Request a Demo
,

The Open Finance Risk Gap Most Firms Are Still Ignoring

Payments Services Directive 3 (PSD3) is in motion. The Date (Use & Access) Act (DUAA) has passed. Financial Data Access regulation (FiDA) – for all its controversy – is still somewhere on the European Commission’s desk. The regulatory architecture of open finance is being built in real time. But here’s what the regulatory debate tends to obscure: compliance and risk management are not the same thing.

You can be fully compliant and still be exposed. You can tick every box your regulator requires and still have no clear answer to the question of who bears the liability when something goes wrong in your open finance chain.

What the regulation requires – and what it leaves unanswered

PSD3, FiDA, and the DUAA set out who can participate, under what conditions, and with what rights. What they do not do is manage the risk that operates within those boundaries. Regulation tells you who is allowed in the room. It does not tell you whether the people in the room are safe to share data with.

The picket fence problem

Regulators are, by design, vertical. They own their segment; banking, payments, insurance, pensions. Think of them as the slats in a picket fence: effective within their boundaries, entirely blind to what happens in the gaps between them.

Open finance doesn’t stay in its lane. Data moves horizontally – across segments, across sectors, across borders. A consumer shares banking data with a fintech that uses it alongside income data and insurance data. The data has crossed three regulatory verticals. No single regulator has jurisdiction over the whole journey.

That is not a failure of regulation. It is a structural feature of how open finance works. Cross-segment risk management cannot be solved by regulation alone. It has to be built by the market.

Point-in-time compliance is not enough

Onboarding checks and annual audits tell you what a participant looked like at a fixed moment. A fintech that was fully compliant at accreditation can suffer a cyberattack six months later. In a real-time data ecosystem, ongoing dynamic risk monitoring isn’t a nice-to-have. It’s the minimum viable approach.

Money20/20 Europe

On 3 June at Money20/20 Europe, Louise Beaumont will chair ‘Regulation as the Edge in Open Finance’ on the Horizon Stage, with Agnieszka Scott (Head of Smart Data, UK Government), Michael Salmony (EU regulation expert) and Todd Clyde (CEO, Token). Horizon Stage. 12:15. Come armed with your views.

Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.

Strictly Necessary Cookies

Strictly Necessary Cookie should be enabled at all times so that we can save your preferences for cookie settings.

Powered by  GDPR Cookie Compliance