BNM Gears Up for Open Finance, Here's Everything You Need to Know

As Malaysia’s financial sector becomes increasingly digital, the volume and complexity of customer information have grown just as quickly. The need for secure, reliable and well-governed data infrastructure has never been clearer. Trust, consistency and resilience now sit at the heart of a modern financial system.

Today, BNM’s latest exposure draft on Open Finance sets out BNM’s proposed regulatory requirements on the topic. The proposed regulatory requirements is designed to give customers explicit, specific, voluntary and revocable control over how their financial information is access and used.

While strengthening customer empowerment, it also aims to enable the industry to deliver more innovative, efficient and inclusive services.

Why Open Finance Matters Now

Open finance is becoming increasingly important as it directly supports the vision for a safer, more structured approach to financial data sharing.

Today’s existing arrangements in Malaysia are fragmented and inconsistent, often leaving customers with limited visibility or control. Open finance changes this by enabling consent-driven information sharing, giving customers clearer authority over how their financial data is accessed, used, and shared.

This shift empowers customers to take a more active role in managing their financial information while unlocking data-driven innovation across the industry.

With better access to verified data, financial institutions can, in turn, deliver more personalised products, support more accurate decision-making, and widen access to services for underserved communities.

bnm exposure draft on open finance — Source: BNM Exposure Draft on Open Finance

Its benefits, as illustrated above, are clearly two-fold.

The Proposed Blueprint Behind Malaysia’s Open Finance Rollout

BNM’s proposed regulatory requirements go beyond defining open finance as a concept. It sets out proposed rules that could determine how the entire ecosystem operates once data sharing becomes permissioned, structured and industry-wide.

The first step is clarifying who must participate.

Financial service providers will be mandated to join open finance as data providers and data consumers, guided by reciprocity.

The draft then explains the scope of information that data providers must share once customers give their consent. It also covers the timeline for mandated participation, alongside the customer information required for sharing.

A major portion of the proposed requirements focuses on consent. BNM lays out how consent should be obtained, monitored, renewed and revoked throughout the lifecycle, and the protection measures to safeguard customer information.

The guidelines also detail the management of technology and cyber risks associated with open finance.

BNM is clear that this will not happen overnight. Building an open finance ecosystem is a multi-year journey that requires all stakeholders to move collectively for an orderly, secure implementation.

To support an orderly rollout, the requirements will be phased, allowing ecosystem stakeholders and customers to build familiarity and confidence over time.

How Information Sharing Will Work in Open Finance

Mandated financial service providers will be required to participate in the open finance platform as data providers.

When a customer asks for their information to be shared, the institution must release the prescribed data to the requesting financial service provider, and only within the boundaries of consent that the customer has given.

This ensures that data sharing remains purposeful, permissioned and fully aligned with the consent requirements set out in the exposure draft.

BNM also leaves room for the industry to go further. Where technology standards support it, and with the customer’s explicit consent, data providers may choose to share additional information beyond what is mandated.

This voluntary expansion allows the ecosystem to innovate responsibly while still giving customers full control over how much of their financial information they wish to make available.

How Customers Can Manage Their Consent

A central feature of open finance is the customer’s ability to control how their information is shared. To support this, every participating financial service provider must offer a digital consent dashboard that customers can access.

This dashboard is where customers can see and manage all consents they have granted under the open finance arrangement.

Through this dashboard, customers can view all active and past consents within the timeframe set by the open finance platform. They can also review the details of each consent, including the type of information shared, the purpose for which it is used and how long the consent remains valid.

Most importantly, customers can revoke their consent at any moment, ensuring they maintain full authority over their data.

Data consumers have additional responsibilities. Their dashboards must allow customers to renew consent anytime and provide clear notifications when a consent is nearing expiry.

This ensures that customers are not caught off guard by lapses in permission and can continue or discontinue data sharing based on their preferences.

All dashboards must update in real time. Any renewal, revocation or expiry of consent must be reflected immediately, giving customers an accurate and up-to-date view of how their information is being shared.

This real-time transparency is essential to maintaining trust and ensuring that customers remain in control throughout the open finance lifecycle.

BNM Phases the Transition to Open Finance

BNM will introduce open finance in stages to ensure that institutions have sufficient time to prepare their systems, strengthen data governance and build customer readiness.

The transition will begin with the larger banks before expanding to a broader set of financial service providers, reflecting a calibrated approach that balances scale, capability and ecosystem stability.

BNM open finance — Source: BNM Exposure Draft on Open Finance

The phasing also applies to the types of customer information that must be shared. Initial requirements cover account and transaction information for individual customers, followed by the inclusion of SME data in the second phase.

For reference, deposit accounts in the table above include savings accounts, current accounts, fixed deposits and Islamic deposit products.

From 2028 onwards, any mandated institution onboarding as a data provider on or after 1 January 2028 will be required to share individual and SME customer information, subject to customer consent.

BNM is inviting written feedback on the proposed regulatory requirements in this exposure draft. Stakeholders are encouraged to highlight specific issues, identify areas that may require clarification or deeper explanation, and offer alternative proposals for BNM to consider.

Feedback must be submitted through the designated form no later than 1 March 2026.

Featured image: Edited by Fintech News Malaysia based on images by Frolopiaton Palm and user1861239 on Freepik

BNM Gears Up for Open Finance, Here’s Everything You Need to Know

Author

Could BNM’s Latest Job Hirings Point to What Comes Next for Digital Assets?

PM Anwar Urges Bank Rakyat to Pursue Competitive, Sustainable Business Model

Former MH17 Prosecutor Datuk Manoj Kurup Joins SC as Enforcement Director

18.4 Billion Transactions Later, How Close Is Malaysia to a Cashless Future?

PMO’s Nurhisham and BSN’s Jay Khairil May Snag Top Post at KWAP, Report Says

Capital A Taps Ex-CIMB Leader Effendy Shahul Hamid as Deputy CEO

Bursa Malaysia, HKEX Launch Joint Large-Cap Index Spanning 60 Companies

What Do BNM’s New Technology Risk Rules Mean for the Payments Industry?

Alvin Feng on Huawei’s Vision for AI-Driven Banking at MWC 2026

Alex Tan Wants to Make an IIMMPACT on Malaysia’s Digital Payment Rails