From Open Banking to Open Finance

Towards increasingly open financial services

Open Banking generally refers to the obligation under the Second Payment Services Directive (PSD2) for banks to open access to their customers’ payment accounts to the so-called third party service providers in order to provide a Payment Initiation Service (PIS) or Account Information Service (AIS).  These services require the customer’s consent and take place through Application Programming Interfaces (APIs).  Open Banking services based on customer banking data are only at the beginning of their development, as the European Commission aims to enable even wider use of data in the financial sector and other areas of society.

Open Finance

As distinct from Open Banking, Open Finance refers to the wider use of data in the financial sector. The exact meaning of the term is still evolving, but in most cases Open Finance refers to any non-PSD2 regulated digital financial services that use APIs for data sharing.

Open Finance services could be based for example on customer information from insurance companies, investment firms and other asset managers. Those using the APIs could also potentially be operators that would not be explicitly regulated or supervised unlike in Open Banking where the third party service providers are regulated and supervised entities. In such a case, agreements are likely to play a key role in organising relations between the parties.

Although there is no regulation on Open Finance yet, PSD2 is only the first step in enabling digital financial services through regulation. The Digital Finance Strategy published by the European Commission in autumn 2020 sets ambitious targets for the digitalisation of the financial sector. One of the priorities of the strategy is to create a European single market for financial data to foster data-driven innovation, the so-called Common European Financial Data Space, which will promote the availability and sharing of data in the financial sector. As part of the Digital Finance Strategy, the Commission has announced its intention to adopt an Open Finance regulatory framework by mid-2022.

PSD2 is only the first step in enabling digital financial services through regulation.

European Data Strategy

The European Data Strategy, which goes beyond the Digital Finance Strategy, also aims to promote the free movement of data within the EU. The Commission is pursuing this goal by creating a pan-European single market for data in nine business areas, where data can move freely between countries and sectors. The business areas outlined in the project are Industrial & Manufacturing, Green Deal, Mobility, Health, Finance, Energy, Agriculture, Public Administration and Skills.

Much of the EU’s data-related objectives relate to opening up customer data to third parties in real time. The Commission will facilitate access to customer data and public supervisory reporting data, for example by promoting the use of common regulatory technical standards. This would facilitate more efficient processing of publicly accessible data, for example to support more efficient capital markets and sustainable finance in the EU.

Evolving data protection

From an individual customer’s perspective, Open Finance could mean opening up almost all of the customer’s financial data to third parties. Valuable customer data could include information on the amount and types of credit, savings and investments as well as insurance and pensions. There are many business opportunities in utilising and enriching economic data.

From a regulatory perspective, however, the wider financial data business is not without problems. Financial information is often linked to an individual consumer and is therefore personal data. The possibilities for processing data containing personal data are generally limited. Making personal data from many other industries available to financial actors is in principle easier than making financial data containing personal data available to other industries. Moreover, in some situations, it is easier for a financial sector operator to disclose information to another financial sector operator than to a non-financial sector operator.

To make the most efficient and innovative use of data, data must also move across industry boundaries. Open Finance must, therefore, be promoted from a data protection perspective, taking into account also the other rights and freedoms of consumers.

What can be learned from PSD2?

The business potential of PSD2 has yet to be fully utilised. There are also still questions of the interpretation of the regulation. One of the issues raised is that instead of providing an actual account information service, the customer’s account information is used more for value-added services, where the customer’s account information is actually provided to a third party for enrichment, for example for credit assessment purposes. The relationship between PSD2 and the data protection regulation also requires continuous interpretation, as PSD2 and the General Data Protection Regulation (GDPR) were not aligned at the legislative stage.

Lessons learned from the preparation of PSD2 and Open Banking should be taken into account in Open Finance plans. Effective regulation requires careful preparation and impact assessment, but also that all actors have sufficient time to prepare for regulatory changes. The goal should be to improve the existing foundations of Open Banking. Regulating the wider sharing of data across business lines is one new step towards open financial services – and a data-driven world.


The EU payment services market opened up in 2007 with the adoption of the first Payment Services Directive (PSD1). The internal market expanded with the publication of the Second Payment Services Directive ((EU) 2015/2366 (PSD2)) in 2015. The aim of PSD2 was, on the one hand, to increase competition and promote innovative payment services and, on the other hand, to bring new actors under better regulation and supervision. PSD2 also aimed to facilitate online payments, improve payment security and strengthen consumer rights. The national regulation implementing PSD2 mainly entered into force in Finland on 13 January 2018 and the transitional period ended on 14 September 2019. The European Commission has planned to assess the functioning and effectiveness of PSD2 in 2021, but the assessment is only just beginning.

More by the same author

Ready or Not, Here Comes the AI Act!

D&I’s summary of the changes coming your way The European Parliament has approved the Artificial Intelligence Act on 13 March 2024. The AI Act is a huge step forward in creating a legal framework for AI technology throughout the European Union. It brings about substantial new obligations for both the developers and users of artificial intelligence (or, using the terminology of the Act itself, the providers, importers, deployers, authorised representatives and other parties listed in the Act). However, although the categorisation does cut a few corners, the AI Act can be seen as a type of “product safety” legislation. As such, it leaves a wide range of topics to be dealt with in other EU and/or national laws, or by the parties involved in a specific transaction.

Sustainability – An Integral Part of M&A

The role of sustainability in all business operations is increasing. ESG themes are also an integral part of M&A and increasingly subject to thorough assessment in connection with acquisitions. Sustainability issues also define which target companies are attractive.

Vastuullisuus yrityskaupoissa

Dittmar & Indreniuksen laatima uusi opas “Vastuullisuus yrityskaupoissa” tarjoaa konkreettista ja käytännönläheistä tietoa siitä, millaisia vastuullisuuteen liittyviä asioita yritysten tulisi huomioida yrityskaupan eri vaiheissa. Lisäksi oppaassa käsitellään esimerkiksi hallituksen roolia ja vastuullisuuteen liittyviä verokysymyksiä. Opas on suunnattu erityisesti henkilöille, jotka haluavat saada kokonaiskuvan vastuullisuudesta osana yrityskauppoja.

Latest insights

Draft New Act Governing Offshore Wind Power within the Finnish EEZ Published for Comments

Alert / 28 May 2024
Reading time 2 minutes

Government proposal regarding the implementation of EU’s NIS 2 Directive published

Alert / 24 May 2024
Reading time 2 minutes