Laboratório de ideias
Agentic AI: The reality behind the hype
artigo
11 de set de 2025
Key takeaways
The walls are coming down. For years financial institutions kept data locked away. But now open finance standards have flipped the script — and enabled more sophisticated business strategies.
Move fast and find opportunity. The firms that drag their feet will drown in red tape and lose customers to faster rivals; the ones that dive in will win trust and new markets.
Rules make the game work. Standards like BIAN and FAPI may sound wonky, but they’re the guardrails that make open finance safe, smooth and ready to scale.
By Sachio Iwamoto, Director, Principal Architect at Kyndryl; Vijay Sharma, Customer Enterprise Architect at Kyndryl; Shripad Joshi, Business Solutioning and Functional Architect at Kyndryl
For centuries, financial services firms have thrived by keeping data fortressed. This was for a host of reasons, not least of which was because it allowed for maximum control over the customer relationship.
But that strategy has turned on its heels due to the emergence of new technologies, regulations, and customer expectations. It’s for those reasons that financial services — stalwart players and new entrants alike — are increasingly breaking down the very fortress walls that gave shape to their wider industry for so long.
The result? People are no longer passive account holders locked into a single provider. They are beginning to expect to easily move their financial data across banks, fintechs, insurers and other services. This shift, known as “open finance,” gives customers the freedom to stitch their financial lives together without being confined to one institution.
For many businesses, this change represents a seismic shift, especially on the technological front. Some enterprises are further along than others in the journey to modernize their hyper-complex, mission-critical technologies to support open finance principles. Difficult as it may be to navigate these changes, the pressure to do so is ever-present.
If firms don’t adapt, they risk losing ground to players who use openness to innovate faster and deliver better experiences. In this new era, enterprise leaders face a defining choice: They can treat open finance as a compliance box to tick or seize it as a growth mandate. The first path leads to a shrinking role in the broader industry and permanent competitive drag. The second leads to new markets, deeper customer relationships, and durable advantage. In open finance, the new power move is all about letting go.
In open finance, the new power move is all about letting go.
Ultimately, successful adaptation to this new financial paradigm depends on a deceptively simple approach: standardization. We know from experience that while open data can unleash innovation, the benefits can also prove uneven when every institution defines its own way of doing things. Without consistent APIs and shared data models, firms wind up wrestling with brittle integrations, higher costs, and slower time to market. Security practices vary, compliance overhead grows, and the whole ecosystem suffers from the resulting fragmentation.
Standardization creates a trusted framework for secure, auditable data exchange. It also lowers the barrier to innovation by giving developers a common language to work with. This is where frameworks like BIAN and FAPI come into play. These complementary standards address two of the most pressing requirements in open finance: architecture and security.
BIAN, the Banking Industry Architecture Network, provides a blueprint for interoperability and agility across core systems. It allows financial institutions to transition toward “coreless banking” — decoupling functionality from monolithic cores in favor of a more agile, service-based model. This approach not only supports modernizing legacy environments, it also enables firms to align business strategy with technology execution — a critical capability as data-driven partnerships expand across the ecosystem.
FAPI, or the Financial-grade API security standard, addresses the other pillar: security. Developed by the OpenID Foundation, FAPI builds on OAuth and OpenID Connect to create a robust framework for safeguarding high-value data exchanges. It gives institutions and regulators comfort that sensitive data can move securely between providers. Already mandated in markets including the UK, Australia, Brazil and Saudi Arabia, FAPI has become the global benchmark for protecting APIs in open financial ecosystems. By reducing the risks of impersonation, tampering and token leakage, FAPI raised the bar for digital trust in environments where near-constant consumer data movement is the norm.
Together, BIAN and FAPI do more than solve technical challenges. They create the conditions for innovation. Standardization reduces the barriers to entry for smaller players and eases customers’ ability to personalize their portfolio of financial services.
For leaders, the nut to crack is not about whether to adopt open finance standards, but about how quickly they can embed them into their overall business strategies.
Many institutions remain burdened by legacy architecture and siloed data. Whereas open finance requires collaboration with external ecosystems. To address this challenge, enterprise leaders should move toward API-first, microservices-based architectures, supported by data virtualization, master data management, and enterprise-grade API gateways — all underpinned by a phased, cloud-driven modernization strategy.
With PSD3 and PSR, GDPR, DORA, and new protocols such as OAuth, OpenID Connect, and FAPI shaping the rules, financial institutions cannot afford a reactive approach. They must embed real-time compliance monitoring, embrace zero-trust models, institutionalize security-by-design practices, and implement dynamic regulatory mapping frameworks to align policies across jurisdictions.
Customers expect real-time engagement, and providers want to offer that while keeping costs down. Legacy environments tend to inflate operating costs and can often wind up being a drag on delivery. To compete, institutions should explore cloud-native platforms and low-code tools. They should integrate DevSecOps for rapid and secure deployment, and experiment in sandbox environments to accelerate innovation. Ultimately, this leads to retiring redundant systems in a strategic and disciplined way.
Capability gaps exist across aging legacy skills and emerging disciplines — such as API security, cloud orchestration, and RegTech — and have a real impact. The way forward is to invest in structured reskilling programs, engage trusted managed service providers to supplement internal expertise, and establish Centers of Excellence that embed best practices across security, compliance, and innovation.
Addressing these four challenges in tandem will allow institutions not only to meet Open Finance obligations, but to turn them into durable sources of competitive advantage.
