Series 1 — Diagnosis · Paper 3
Open Banking's Missing Layer
In 2016, when the UK’s Competition and Markets Authority ordered the nine largest banks to open their payment infrastructure to third parties, it felt like a genuinely radical moment. For the first time, a business could initiate a payment directly from a customer’s bank account without touching a card network. The money would move via Faster Payments — settling in seconds, not days — and the only fee would be whatever the authorised intermediary chose to charge. No interchange. No card scheme fee. No percentage skimmed from every transaction.
A decade later, Visa and Mastercard still process the overwhelming majority of UK consumer payments. Open Banking exists. It works. And almost nothing changed.
The standard explanation is that Open Banking didn’t go far enough — that the regulation was too narrow, the APIs too inconsistent, the consumer experience too clunky. These things are all true. But they are symptoms, not causes. The deeper question is why — with genuinely open rails, a clear regulatory mandate, and an obvious commercial opportunity — the market collectively failed to build something transformative on top of them.
The answer, I think, lies not in the technology or even the regulation. It lies in the incentives of every actor who was in a position to do something about it.
What each actor did — and why it made perfect sense
The banks were the first and most important actor. PSD2 required them to open their APIs. They complied — and compliance is exactly the right word. The APIs got built. The standards were met, more or less. But banks are not neutral infrastructure providers. They are relationship businesses. Their value — and their margin — comes from being the trusted intermediary between a customer and their money. A genuine open payment network, one that commoditises payment initiation and routes transactions transparently between any two parties, is a direct threat to that position. Banks built what the regulation required. They had no incentive to build anything more.
The card networks were not directly regulated by PSD2 and watched its implementation with understandable interest. Their response was characteristically sophisticated. Visa and Mastercard both developed their own Open Banking products — using the open rails underneath, their own closed networks on top. They didn’t fight the regulation. They absorbed it. The rails opened; the coordination layer stayed proprietary. The percentage fee moved slightly, but it didn’t disappear.
The payment processors — Stripe, GoCardless, Adyen and the rest — were the actors most positioned to build something genuinely new. Several of them did build on Open Banking, and some of those products are good. But every one of them built a proprietary layer. They had to. Their business model depends on owning the merchant relationship, controlling the integration, and capturing the margin that comes from being the indispensable intermediary. An open protocol — one that any provider could implement and any merchant could switch between without friction — is not an opportunity for an established payment processor. It is an existential threat.
The API aggregators — TrueLayer, Yapily, Tink — were perhaps the most genuinely enthusiastic constituency for Open Banking. They built the connective tissue that made it easier for developers to access bank APIs without negotiating with each bank individually. Genuinely useful infrastructure. But still proprietary. Still a middleware layer with its own commercial model, its own lock-in, its own reason to remain closed. The aggregators made Open Banking more accessible. They had no incentive to make it open in the deeper sense.
The regulators did what regulators do: they removed barriers to entry and assumed the market would handle the rest. This is not an unreasonable assumption in most markets. Competition tends to produce good outcomes for consumers when the thing being competed over is the product or service itself. But nobody competes to build open standards. Open standards are collective goods — they benefit everyone, which means no individual actor captures enough of the benefit to justify the investment. The Payment Systems Regulator opened the rails. It had no mechanism to ensure that what got built on top of them served the market as a whole rather than the interests of whichever actor built it first.
The merchants — the intended beneficiaries of all of this — were largely passengers. Fragmented, individually small relative to the payment processors they depended on, and with no collective voice in how the system developed. They took what they were given, which was a slightly cheaper version of what they already had, wrapped in a different API.
The pattern nobody named
Look at that list of actors and their incentives, and a pattern emerges that nobody quite said out loud during the decade of Open Banking enthusiasm.
Every actor with the capability to build a genuine coordination layer — the banks, the card networks, the processors, the aggregators — had a business model that made an open coordination layer a direct threat. And every actor that would have benefited from one — merchants, consumers, new entrants — lacked the capability to build it.
This is not a story about bad faith or missed opportunity. Each of those actors behaved entirely rationally. The banks protected their relationship position. The processors protected their margin. The aggregators built sustainable businesses. The regulators used the tools available to them. Individually, every decision made sense.
What the incentive analysis cannot fully explain is why, across an entire industry of intelligent people with access to the same technology and the same regulatory moment, nobody seriously asked what a payment network designed from first principles — for merchants and consumers rather than for banks — might actually look like. Rational behaviour and lack of imagination are not the same thing. The industry demonstrated both.
Collectively, they produced a market where the rails are open and the network is not. Where you can initiate a payment from any bank account in the UK, but only through a proprietary intermediary who charges for the privilege of using infrastructure that is, in principle, free. Where Open Banking succeeded completely as a technical achievement and failed almost entirely as a market transformation.
The missing piece was never a technical one. The technology for a genuine open payment network existed before PSD2. What was missing was a coordination layer — a set of shared rules, a trust framework, a dispute resolution process, a way of routing payments between any two participants without any single actor owning the flow — that was open not because a regulator mandated it, but because it was designed that way from the start.
Nobody with an incumbent position to protect was ever going to build that. The incentives made it impossible. Which means it was only ever going to come from somewhere else.
The shape of what’s needed
A genuine open payment network is not a product. Products have owners, and owners have incentives, and those incentives — as the last decade has demonstrated — reliably point away from openness whenever openness conflicts with margin.
What’s needed is a protocol — a set of rules that any qualified participant can implement, that no single participant controls, and that creates value for the network as a whole rather than extracting it for any individual actor. The same model that underlies every large-scale communications network that actually works. The same model that the payments industry has studiously avoided for thirty years, because the actors best placed to build it had the most to lose from it existing.
The rails are open. The regulation is in place. The commercial case for merchants is, if anything, stronger now than it was in 2016. The technical problems are solved — not in theory, but in working implementation.
What remains is the question of who builds the coordination layer, on what terms, and with what governance. The answers to those questions will determine whether Open Banking’s second decade looks like its first — or like something genuinely different.
That question is now open. For the first time, the honest answer is that it doesn’t have to be answered by someone with an incumbent position to protect.
Thomas Larsen is a cloud platform architect and engineering leader with twenty years’ experience building open infrastructure for public-sector and defence organisations. He is currently working on an open payment scheme for the UK market.