Smart data progress report: FCA/ICO statement confirms Open Finance in the pipeline

Legislation is now in place to revolutionise access to customer data in the UK by enabling new ‘smart data’ schemes to come to fruition. 

A recent joint statement from the UK’s data privacy and financial regulators (under the umbrella of the Digital Regulation Cooperation Forum (DRCF)) confirms that they both support the development of Open Finance, being the extension of Open Banking-like data sharing to a wider range of financial products, such as savings, investments, pensions and insurance. Open Finance is the front-running UK smart data scheme and it promises to support innovation and competition in financial services. 

Ongoing regulator collaboration 

The statement recognises that Open Finance will involve an increase in sharing of data at scale, including personal data thus making strong data protection compliance essential. Whilst not expressly mentioned in the statement, cyber security will also be key given the nature and quantity of the data will make it an attractive target both in transit and at its destination. For regulated firms, the rules of the Financial Conduct Authority (FCA) around operational resilience and Consumer Duty (under which firms must act to deliver good outcomes for retail customers, as discussed here), will also be particularly relevant. 

Importance of technologies

The statement notes that several technologies will be key to the development of Open Finance but also come with risks. In particular, it discusses: 

• Application Programming Interfaces (APIs) – these are expected to remain key, having been central to existing smart data initiatives. APIs allow standardised frameworks to be developed, avoiding fragmentation and reducing integration costs. 
• Distributed ledger technology (DLT) - some stakeholders consider that Open Finance should have a decentralised architecture using DLT. However, the regulators comment that this comes with risks, e.g. around personal data being placed on an immutable blockchain and with apportioning responsibility between parties (see our blog).
• AI - may ‘empower Open Finance’. Potential use cases noted include preparing data before sharing, assessing creditworthiness, detecting fraud or providing financial advice. The use of AI to empower Open Finance complements, in particular, the FCA’s ongoing programme of work to bridge the financial advice gap where individuals, especially those with lower wealth, are unable to access potentially beneficial advice (see here).
• Digital Identity Verification – this will be key for consumer trust and work is separately underway to provide secure and reliable schemes.

Open questions

Cross-regulatory issues the Information Commissioner’s Office (ICO) and the FCA identify as needing further consideration include: 

Transparency and consumer understanding

Transparency is flagged as a particular issue where AI is making decisions about consumers, and consumer understanding is a key outcome under the FCA’s Consumer Duty. The statement suggests that broader consumer education could be required, an approach previously taken by the Italian data protection authority in the context of Gen AI when it ordered OpenAI to carry-out a public awareness campaign. 

Lawful bases 

The statement emphasises that under the UK General Data Protection Regulation (GDPR) organisations will require a lawful basis for processing personal data for Open Finance. Given it highlights that one of the aims of Open Finance is to give customers control over how their data is used, we envisage that consent will be the GDPR processing ground most appropriate to be relied upon for the transfer of personal data. 

Data minimisation 

The GDPR’s minimisation principle will require that only data that is necessary for clearly defined purposes is used. The statement questions what effective minimisation would look like in Open Finance and suggests that privacy enhancing technologies (PETs) may have a role to play (we discuss PETs further here).

UK outlook 

In line with its strategic commitment to build the regulatory foundations for Open Finance, the FCA is engaging closely with the UK Government and has recently launched a Smart Data Accelerator scheme as a catalyst for developing Open Finance. It is aiming to publish its road map for Open Finance by March 2026, and we understand it hopes the first scheme will be operational by the end of 2027. 

Meanwhile, the ICO is continuing to collaborate with the FCA on Open Finance, including through interaction of the regulators’ innovation teams. The ICO is also involved in developing smart data schemes more broadly and it will no doubt be interested in the Government’s consultation on smart data in digital markets.

International outlook

Globally, we are seeing increasing focus on the value of data sharing schemes in financial services. For example, in the US, JP Morgan has recently created headlines by charging for access to customer data that had been provided free under data sharing rules introduced by the Biden administration (but since revoked). Meanwhile, the EU’s proposed regulation on a framework for financial data access (FiDA), which is also an open finance scheme and proposes a new framework for secure and open access to customer data across a broad range of financial services, is expected to be agreed later this year, although subject to substantial transition periods.