
The Cambridge Centre for Alternative Finance (CCAF), the Bank for International Settlements (BIS), and Financial Innovation for Impact (FII) have just published one of the most rigorous cross-country analyses of open finance to date. Enabling Open Finance in Emerging Markets and Developing Economies (EMDE): Incentives, Liability, and Performance Measurement covers nine emerging markets - Brazil, India, Indonesia, Nigeria, Ghana, Egypt, the Philippines, Saudi Arabia, and South Africa - and draws on 33 interviews with regulators, financial institutions, and fintechs across 11 countries (the 11 country interview base includes two additional countries that contributed to the research but are not among the nine core markets studied.)
The authors are explicit that the findings should be read carefully: they describe the results across all three pillars as "best interpreted as illustrative tendencies within the sample rather than multi-country conclusions." The report is not a global benchmark. But its structural diagnosis of why liability frameworks struggle to work in practice raises questions that are directly relevant to more developed open finance markets too.
The report's most important contribution on liability is a distinction that most policy documents avoid. Liability frameworks, it argues, are not the same as liability in practice. In India and Brazil - two of the most advanced open finance markets in the world - industry participants describe liability as being apportioned by functional role, resembling a fault-based model in practice. But the underlying regulatory instruments tell a different story. India operates closer to single-party liability, with non-transferable, domain-specific obligations that default to incumbent banks. Brazil distributes obligations across multiple participants simultaneously.
The gap between the regulation and the market reality is not just a drafting problem. The report's conclusion is that legal architecture may be necessary but not sufficient for effective accountability. To operationalise policy ambitions around liability, you also need accreditation standards, audit infrastructure, dispute resolution capacity, technical guardrails, and cross-regulatory coordination. Where those are absent, the liability framework - however well-designed on paper - cannot function as intended.
This is an important framing. It is not a case against regulation; it is a case for building the infrastructure alongside the rules, so that regulatory intent can be put into practice.
The most structurally important finding concerns multi-party accountability. In conventional financial services, long chains of actors are not new - banks have always relied on processors that rely on sub-processors. What makes traditional arrangements workable is that the data holder selects its counterparties through voluntary contracting, managing risk through that contractual relationship.
Open finance changes this. Data must flow regardless of whether the data holder has any prior or voluntary relationship with the third party. A supervisory gap opens up that the data holder's own risk management cannot fill.
The report identifies this as its central liability question: who is accountable to the customer when something goes wrong? And its honest answer is that no existing regulatory framework resolves it cleanly. The choice between single-party, multiple-party, fault-based, and hybrid models each represents a different set of trade-offs between clarity, redress, and participation. None of them work without the infrastructure to support them.
What that infrastructure looks like, the report specifies: audit trails, API logs, incident reporting requirements, accreditation standards, dispute resolution capacity, and cross-authority coordination mechanisms. In most of the markets studied, some or all of these conditions are absent.
The report is framed for emerging and developing markets. But the structural challenge it describes - regulation governing activity vertically within each jurisdiction, while data flows horizontally across multiple parties and borders - is not confined to those markets. It is a feature of every open finance regime where the legal framework has moved faster than the supporting infrastructure.
Prior research cited in the report estimated that 42 of 54 countries - 77% - involve more than one authority in overseeing open finance implementation. That fragmentation is not a problem you solve by writing better rules alone. This new report's own conclusion is that both elements are needed: clear regulatory frameworks and the operational infrastructure to make them enforceable in practice.
The report closes with three practical design questions for regulators. Whether open finance-specific liability clauses are needed - generally, yes. Whether supplementary infrastructure is required - this may depend on what already exists, but audit trails and incident reporting are foundational. Whether formal cross-authority coordination is needed - generally, yes.
These are the right questions. But they are questions for regulators designing frameworks. The market cannot wait for that design process to complete before it needs the infrastructure.
Open finance is already scaling. Billions of API calls are already moving financial data across institutional boundaries, across jurisdictions, and through parties that have no contractual relationship with one another. The liability question does not pause while regulators coordinate.
Invela is building the infrastructure layer that makes open finance accountable - accrediting who is in the network, monitoring risk in near real time, and ensuring that when liability arises, it lands in the right place and is backed by financial accountability. The report describes clearly why rules alone are not enough. That conclusion does not belong only to emerging markets.