before developing the applications that consume them.

An API-first mindset is transforming financial innovation by enabling greater agility and faster time-to-market for new products and services. By exposing core banking functionalities and data through well-documented and secure APIs, banks can facilitate collaboration with both internal business units and external partners, including fintechs. This collaborative environment fosters the creation of novel solutions that address evolving customer needs more effectively. For example, a bank with an API-first approach can quickly integrate with a fintech offering personalised financial management tools or embedded lending services.

Furthermore, an API-first mindset creates significant opportunities to grow revenue. Banks can develop premium APIs that offer enhanced data insights or functionalities to TPPs for a fee. This not only generates direct revenue, but also expands the bank's reach and distribution channels through third-party platforms. By monetizing their products and services through APIs, banks can also tap into new customer segments and markets through BaaS models. Ultimately, an API-first mindset positions banks to be at the center of a dynamic ecosystem, driving innovation and capturing new revenue streams in the open API economy.

Open Banking Challenges: Navigating a Complex Landscape

Despite its considerable potential, the open banking landscape presents several challenges that need to be addressed for successful implementation and widespread adoption.

Security, fraud, and privacy concerns remain paramount in an open banking environment. The sharing of sensitive financial data necessitates robust security measures to protect against unauthorized access and cyber threats. Clear consent management mechanisms are essential to ensure customers have control over their data and privacy regulations are adhered to. Addressing these challenges effectively is critical for building customer trust and fostering open banking’s sustainable growth.

Solution Scoping: Defining Key Open Banking Solution Requirements

A primary requirement for any solution is its ability to help banks achieve compliance deadlines effectively. The solution requirements are likely to be differentiated by jurisdiction, depending on the prescribed (regulation-driven) or adopted (market-driven) open banking model. However, irrespective of the local nuances, most banks seeking to implement open banking solutions will continue to look for a common set of high-level requirements that enable them to build, test, deploy, and maintain these in an agile and cost-effective manner, while putting them in a strong position to drive revenue from their investments.

Fundamentally, all open banking solutions require support and maintenance to ensure conformance with emerging API standards and open banking specifications. Building open banking solutions internally is difficult and costly, and requires large teams with deep expertise in identity standards like OpenID Connect, OAuth2, JWT security, and FAPI (Financial-Grade API) security profiles. The FDX API standards, used in North America, are expected to evolve rapidly, necessitating ongoing maintenance. Effective solutions should minimize custom build-out and ideally function as a "drop-in" alongside existing infrastructure.

Furthermore, all open banking solutions should be built using a scalable and flexible architectural approach. Open banking ecosystems involve more than just APIs; they require sophisticated components for security, authentication, consent management, and trusted third-party verification. While a bank's existing customer identity and access management (CIAM) system is an important component of the solution, a flexible approach to how this is integrated is critical. A comprehensive solution might need elements like a trusted directory for participant credential management, which some providers are looking to incorporate.

All open banking solutions should also allow banks to focus on domain-specific API development. The underlying technical complexities, such as adherence to FAPI security profiles and managing consent flows, should be handled by the solution, enabling banks to concentrate on building APIs that deliver value for specific use cases. High-quality, reliable APIs are critical for secure data access and interoperability.

Finally, all open banking solutions should achieve FAPI conformance with the latest FAPI standards, including FAPI 1.0, Part 2 Advanced, and FAPI 2.0 specifications. FAPI provides the necessary security profiles for sensitive financial data sharing. Experience with implementing similar frameworks in other markets like the U.K., which pioneered open banking regulations and API standards, is valuable evidence of a solution's capability and conformance to standards. IAM is vital in enabling secure, transparent interactions and is key to FAPI compliance, strong customer authentication, and consent management.

Ping Identity Experience in Open Banking

Ping Identity possesses a significant heritage in the realm of open banking, cultivated through early and deep engagement in pioneering markets. This includes providing the reference implementation for the U.K.'s Open Banking Implementation Entity (OBIE). Based on this foundational work, Ping Identity productized the reference implementation and has been operating the U.K. Open Banking Test Facility as a SaaS service for U.K. financial institutions since 2018.

This direct involvement in one of the most mature and regulated open banking ecosystems has provided invaluable practical experience in building compliant systems from the outset. The company approach has evolved from this practice and customer feedback, focusing on IAM solutions specifically tailored for APIs and the evolving FAPI standards, applicable to all global open banking ecosystems.

The foundation of this heritage lies in its active participation in shaping the underlying technical standards that govern secure financial data sharing. Ping Identity has been extensively involved in the development of the FAPI standards, which were adopted from the UK Open Banking security profile by OpenID Connect. Furthermore, Ping Identity has contributed to crucial OAuth2 extensions widely adopted in open banking regulations, including Pushed Authorization Requests (PAR), Mutual TLS, and various JSON Web Token (JWT) profiles for authentication and authorisation. This deep technical expertise ensures that its solutions are built on the most secure and interoperable foundations.

This global experience extends beyond just the U.K. Ping Identity has proven solutions in other mature open banking markets like the EU, Australia, and Latin America. Their expertise in these varied regulatory environments brings valuable insights and established capabilities to emerging markets, including the US and Latin America. Ping Identity has demonstrated capabilities in markets like Colombia, implementing FAPI 2.0 flows with essential security protocols like mTLS as required by local regulation. Serving major banks in regulated markets, including 7 of the CMA9 banks in the UK, and 9 out of 9 largest banks in the U.S., highlights Ping Identity’s proven ability to meet stringent security and compliance demands and strategic positioning as a crucial partner for banks seeking to navigate the opportunities and complexities of open banking globally.

Accelerating Open Banking with Ping Identity

The Ping Identity solution for open banking provides a complete architecture built for deployment in all open banking ecosystems. It is designed as a "drop-in" solution that can be deployed alongside existing CIAM systems. This means banks are not tightly coupled to their existing CIAM provider, offering flexibility regardless of existing IAM infrastructure and estate.

Key components of the solution include PingGateway and PingOne Advanced Identity Cloud. Ping Gateway acts as a Secure API Enforcement Point performing critical functions such as mTLS certificate validation and open banking-specific validations of client credentials and access tokens. It works with a trusted directory for participant credential management, managing the identities of the API Clients.

This allows the gateway to apply necessary IAM/FAPI functionality such as mTLS, message signing, and JWT signature validation via simple filters. PingOne Advanced Identity Cloud provides core platform features, ensuring fast access to new capabilities and preconfiguration for standards required to comply with a FAPI security profile.

A key feature is the ability to allow customers to control and manage their end user’s consent experience. Open banking consents are complex, and often require domain specific information belonging to the authenticated user to be presented as a part of the consent decision. This means that consent is no longer a “yes/no” decision that can be handled by IAM systems. The Ping Identity open banking solution architecture recognizes that, and can work with existing or external consent management systems. This means you can build out all the necessary auditing and regulatory requirements related to the handling of customer consents.

A critical technical requirement is adherence to stringent security profiles. The solution is built upon extensive experience with the FAPI security profiles. Ping Identity has been heavily involved in shaping the underlying standards, including OAuth2 extensions like pushed authorization requests (PAR), mutual TLS, and JWT profiles.

This pedigree, including experience in mature Open Banking markets like the U.K., ensures the solution is proven in the field with existing FAPI conformant implementations. It specifically addresses the need to enforce FAPI compliance for clients using APIs like Dynamic Client Registration, preventing the creation of non-compliant OAuth2 clients.

Ping Identity also enables banks to focus on domain specific API development. The complex security, identity validation, and consent management logic, working in conjunction with the bank's own consent system, is handled by the Ping Identity components, allowing bank development teams to concentrate on building the FDX open banking APIs that share data.

Ultimately, the Ping Identity solution is designed to be supportable and maintainable amidst the likely rapid evolution of standards like the FDX API, and requires minimum invention and development on the bank's side compared to building internally.

Benefits of Moving to the Ping Identity Open Banking Solution

Banks that adopt the Ping Identity solution for their open banking initiatives can derive significant benefits, accelerating ROI, capturing digitally-savvy customers, reducing costs, and strengthening their security posture.

The Way Forward

Open banking represents a transformative force in the financial services industry, driving innovation, creating new revenue streams, and enabling hyper-personalisation of services. While challenges exist in navigating the diverse global landscape, the strategic adoption of an API-first mindset and the implementation of robust security and identity management solutions like Ping Identity are crucial for financial institutions to thrive in this evolving ecosystem. By embracing open banking with a focus on security and customer empowerment, banks can unlock significant opportunities, strengthen their competitive position, and build lasting relationships with new customer segments.

At Ping Identity, we believe in making digital experiences both secure and seamless for all users, without compromise. That’s digital freedom. We let enterprises combine our best-in-class identity solutions with third-party services they already use to remove passwords, prevent fraud, support Zero Trust, or anything in between. This can be accomplished through a simple drag-and-drop canvas. That’s why more than half of the Fortune 100 choose Ping Identity to protect digital interactions from their users while making experiences frictionless. Learn more at www.pingidentity.com.