Open finance and delegated authority: what IAM teams need to change

TL;DR: Open Finance will let third parties do more than read data, including managing accounts and closing them with consent, which expands trust, liability, and API risk across UK financial institutions, according to Raidiam. The governance problem is no longer just access control but delegated authority, where consent, notification, and dispute handling all become identity controls.

NHIMG editorial — based on content published by Raidiam: Preparing for Open Finance: Strategic Priorities for UK Financial Institutions

By the numbers:

• Over 17 million consents have been safely managed in Brazil’s Open Finance implementation.
• (2025) will give regulators new powers to mandate, gulators new powers to mandate Smart Data schemes across sectors, including finance, energy, and telecoms.

Questions worth separating out

Q: How should financial institutions govern delegated third-party account actions in open finance?

A: Treat delegated account actions as privileged operations, not ordinary API calls.

Q: Why do open finance models change identity and access management requirements?

A: Open finance changes the control question from who may view data to who may act on a customer’s behalf.

Q: How do you know if consent management is actually working in open finance?

A: Consent management is working only if expired, narrowed, or withdrawn consent prevents execution immediately.

Practitioner guidance

• Map delegated account actions to privileged access controls Classify any third party that can close, move, or modify accounts as privileged.
• Bind consent to executable scope and expiry Store consent as machine-enforceable policy with explicit scope, expiry, and revocation state.
• Implement real-time customer notification for material actions Send immediate alerts for account closure, delegation changes, and high-risk third-party actions so customers can dispute activity before downstream settlement or account state changes complete.

What's in the full article

Raidiam's full thought leadership covers the operational detail this post intentionally leaves for the source:

• The article’s sector-specific examples of how Open Finance changes account closure, customer consent, and real-time notification requirements.
• Raidiam’s discussion of infrastructure priorities, including API scalability, authentication, and dispute-resolution processes.
• The article’s examples of global Open Finance use cases, including SME lending, insurance, and cross-border payments.
• Raidiam’s strategic recommendations for institutions deciding how to prepare for Open Finance now.

👉 Read Raidiam’s analysis of Open Finance priorities for UK financial institutions →

Open finance and delegated authority: what IAM teams need to change?

Explore further

View Full Forum →  |  NHI Foundation Course →