UK Fintech's Open Banking Bet: Post-Brexit Innovation Beyond PSD3
The UK's fintech founders are not waiting for EU PSD3. Instead, they're racing ahead on homegrown open banking frameworks overseen by the Financial Conduct Authority (FCA), building embedded finance products that tap into a market opportunity worth an estimated £10bn-plus in transaction value by 2026.
The misconception that UK fintech operates under PSD3—the EU's forthcoming Payment Services Directive—has muddied the waters for many entrepreneurs. Post-Brexit, the UK charts its own regulatory course via the FCA and Payment Systems Regulator (PSR). This independence has accelerated innovation in areas the EU is still debating, and UK founders are capitalising on the gap.
This playbook explores how UK fintech is leveraging open banking to build 2.0-generation products: embedded finance, cross-institution credit scoring, and B2B2C platforms. We'll examine real-world moves from Revolut and Starling, dissect the FCA's current sandbox approach, and outline the regulatory reality for founders entering the space in 2026.
The Regulatory Landscape: FCA Open Banking vs. EU PSD3
First, clarity: the UK's open banking regime is not PSD3. PSD3 is an EU legislative proposal, expected to be finalised in 2026–2027, that will apply to EU member states. The UK, having left the EU, operates independently.
The UK's open banking rules stem from two key sources:
- The Competition and Markets Authority (CMA) mandate (2015): Forced the 'Big Four' UK banks (HSBC, Barclays, Santander, Lloyds) to open customer data via APIs under strict consent frameworks.
- The Payment Systems Regulator (PSR) governance: The PSR, part of the FCA, oversees payment systems and has progressively expanded open banking requirements to third-party providers (TPPs).
- FCA Handbook rules: COBS (Conduct of Business), PERG (Permissions), and SYSC (Systems and Controls) govern how fintech firms use open banking data.
As of early 2026, the FCA is not mandating PSD3 adoption. Instead, the regulator is exploring an Open Finance roadmap (first published 2022, updated 2024–2025) that widens open banking beyond payments to include credit and insurance data. This roadmap is domestic and tailored to post-Brexit UK priorities.
For UK founders, this means: regulatory approval hinges on FCA rules, not EU compliance. Your licence application, sandbox entry, and data governance protocols must satisfy the FCA's interpretation of open banking, not Brussels.
What Open Banking 2.0 Means for UK Fintech Founders
Open Banking 1.0 was about data access—giving third parties read-only APIs to customer bank data under PSD2-equivalent rules. Open Banking 2.0 is about action: embedded finance, cross-institution payments, and AI-driven credit decisioning.
Three use cases dominate the UK fintech agenda:
1. Embedded Finance (Finance-as-a-Service)
Embedded finance decouples financial products from their traditional home. Instead of a customer leaving an e-commerce platform to apply for credit elsewhere, the lender embeds a creditworthiness check via open banking APIs directly into the checkout.
Revolut's Play: Revolut, founded by Nikolay Storonsky in 2015 and now valued at $45bn (as of late 2025), has expanded beyond remittance and FX to offer embedded lending through its B2B2C platform. Revolut Business, launched in earnest across 2023–2025, lets SME software providers integrate Revolut's credit and payment rails directly. For example, an accounting software vendor can embed a Revolut invoice finance product without building their own credit engine. Revolut pulls open banking data to underwrite in seconds, using the CMA's API standards.
Starling's Shift: Starling Bank, co-founded by Anne Boden in 2014, pivoted heavily into B2B2C platforms (marketed as 'Marketplace' initiatives). Starling's open APIs allow partners to embed lending, payment accounts, and FX products. Starling's partnerships with SME platforms (e.g., accounting software, invoice financing verticals) grew significantly in 2024–2025, underpinned by open banking data sharing under FCA consent frameworks.
For a founder launching an embedded finance product, the workflow is: (1) secure FCA authorisation as a credit broker or lender; (2) integrate with CMA-mandated bank APIs; (3) build consent flows under COBS 2.1R (Information About the Firm); (4) implement data minimisation per ICO GDPR guidance and FCA Handbook SYSC 3.2 (risk management).
2. Open Data-Driven Credit (Beyond FICO)
UK fintech founders are experimenting with alternative credit models using open banking transaction history. Instead of relying on Equifax or Experian credit scores—which exclude ~11.3m UK adults with limited credit histories—startups build bespoke risk models from 12–24 months of transaction data.
Example: Uncapped, Revolut, and Emerging Lenders: Uncapped (a revenue-based financing platform) uses open banking data to assess cash flow for SMEs. Revolut's credit decisioning also leans on transaction velocity and pattern recognition. These approaches require FCA operational resilience (CASS—Client Assets) and robust data handling (SYSC 10 for algorithmic governance).
The FCA's 2024–2025 guidance on AI and Algorithmic Governance in Credit (part of its Operational Resilience initiative) now mandates stress-testing credit models for bias and market shocks. Founders using open banking data for decisioning must audit model fairness under COBS 2.1R and SYSC 3.2.
3. Cross-Institution Payments and Liquidity Networks
Open banking also enables peer-to-peer settlement networks without traditional banking rails. Fintech founders are building B2B payment networks where SMEs settle invoices or payroll across multiple providers simultaneously.
Platform Example: While no single UK startup dominates here yet, the architecture is established: open banking APIs allow Fintech A to pull SME X's balance from Bank B, verify funds, and initiate a payment to Fintech C's account at Bank D—all in real-time, with instant settlement. This removes banking intermediaries for certain use cases and unlocks liquidity trapped in multiple accounts.
FCA Sandboxing and Runway: How Founders Get to Market
The FCA's Regulatory Sandbox (now part of its broader 'Accelerator' programme) allows eligible fintech founders to test open banking innovations with reduced compliance burden. As of 2026, the sandbox operates in cohorts and focuses on three priority areas:
- Open Finance (data breadth): Expanding open banking beyond payments to insurance, credit, and investment data.
- Financial Crime Detection: Using AI and open banking data to improve AML/KYC.
- Consumer Protection: Testing novel consent and transparency mechanisms.
Entry Requirements:
- Proof of concept or beta product addressing a genuine regulatory or consumer problem.
- Clear data governance plan compliant with GDPR and FCA SYSC 10.
- Proposed timeline to mainstream authorisation (12–24 months typical).
- Letters of support from banks or data-sharing partners.
Founders should apply via the FCA's Innovation Hub (sandboxing applications open year-round; cohorts announced quarterly). Competition is fierce: the FCA typically admits 20–40 firms per cohort from 200+ applications.
Sandbox Benefits: Limited relief from certain authorisation requirements (e.g., capital adequacy waivers for fintech conducting trials with sandboxed funds), extended timelines for rule adherence, direct regulator dialogue, and public credibility.
Post-Sandbox Path: After sandbox exit, firms must pursue full FCA authorisation as a Payment Institution (PI) under PSD2-equivalent rules (Electronic Money Regulations 2011, as amended), a Credit Broker, or a Credit Lender, depending on their model. This typically takes 6–12 months and costs £50k–£200k in legal and compliance setup.
Real-World Data: Market Sizing and Founder Traction (2025–2026)
How large is the open banking opportunity in the UK?
Transaction Value: The UK open banking ecosystem processed an estimated £40bn–£60bn in annualised transaction value by end of 2025 (across payments, cash flow data access, and emerging embedded finance). Projections for 2026–2027 suggest acceleration to £80bn–£120bn if cross-institution payment adoption and credit products scale.
SME Adoption: UK Government SME Census data (2024 update) shows approximately 5.5m SMEs in the UK. Of these, roughly 15–20% have engaged with open banking-enabled services (payment initiation, invoice financing, cash flow forecasting) as of late 2025. Growth is accelerating as awareness spreads and embedded finance becomes default.
Fintech Funding: UK fintech fundraising recovered in 2025, with open banking-focused startups attracting disproportionate interest. Revolut's continued expansion, Starling's B2B2C investments, and emerging platforms like TrueLayer (API aggregator) and Yapily (embedded finance platform) have collectively raised over £2bn in venture capital since 2020. In 2025–2026, deal flow for Series A/B-stage open banking fintech remains robust (100+ active deals per quarter), though larger cheques (£10m+) are now selective on unit economics and regulatory clarity.
FCA Authorisations: As of Q1 2026, the FCA has authorised ~750 Payment Institutions and Electronic Money Institutions (many fintech, some infrastructure). Growth in authorisations slowed slightly in 2024–2025 (from ~150/year to ~120/year) due to enhanced onboarding scrutiny post-2023 regulatory tightening (e.g., FCA's operational resilience requirements).
Regulatory Risks and Compliance Realities for Founders
Open banking innovation is not frictionless. Founders must navigate several regulatory gauntlets:
Data Minimisation and Consent
The FCA and ICO both require that fintech firms collect only the open banking data necessary for their stated purpose. Many startups attempt to vacuum all available transaction data 'for future use'—this violates GDPR Article 5 (purpose limitation) and FCA COBS 2.1R (fair dealing). You'll face compliance action if audited. Solution: implement granular, time-bound consent flows and document justification for each data field you request.
Strong Customer Authentication (SCA) and Exemptions
FCA rules (inherited from PSD2) mandate Strong Customer Authentication for payment initiation, with carve-outs for low-risk, recurring transactions. Many founders misapply exemptions (e.g., claiming SCA relief for high-value transfers). The FCA has recently tightened scrutiny here. Ensure your SCA implementation is audited by external compliance counsel before go-live.
Operational Resilience (CASS/Algorithmic Governance)
The FCA's Operational Resilience rules (CASS 6A and SYSC 10-2R), fully in force as of 2026, require fintech firms to stress-test their systems against market shocks, data breaches, and vendor failures. If you're using open banking data for underwriting, you must prove your AI model is resilient to API outages, data poisoning, and bias drift. This requires annual attestation and FCA reporting. Budget £30k–£100k annually for this.
Cross-Border Considerations: EU Passport and Divergence
UK fintech can no longer passport into EU states via the old PSD2 regime. If you want to expand into EU markets, you must either: (1) establish an entity in an EU member state and seek local authorisation, or (2) negotiate bilateral data-sharing agreements with EU partners. As PSD3 crystallises in the EU in 2027–2028, expect a widening regulatory gap. Plan accordingly in your 3-year roadmap.
Founder Playbook: Launching an Open Banking Fintech (2026 Edition)
If you're a founder eyeing open banking, here's the stripped-down operational checklist:
Phase 1: Validation and Sandbox (Months 1–6)
- Define your use case: Embedded lending, cross-institution payments, alternative credit, or data analytics? Be specific. Generic 'fintech platforms' attract FCA scepticism.
- Map your data dependencies: Which open banking APIs do you need? (CMA-mandated bank endpoints, third-party API aggregators like TrueLayer or Yapily, or proprietary partnerships?)
- Build MVP with sandbox banks: HSBC, Barclays, Santander, and Lloyds all offer sandbox environments for testing open banking integrations. Use these before applying to FCA Sandbox.
- Draft your FCA Sandbox application: Include problem statement, regulatory gap addressed, timeline to authorisation, and data governance plan. Apply 3–4 months before your target cohort launch.
Phase 2: Sandbox Execution (Months 6–18)
- Recruit 50–200 beta users: Test product-market fit and refine underwriting/payment flows in a sandboxed environment with real users.
- Build compliance infrastructure: Hire or contract a Compliance Officer (in-house by month 12). Implement GDPR Data Processing Addendums with all partners, audit trails for consent, and KYC/AML screening.
- Stress-test your operations: Run failure scenarios: What if your API aggregator goes down? How do you notify users and maintain service? Document and test recovery procedures.
- Engage FCA directly: Use the sandbox's 'regulator access' to discuss novel risks. The FCA will flag compliance blind spots early, saving you months later.
Phase 3: Full Authorisation (Months 18–30)
- Prepare formal FCA authorisation application: This requires a detailed business plan, financial projections, governance structure, and evidence of market traction from sandbox. Expect 6–12 months for FCA review.
- Capitalisation: FCA may require minimum capital reserves (typically £125k for a Payment Institution, £500k+ for a Credit Lender). Ensure you have raised sufficient funds.
- Insurance and bonding: Professional Indemnity Insurance (£1m–£5m coverage) and E&O insurance are now mandatory. Budget £20k–£50k/year.
- External audit and compliance attestation: Contract a Big 4 or specialist fintech auditor to produce an SOC 2 Type II or equivalent report. This strengthens your FCA application and reassures investors.
Phase 4: Post-Authorisation (Ongoing)
- Annual Operational Resilience reporting: CASS 6A mandates annual attestation to the FCA on your system availability, data recovery, and vendor management. Set up internal audit procedures now.
- Continuous API maintenance: Open banking APIs evolve (new bank onboarding, API versioning). Maintain your integration layer and test API changes quarterly.
- Monitor PSD3 and FCA Open Finance roadmap: While the UK is not adopting PSD3, the FCA may harmonise certain rules with EU proposals for competitive parity. Stay ahead with a regulatory affairs resource (1 FTE or external counsel retainer).
Lessons from Revolut and Starling: What Works
Revolut's playbook: Build a core product (FX/remittance) with strong unit economics, then expand horizontally into adjacent services (lending, SME accounts, crypto) by leveraging your customer base and open banking integrations. Revolut's success hinged on cross-selling and B2B2C distribution, not solely on open banking data. The open banking infrastructure was an enabler, not the product. Lesson: open banking is a tool, not a business model by itself.
Starling's shift: Recognising that B2C retail banking is saturated, Starling pivoted to B2B2C partnerships and marketplace models, allowing SME software vendors to embed Starling's financial services. Open banking data (e.g., supplier payment histories, cash flow patterns) informed creditworthiness for embedded lending products. Starling's FCA authorisation as a bank gave it trust and capital efficiency; its open banking integrations gave it speed and scale. Lesson: regulatory authorisation (bank status) de-risks open banking expansion for partners.
Forward-Looking: Open Banking 3.0 and the 2026–2027 Horizon
As we move into the second half of 2026, three macro trends will reshape open banking for UK fintech:
1. Real-Time Cross-Border Settlement
The Bank of England and fintech consortia are exploring CBDC (Central Bank Digital Currency) pilots for instant, low-cost cross-border payments. While CBDC deployment is 2027+ reality, fintech founders should explore partnerships with infrastructure players (e.g., blockchain-based settlement networks) now. Open banking APIs will integrate with these new rails, making today's payment initiation quaint in 3–5 years.
2. Embedded Insurance and Investment
The FCA's Open Finance roadmap explicitly includes insurance and investment data in 2026–2027. Founders can expect regulatory appetite for embedded insurance (e.g., payment protection bundled into e-commerce transactions) and investment products (e.g., workplace pension auto-enrolment via payroll APIs). First-mover advantage here is significant: expect 2–3 cohorts of sandbox-stage insurtech/wealthtech entrants in 2026–2027.
3. AI-Driven Financial Crime Detection
The FCA is increasingly keen on fintech using open banking data for AML/KYC enhancements. Startups using transaction graph analysis, anomaly detection, and network mapping to flag financial crime are now attractive to regulators. If you're building an open banking fintech, a financial crime angle (secondary or primary) will accelerate FCA engagement.
Regulatory Divergence: UK vs. EU
As PSD3 crystallises in the EU (2026–2028), the UK will likely chart a distinct path. The FCA may relax certain protections (e.g., stronger consent requirements, broader data scope) to promote innovation, while the EU tightens them. UK fintech has a window (now until 2028) to build products and scale them globally before EU PSD3 locks in different rules. Founders should factor this into their 3–5 year expansion strategy: build and scale in the UK, then adapt for EU markets post-2027.
Conclusion: The Opportunity and the Grind
Open banking 2.0 is real. UK fintech founders have a genuine, scalable opportunity to build embedded finance, alternative credit, and cross-institution payment products. The market is large (£10bn+ opportunity), the regulatory environment is comparatively permissive (vs. EU and US), and early-stage capital is available (albeit more selective than 2021–2022).
But success requires discipline: regulatory compliance is not a check-box, it's operational DNA. Data governance, consent flows, and operational resilience must be baked into your product roadmap from day one, not grafted on later. The FCA will not approve your authorisation application if these are afterthoughts.
For founders launching in 2026, the playbook is clear: (1) validate your use case with an MVP; (2) apply for the FCA Sandbox; (3) build compliance infrastructure in parallel; (4) pursue full authorisation once sandbox proves product-market fit; (5) monitor the FCA Open Finance roadmap and PSD3 evolution for emerging opportunities.
The window for UK open banking innovation is now. First-mover advantage in embedded finance, alternative credit, and real-time settlement is available to founders willing to navigate the regulatory gauntlet. The winners—Revolut, Starling, and the next generation—will be those who treat FCA rules not as constraints, but as a moat that deters competition and builds customer trust.
Related Articles
Gig Economy Founders Brace for Worker Rights Reforms
UK gig economy founders face mounting pressure to reclassify workers as employees. Analysis of legal shifts, compliance costs, and platform strategies post-2021 Supreme Court ruli…
North Sea Oil Fields Push Risks UK Climate Leadership
Explore warnings that approving new North Sea fields would undermine UK climate goals and global targets, amid pressure from industry, Conservatives, and uni
UK Tax Reforms: What VC Leaders Really Say About 2026 Changes
Explore how UK tax reforms affect venture capital, hiring, and exits in 2026. Balance investor concerns with EMI wins and expanded EIS/VCT thresholds.
EMI Reforms Supercharge UK Scale-ups' Talent Wars
EMI scheme expanded: £120m asset threshold, 500-employee cap. How UK scale-ups use employee shares to compete globally for talent in 2026.