TL;DR: Open Finance will let third parties do more than read data, including managing accounts and closing them with consent, which expands trust, liability, and API risk across UK financial institutions, according to Raidiam. The governance problem is no longer just access control but delegated authority, where consent, notification, and dispute handling all become identity controls.
NHIMG editorial — based on content published by Raidiam: Preparing for Open Finance: Strategic Priorities for UK Financial Institutions
By the numbers:
- Over 17 million consents have been safely managed in Brazil’s Open Finance implementation.
- (2025) will give regulators new powers to mandate, gulators new powers to mandate Smart Data schemes across sectors, including finance, energy, and telecoms.
Questions worth separating out
Q: How should financial institutions govern delegated third-party account actions in open finance?
A: Treat delegated account actions as privileged operations, not ordinary API calls.
Q: Why do open finance models change identity and access management requirements?
A: Open finance changes the control question from who may view data to who may act on a customer’s behalf.
Q: How do you know if consent management is actually working in open finance?
A: Consent management is working only if expired, narrowed, or withdrawn consent prevents execution immediately.
Practitioner guidance
- Map delegated account actions to privileged access controls Classify any third party that can close, move, or modify accounts as privileged.
- Bind consent to executable scope and expiry Store consent as machine-enforceable policy with explicit scope, expiry, and revocation state.
- Implement real-time customer notification for material actions Send immediate alerts for account closure, delegation changes, and high-risk third-party actions so customers can dispute activity before downstream settlement or account state changes complete.
What's in the full article
Raidiam's full thought leadership covers the operational detail this post intentionally leaves for the source:
- The article’s sector-specific examples of how Open Finance changes account closure, customer consent, and real-time notification requirements.
- Raidiam’s discussion of infrastructure priorities, including API scalability, authentication, and dispute-resolution processes.
- The article’s examples of global Open Finance use cases, including SME lending, insurance, and cross-border payments.
- Raidiam’s strategic recommendations for institutions deciding how to prepare for Open Finance now.
👉 Read Raidiam’s analysis of Open Finance priorities for UK financial institutions →
Open finance and delegated authority: what IAM teams need to change?
Explore further
Delegated authority is the real governance boundary in Open Finance. The article shows that the industry is moving past simple data access into account actions performed by third parties on behalf of customers. That changes the security question from who can read data to who can execute material financial decisions, and under what proof. Practitioners should treat delegated authority as a privileged identity problem, not a business-only consent issue.
A few things that frame the scale:
- Over 17 million consents have been safely managed in Brazil’s Open Finance implementation, according to Ultimate Guide to NHIs , 2025 Outlook and Predictions.
- Only 44% of developers are reported to follow security best practices for secrets management, exposing a significant developer behaviour gap.
A question worth separating out:
Q: What frameworks apply to open finance delegated access and trust controls?
A: NIST SP 800-63 Digital Identity Guidelines is relevant where stronger authenticator assurance and federation controls are needed. For broader access governance, zero trust principles also fit because third-party access should be continuously verified, scoped, and revocable across the full transaction path.
👉 Read our full editorial: Open finance shifts identity governance from access to delegated authority