More Partners, More Revenue — Why Open Banking Pays Off

Data is the new currency, and open banking is already transforming the financial landscape. The question is no longer whether banks will adapt, but how they’ll capitalize on it. Driven by rising customer expectations and evolving regulatory requirements, APIs have become the backbone of innovation, enabling banks to collaborate with fintech partners and third-party providers to deliver smart, fast, and profitable services.

Open banking has evolved far beyond connecting bank accounts to budgeting apps—it's now a broad movement that includes open finance, embedded finance, and Banking-as-a-Service (BaaS). Open finance extends data-sharing to cover loans, investments, crypto, and more, enabling businesses and wealth managers to make faster, more informed decisions. Embedded finance integrates payments, lending, and insurance into everyday apps, while BaaS provides the infrastructure for nonbanks to offer financial products directly within their platforms.

Together, these innovations are reshaping how financial services are delivered and consumed. For financial institutions, it’s not just a tech shift but a strategic opportunity to meet customers where they are, drive engagement, and unlock new revenue streams.

The promise and perils of banking without borders

Financial institutions that embrace open banking are able to unlock new revenue streams. By leveraging APIs to exchange information, offering premium data services, and embedding financial products into third-party platforms, financial services entities and non-traditional playersare finding new ways to grow and enhance customer service. The pressure to move fast is real, as is the responsibility to protect customers and partners from risk. 

Customers, especially business and corporate clients, are demanding more seamless financial integrations, real-time access to their data, and tailored banking solutions. At the same time, regulatory mandates like PSD2 in Europe and the Consumer Financial Protection Bureau’s proposed open banking rule in the U.S. are enabling banking customers to control how their personal financial data is shared.

And the shift is happening fast. More than 70% percent of corporate banks plan to expand transaction data access for clients in the next two years, enabling businesses to gain deeper insights into cash flow, spending trends, and liquidity management. Another 60% aim to incorporate third-party services, enable cross-institution data sharing, and launch new API-driven financial products within the next five years. 

These strategies go beyond simply sharing data — banks are now connecting with blockchain networks for real-time global payments and embedding AI-driven tools for cash flow forecasting and advanced fraud detection. Some institutions are using AI-driven analytics into transaction platforms, helping businesses personalize and diversify their services. They’re also introducing new risk indicators, like predicting and preventing liquidity shortfalls before they happen. 

But with big opportunities come big challenges. API usage is set to grow by more than 500% from 2023 to 2027, making real-time visibility, security, and resiliency more important than ever. More data moving between more players means more complexity, tighter compliance rules, and a bigger fraud target. As a result, regulations like GDPR and the emerging U.S. open banking framework are pressuring banks to ensure data privacy and security. 

Meanwhile, bad actors are leveraging API vulnerabilities to launch sophisticated fraud schemes, such as account takeovers and data-scraping attacks. Without strong safeguards like AI-driven anomaly detection, zero-trust architectures, and robust authentication protocols, open banking’s benefits could lead to costly liabilities and potentially severe impacts to customer experience.

Keep your eyes on the APIs 

Open banking relies on APIs that allow one company to securely access financial data from another institution’s software. Before formal data-sharing agreements, account holders often had to share their login credentials with third parties, increasing the risk of fraud. APIs solve this by enabling secure, permissioned access, but they also introduce new layers of complexity. 

With financial institutions rolling out new APIs almost daily, security teams struggle to stay up-to-date with which APIs are in use and how they change the overall attack surface. This requires visibility into the full lifecycle. API posture management platforms can scan network traffic and infrastructure to automatically discover all APIs. They can also use contextual intelligence to locate where the API lives, what data it exposes, who’s calling it, and how it maps to known risks or compliance requirements. 

As financial institutions integrate modern API-driven services with legacy systems, having a clear view across the environment is key. To prevent service disruptions and manage risk, IT and security teams need to understand how systems are performing and interacting. Key capabilities, such as detecting spikes in failed transactions, identifying API call latency, or spotting unusual access patterns, enable faster response to potential threats. This level of observability reduces downtime, improves incident response, and creates a more resilient infrastructure. It also sets the stage for addressing broader challenges in open banking.

Access, innovation, and the next financial frontier

As the open banking revolution continues to accelerate, its influence has moved into new industries, such as insurance, real estate, and even climate tech, where fintech startups like London-based Yayzy are using open banking to power mobile apps that estimate personal carbon emissions based on spending habits. But what’s next may be even more transformative.  

One promising development on the horizon is Variable Recurring Payments (VRP), which allow authorized payments to adjust automatically based on real-time inputs. VRPs can change to accommodate fluctuations, which is perfect for utility bills, subscriptions, or usage-based lending. VRPs extend the model from static data-sharing to real-time, programmable money movement. This helps banks and fintechs deliver ever-more personalized, flexible experiences while maintaining control of consent. 

A December 2024 survey by Plaid found that 61% of financial institution executives already consider open banking a top priority. Why? Essentially, it’s a survival strategy in a  platform-driven world, where ecosystems are king. Open banking allows these institutions to plug into the broader digital economy, not just to deliver better services, but to stay visible (and valuable) in a landscape defined by integration and interoperability. Increasingly, banks are leveraging fintech partners to build smarter budgeting tools, lending platforms, and investment apps through revenue-sharing agreements, transforming from financial data gatekeepers to innovation enablers. 

Major players already making moves include:

• JPMorgan Chase partnered with Klarna to offer installment loans to business clients, expanding deferred payment options. 
• Banco Santander is working with Verizon to offer FDIC-backed, high-yield savings accounts to Verizon’s large customer base.  
• NatWest is providing white-label savings accounts and personal loans to members of The AA, the UK’s automobile association turned financial service provider.

These cross-industry collaborations with telcos, retailers, and digital platforms are driving growth and fueling competition. For example, while American Express Platinum has reigned as the premium travel card for decades, new entrants like Capital One’s Venture X are delivering comparable perks at a significantly lower price point. What’s changed isn’t just the offering, but the architecture behind it. Due to open APIs and modern tech stacks, these new entrants can deliver competitive experiences faster and more efficiently than ever before.   

With open banking, businesses of all sizes can plug into sophisticated financial infrastructure without building it themselves. Today, even a small coffee shop can launch a rewards program, accept mobile wallet payments, and garner business insights via partners like Stripe or Clover. 

These capabilities rely on APIs that are secure, scalable, and resilient enough to support seamless data exchange. They also reveal the complexity of the payments ecosystem itself, where fulfillment and receipt can span a multitude of providers, from banks to digital wallets like PayPal, Cash App, or Zelle. 

Generative AI’s emerging role in open banking 

As banks continue modernizing their infrastructure and expand real-time data sharing through APIs, GenAI is becoming a natural extension of open banking. By layering intelligence and speed onto an already agile data ecosystem, GenAI enables faster decision-making and more tailored, proactive customer experiences. 

According to McKinsey & Company, GenAI could add the equivalent of $2.6 trillion to $4.4 trillion annually in value to banks by across 63 use cases in financial services alone, from loan documentation to hyper-personalized investment guidance. In addition to driving new products, GenAI’s ability to assist with risk management protocols such as advanced fraud detection and cybersecurity is a potentially significant benefit. 

However, these new opportunities bring new risks, especially in the realm of data privacy and security, biased algorithms, and the need for strict adherence to regulatory frameworks. McKinsey highlights several areas of concern, including hallucinations, bias in model behavior, security and privacy challenges, and governance gaps, especially in the intersection of explainability and compliance. 

Managing AI risks isn’t just about oversight, it’s about building trust into how systems run. That means giving teams continuous insights across systems into AI activity, creating feedback loops where experts can check and refine outputs, and baking governance into every stage of development. The most forward-thinking institutions aren’t spinning up separate AI projects, but weaving them into existing risk and compliance efforts to move fast without losing control.

As financial institutions move from early experimentation to broader deployment of GenAI, success will depend on their ability to apply it consistently, safely, and at scale. 

Compliance tightens the purse strings on data sharing

As open banking expands data sharing, financial institutions are wading through a growing tide of compliance requirements. Beyond established regulations like GDPR and DORA, new mandates are reshaping how banks manage data security, third-party access, and customer protections. In the U.S., the Consumer Financial Protection Bureau (CFPB) recently recognized the Financial Data Exchange (FDX) as the standard-setting body for open banking, reinforcing API-driven data sharing as the industry norm. Not surprisingly, 69% of consumers now prioritize fraud protection when selecting a bank. For banks, it’s no longer just about complying with regulations, but building a gold standard of trust through robust data protection practices. 

Open banking makes financial data more accessible and portable, powering everything from budgeting apps and online loan applications to partial payments and currency exchanges. New regulations like the EU's Payment Services Directive 2 and the U.S. Personal Financial Data Rights rule, finalized in October 2024, now require financial providers to support safe, consistent  data access for authorized third parties. Large banks must comply by 2026, with smaller ones following by 2030. 

These regulatory shifts add complexity in several ways. The U.S. Personal Financial Data Rights rule requires banks to give consumers safe, standardized data-sharing options, forcing them to update their privacy frameworks and security protocols. At the same time, regulators are tightening oversight of third-party partnerships, forcing banks to conduct deeper due diligence on security and compliance risks. Operational resilience laws like DORA demand real-time monitoring, incident response plans, and proof that banks can withstand threats and outages. 

Keeping up with evolving regulations can be daunting, but having a mature resiliency and security strategy can help financial institutions be proactive. Tracking key compliance-related KPIs–like API call volumes, data access patterns, consent revocations, and third-party error rates–and setting automated alerts can help banks detect issues, such as when mandated access limits are exceeded. These limits are set by individual banks to ensure system stability and security. In addition to API usage, banks should also track data access, security risks, and third-party connections in accordance with internal best practices. 

Open banking is no longer just about data access. It’s about what financial institutions can build with that data. To thrive in this era, banks must go beyond compliance and treat open banking as a strategic imperative. That means having the right infrastructure to support real-time visibility, secure API management, and agile collaboration with partners. It means thinking not just about how to keep up but how to lead. By treating open banking as a launch pad for innovation rather than a source of disruption, banks can operate with clarity, confidence, and control in a nonstop digital economy. 

Get expert takes on security, IT, and open banking trends straight to your inbox every month with the Perspectives newsletter.