Open finance refers to the sharing of personal and non-personal customer data held by financial sector intermediaries and other data holders with third-party providers for the purpose of providing a wide range of financial and information services. It is an extension to a broader range of data (credit, savings, investment, insurance, pensions) of the Open Banking concept which focuses on payments and the sharing of bank account data.

The combination and aggregation of multiple sources of data allowed by open finance allows market participants to develop new financial products and services, enhance customer experience and customer service, increase efficiency in service provision and target new customer needs and segments to the benefit of consumers and the overall financial ecosystem.

In the EU, open finance concepts were first implemented in the payments area and for bank accounts with the Payments Service Directive (PSD2) framework, currently under review. PSD2 requires that payment service providers (mainly banks) open up their payment account data to authorised and regulated third parties with the objective of enhancing competition in the payments market and creating incentives for further digitalisation.

Open finance, which aims to broaden this approach to almost all financial services can potentially bring value to customers in many other areas of finance such as financial advice, pension preparation, mortgage and credit, insurance…

A number of conditions however need to be considered for the successful implementation of open finance notably in terms of data ownership and consumer protection; fair access to data and level playing field among market participants; data and API standardisation; and responsibilities and liabilities along the data value chain. These issues are due to be addressed in an open finance framework that the Commission aims to propose in 2023 in order to support the development of sound open finance applications in the EU. This framework will build on the data sharing requirements of GDPR and the EU data strategy framework (EU Data Act, Data Governance Act) and also take into account the lessons learned from the PSD2 and its on-going revision.