From Open Banking to Open Finance

Towards increasingly open financial services

Open Banking generally refers to the obligation under the Second Payment Services Directive (PSD2) for banks to open access to their customers’ payment accounts to the so-called third party service providers in order to provide a Payment Initiation Service (PIS) or Account Information Service (AIS).  These services require the customer’s consent and take place through Application Programming Interfaces (APIs).  Open Banking services based on customer banking data are only at the beginning of their development, as the European Commission aims to enable even wider use of data in the financial sector and other areas of society.

Open Finance

As distinct from Open Banking, Open Finance refers to the wider use of data in the financial sector. The exact meaning of the term is still evolving, but in most cases Open Finance refers to any non-PSD2 regulated digital financial services that use APIs for data sharing.

Open Finance services could be based for example on customer information from insurance companies, investment firms and other asset managers. Those using the APIs could also potentially be operators that would not be explicitly regulated or supervised unlike in Open Banking where the third party service providers are regulated and supervised entities. In such a case, agreements are likely to play a key role in organising relations between the parties.

Although there is no regulation on Open Finance yet, PSD2 is only the first step in enabling digital financial services through regulation. The Digital Finance Strategy published by the European Commission in autumn 2020 sets ambitious targets for the digitalisation of the financial sector. One of the priorities of the strategy is to create a European single market for financial data to foster data-driven innovation, the so-called Common European Financial Data Space, which will promote the availability and sharing of data in the financial sector. As part of the Digital Finance Strategy, the Commission has announced its intention to adopt an Open Finance regulatory framework by mid-2022.

PSD2 is only the first step in enabling digital financial services through regulation.

European Data Strategy

The European Data Strategy, which goes beyond the Digital Finance Strategy, also aims to promote the free movement of data within the EU. The Commission is pursuing this goal by creating a pan-European single market for data in nine business areas, where data can move freely between countries and sectors. The business areas outlined in the project are Industrial & Manufacturing, Green Deal, Mobility, Health, Finance, Energy, Agriculture, Public Administration and Skills.

Much of the EU’s data-related objectives relate to opening up customer data to third parties in real time. The Commission will facilitate access to customer data and public supervisory reporting data, for example by promoting the use of common regulatory technical standards. This would facilitate more efficient processing of publicly accessible data, for example to support more efficient capital markets and sustainable finance in the EU.

Evolving data protection

From an individual customer’s perspective, Open Finance could mean opening up almost all of the customer’s financial data to third parties. Valuable customer data could include information on the amount and types of credit, savings and investments as well as insurance and pensions. There are many business opportunities in utilising and enriching economic data.

From a regulatory perspective, however, the wider financial data business is not without problems. Financial information is often linked to an individual consumer and is therefore personal data. The possibilities for processing data containing personal data are generally limited. Making personal data from many other industries available to financial actors is in principle easier than making financial data containing personal data available to other industries. Moreover, in some situations, it is easier for a financial sector operator to disclose information to another financial sector operator than to a non-financial sector operator.

To make the most efficient and innovative use of data, data must also move across industry boundaries. Open Finance must, therefore, be promoted from a data protection perspective, taking into account also the other rights and freedoms of consumers.

What can be learned from PSD2?

The business potential of PSD2 has yet to be fully utilised. There are also still questions of the interpretation of the regulation. One of the issues raised is that instead of providing an actual account information service, the customer’s account information is used more for value-added services, where the customer’s account information is actually provided to a third party for enrichment, for example for credit assessment purposes. The relationship between PSD2 and the data protection regulation also requires continuous interpretation, as PSD2 and the General Data Protection Regulation (GDPR) were not aligned at the legislative stage.

Lessons learned from the preparation of PSD2 and Open Banking should be taken into account in Open Finance plans. Effective regulation requires careful preparation and impact assessment, but also that all actors have sufficient time to prepare for regulatory changes. The goal should be to improve the existing foundations of Open Banking. Regulating the wider sharing of data across business lines is one new step towards open financial services – and a data-driven world.


The EU payment services market opened up in 2007 with the adoption of the first Payment Services Directive (PSD1). The internal market expanded with the publication of the Second Payment Services Directive ((EU) 2015/2366 (PSD2)) in 2015. The aim of PSD2 was, on the one hand, to increase competition and promote innovative payment services and, on the other hand, to bring new actors under better regulation and supervision. PSD2 also aimed to facilitate online payments, improve payment security and strengthen consumer rights. The national regulation implementing PSD2 mainly entered into force in Finland on 13 January 2018 and the transitional period ended on 14 September 2019. The European Commission has planned to assess the functioning and effectiveness of PSD2 in 2021, but the assessment is only just beginning.

Latest insights

Collaboration with Miltton

News / 15 May 2023

Great Place to Work

News / 27 Apr 2023