Neobanks showed that private ingenuity could only rent the moat, not breach it — and that genuine structural change took a change to the rules. Open banking is that change in its purest form. Instead of building a better bank or renting a charter, it forces the incumbent banks to open their own systems: to share, with the customer's consent, the account data and payment access they have always hoarded, so competitors can build on top of them. It is the cleanest example in the whole course of a regulatory innovation — the innovation is a rule, not a product, requiring no fundamental new technology. We examine what it is, the insecure practice it replaced, the global mandates, and the hard question of whether forcing access actually produces competition or just hands the data to a few giants.
Module 04 ended on a precise lesson: neobanks competed brilliantly on the customer experience but mostly rented the incumbent structure rather than changing it, and the one place they became real chartered banks — the UK — was the one place a regulator had deliberately lowered the wall. The conclusion was that genuinely cracking the moat takes more than a better app; it takes a change to the rules. Open banking is the purest version of that idea.
The move is conceptually different from everything so far. The narrow bank and CBDC change what money is. The neobank builds a better front-end on rented rails. Open banking does neither — it reaches into the incumbent banks and compels them to open their own systems. Specifically, it requires a bank to share, when and only when the customer consents, two things it has always treated as its private property: the data in your accounts, and the ability to initiate payments from them. A competitor can then build services on top of your bank without needing a charter, a sponsor, or your bank's permission — because the law requires the bank to provide access.
Notice what kind of innovation this is. There is no clever new device at its heart. The technology it uses — secure software interfaces, called APIs, that let one system request data or actions from another — is utterly ordinary and decades old. What is new is the rule that banks must provide those interfaces to licensed third parties on the customer's instruction. Open banking is a regulatory innovation in the exact sense of Module 01: it changes the rules of the game, not the gadgets. It is the sharpest proof in the track that some of the most powerful answers to banking's problems are legal and regulatory, not technological — exactly why this course is called financial innovation rather than financial technology.
Open banking forces incumbent banks to share customer data and payment access with consented third parties. It attacks the moat not by building a new bank but by changing the rules so competitors can build on top of the old ones. The enabling technology (APIs) is ordinary; the innovation is the mandate. It is the purest regulatory innovation in the course.
Why force banks open at all? Because the data and access trapped inside incumbent banks is the foundation of the moat's grip on the customer. Your bank knows your income, your spending, your balances, your history — and for most of banking's existence it kept that information locked up, usable only by itself. A competitor who could see that data, with your permission, could offer you a better loan, a smarter budgeting tool, a cheaper payment — but the incumbent had no reason to hand it over. Hoarding the data was a quiet but powerful way the incumbents kept customers captive.
Before open banking, the workaround that emerged was genuinely dangerous: screen-scraping. To get at your banking data, a fintech would ask for your bank username and password, log into your bank's website as if it were you, and copy the data off the screen. Millions of people handed their banking credentials to third-party apps this way. The risks were obvious in hindsight — you were sharing full login access, not limited permission; the bank could not tell the app apart from a fraudster; there was no way to grant access to some data and not all of it, and no clean way to revoke it. Screen-scraping was the market improvising around locked data, and it improvised badly.
Open banking replaces that mess with something disciplined. Instead of surrendering your password, you grant a licensed third party specific, consented, revocable access through a secure interface the bank is required to provide. The third party never sees your password; it receives a limited, time-bound permission to read certain data or initiate a certain payment, which you can withdraw. The same function screen-scraping performed crudely and dangerously is done safely and under the customer's control. The contrast is the cleanest way to see what open banking is for: it takes a real need the market was already meeting badly and re-founds it on consent and security through a rule.
Open banking does two distinct things, and most regimes regulate them as two separate licensed roles. Keeping them apart is the key to understanding what the ecosystem can actually do.
The first is data sharing — the ability to see your account information. A licensed provider (in European terminology, an account information service provider, or AISP) can, with your consent, read your transaction history, balances, and account details across all your banks at once. This is what powers the services that aggregate every account you hold into a single view, that assess your real income and spending to offer a fairer loan, or that find you a better deal by actually seeing your finances. The data was always there; open banking lets a competitor see it with your permission.
The second is payment initiation — the ability to move your money. A licensed provider (a payment initiation service provider, or PISP) can, with your consent, instruct a payment directly from your bank account, without going through the card networks. This is the more radical of the two, because it threatens a major revenue stream: if a merchant can have a payment pushed straight from your bank account, it can bypass the card networks and their interchange fees entirely (the same interchange that, recall from Module 04, funds much of neobanking). Payment initiation turns the bank account itself into a payment rail that competitors can use.
The two functions attack the moat from different angles. Data sharing erodes the information advantage that kept customers captive; payment initiation erodes the payment monopoly that earns the incumbents fees. Together they prise open both the data and the rails — the two things the moat kept private — and let a competitor offer banking-like services without being a bank. A budgeting app, a lender, a payment provider can all now build directly on top of the incumbent banks, on the customer's instruction, by law.
Open banking grants two consented powers: reading account data (information services) and initiating payments (payment services). Data sharing erodes the incumbents' information advantage; payment initiation erodes their payment-fee monopoly by letting money move straight from the account, bypassing the card networks. Together they open both the data and the rails the moat kept locked.
Open banking is a regulatory innovation, so its history is a history of mandates — and the regimes differ in who pushed them, how they are built, and how far they reach. The pattern is instructive: the most ambitious versions are again often outside the United States, which moved last and most hesitantly.
| Jurisdiction | Regime | Notable feature |
|---|---|---|
| 🇬🇧 UK | Open Banking (competition mandate) | A competition regulator ordered the nine largest banks to build common open-banking interfaces — a deliberate pro-competition intervention, among the most developed regimes |
| 🇪🇺 EU | PSD2 ("access to account") | The directive that defined the licensed roles (information and payment-initiation providers) and required strong customer authentication across the bloc |
| 🇮🇳 India | Account Aggregator framework | A consent-manager architecture: regulated intermediaries broker consented data flows; part of the broader "India Stack" of public digital infrastructure |
| 🇦🇺 Australia | Consumer Data Right | Began with banking but designed as an economy-wide data-portability right extending beyond finance to energy and beyond |
| 🇧🇷 Brazil | Open Finance | A central-bank-led, phased rollout, broad in scope — part of the same wave that produced the Pix instant-payment system |
| 🇺🇸 US | Market-led, then a federal rule | Long driven by private data aggregators and screen-scraping; a federal personal-financial-data rule was finalized but has faced legal challenge, leaving its status contested |
Two patterns deserve drawing out. First, the architectures genuinely differ — the UK ordered the big banks to build shared interfaces; the EU defined licensed roles and let the market populate them; India inserted regulated "consent managers" as brokers between data holders and users. These are different regulatory designs for the same goal, and which works best is still being learned. Second, the United States moved last: for years it had no mandate at all, relying on private aggregators and the screen-scraping of Section 2, and only recently moved toward a formal rule — which has itself been contested. As with CBDC and challenger banks, the rich incumbent-heavy market was the laggard, not the leader, while ambitious mandates came from the UK, the EU, India, Australia, and Brazil.
It is worth pausing to defend the claim that open banking is an innovation at all, because it looks so unlike the apps and tokens that the word usually conjures. There is no breakthrough technology here — APIs are mundane, and banks could have shared data voluntarily for decades. Nothing was technologically impossible before open banking; it simply did not happen, because the incumbents had no reason to make it happen and every reason not to.
That is exactly what makes it a pure example of the course's central thesis. The binding constraint was never technological — it was the rule, or rather the absence of one. The data was sitting in the banks; the interfaces were trivial to build; the only thing missing was a requirement that they be opened. Supplying that requirement is the innovation. It changed the structure of the industry — turning the incumbents' private data and rails into a shared substrate competitors can build on — without inventing a single new piece of technology. The breakthrough was legal, and it accomplished what no amount of clever software from the outside could: it reached inside the moat and forced it open.
This reframes how to read the whole solution space. A technologist looking at banking's problems sees better apps; a structural reformer sees narrow banks; but the open-banking reformer sees that the real lock is a rule, and the real key is a different rule. Several of the most consequential changes in finance are of exactly this kind — a mandate, a right, a prohibition — and they are invisible to anyone who equates innovation with technology. Open banking is the case that makes the point undeniable: a rule can be a more powerful innovation than any product, because it can change what every product is allowed to do.
Nothing about open banking was technologically impossible before; the missing ingredient was a requirement that banks open up. Supplying that requirement restructured the industry without any new technology. It is the track's clearest proof that a rule can be a more powerful innovation than a product — and that a course equating innovation with technology would miss it entirely.
Now the issues beat. Forcing banks open creates real risks alongside the competition it unlocks, and an honest treatment weighs them. The first cluster concerns the safety of the data and the money once they can flow.
None of these is a reason to reject open banking — recall the warning box: the alternative was screen-scraping, which was worse on every one of these dimensions. But they are reasons it must be carefully governed. The security, consent, and liability framework around open banking is doing essential work, and where it is weak, the openness that creates competition can also create new avenues for fraud and new confusion about who bears a loss. The convenience and the risk, once again, come from the same feature: making the data and rails flow.
The sharpest question about open banking is not security but whether it actually delivers the competition it promises — or quietly does the opposite. The intent is to break the incumbents' grip by letting many small competitors build on the newly-opened data. But there is a serious worry that the main beneficiaries could be not nimble fintechs but the largest technology companies, which would deepen concentration rather than reduce it.
The worry runs like this. To turn open banking data into a compelling service, a firm needs scale, a large existing customer base, and the capacity to process data at volume — advantages the big technology platforms have in abundance and small fintechs do not. When the banks are forced to hand over the data, the firm best positioned to absorb and exploit it may be the one that already has a billion users and a powerful recommendation engine. In that scenario, open banking does not democratize finance; it transfers the incumbent banks' data advantage to an even more powerful set of incumbents — the tech giants — who fold banking into their existing platforms. The moat is opened, but a bigger predator walks through the gate.
The concern is sharpened by a reciprocity problem. Open-banking rules typically compel banks to share their data, but they do not always compel the technology platforms to share theirs. So a regime can end up with a one-way flow: the banks must open up, the tech giants need not, and the data drains from the regulated, data-rich banks toward the unregulated, even-data-richer platforms. Whether open banking increases competition or simply re-concentrates it in fewer, larger hands depends entirely on details — who is required to share, with whom, on what terms, and whether the obligations run both ways. This is the central live debate about open banking, and it has no settled answer.
Open banking earns a distinctive place in the track as its purest regulatory innovation. It attacks the moat directly — not by building a new bank or renting an old one, but by changing the rules so the incumbents must open their data and rails to competitors. It needs no new core technology; the innovation is the mandate. And it accomplishes what private products could not: it reaches inside the moat. For the course's thesis, it is the decisive case — a rule that restructured an industry, invisible to anyone who thinks innovation means technology.
The even-handed verdict holds the genuine promise and the genuine peril together. Open banking can replace dangerous screen-scraping with consented, secure access; can let competitors offer fairer loans and cheaper payments by building on the incumbents' data; and can erode both the information advantage and the payment-fee monopoly that kept customers captive. It can also widen the attack surface, rest on consent few people truly understand, muddy who is liable when value flows through a chain, and — most seriously — re-concentrate power in the hands of technology giants if the rules force banks to share without forcing the platforms to reciprocate. It is, like every innovation in the track, change with trade-offs, and here the trade-offs turn on the fine print of the rule itself.
So far the innovation track has worked the first two root causes hard. The narrow bank and CBDC attacked the fusion of money and credit; the neobank and open banking attacked the moat — trust gated by the state — from the product side and the rules side respectively. The third root cause remains: the delivery model that excludes. The next module turns to the innovation that has done more for financial inclusion than any other, and it did so not with a new rule or a new kind of money but with a new way of delivering banking to people the branch could never reach — mobile money, run by telecoms through networks of ordinary shopkeepers. It is the track's central organizational innovation, and its story is the periphery's greatest contribution to finance.
Six questions on open banking — what it is, the practice it replaced, the two functions, and the competition-versus-concentration debate. The questions test the reasoning rather than recall of any single regime.