Building Open Finance: From Policy to Infrastructure

As finance becomes increasingly dependent on data, a number of jurisdictions are exploring ways to maximize the value of data for innovation, competitiveness, and growth. Over the past decade, the implementation of Open Banking and Open Finance is emerging as an important strategy to transfer finance by breaking down data silos, empowering consumers through control of their data, and promoting competition with the involvement of new players in the markets, such as FinTechs, BigTechs, and TechFins. Basically, Open Banking initiatives require the consent of customers to share their financial data between banks and third parties, while Open Finance covers other financial service providers in addition to banks. The building of Open Banking and Open Finance in many major jurisdictions, including the EU, the UK, Australia, Brazil, the UAE, Singapore, Hong Kong, India, China, and the US, is beginning to have a significant impact on financial services. Based on a comparative analysis of Open Finance governance frameworks in these jurisdictions, this paper critically examines the complex interplay of financial and data regulation and provides insights into how Open Finance is transitioning from policy to infrastructure.

Different jurisdictions are pursing varied governance frameworks for Open Finance, with mandatory requirements, collaborative arrangements, and voluntary initiatives so far the main implementation approaches. Under the mandatory framework adopted by the EU, the UK, and Australia, a series of regulatory rules have been introduced, requiring financial institutions to share customer data with authorized third parties through application programming interfaces (APIs) and setting relevant standards for user digital identity. Brazil and the UAE are combining a mandatory regime with enabling data infrastructure. By comparison, Singapore and Hong Kong have actively provided regulatory guidance on how to make financial data available through APIs, supplemented by the development of data sharing infrastructure, but without legislative mandates. China has not yet established a governance framework for Open Finance. Rather, the government attaches greater importance to data as a factor of production and seeks to implement broader data strategies that include elements of Open Finance, such as the plan to build a national data infrastructure. Likewise, India is developing a framework focused on data aggregation, which creates a level playing field for new entrants to financial markets, as a key component of its Digital Public Infrastructure strategy. In the US, Open Finance began as an industry-led voluntary initiative and has recently evolved into mandatory rules requiring covered entities (such as banks) to make financial data available to consumers and authorized third parties. This will accelerate the US’s shift towards mandatory Open Finance regulation. The table below presents a comparative analysis of the main framework designs for Open Finance governance across different jurisdictions.

Open Finance seeks to create an ecosystem of financial institutions, third-party service providers, consumers, and regulators to facilitate effective use of data and promote innovation and competition in the financial sector. There is no single approach to implementing and governing Open Finance across jurisdictions. In the context of Open Finance governance, the interaction between financial regulations, data protection laws, and technical standards is becoming increasingly complex. As these laws and regulations aimed at achieving different objectives such as financial innovation, data security, and customer protection are not always harmonious, and thus bring new challenges when building Open Finance governance. First, given that rules governing data sharing between financial institutions and third parties are implemented by multiple authorities, there is an issue of regulatory fragmentation both within and across jurisdictions. Open Finance interacts with general data regulation but is evolving separately, and thus the complexity of the trade-offs between financial and data policy objectives is emerging. In addition to financial regulation and data governance, market infrastructure, including a high degree of technical standardization and a viable data sharing architecture, plays a central role in building Open Finance. However, there is currently significant fragmentation in the infrastructure for sharing customer data among different participants in the Open Finance ecosystem. In some jurisdictions, the lack of common technical standards and the economic cost for smaller market players to develop APIs pose serious challenges to Open Finance governance.

Second, many jurisdictions have strengthened the implementation of data localization rules to address legitimate issues about privacy protection and cybersecurity, or to ensure data access for law enforcement and regulatory oversight, as well as more recently as a result of national security or human rights concerns. They require that certain data deemed sensitive, important, or related to national security be stored on local servers, or restrict the cross-border transfer of data. However, the free flow and sharing of customer data is fundamental to the adoption of Open Finance, especially in the context of growing cross-border financial activities. As such, the general trend towards data localization presents a complex problem for Open Finance governance. Last but not the least, the lack of reciprocity in data sharing frameworks can lead to an asymmetry among Open Finance participants. Open Finance aims to foster competition between incumbents and new entrants in financial services by increasing access to and sharing of customer data. Despite this original intention to create a level playing field, the asymmetry of data and data sharing mechanisms is likely to exacerbate the problem of market concentration in the hands of a few large players, thus adversely affecting how competition evolves in the Open Finance ecosystem.

Based on a comparative analysis of regulatory experience in many major jurisdictions, this paper highlights several ways to address the complex interplay of financial regulations, data protection laws, and technical standards and other infrastructure to successfully build Open Finance. The multi-disciplinary nature of Open Finance services requires coordination between regulators and industry to ensure policy coherence and technical interoperability. A combination of broad data governance strategies with specific regulations for Open Finance will be more effective. Where financial and data regulatory regimes intersect, it is worth considering establishing a forum and/or providing general guidance to collaborate on cross-cutting issues of Open Finance governance and improve consistency in regulatory action. In addition, the development of supporting infrastructure, such as a minimum level of API standardization and a trust framework, will be necessary to link separate data ecosystems across jurisdictions and participants. The next phase of Open Finance will extend beyond banking and financial services to integrate other industries, in most cases focusing initially on regulated sectors such as energy, telecommunications, transport and health, into a comprehensive Open Data regime. It is critical to move Open Finance from policy to infrastructure, including digital identity, consent management, and other mechanisms to enable data sharing, with data as a new level of digital public infrastructure to support innovation and broader sustainable development.

Douglas W. Arner is the Kerry Holdings Professor in Law at the University of Hong Kong.

Christine Menglu Wang is a Post-doctoral Fellow in the Department of Law at University of Hong Kong.

Ross P. Buckley is the Scientia Professor at University of New South Wales.

Dirk A. Zetzsche is Professor in Financial Law, ADA Chair in Financial Law at University of Luxembourg.

The full paper is available here.