Last year, Russia took a significant step towards the introduction of open banking: five major market players at once — Sber, T-Bank, Alfa-Bank, Gazprombank and VTB — launched pilot projects.

If this story is only gaining momentum here, then in other countries Open Banking has been developing for several years. Moreover, some states are already talking about a new stage — the transition to open finance, when data exchange goes far beyond the banking sector.

In this article, we’ll figure out where the interest in open banking came from. How are ecosystems formed in Brazil, the EU, India and China? What is already happening in Russia — from the first pilots of the largest banks to the Central Bank’s plans to extend the concept to non-financial industries.

s

What is Open Banking and what does Open API and Open Data have to do with it?

To avoid any further confusion, first you need to understand what Open Banking (or Open Banking) is and how it relates to the Open API.

API is a set of rules or instructions by which different programs can exchange information with each other.

The Open API is an API that is widely available. Any developer can use it to create their own applications.

Open Data is the principle of openness of data that can be accessed by external developers.

It is thanks to the Open API and Open Data that “open banking” has become possible — a new way of organizing the financial market, where the client’s data belongs not so much to the bank as to the client himself.

If the traditional banking system is considered “closed” — that is, other banks or third—party services cannot access your account at one bank – then Open Banking breaks this model. For all of this to work, we need a single technical language. They became the Open API — open application programming interfaces.

 

s

Asia: the Laboratory of Digital Ecosystems

In Asia, Open Banking has become part of large-scale digital platforms. The countries here have chosen different scenarios for the development of open banking, but it is in Asia that the most striking models are.

s

China

China entered Open Banking and Open Finance through BigTech: their history is closely linked to the famous superpowers. In the mid-2010s, WeChat Pay (Tencent) and Alipay (Ant Group) turned into an everyday tool for millions of citizens: in these superapplications, it was already possible to pay for taxis, buy insurance, invest, and even take out loans. In fact, they were the first “open platforms” that banks and fintechs connected to in order to access a huge user base.

Since 2018, the People’s Bank of China (PBOC) has begun to introduce rules obliging the largest fintech companies (Tencent, Ant Group) to share transactional data with it. This is how the process of institutionalizing open finance began: the regulator gradually took control of the information that had previously been at the disposal of private companies.

As for the user agreement, in China it is rather formal: data can be transferred under pre-signed user agreements, and the state has priority access. In fact, we are not talking about the classic Open Banking, but about the broader Open Finance+ model. Open Data, where the main operator is the regulator.

In 2021-2023, the PBOC issued a number of regulations regarding data transmission security standards. The logical continuation of this policy was the digital yuan (e-CNY), which the People’s Bank of China launched in 2020. It is a government-owned digital currency embedded in the ecosystems of banks and fintech applications.

s

Singapore

Singapore has become one of the most advanced players in the field of Open Banking in Asia. The Monetary Authority (MAS) supported the idea of open banking APIs much earlier than many: in November 2016, together with the Association of Banks of Singapore (ABS), Finance-as-a-Service: API Playbook was published, a detailed guide to creating, structuring and protecting API infrastructure for financial institutions. It describes more than 400 recommended APIs and approximately 5,600 processes for their implementation, including product, payment, marketing, and service categories.

Further, at the end of 2017, API Exchange (APIX) was launched, the world’s first open architecture platform for cross-platform work of banks and fintech companies. And in December 2020, MAS introduced the Singapore Financial Data Exchange (SGFinDex), an infrastructure that combines financial data from banks and government agencies, accessible through the national digital identity SingPass. This allows citizens to securely and centrally share information with financial providers using a single online consent.

In 2021, the Monetary Authority of Singapore published a Technology Risk Management Guide that focuses on API security.

s

India

India’s experience in this regard is unique: Open Banking did not have time to happen, as Open Finance immediately grew in its place. The Indian model is based on India Stack, a large—scale digital platform that includes the e-Sign electronic signature, the Aadhaar and e-KYC identification system, smart government services and the UPI instant payment system. Since 2016, this platform has been acting as a kind of “technological foundation” on which banks and fintechs launch new services.

During the India Stack testing period — in 2016 — the Reserve Bank of India (RBI) publishes the concept of Account Aggregator (AA), which will be operational only by 2021. This is becoming the main starting point for the emergence of “open banking” in the country.

The essence of Account Aggregator is as follows: licensed non-banking companies act as intermediaries between financial institutions and ensure secure data transfer between banks and other digital services. Data is transferred only with the explicit consent of the client, and aggregators themselves cannot store or use it.

Imagine that you have accounts with two banks, a couple of investments in the app, insurance, and a mobile wallet with the operator. Usually, all this information is stored “piece by piece” in different places. If you need a loan, the bank will require you to collect a pile of certificates and statements, which will take several weeks.

AA solves this problem. This is an intermediary who, by your consent, combines the data “into one window” and transmits it to where it is needed.

Today, dozens of banks and fintech companies are already connected through the network of licensed AA. Lending services, investment applications, insurers — all of them can work with customer data without paperwork.

s

EAEU: local pilots

In Russia, Kazakhstan and Kyrgyzstan, Open Banking projects are still in the pilot stage, but common rules and integration within regional unions are already being discussed. Let’s see what has already been implemented.

s

Russia

In Russia, the story began with the publication of advisory standards for the banking sector, but already in 2022, the Central Bank published a Concept for the introduction of Open APIs in the Russian financial market, where it outlined the advantages of open banking, as well as options for implementing this initiative.

In the Russian context, open APIs are software interfaces for secure data exchange with other services published by organizations in accordance with the requirements of the Bank of Russia. They allow the client, upon their consent, to connect convenient digital services directly to their bank account.

Feedback on the Concept was provided by 166 organizations. Based on it, as well as by drawing on international experience, a hybrid approach to implementing Open APIs has been approved.

When will the Bank of Russia’s open API be introduced? According to the Bank of Russia’s plans, the phased introduction of Open Banking should begin in 2026 through the mandatory use of Open APIs by large banks, brokers and insurance companies, and from 2027 by microfinance organizations, depositories, information system operators and financial platforms. Since 2023, the Expert Council on the Implementation of Open APIs has been working at the site of the Fintech Association.

What else do you need to know about the Open API Project?

• Focus on security: the task of the market in the near future is to develop a unified cybersecurity standard in the field of open APIs. It’s not just about banks and fintechs being able to share customer account data and initiate payments with their consent. It is important that uniform rules protect the entire technological ecosystem of participants: from the interfaces themselves to the infrastructure of companies connected to an open API environment.
• Unified standard: another serious task is to create a single operator of the open API environment, which will become not just a technical platform, but a supporting element of the entire ecosystem. It will include the organization of end-to-end customer identification, and the development of standard legal agreements under which banks, fintechs and other players will be able to securely exchange data.

The key requirement for such an operator is absolute neutrality: it should not serve the interests of one group of market participants to the detriment of others. That is why there is already a discussion on the site of the Fintech Association about how to define its functions, responsibilities and boundaries of authority.

In early summer 2024, Sber and T-Bank announced the launch of testing of a joint solution. Customers were able to see information about their accounts in two banks at once through one application.

The Fintech Association and the comparator have shown a different scenario. Using open APIs, it was possible to apply for a mortgage directly on the marketplace’s website.

One of the illustrative cases is the cooperation between VTB Capital Investments and Postbank. A client of Postbank can remotely open a brokerage account with VTB and purchase OFZ-n through the usual digital channels of Postbank.

Vendors of IT solutions and software for the financial sector are beginning to play an important role. Thus, Russia is following the path of a hybrid approach to the introduction of open banking, when IT companies promptly offer solutions to the market. Moreover, developments are emerging both for banks and financial organizations, as well as for small business platforms.

For example, there is already an Open Banking solution based on the API of the Bank of Russia and the platform of the Fintech Association. It is based on the management of consent for access to accounts and payments. This module allows you to automate key processes: creating and managing user consent, obtaining information about accounts and transactions, initiating payments on behalf of the client, as well as analyzing his financial behavior in different banks — only with consent.

 

 

For banks, this means lower costs for user verification procedures and a more accurate risk assessment, and for the market as a whole, increased cross—selling opportunities (from deposits to insurance and investments).

 

 

It is equally important that such solutions find application outside of classical banking. For small businesses and sole proprietors, open API modules integrate with universal platforms that combine accounting, payments, lending, tax reporting, and work with counterparties. And for individuals, technology is becoming part of mobile applications: they analyze user habits and help build personal financial scenarios.

Thus, open banking ceases to be just about banks — it becomes an infrastructure around which new services for businesses and people are built.

s

Kazakhstan

Kazakhstan has approached the topic of open banking systematically and “according to plan”. In 2023, the Development Concept of Open API and Open Banking for 2023-2025 was approved here, which became a roadmap for all market participants.

The technological infrastructure has already been built on the basis of the national platform operator: standards of interaction, requirements for banking services have been defined, and methodological documents have been prepared. In the fall of 2023, the first pilot was launched, which involved Bank RBK, Altyn Bank, Home Credit Bank, Bank CenterCredit, Otbasy Bank and customers of these banks — more than 120 people.

As in Russia, the launch of the national digital currency project, the digital tenge, became a logical continuation of the development of the fintech environment and payment solutions.

Digital tenge is already used in Kazakhstan for VAT refunds, school meals and loans to farmers. In the near future, it will be integrated into the ecosystem of Open Banking, which will pave the way for new fintech services, from wallets to payment applications.

But as market participants themselves note, the project still has some difficulties. So, banks are afraid of losing customers and are in no hurry to disclose data through the API, some fintechs prefer to work independently, and users are still cautious about new services.

Additional challenges include the willingness of IT systems to scale, staff shortages, and high security requirements.

s

Kyrgyzstan

In Kyrgyzstan, the conversation about open banking is just beginning. Already today, banks and fintechs use APIs to integrate services, but this is done in a disjointed, non-standardized way. It is difficult to scale such solutions — there are not enough common standards, uniform rules and consistency between market participants.

In 2024, the National Bank of Kyrgyzstan presented the concept of Open Banking development. The document explicitly states: the goal is not to “open the API” itself, but to create conditions for affordable and high-quality financial services for customers. At the same time, the regulator prioritizes cybersecurity and data protection issues — any information exchange should be as reliable as possible.

However, in practice, so far a lot depends on the caution of the players. Surveys have shown that banks and payment systems focus on developing their own services and do not offer ideas for implementing common Open Banking standards. The mass readiness for reform has not yet been formed, and the introduction of Open banking will be gradual.

s

Europe and the UK: from PSD2 to Open Banking UK

The idea of open banking in Europe grew out of the 2007 PSD payment directive, but the real breakthrough came with PSD2, which came into force in 2019. Banks are required to open the API to third—party players, while maintaining the key principle – the client decides who to entrust their data to. This opened the way for new services, from fast transfers to financial management applications.

The main principle of PSD2 is not only the opening of banking data for third—party players, but also consumer protection. Banks are required to implement two—factor authentication, and access to accounts is allowed only to certified providers, the so-called TPPs (third party providers).

Interesting fact: the first experimental attempt of the Open Banking concept took place in Germany back in 1980, when Deutsche Bundespost (German Federal Post) conducted a pilot project of online banking, allowing users to make transfers via TVs using the code “300 #”.

This was the beginning of the idea of remote banking and self-service for users.

Great Britain has come especially far: There, after the 2008 crisis, the government relied on competition and obliged the largest banks to share data with fintechs. There was even a separate structure, the Open Banking Implementation Entity (OBIE), which oversaw the process and set a clear roadmap.

Today, Europe is moving on: from Open Banking to Open Finance. The new FIDA project, launched in 2023, assumes that customers will be able to control access not only to banking data, but also to information about loans, investments, insurance and retirement savings. The European Commission also announced the transition from PSD2 to PSD3.

s

USA: business as a driver of change

The American path to Open Banking is markedly different from the European and British ones. If the regulator was the driver in London, which literally forced banks to open APIs and created a structure for their implementation, then the situation in the United States is diametrically different. There is still no single law that would regulate open banking, and all technological integrations are developed by market participants themselves.

The only point of support in the legal field is Section 1033 of the Dodd-Frank Act, adopted after the 2008 crisis. It stipulates that financial institutions are required to provide the client with their own data upon request. However, we are talking about direct user access, and not about sharing this information with third parties — fintechs, payment services or aggregators.

The US Treasury Treasury Report (2018) explicitly stated: the European PSD2 model is not applicable in America. The reason is simple: the US financial market is much more fragmented, diverse and saturated with players. There is no single regulator that can “issue commands” and implement universal standards. As a result, the market and technology companies took the initiative.

Today, Open Banking in the USA is more like Open Data, rather than a strictly regulated process. Large banks — JPMorgan Chase, Wells Fargo, Bank of America and others — create their own APIs, but they differ from each other and do not have a single standard. Each bank builds its own ecosystem around these APIs, and fintech and startups have to adjust.

However, it is worth noting that in 2023, the Consumer Financial Protection Bureau (CFPB) began developing rules that should finally turn Section 1033 into a working standard. On the agenda is a single API format, guaranteed access for third parties and protection of customer data. Final regulation is expected by 2025, and many analysts see this as a step towards the formation of the American version of Open Finance.

So far, “fragmentation” does not hinder the growth of the market. Experts estimate that by 2024, more than 100 million Americans have used Open Banking services at least once, from personal financial managers (Plaid, Yodlee) to P2P payment services and credit platforms.

s

Latin America

Brazil, Mexico, and Chile have become experimental sites for Open Banking in recent years, as reforms are moving quickly and setting the tone for the entire region.

s

Mexico

Mexico has become a pioneer of Open Banking in its region: back in 2018, the Fintech Law was adopted, which was one of the first in the world to establish mandatory data exchange through the API. The first steps in 2020 looked rather modest: banks were required to share only the most basic information, such as where ATMs are located and what products they offer. By 2021-2022, Citibanamex has launched its own API Hub, which has attracted interest from dozens of companies.

By 2024, a stable ecosystem has formed in the country: the largest banks (BBVA, Santander, Banorte) provide APIs for fintech, and the National Banking Commission is preparing an expanded package of rules, including data on transactions and loans.

s

Brazil

Back in 2019, the country’s central bank presented a step-by-step plan of four phases, and by 2021, the system was operational. By 2022, the framework of “open banking” has become tight.: The country was the first in the region to switch to the Open Finance model, where investments, insurance and pension products are connected along with bank accounts.

In 2024-2025, Brazil has only strengthened its leadership. The number of active customer consents is growing, as is the volume of API requests. The key driver of change is the national instant payment system Pix, which is used by more than 150 million people by 2025.

s

Chile

Chile today seriously claims to be a regional “Open Finance laboratory”. In 2023, the Law on Fintech and Open Finance came into force here, and by 2025, the country is actively developing a roadmap for implementing API standards and expanding data exchange beyond classical banking to the field of investment and insurance.

This work is based on a solid foundation: Chile has the highest level of banking accessibility and coverage of services in Latin America (more than 70%), and in the early 2020s passed the Financial Portability Law, which allowed customers to freely change service providers. s

s

The Middle East

UAE

In the UAE, the path to Open Banking began “from below” — with the experiments of banks and fintech, and only then the regulator joined in. Since 2021, the UAE Central Bank (CBUAE)  He approved the first rules for Open Banking: data can only be transferred with the consent of the client, and providers must be certified and comply with cybersecurity standards.

A special feature of the Emirates is its reliance on the free economic zones DIFC and ADGM. They have become platforms for testing digital wallets, API services, and Open finance platforms. Today, dozens of startups use them for loans, investments, and insurance.

In 2025, the UAE Central Bank (CBUAE) approved the Open Finance Regulation, which becomes mandatory for all licensed financial institutions, from banks and insurance companies to fintechs and exchange offices. The new system is based on three key components: the Trust Framework (trust model), a centralized API hub, and a common infrastructure for data exchange and launching operations by client consent. The concepts of open APIs and compliance with data protection are fixed at the legislative level.

s

Saudi Arabia

In Saudi Arabia, the movement towards open banking interfaces began with the publication of the Open Banking Framework in November 2022. The first stage was the integration of AIS access to account information, with the mandatory launch of services by the first quarter of 2023. In January 2023, the Open Banking Lab was opened, a technical sandbox for testing and certifying Open Banking solutions. In mid-2023, Bank Albilad was the first to launch custom Open Banking services. Then, in September 2024, the second version of the Framework was released, covering PIS and confirming new features for secure payments via the API.

s

Result

Each country has its own path to open banking and finance: regulators started the process somewhere, banks and fintechs themselves, and sometimes both forces met in the middle. But the general direction is obvious: the world is moving towards a single digital space, where a person does not need to run for certificates and statements — all his finances are available in one window, with one consent.

This is a global trend, and it’s nice to see that we’re in this race too. Moreover, we have every chance to build a system that takes into account the best practices of different countries and will be convenient for both businesses and ordinary people, as it was, for example, with the SBP.