LOUISE: For the less obsessed, openbanking allows consumers and businesses to share the data in their bank andbuilding society accounts. Open finance extends that same principle across thefull spectrum of your financial life - mortgages, investments, pensions,insurance – allowing consumers and business to access rather more powerful andpersonalised services.
So, thefirst mistake - over-engineering - is what I'd call building a Rolex when youneed a Swatch. You spend five years perfecting the mechanism, and by the timeyou're done, the world has changed. You can see this in markets that haveproduced extraordinarily detailed technical rules and technical standards thatnobody has actually implemented at scale, because the commercial model didn’twork and the risk infrastructure never got built. Australia comes to mind….
The secondmistake, under-engineering, is what I'd call the empty pipe problem. You buildthe infrastructure - the rails, the APIs, the consent mechanisms - and then youstand back and wait for the market to fill it. And, then as usage starts tobuild and incidents start to pile up, the market looks at the pipe and says:but where's the risk management? Where's the liability framework? Who'saccountable if something goes wrong? And in the absence of answers, adoptionfalters.
The UK is -and I say this with enormous affection because I've spent fifteen years in thisecosystem - the UK is making the second mistake right now. We have genuinelyworld-class infrastructure. The open banking pipes are real, they work, and thenumbers are growing. But we've built the pipe without building the safety netunderneath it. The liability framework hasn't kept up. And the result is thatbanks and fintechs are looking at each other across a liability gap that nobodyhas bridged.
The EU ismaking a version of the first mistake but in slow motion. FiDA isarchitecturally ambitious and in many respects correct - but it's beingdesigned by committee across twenty seven jurisdictions and the implementationtimeline keeps stretching. By the time it's fully in force, the market it wasdesigned to govern will look wildly different.
Are eitherrecoverable? Yes - but the clock is running. And the investment required todeliver the open finance benefits case is looking for one thing and one thingonly – where’s the best place to make a return? The UK and the EU need to make sure that the market sees them asattractive.
LOUISE: I think the open finance industryhas spent a decade solving the wrong problem.
We've beenobsessed with transparency tech. Consent journeys, data dashboards, disclosurenotices - we've got very good at telling consumers and businesses what'shappening to their data. And transparency matters. But there's a crucial gapbetween a consumer or business knowing that their data is being shared andbeing genuinely protected when something goes wrong.
I use thisanalogy: imagine the electricity grid. You don't need to understand how thegrid works in order to plug in your kettle. You don't read a disclosure noticeand tick a consent box every time you flip a switch. You trust it because theinfrastructure underneath it is safe - because there are standards, monitoring,and accountability baked into the system at a level you never see. The safetyis structural, not disclosed.
Open financeis still at the stage where we're handing consumers a very detailed disclosurenotice and calling it protection. We're not yet at the stage where theinfrastructure underneath is safe enough that the disclosure notice becomesirrelevant.
And here'sthe uncomfortable truth about who closes that gap. Regulators can mandatedisclosure and, to an extent, legal liability. They can set up standards bodiesto set standards. They can define who's responsible in a relationship betweenregulated parties – but, let’s face facts: legal liability is largelytheoretical if the liable player has no balance sheet. What regulators cannot do - becauseno regulator has jurisdiction across the entire open finance chain fromregulated to unregulated - is monitor every participant continuously,detect when a third-party provider's risk profile changes, and ensure that whensomething goes wrong, the liability lands with the party that caused the harmrather than defaulting to whoever is closest to the consumer or business. Thatrequires infrastructure. And infrastructure is a market problem, not aregulatory problem.
The firmsthat understand this - that safety is structural, not disclosed - are the onesthat are going to win consumers’ and business’ trust. The firms that are stilltreating risk management as a compliance checkbox are building on sand.
LOUISE: Most firms get it wrong in the sameway. They treat compliance as a cost centre - something you minimise, somethingyou outsource to the legal team, something you do once at onboarding and thenfile away. And then they wonder why their bank partners are slow to connectwith them, why deals take eighteen months to close, why the bods from Risk andInfoSec keeps appearing in commercial conversations uninvited.
The firmsthat get it right treat compliance as market infrastructure. They don't do theminimum - they build a risk score that is genuinely defensible, continuouslymaintained, and visible to their counterparties. And the effect is immediateand commercial. Bank relationships open faster. Procurement cycles shorten. Theconversations that used to get stuck at the TPRM questionnaire - the ones thattake six months and produce a seventy page document that nobody reads - thoseconversations become a formality rather than a roadblock.
I'll giveyou a concrete version of what this looks like in three years. Imagine twofintechs. They launched at the same time, roughly the same product, roughly thesame market. One of them treated risk management as a tax on innovation -something to be minimised. The other built it into the foundation. Three yearsfrom now, the first firm is still spending six months closing every bankpartnership. They're still answering the same onboarding questionnaire againand again and again. The second firm has a dynamic risk indicator score. Theirbank partners can see their risk profile in real time. They don't fill inquestionnaires anymore - they just share their risk score.
The openfinance market is going to bifurcate. There will be participants who aregenuinely inside a trusted network - accredited, monitored, covered - andparticipants who are outside it. The ones outside it will find that the onesinside it simply won't connect with them. Not because of regulation. Because ofcommercial logic. Banks and fintechs will choose their counterparties based onverified risk profiles, not self-reported questionnaires.
Watch full interview: https://www.youtube.com/@fintechgarden
