Open finance identity verification: what IAM teams need to know

TL;DR: Open finance adoption is accelerating across North America, and Sumsub says sophisticated fraud rose by more than 180% last year, while FDATA now counts more than 30 member firms shaping permissioned data access standards. The practical issue is that consumer-permissioned finance still depends on identity controls that are not yet consistently designed for fraud-resilient delegation and consent.

NHIMG editorial — based on content published by Sumsub: Supporting the open finance ecosystem alongside FDATA members to advance secure, consumer-permissioned financial data access in North America

By the numbers:

• Open finance adoption is accelerating across North America, and FDATA represents more than 30 financial technology companies and consumer-permissioned data access platforms in the United States and Canada.
• Sumsub says sophisticated fraud rose by over 180% last year, raising the pressure on identity verification in permissioned data access flows.

Questions worth separating out

Q: How should organisations govern consumer-permissioned financial data access?

A: Organisations should govern consumer-permissioned access as a lifecycle problem, not a one-time consent event.

Q: Why does open finance increase identity verification requirements?

A: Open finance increases verification requirements because the identity check now decides whether data or transaction authority should be released across multiple parties.

Q: What do security teams get wrong about permissioned data access?

A: The common mistake is treating permissioned access as a compliance checkbox instead of an operational control.

Practitioner guidance

• Map delegated consent chains end to end Document every party that can receive, transform, or reuse consumer permission in open finance flows.
• Separate read and write policy paths Apply stricter authentication, verification, and approval rules to write-access flows than to read-only access.
• Feed fraud signals into access decisions Treat verification outcomes as inputs to real-time authorisation, not just onboarding records.

What's in the full article

Sumsub's full article covers the partnership and policy detail this post intentionally leaves for the source:

• FDATA working group participation across the U.S. Policy, Canada, and Write-Access groups
• Sumsub's own framing of how secure identity verification supports open finance policy discussions
• The specific open finance and consumer-permissioned access context behind the membership announcement
• The company and association statements in full, including the compliance and trust positioning

👉 Read Sumsub's update on joining FDATA to support open finance identity controls →

Open finance identity verification: what IAM teams need to know?

Explore further

View Full Forum →  |  NHI Foundation Course →