Open Finance and PSD3: toward a more integrated financial ecosystem

In today's landscape marked by rapid digital evolution and transformation of business models, the financial sector is facing unprecedented challenges while seizing revolutionary opportunities. The ability for customers to securely share their bank account and transaction data with authorized third parties through APIs is rewriting the rules of the game, creating an ecosystem in which innovation and security must coexist in perfect balance. The path embarked upon with PSD2 has enabled key innovations, such as Embedded Payments, although it has highlighted many critical issues in adoption and user experience. PSD3, along with other related regulations, aims to consolidate the positive aspects and overcome previous limitations, promoting a more integrated, resilient and innovation-driven financial system

Despite the heavy investment and high expectations placed on Open Banking, PSD2 has produced less than expected results. The idea of opening banking data to third parties through standardized APIs, promoting greater competition and innovation in the financial market, has faced numerous obstacles that have led to limited user adoption and high operational costs for financial institutions (incumbents)

The mismatch between regulatory developments and the real needs of customers proved to be one of the key problems. Regulation mandated the sharing of payment data and current accounts, without likely existing strong enough market demand to justify large-scale adoption. Bank account aggregation, offered by Account Information Service Providers (AISPs), has not met with the hoped-for interest, largely due to security concerns, limited perceived value-added, and complex access procedures. Payment Initiation Service Providers (PISPs), which were supposed to revolutionize online payments by enabling direct transactions without the intermediation of traditional banking platforms, also encountered significant difficulties at launch.

Among the main critical issues, the requirement for strong customer authentication (SCA) every ninety days created significant friction in the user experience, compromising smooth access to open banking services. In parallel, the regulations had mandated the implementation of fallback interfaces to ensure data access in the event of banking API failures, resulting in increased costs and introducing additional technical complications.

Despite these issues, it is worth noting that PSD2 has left an important legacy, laying the groundwork for the development ofEmbedded and Open Finance, fostering the integration of financial services within broader digital ecosystems. The adoption of gateway APIs has enabled experimentation with innovative models such asEmbedded Payment, in which payments have increasingly become an integral part of the user experience on third-party platforms, making transactions much smoother and more immediate, compared to the past. This evolution has caused traditional financial players to reflect on the strategic value of sharing their APIs and the new business opportunities arising from data sharing.

With the Payment Services Regulation (PSR) proposals for PSD3, the regulatory framework is evolving with the goal of overcoming the inefficiencies of PSD2 and accelerating the opening of the financial sector to new models of data sharing and innovation. The direction charted is that of Open Finance, an ecosystem in which value no longer resides solely in traditional banking services, but in the ability to integrate and leverage financial information more broadly and dynamically.

Among the major innovations, the removal of the fallback interface requirement is a crucial step in reducing costs and simplifying API implementation by banks. In parallel, the push toward greater API standardization aims to ensure more efficient and secure data access by reducing disparities in how different players integrate. This action will not only remove many of the current technical barriers, but also enable smoother interoperability between banks, fintechs, and innovative financial service providers.

In addition, the Financial Data Acces (FIDA) regulation, despite current uncertainties about implementation timing and regulatory details, could be a significant development, extending the concept of Open Finance beyond just transactional and banking data. In addition to current accounts, the framework extends access to data on securities portfolios, insurance products and other financial instruments, paving the way for more advanced and personalized advisory solutions. In addition, FIDA introduces a remuneration mechanism for data sharing, which aims to rebalance the relationship between incumbents and third parties. Unlike PSD2, which mandated free access to transactional data, FIDA would allow fees based on fixed, pay-as-you-go or data-value-related models through a Compensation Model, which is still being defined.

Taken together, therefore, these measures lay the foundation for a more integrated, efficient and competitive financial ecosystem in which collaboration between traditional and new market players can generate an increasingly advanced service offering centered on user needs.

Significant security and privacy challenges remain, however. While financial data sharing fosters innovation and competitiveness, it also amplifies cybersecurity risks, exposing banks, fintechs, and customers to new threats. The increasing interconnectedness between different players makes it essential to balance the need to protect sensitive data with the goal of ensuring a smooth and efficient user experience. In this context, the interplay between Open Finance regulations and GDPR represents a complexity, requiring consent management that is both compliant with data protection requirements and agile enough not to hinder the adoption of new digital services.

To address these critical issues, it becomes essential to develop more dynamic consensus models that reduce the need for repeated authentications without compromising data security. The use of advanced technologies could offer more robust solutions for protecting sensitive information. At the same time, to ensure the robustness of the Open Finance ecosystem, careful partner selection by banks and financial institutions, for whom reputation and trust are key pillars in customer relationships, becomes essential. Dependence on external vendors and third parties introduces operational and reputational risks that require careful management. Adopting a structured approach to security along the entire financial services supply chain, through continuous audits and rigorous assessment of counterparties, will be critical to building a sustainable, secure Open Finance model that reinforces user trust.

Open Finance, then, represents a paradigm shift destined to redefine the future of financial services. PSD3 and the FIDA regulation are not just a regulatory update, but the driving force behind an ecosystem in which data, artificial intelligence and new business models converge to deliver a more seamless, secure and personalized experience.

However, the true success of this transformation will depend not only on regulations, but on the industry's ability to embrace change with vision and responsibility. Financial institutions, fintechs, and other players in the ecosystem will need to work together to build a robust infrastructure in which innovation, security, and trust are harmoniously integrated. Those who can combine these elements will lead the next era of the financial marketplace.