Open Banking vs Open Finance: What's the Difference?

By the end of 2025, 16.5 million people in the UK were using an open banking connection. That is roughly one in three adults, according to Open Banking Limited's 2025 impact figures. Most of them have no idea what open finance is, even though it is the regime that will quietly absorb open banking over the next few years.

Open banking and open finance are not competing ideas. They are the same idea applied to different parts of your money. The first one is mature, mostly invisible, and already running inside your budgeting app. The second is being legislated into existence right now.

Here is what is actually different, why it matters, and what to expect.

The one-sentence version

Open banking gives regulated third parties secure, consented access to your bank, savings and credit-card data, and (with extra permission) the ability to send payments from those accounts. Open finance does the same for everything else: investments, pensions, mortgages, insurance, consumer credit, savings products and SME lending.

Same plumbing, broader scope.

What is open banking, exactly?

Open banking is a regulatory regime built around two things: standardised APIs that banks must expose, and a strict consent and authentication flow that protects the user.

In the EU, it was created by the Second Payment Services Directive (PSD2), which has been in force since January 2018. In the UK, the same rules apply, layered with a 2017 Competition and Markets Authority order that forced the nine largest banks to build a common API standard. That standard is maintained by Open Banking Limited.

It covers two services:

• AIS (Account Information Services): a read-only view of balances and transactions
• PIS (Payment Initiation Services): the ability to instruct a payment from your account

If you have ever used a budgeting app that pulls your current account in automatically, you have used AIS. If you have paid HMRC by bank transfer through their gov.uk page, you may well have used PIS.

We have a longer walkthrough of how this works under the hood in Open Banking Explained, if you want the technical detail.

What open finance actually adds

Open banking stops at payment accounts. Your pension, your stocks and shares ISA, your mortgage, your home insurance, your private equity, your robo-adviser portfolio: none of it is covered. There is no legal obligation for those providers to expose your data through a standard API, no shared consent model, no regulated list of who can ask for it.

Open finance closes that gap.

Under an open finance regime, a regulated app could see, with your permission:

• Workplace and personal pensions, plus your state pension forecast
• ISA and brokerage holdings, including individual positions and historical performance
• The current balance, rate and term on your mortgage
• The premiums, cover and renewal dates of your insurance policies
• Loan and credit-card terms beyond what is already shared under PSD2
• Savings and fixed-deposit products

For most people, the obvious use case is a single, real-time net-worth view that includes everything. Right now, even the best personal finance apps have to ask you to enter pension values manually or chase mortgage statements through the post.

How safe is open banking, really?

This is the question that comes up first when anyone meets the idea cold, and the honest answer is: safer than what most apps used to do.

A few things underpin that.

You never share your bank login with the third party. The authentication happens directly with your bank, usually through its own app and biometrics. The third party only ever sees the specific data fields you explicitly approve.

Strong Customer Authentication (SCA) is mandatory. PSD2 requires at least two of three independent factors (something you know, something you have, something you are) for every consent and every payment. That same requirement carries through to open finance.

Consent is granular, time-bound and revocable. In the UK, AIS consent must be reconfirmed every 90 days. You can withdraw it at any moment, from either your bank or the third party.

The fraud numbers are striking. According to Open Banking Limited's H1 2025 fraud data, open banking payment journeys saw fraud at 0.013% by volume, against 0.045% across the wider UK payments industry. By value the gap narrows, but open banking still comes out ahead.

Only firms authorised by the FCA (or their EU equivalents) and listed on the Open Banking Directory can access UK data. If an app is not on the Directory, it is not using open banking. It is doing something else, and you should be cautious.

None of that makes the system perfect. It cannot stop you from approving a malicious app, and AI-driven social engineering attacks have risen sharply in the last 18 months. But the protocol itself is materially more robust than the screen-scraping and credential-sharing model it replaced.

Where the regulation is heading

Open finance is not one law. It is a wave of overlapping regulation, each at a different stage.

United Kingdom. The Data (Use and Access) Act 2025, which received Royal Assent on 19 June 2025, created the legal framework for "smart data" schemes including open finance. On 14 April 2026, the FCA published its Open Finance roadmap, prioritising SME credit and mortgages as the first use cases. A formal discussion paper is due in Q4 2026, with the framework targeted for 2027 and full build-out by 2030.

European Union. The Financial Data Access Regulation (FIDA) is the EU's flagship open finance law. Proposed in June 2023, it is still in trilogue as of May 2026, with France and Germany pushing for a simplified version. Realistic compliance start: 2027 to 2028.

United States. The Consumer Financial Protection Bureau's Section 1033 final rule, published in October 2024, was the first formal open banking framework in the US. It has since been enjoined by a federal court and the CFPB is reconsidering it. In practice, the US market still runs on private bilateral agreements between aggregators (Plaid, MX, Finicity, Akoya) and banks.

Australia. The Consumer Data Right is already live in banking and energy, with non-bank lenders being added from 2026. Telecoms and insurance rollouts have been paused pending a strategic review.

The direction of travel is unanimous. The question is timing, not whether.

What open finance will let you do

Some of this already exists in private, aggregator-driven form. Open finance will make it ubiquitous, regulated and consent-based.

A real net-worth view. Today, building an accurate net-worth figure usually involves logging into pension portals, downloading statements and typing numbers into a spreadsheet. Open finance turns that into a refresh button.

Pension consolidation. The UK's Pensions Dashboards Programme has been trying to deliver this for years. Open finance gives it API rails.

Mortgage switching that triggers itself. If your mortgage rate, term and outstanding balance are visible to a regulated app, that app can alert you the day a better deal becomes available, with your numbers, not generic ones.

Insurance comparison without the form-filling. Pre-fill aggregator forms automatically from existing policy data.

SME lending decisions in hours, not weeks. Combine bank, accounting, invoicing and tax data through a single API call.

For the FIRE community in particular, the difference is significant. Realistic early-retirement modelling needs to see every account, every contribution, every fee, every historical return. Today that is a slog. Under open finance, it is one consent away.

What to look for in an app

The checklist is the same for both.

• Is it FCA-authorised (or the local equivalent: BaFin, ACPR or another EU regulator; accredited under CDR in Australia)?
• Does it appear in the Open Banking Directory or its equivalent register?
• Is the authentication redirecting you to your bank's own app or website, or is it asking for your bank password directly?
• What is the consent actually doing? Read-only access? Payment initiation? For how long?
• Where does the data sit afterwards? An EU or UK provider falls under GDPR. Storage location and security model matter.
• How is the company making money? An app monetised by advertising or data brokerage has a different incentive structure than one paid by the user.

If those answers are clear and the app sits on the relevant directory, the protocol itself is robust.

Where Endute fits

At Endute we already use open banking to connect EU accounts (through GoCardless, covering 2,300+ banks) and US accounts (through Quiltt and MX). UK open banking is provided via Finexer. Every connection is OAuth-based, read-only and runs through the regulated infrastructure described above.

Open finance is where this gets more interesting. The data we cannot yet pull through open banking (pension values, individual investment positions outside cash brokerage, mortgage balances, insurance policies) is exactly the data that turns a good personal finance app into a complete picture of your money. We are building toward that, both manually (manual asset entry, custom securities, tangible asset tracking) and through provider integrations as the regulation lands.

What changes for you

The short version: open banking is here, it is safer than the alternatives that came before it, and it covers your spending accounts. Open finance is the same model applied to the rest of your financial life, and it is being built into law on three continents.

Most people will not notice the transition. The apps they already use will quietly add more data sources. The pension that has lived on a separate website for ten years will appear in the same dashboard as the salary that funds it. The net-worth number that took an hour to update once a quarter will refresh itself overnight.

That is what open finance is for. Not a new product. A bigger door.