Advancing Innovation: How Regulators Can Support Open Banking

There needs to be a robust compliance framework to protect the data privacy of consumers while ensuring a convenient user experience.

14 days ago   •   4 min read

By Tun Yong Yap

Open Banking has often been remarked as the long-awaited digitalization push the financial services industry is finally undergoing.

Regulation has been a primary driver of that. Driven by the European Union's Payment Services Directive (PSD2), the concept of Open Banking has started to take root across the globe - from Latin America to right here in Southeast Asia.

Open Banking – and its bigger cousin, Open Finance – refer to the unlocking of customer data and accounts. Previously, such information was closely guarded by companies and not shared with each other, creating a fragmented digital ecosystem.

In an Open Banking world, customers can give consent to third-party providers to access their accounts so the latter can read their data or perform operations on their behalf.

This process takes place through Application Programming Interfaces (APIs), a software link that allows applications to 'speak' to each other.

Open Banking brings a host of benefits for both consumers and businesses within the financial services industry. For the latter, the open exchange of consumer data allows them to reach more users and understand them on a deeper level.

This promotes the creation of personalized services that improve the user experience and increase customer satisfaction, all while accessing a larger customer base.

Open Banking Also lowers the barriers of entry for disruptors to enter the financial services sector by allowing them to easily access consumer data. This drives greater innovation and competition within the industry, with the end-consumer being the greatest benefactor.

Intervention

While the benefits of Open Banking are clear, implementing it is easier said than done. Globally, there has been a wide array of intervention styles adopted by regulators to accelerate the agenda.

Primarily, direct regulatory involvement in the EU and Australia with PSD2 and the Consumer Data Rights (CDR) respectively have seen both ecosystems adopt the fastest Open Banking practices.

In contrast, American regulators adopt a more passive approach, instead preferring to allow the development of Open Banking to be industry-led.

Within Southeast Asia, while the Monetary Authority of Singapore (MAS) has released an Open Banking API playbook encouraging banks to share their APIs with third parties, there has been it has yet to publicly release concrete implementation measures.

In Indonesia, Open Banking is a key priority for the Financial Services Authority (OJK). As part of its 2025 Indonesia Payment System Blueprint, it has released an Open API framework intended to support the rollout of Open Banking practices.
An overview of Open Banking regulatory intervention globally
An overview of Open Banking regulatory intervention globally. (Image Credit: BBCA)

Scope

It is crucial for authorities to clearly define the scope of Open Banking regulations. This could include determining the range of data that is available for sharing. In some countries such as Mexico, only non-confidential information such as product data is shared.

Meanwhile, in Australia, third parties can gain access to confidential data such as transaction accounts and personal loan history.

Also Read: How you can benefit from your financial data

Regulators could choose to adopt a phased approach to data sharing, beginning with less sensitive data such as product information. This allows leeway for the relevant privacy guidelines to be tested by the market before they are implemented on more sensitive and private data.

Ensuring consumers remain in full control of their data should be the top priority for regulators.

There needs to be a clear consent management framework in place for either the data provider or recipient to obtain user consent before data can be accessed.

Besides providing consent, consumers should also have the ability to withdraw consent anytime.

In such cases, data recipients should be required to delete or de-identify the individual’s data. This practice is currently adopted by Australia’s CDR and prioritises the privacy of the consumer.

Besides having a robust consent management framework, it is also important for regulators to standardise the API standards.

Having universal APIs would enable companies to conveniently share data with each other. This would amplify the benefits of Open Banking due to the network effects brought about by a larger volume of data.

Importance

Financial data is highly sensitive. There needs to be a robust compliance framework in place to protect the data privacy of consumers, while ensuring a convenient user experience.

Besides protecting the privacy needs of consumers, it is equally important to have a secured technical infrastructure and no party should have access to confidential data except for the data provider and recipient.

Regulators will play an important role in the rollout of Open Banking. As with implementing change within the financial services industry, there will be challenges.

However, the benefits of Open Banking - and eventually Open Finance - more than justifies the effort required.

Together, let us build a better and more inclusive financial services ecosystem for all, accelerating financial inclusion within Southeast Asia.

Summary

✅ Open Banking regulations vary across countries. Some regulators choose to directly intervene while others adopt a market-led approach.

✅ Ensuring consumers remain in full control of their data should be the top priority for regulators.

✅  The benefits of Open Banking - and eventually Open Finance - more than justifies the regulatory effort required to license it.


Spread the word

Keep reading