The Future of Open Finance and Smart Data: Joint Insights from the FCA and ICO
Introduction
The Financial Conduct Authority (FCA) and the Information Commissioner’s Office (ICO) are collaborating through the Digital Regulation Cooperation Forum’s (DRCF) Horizon Scanning and Emerging Technology (HSET) project to explore the future of Open Finance. Open Finance is an important area of collaboration for the FCA and ICO as it will support innovation and competition in financial services, allow people to derive benefit from their own personal data, and require strong data protection compliance to ensure trust. This article sets out high-level insights from the project, summarising key points, emerging themes, and some areas for future exploration.
In March 2025, the FCA hosted an Open Finance Sprint. The ICO participated, utilising the Sprint to serve as a valuable opportunity to build on findings from this research.
What is Open Finance?
Open Finance refers to the “extension of Open Banking-like data sharing to a wider range of financial products, such as savings, investments, pensions and insurance”[1]. Customers will be able to request that other service providers can access and share their data, thus enabling new and/or improved products and services. This should facilitate customers having greater control over their finances. For consumers, this means that financial services providers will have a more holistic view of consumers’ financial circumstances and can offer new, more tailored or improved services. The same is true for businesses, as it will enable them to make more informed decision-making on business opportunities and client needs.
Open Finance presents opportunities to enhance competition, stimulate innovation and improve inclusion by helping providers to offer more tailored products and services to better serve the diverse needs of consumers. Open Finance aims to build on the success of open banking, which has "led to greater competition and innovation in UK retail banking".[2] The initiative has encouraged a new UK ecosystem of innovative financial services providers, and consumer and small business uptake continues to increase.[3]
Smart Data and the Role of Regulation
The UK’s framework for Smart Data, defined by the Government as the secure, consent-based sharing of customer data with authorised third parties[4] is central to the vision for Open Finance. The recently enacted Data Use and Access Act sets out a framework for access, sharing and use of customer data. Statutory instruments will be needed to introduce specific sectoral Smart Data schemes including Open Finance.
The FCA’s strategy outlines its commitment to building regulatory foundations for Open Finance, rooted in the principles of Smart Data. The ICO has also set out its support for Open Finance and portability schemes that allow customers to move their data between services, as enablers of competition and growth.
As the sharing of personal data potentially increases in scale, the ICO’s role will continue to be vital in ensuring future Open Finance and other Smart Data schemes protect people’s information rights.[5] Data protection enables the lawful, fair and transparent processing (including sharing) of personal data, building trust and supporting innovation and economic growth. Ensuring that organisations adopt a privacy by design and default approach to the development of innovative products and services will be crucial to building that trust, encouraging customers to embrace Open Finance.
Technologies Shaping the Future of Open Finance
Several technologies are expected to shape the development of Open Finance and Smart Data. To date, Application Programming Interfaces (APIs) have been used to support Smart Data and data-sharing initiatives globally (such as Open Banking in the UK). Our desk-based research explored how future Open Finance models may utilise technologies like artificial intelligence (AI) and distributed ledger technology (DLT).
APIs
As seen with Open Banking, APIs[6] will likely remain key to Open Finance and Smart Data, because they can facilitate real-time, secure and trusted data exchange between services. This can enable innovation, competition, and greater consumer choice. Globally, APIs have become the predominant technical approach to delivering Smart Data initiatives, supported by regulatory frameworks such as the Second Payment Services Directive (PSD2) in the EU and similar regimes in Australia, Brazil, and Singapore. In the UK, Open Banking has been delivered through a mandated, standardised API framework overseen by the Open Banking Implementation Entity (OBIE).
Common API standards and strong interoperability across sectors and providers will be essential to avoid fragmentation, reduce integration costs, and ensure that both new entrants and incumbents can participate in schemes effectively.
Artificial Intelligence (AI)
As a technology which might empower Open Finance, AI[7] has the potential to:
- automate data cleaning and preparation;
- enhance fraud detection in real time;
- assess creditworthiness of both individuals and SMEs;
- deliver personalised insights, financial advice, and product recommendations; and
- help consumers complete tasks such as opening an account or switching providers.
AI systems with access to Open Finance data could draw on the information to deliver insights and innovative personalised services for consumers. When data is securely and transparently shared in an Open Finance framework, it could enable functions such as automated financial advice and fraud detection, increasing the overall impact of Smart Data and Open Finance initiatives.
However, some risks associated with the use of AI will need to be considered, such as questions around automated decision-making, transparency and explainability in AI. The ICO has published extensive guidance on this topic and intends to develop a statutory code of practice to provide certainty to organisations.
Distributed Ledger Technologies (DLT) and Smart Contracts
Some stakeholders envision a decentralised future architecture for Open Finance, where technologies like DLT[8] and smart contracts[9] support secure, auditable and transparent transactions. For example:
- Smart contracts could automate administrative tasks (e.g. loan approvals or insurance claims) and allow consumers to define data-sharing preferences with minimal effort and in a transparent manner.
- DLT may improve data integrity and security, permanence of records, and consensus-based validation.
- DLTs can track the flow of data between authorised parties, enabling auditing and tracking of data sharing.
These technologies come with risks as well as opportunities. For example, it could be difficult to revoke access to or correct personal data stored on an immutable blockchain. Without a central decision-making authority, it may be unclear who is responsible if something goes wrong.[10] Clear governance frameworks will be important, as will embedding privacy by design from the beginning.
Digital Identity Verification
Verifiable digital identities are expected to be important for consumer trust and streamlined data access. Work is ongoing across government, including the development of the UK Trust Framework by the Department for Science, Innovation and Technology (DSIT), to provide secure and reliable digital identity schemes. The DRCF have also previously explored the opportunities and risks of digital identities. We will continue to assess and discuss the implications of these different technical approaches in the Open Finance context.
Regulatory Considerations – Some Open Questions
As Open Finance and Smart Data develop, a range of important cross-regulatory questions are emerging for the FCA and ICO to consider further. Among others, these include:
Empowering consumers and business
Open Finance and Smart Data can empower consumers (and businesses) by giving them greater control over and the ability to derive benefit from their own data. How do we ensure that the evolution of technology and innovation enable this while also fostering trust in new products and services and delivering good outcomes for consumers?
Lawful bases for processing (including data sharing)
Open Finance aims to enable users to take control over how their data is shared and used. Organisations will need to consider which lawful basis for processing would be most appropriate to enable that data sharing.[11]
Data Minimisation
While stakeholders highlighted interest in using a wide range of financial and non-financial datasets, organisations must still comply with data minimisation. This means only using the data that is necessary, for clear and defined purposes. What could effective data minimisation9 look like in an Open Finance ecosystem? What role might privacy enhancing technologies play in enabling new processing activities?
Transparency and Consumer Understanding
When AI is used to make decisions about consumers, organisations must explain how and why personal data is being used. What might this look like in Open Finance? Is broader consumer education needed?
Interoperability and standardisation
What role is there for regulators to assist in the development of common standards for interoperability?
Trust in the system
Embedding trust is critical to the success of Open Finance and Smart Data.
We will continue to explore these and other questions to support the safe, lawful and responsible development of Open Finance.
What’s Next?
The FCA and ICO will remain engaged with government and other regulators, including the CMA and Ofcom, through the DRCF to support Smart Data initiatives across sectors. We will also continue our work individually and together on Open Finance.
FCA
The FCA’s 5-year strategy confirms its commitment to building the regulatory foundation for Open Finance. The FCA continues to engage with government, including in considering the development of Smart Data and its interactions with Open Finance. It is taking part in a first cross-border data sharing test led by the Bank for International Settlements (BIS) (Project Aperta). A report capturing Sprint outcomes and future steps has recently been published. Insights from the Sprint will contribute to discovery work, including a testing and experimentation programme aimed at validating Open Finance use cases, beginning with SME lending.
The FCA is also launching a Smart Data Accelerator, which will facilitate the testing of use cases, encourage the development of solutions, and help shape regulatory policy for Open Finance. The accelerator will drive progress on Smart Data initiatives and support the FCA in setting out its Open Finance roadmap by March 2026.
ICO
The ICO’s Innovation Hub will continue to work with the FCA’s Innovation team to provide free, tailored data protection support to financial services firms innovating with personal data. The Hub will act as data protection mentors in the Department of Business and Trade’s upcoming Smart Data Challenge Prize. The ICO will continue to support the introduction of smart data schemes, starting with the rollout of Open Finance with the FCA.
The ICO is continuing to provide advice and support to the Government as it works to establish a framework for digital identity schemes in the UK, to streamline verification of identities and attributes in the Open Finance sector.
Ongoing Collaboration
This bilateral project is just one part of an ongoing regulatory partnership between the FCA and ICO.[12] Together, we will continue to monitor emerging trends, share insights, and engage with industry and stakeholders.
As the data-driven economy continues to evolve, we are committed to ensuring that innovation is enabled in a way that builds trust, protects privacy, and benefits people and businesses alike.
DRCF
Beyond Open Finance, the DRCF will conduct research into the role of regulators in the future of a data-led economy. For further information, see the DRCF 2025-26 Workplan.
[1] FCA publishes feedback to Call for Input on Open Finance | FCA
[2] Joint statement by HM Treasury, the CMA, the FCA and the PSR on the future of Open Banking - GOV.UK
[3] Home - The open banking Impact Report 2024 (March); Home - The open banking Impact Report 2023 (October)
[4] https://www.gov.uk/government/news/potential-new-smart-data-scheme-to-drive-innovation-and-support-consumers-in-the-energy-market
[5] Letter from the Information Commissioner
[6] Application Programming Interfaces (APIs) are interfaces which enable software applications to communicate with each other to exchange data. APIs share information directly between systems, rather than to users.
[7] AI is “an umbrella term for a range of algorithm-based technologies that solve complex tasks by carrying out functions that previously required human thinking. Decisions made using AI are either fully automated, or with a ‘human in the loop’: Definitions | ICO. AI can be defined in many ways.
[8] Distributed ledger technology is a means of storing information in multiple interconnected databases that are linked in order that they appear to be a single unified instance. There is no centralised administration of the distributed ledger, instead transactions are handled peer-to-peer, and verified by a consensus mechanism to replicate changes across all the unified databases, allowing for a single agreed-upon version of the data to be held across the network.
[9] Smart contracts are a type of self-executing software program which are triggered when predetermined conditions are met (eg a payment is executed automatically upon delivery of goods) and can establish a legal relationship between parties.
[10] The DRCF have explored some of the regulatory challenges associated with DLTs in the 2023 Insight paper on Web 3.0. The ICO is developing guidance on DLTs, due for publication in winter 2025-26: Our plans for new and updated guidance | ICO
[11] A guide to lawful basis | ICO
[12] Our other recent collaborative work includes: New ICO-FCA paper on consumer attitudes towards digital assets | DRCF; Joint statement from the FCA, ICO and TPR for retail investment firms and pension providers | ICO; FCA and ICO letter: Supporting AI, innovation and growth in financial services; ICO Innovation Services | ICO