Key observations

• BNM is taking a facilitative regulatory approach, encouraging industry-led adoption rather than imposing strict mandates upfront.

• Regulatory Sandbox relaunched in 2025 allows real-world testing of open banking APIs with oversight and flexibility.

• Strong industry collaboration between banks, fintechs, and regulators is driving standard-setting and pilot projects.

• Technical standards align with global norms – including RESTful APIs, JSON, OAuth2, TLS 1.2+, and ISO 20022.

Malaysia's Open Banking Journey in 2025: Building the Foundation for Financial Transformation

As we move deeper into 2025, Malaysia is making steady and deliberate progress toward open banking. While it may not be racing ahead with sweeping mandates like some global counterparts, the country is taking a thoughtful, collaborative, and infrastructure-first approach to unlock the potential of open financial ecosystems.

Malaysia’s strategy hinges on balancing innovation with trust, inclusivity with stability, and industry momentum with regulatory guidance. At the heart of this journey is Bank Negara Malaysia (BNM), which has positioned itself not as a top-down enforcer but as an enabler of industry-led transformation.

The Regulatory Approach: Enablement Over Enforcement

Unlike some jurisdictions that implemented open banking through strict regulations and tight deadlines, Malaysia is opting for a measured, facilitative approach. BNM’s policy document on publishing open data through APIs, released between 2023 and 2024, sets the tone for transparency, collaboration, and standards alignment without forcing immediate compliance.

This policy encourages banks and financial institutions to publish standardized APIs for data sharing in a secure, documented, and accessible way. Importantly, it doesn't yet compel banks to open customer-permissioned APIs for account access or payments, but instead emphasizes publishing open data (such as product details, branch locations, or rates) as the first step.

What follows is a sandbox-centric model that allows industry players to explore and pilot real use cases in a controlled environment. The BNM Regulatory Sandbox, relaunched in 2025, provides the infrastructure and supervision to test API-based innovations with regulatory breathing room.

Sandboxing Real Innovation

The sandbox is a critical part of Malaysia’s open banking playbook. Rather than over-engineer a centralized API framework, BNM has opened a regulatory safe space where banks, fintechs, and service providers can test everything from account aggregation and payment APIs to digital identity verification and alternative credit models.

These sandbox pilots are important not only for proving product-market fit, but also for understanding technical challenges, refining security models, and demonstrating consumer value. Participants are required to operate with transparency, follow strong data protection protocols, and submit progress updates to the central bank. This approach ensures innovation without sacrificing systemic trust.

Technical Standards: Aligning with the Best

Malaysia’s open banking architecture draws from global best practices, with a clear emphasis on security, interoperability, and developer experience. Key standards include:

• OAuth 2.0 for secure user authentication and access token management

• TLS 1.2+ for encrypted communication

• RESTful APIs with JSON formatting for data payloads

• ISO 20022 and ISO 8583 for financial messaging compatibility

• Granular consent frameworks, including time-bound and revocable access tokens

Banks participating in sandbox trials must also offer sandbox environments, developer portals, API documentation, and test packages. These are essential for encouraging third-party developers to build, iterate, and integrate new services confidently.

Industry Collaboration at the Core

One of Malaysia’s strongest advantages is the collaborative structure it has built around open banking. BNM leads a working group that includes banks, fintechs, and regulators—all working together to align technical standards, resolve disputes, and propose implementation models.

Major financial institutions like Maybank, CIMB, and Public Bank are actively involved, not just in compliance but in shaping the future business models for open APIs. On the fintech side, platforms such as Grab Financial, Touch ’n Go, Boost, and Jirnexu are exploring ways to integrate bank data to power lending, insurance, and payments at scale.

This co-development model builds trust and ensures that future policies reflect real operational needs. It also helps drive early adoption of API-based services that deliver measurable value.

Emerging Use Cases

Although still in the pilot phase, several use cases are already showing traction:

• Account Information Services (AIS): Fintech apps are aggregating account data across banks, giving consumers a unified financial view and real-time cash flow tracking.

• Open API Lending: Lenders are using permissioned bank transaction data to build alternative credit scoring models for individuals and SMEs.

• Payment Initiation: API-enabled direct debit and Pay-by-Bank flows are being tested for utility bills, e-commerce, and recurring subscriptions.

• eKYC and Identity Verification: Bank-verified user data is being used to simplify onboarding and compliance for new financial accounts.

• SME Treasury Tools: API access is enabling cash flow management, payroll integration, and expense tracking across multiple accounts.
  

Building the Business Case: Monetization Models

One question that still looms large is: how will open banking be monetized? In the absence of regulatory mandates, the push to open up APIs must be balanced by commercial incentives.

Some models under discussion include:

• Freemium APIs: Basic data endpoints offered for free, with premium tiers for enriched insights or guaranteed SLAs.

• Pay-per-call pricing: APIs priced based on usage, tiered by call volume or complexity.

• Subscription-based access: Monthly access fees for certain API bundles.

• Revenue-sharing models: Embedded finance offerings where banks and fintechs share revenue from downstream services (e.g., BNPL, lending, insurance).

The challenge will be balancing cost recovery for banks with affordability for fintechs, while keeping end-user experiences simple and trustworthy.

Consumer Trust and Awareness: Still a Hurdle

A major challenge to open banking adoption in Malaysia is consumer trust and education. Many Malaysians are still cautious about sharing their financial data—even with consent—and remain unclear on the benefits of doing so.

This makes awareness campaigns and trust-building initiatives critical. Banks and fintechs must invest in transparent consent flows, clear explanations of data usage, and strong customer support. Open banking only works when users understand that they are in control.

BNM and industry players must also align on user-friendly consent dashboards that allow people to manage permissions across all third-party apps—similar to what we’ve seen in the UK and Australia.

Infrastructure Challenges: Legacy Systems vs. Modern APIs

While Malaysia’s digital infrastructure is advanced in many ways, core banking systems still pose a barrier. Many banks operate on legacy, monolithic systems that weren’t built for real-time, event-driven architectures.

To overcome this, banks are deploying middleware layers, API gateways, and microservices to gradually modernize their stack. But this takes time and resources—and some smaller institutions may lag behind.

The regulatory sandbox helps by giving these institutions time to experiment and learn before going live. Still, large-scale rollout will require significant investment in tech transformation.

ASEAN Opportunity: Going Borderless

One of the most exciting aspects of Malaysia’s open banking journey is its regional potential. As part of ASEAN’s QR interoperability initiative, Malaysia is already integrated with Thailand and Indonesia for real-time cross-border payments.

Open banking can build on this foundation by enabling:

• Cross-border lending models

• Real-time remittance and FX services

• Travel insurance and payments tied to mobile apps

Malaysia is in a strong position to co-lead ASEAN’s open finance evolution, offering a blueprint for responsible, inclusive innovation.

Looking Ahead: What to Expect

By the end of 2025, we expect to see:

• Published API catalogs from leading banks

• Sandbox case studies showing real-world metrics

• Fintech launches of data-driven products in lending, payments, and personal finance

• Greater clarity on monetization frameworks

• Increased consumer-facing education on consent and privacy

If Malaysia continues its collaborative and standards-driven approach, 2026 could mark the shift from pilots to real production-grade deployments.

Final Thoughts: The Time to Build is Now

Malaysia isn’t rushing open banking. But it’s building it smartly—with collaboration, clarity, and infrastructure at the center. The sandbox-first approach gives institutions room to explore, fail safely, and refine offerings. The policy documents show regulatory commitment without overreach. And the involvement of fintechs, banks, and tech players ensures broad ecosystem support.

The next frontier will be real commercial models, strong consumer experiences, and cross-border use cases that extend Malaysia’s impact beyond its borders.

For now, the groundwork is in place. The sandbox is open. And the real transformation is just beginning.

Open banking in Malaysia isn’t just a trend—it’s the infrastructure for what comes next in digital finance.