The UK Government published its response to the Smart Data digital markets call for evidence this week. Read alongside the Smart Data 2035 strategy published in April, it amounts to the clearest statement yet of where the UK’s data-sharing infrastructure is heading – and what it will need to function safely.
Respondents to the call for evidence consistently identified the same problem: data portability in digital markets doesn’t work well enough, and the reason it doesn’t is structural. Current frameworks don’t guarantee data in real time or in a usable format. Identity verification processes are inconsistent. APIs are unreliable. And crucially – there is no standardised mechanism for authenticating and authorising the third parties that need to access that data on a consumer’s behalf.
That last point is not a minor operational detail. It is the foundational condition for any data-sharing scheme to function at scale. Without a standardised, officially endorsed accreditation mechanism, every participant in the ecosystem is making its own judgement about who to trust, on what basis, and with what level of ongoing oversight. That is not a risk management framework. It is a series of individual bets.
The government’s own data puts it at 17 million users and more than 300 FCA-authorised providers. But behind those regulated providers sit thousands of unregulated third parties – fourth, fifth and nth parties – accessing the ecosystem indirectly, and largely invisible to the financial institutions whose customers’ data is flowing through them. And the regulated providers enabling that access lack the specialist skills, capacity, or infrastructure to assess whether those downstream parties are safe.
The Smart Data 2035 strategy estimates that five use cases alone could deliver £26 billion in social net present value over the next fifteen years. Open finance – the natural extension of open banking into the full breadth of financial services data – is identified as one of the priority sectors, with the FCA’s Open Finance roadmap already in progress.
The ambition is not in question. The infrastructure question is.
Every smart data scheme the government intends to build – in finance, in digital markets, in energy, in property – depends on the same underlying architecture: standardised accreditation of authorised third parties, continuous risk intelligence on how those parties are performing over time, and clear accountability when something goes wrong. The government’s respondents said it plainly: a standardised, officially endorsed mechanism for authentication and authorisation would resolve the accreditation barrier at scale.
That is not a future requirement. It is the present one. Open finance data flows are already happening. Consumers are already sharing financial data with third parties through the pipes that open banking built. The risk of inadequate third-party oversight exists today, in every data-sharing transaction that takes place without standardised accreditation, dynamic risk monitoring, or clear liability allocation behind it.
The Smart Data 2035 strategy sets a target of five or more active schemes by 2030. The question for every financial institution, aggregator, and third-party provider in the UK is not whether this infrastructure is coming. It is whether they are ready for it when it arrives – and whether the risk they are carrying in the meantime is visible to them.
Invela is building the open finance risk management network across three integrated layers: standardised Accreditation; dynamic risk monitoring via the Invela Risk Indicator; and insurance-backed Warranty, which will provide the financial backstop that ensures liability lands in the right place. Invela operates across the US, UK, and Canada.
Open Finance, Covered.
