Seven years ago, open banking was a regulation. Banks were forced, under the EU's Payment Services Directive 2 (PSD2) and the UK's Open Banking Standard, to open their APIs to accredited third-party providers. Most banks treated this as a compliance burden — the minimum viable API, built by reluctant teams to satisfy regulators, accessed by a handful of fintech experimenters.
That era is over.
In 2026, open banking is a $24 billion industry growing at 47% annually. More than 12,000 financial institutions across Europe, the US, Canada, Australia, and Brazil now expose their data and payment capabilities through standardised APIs. Over 680 million bank connections are active globally. And the business models built on top of open banking infrastructure — from instant account-to-account payments to AI-powered personal finance management — are generating real, substantial revenue.
This article is my attempt to synthesise what's happened, explain what's actually changing in 2026, and give you a clear-eyed view of the opportunities that exist right now — and those that are still overblown.
Open Banking in Numbers — 2026
1. PSD3: What's Actually Changing
The Payment Services Directive 3 — the regulatory update to PSD2 that the European Commission began implementing in Q1 2026 — is the most significant change to the open banking regulatory landscape since the original PSD2 came into force in 2018. But it's not what many people expected.
PSD3's most important provision isn't about data access — it's about API quality. Under PSD2, banks were required to open APIs, but there was no minimum performance standard. The result was predictable: many banks built APIs that were technically compliant but practically useless — high latency, poor uptime, sparse data coverage, and capricious error handling.
PSD3 mandates performance standards. Banks must now achieve 95% uptime on their open banking APIs (measured against their own internet banking uptime), respond to data requests within 1 second for 99% of calls, and provide dedicated testing environments with realistic synthetic data. Non-compliant banks face fines of up to 4% of EU revenue — the same proportionality used in GDPR enforcement.
For those of us building on open banking infrastructure, this is transformative. The variable quality problem — where your product worked brilliantly for customers at Monzo but randomly failed for customers at certain legacy institutions — is being directly addressed at the regulatory level.
"PSD3's API quality mandates will do more for open banking adoption than five years of startup advocacy. When the infrastructure is reliable, the use cases become obvious."
— James Whitfield, CEO NexaFin, speaking at Money20/20 Amsterdam 2026The second major change in PSD3 is the introduction of premium APIs — a commercial model that was conspicuously absent from PSD2. Under PSD3, banks can charge third-party providers for access to enhanced data sets (beyond the basic account and transaction data mandated for free access) and for guaranteed service levels. This creates a commercial incentive for banks to actually invest in their open banking infrastructure rather than treating it as a cost centre.
2. Account-to-Account Payments: The Inflection Point
The use case that has most clearly crossed the chasm from "interesting pilot" to "material business" is account-to-account (A2A) payments. In 2025, A2A payment volume in the UK alone crossed £200 billion — growing at 82% year-on-year. In the Netherlands, iDEAL (the country's dominant open banking payment method) now accounts for 67% of all e-commerce transactions.
The commercial logic is straightforward. A2A payments cost merchants approximately 0.1–0.3% in processing fees compared to 1.5–2.0% for card payments. For businesses with thin margins — groceries, fuel, utilities — this isn't incremental improvement, it's structural competitiveness. And unlike card payments, A2A payments settle instantly (or within hours), improving cash flow dramatically for merchants on volume.
The remaining friction points are real but solvable. Consumer familiarity with card payments is high; A2A checkout flows are improving but still require more steps than a stored card. Chargebacks — the consumer protection mechanism that makes cards trusted for dispute resolution — don't exist in A2A payments in the same form. Solutions like NexaFin's A2A Payment Protection layer, which provides purchase protection and dispute resolution on A2A transactions through contractual arrangements with our partner banks, are beginning to close this gap.
3. AI and Open Banking: The Intelligence Layer
The combination of open banking data and artificial intelligence is creating a new category of financial intelligence that simply didn't exist three years ago. When you can access 24 months of real bank transaction data with consumer consent, you can build credit scoring models, affordability assessments, income verification tools, and cash flow forecasting engines that are dramatically more accurate than anything built on traditional data sources.
At NexaFin, we process 2.4 billion bank transactions per month through our open banking data infrastructure. When that data is categorised, enriched, and run through ML models, it produces insight that transforms lending decisions, personalises financial recommendations, and identifies fraud patterns that would be invisible to traditional systems.
The most impactful applications we're seeing in 2026 include:
- Instant income verification: Confirm employment and income in under 60 seconds using bank transaction patterns — replacing the 3–5 day payslip review process and enabling same-day lending decisions.
- Affordability assessment: Lenders can assess actual disposable income after real expenses, not just stated income minus standard deductions — producing more accurate and more responsible lending decisions.
- Cash flow forecasting: SMBs can see their projected cash position for the next 90 days with 87% accuracy by applying ML models to their historical transaction patterns.
- Anomaly detection: Banks and fintechs can identify suspicious activity patterns by looking across the full picture of a customer's financial behaviour — not just transactions within their own institution.
4. Variable Recurring Payments: The Sleeping Giant
Variable Recurring Payments (VRPs) — open banking payment arrangements that allow authorised payers to make recurring payments of varying amounts without per-transaction approval — are, in my view, the most underappreciated development in financial infrastructure in the past decade.
VRPs combine the user experience of a direct debit (authorise once, pay automatically) with the flexibility of a payment request (the amount varies based on actual usage) and the instant settlement of a push payment. For utilities, subscription services, lending repayments, investment platforms, and insurance premiums, this is a fundamentally better payment mechanism than anything that existed before open banking.
The UK's Open Banking Limited is currently the only jurisdiction with mandatory VRP infrastructure, but Australia's Consumer Data Right regime is adding payment initiation services in 2026, and the EU's PSD3 includes a VRP-equivalent framework under the "premium API" provisions. We expect VRPs to be available across our 30+ country network within 24 months.
5. Commercial Open Banking: The Revenue Question
The most common objection I hear from traditional banking executives about open banking investment is: "Where's the revenue model?" It's a fair question. PSD2 required banks to offer data access and payment initiation for free to licensed third parties — which made it difficult for banks to build a business case for investing properly.
PSD3's premium API framework changes this calculus. Banks can now charge for:
- Enhanced data sets (longer transaction history, more granular categorisation, real-time transaction data)
- Guaranteed service levels and priority API access
- Dedicated technical support and implementation assistance
- Data enrichment services (merchant identification, location data, category tagging)
The banks that move first to build premium API products will capture significant market share among fintech builders who are willing to pay for better infrastructure. NatWest, BBVA, and Goldman Marcus are the names we're watching closely here — they have the data, the technical capability, and the commercial appetite to build genuine API-as-a-product offerings.
6. What Finance Leaders Should Do Right Now
After seven years watching open banking develop from the inside, here's my honest assessment of the priorities for finance leaders in 2026:
If you're an e-commerce or subscription business: Integrate A2A payment options now. The unit economics are compelling, the checkout UX has crossed the threshold of acceptability, and the early movers will build customer habits that compound over time. The case for waiting is weaker than it's ever been.
If you're a lender or credit provider: Deploy open banking-powered income verification and affordability assessment immediately. This is the highest-ROI application of open banking data available today — faster decisions, lower default rates, and better customer outcomes simultaneously.
If you're building a financial product: Think carefully about the data access you need and design your consent architecture now. PSD3's enhanced consent requirements mean that the customer journeys you build in 2026 will determine your data access patterns for years. Getting consent architecture right matters.
If you're a bank: Stop treating open banking as compliance and start treating it as product. The premium API opportunity is real. The banks that invest in their API products now will have recurring, sticky revenue streams from the fintech ecosystem that are largely independent of interest rate cycles.
"The question is no longer whether open banking will matter. The question is which businesses will have built their strategy around it before it becomes table stakes."
We are, without doubt, in the early stages of a fundamental restructuring of how financial data flows and how payments move. The infrastructure is maturing, the regulatory frameworks are improving, and the use cases are working at scale. The next five years will determine which companies are positioned to benefit from that restructuring — and which are disrupted by it.