.png?width=560&height=469&name=_Episode%2019%20-%20Greg%20Chan%20(940%20x%20788).png)
OpenFinity Days New York hosted a fireside chat where Sid Maestre (Head of Developer Relations at APIMatic) sat down with Greg Chan, CTO of Akoya, to peel back the layers of open finance. With regulators, fintech innovators, and traditional financial institutions all eyeing the future, the conversation offered a transparent look at the current state—and the rapidly approaching promise—of open banking APIs. Here’s what you need to know about the new frontier of consumer trust and technology in finance.
Sid Maestre:
First question for you, Greg. Can you share Akoya's vision and how it aligns with the future of open finance?
Greg Chan:
Yes, I'll just tell you a little bit about Akoya. We were founded five years ago and we've been built on this mission of really empowering everyone to take better control of their finances by giving them control of their data. The way we accomplish this is really helping leading financial institutions, technology companies to be able to provide and secure data access for their customers. We were founded on this core principle of really putting customer and security first. The security part that we focus on really led us down a path where we built the only 100% API-based data access network. We really stayed away from screen scraping, which was, at the time Akoya first came onto the scene, the common and traditional way of data aggregation. As you know, it's an unsafe and insecure way of getting data, so we stayed away from that. I think it really aligns well with topics around open finance, and, of course, the 1033 rule where you can see the shift now away from screen scraping onto more permissioned API access. So Akoya is really just serving as a critical utility in this ecosystem, helping fintechs and financial institutions.
Sid Maestre:
What excites you most about this current moment we're in with open finance?
Greg Chan:
Yeah, I think it's definitely a really exciting time to be in open finance. When you think about open banking and evolving into open finance and then just Mr. Open Banking's slide earlier around FDX—you've seen tremendous adoption, right? With like 114 million active connections. A few years ago it was only 16 million. This is all market-driven demand that really existed and is continuing to grow even before any regulation or rule was in place. By establishing a standardized and secure ecosystem, it's really leveling the playing field. Whether you're a small startup or a large financial institution, you can innovate on behalf of consumers who want better, more personalized, and richer financial services. It's a win for fintechs, financial institutions—who get better security, control, and transparency of their customers' data—and, of course, consumers, who have more options to pick from.
Sid Maestre:
From your perspective at Akoya, what are some of the most compelling real world use cases for open finance that you're observing?
Greg Chan:
You definitely heard some of this earlier. Akoya works with fintechs, data aggregators, core providers, and financial institutions, so we see a lot of interesting use cases. There are traditional use cases like PFM (personal finance management), which continues to evolve, especially now with AI layered on top—predictive insights, AI chatbots as financial advisors. Account linking and account funding is another: how to do KYC and ID verification before funding, say, a digital wallet or crypto exchange. Payment initiation is another—checking a customer's balance before initiating a payment. There are newer use cases, too: pay by bank, embedded payments for seamless customer experiences (like the Starbucks app, DoorDash, Uber), and cash flow underwriting, where you get a wider range of someone's financial information to do better risk assessment for lending. Fraud prevention is another area. There are just a ton of compelling use cases, and it's very much a market- and consumer-driven push because customers want these solutions.
Sid Maestre:
Can you elaborate on the core principles behind your secure data sharing APIs and how they really differentiate from those traditional methods of screen scraping?
Greg Chan:
Sure. When we think about screen scraping, data aggregators need to get username and password login credentials from customers. With API permissioned access, you don’t need to do that. Also, with screen scraping, aggregators can get all a customer’s data—transactions, account info, possibly PII—which is stored. With API access, Akoya doesn’t store any customer data; we’re just a pass-through that returns the data to a data recipient. With screen scraping, a third party can resell your data or use it for secondary purposes. With API access, we don’t do that. Another major advantage is OAuth tokenized access: the consumer can specify fine-grained permissions, sharing only the scope of data they want, and the token is time-bound. You can also easily manage and revoke consent, which is powerful for both consumers and financial institutions. There are a lot of benefits over the old screen scraping way of getting data.
Sid Maestre:
I imagine in the past, the end customer didn't care how the app got their banking data—they just wanted it to work. When building these kinds of APIs, you have to think about smart defaults since most customers just click consent. How do you handle that?
Greg Chan:
That's right. Having OAuth token access helps improve authorization disclosure, so you’re very upfront about what data is being shared. That’s a big improvement.
Sid Maestre:
1033 is often positioned as compliance and is significant in the US. How is Akoya's 1033 solution working with financial institutions and customers, and what are the benefits?
Greg Chan:
If you’re a financial institution, you look at all the obligations under 1033 and there are a lot: covered data, making it accessible via a hosted developer interface, having a developer portal to manage third parties, setting access policies, procedures, performance requirements, third party risk management, tech support, and customer support—there’s a lot to think through. Akoya provides an end-to-end open banking solution, to not only help you meet compliance but go beyond just checking the box. We help you get value and help your customers, too. Our end-to-end solution covers everything from integrating with your legacy systems to white-labeling developer portals with your branding, plus performance requirements, tech support, and handling third party risk management, which is not trivial (e.g., doing security risk reviews, collecting evidence for assessments). You can do all that yourself or delegate to Akoya, who will do it for you.
Sid Maestre:
You’re really enabling these institutions to meet compliance without building it all in-house. Do you also have a way for customers to revoke access or control consent?
Greg Chan:
Absolutely. That’s part of what we’re offering—a consent management dashboard that lets consumers manage access. It’s also backed by APIs financial institutions can call directly to us to manage as well.
Sid Maestre:
What advice would you offer to financial institutions who want to build their own open banking solutions rather than buy it?
Greg Chan:
That could be the right thing for some, but you need to go in with your eyes open. Technical challenges could be significant, especially if you have a legacy tech stack or monolithic architecture. You’d have to modernize to a more RESTful API architecture, implement security (OAuth 2.0, mTLS), harden your infrastructure, and make sure you have strong threat detection and monitoring. Consent management is another key challenge. Data standardization can be a hurdle, as financial institution data often comes from different sources and formats. You’d need to transform all that into clean, structured data aligned to FDX specs. Then, there’s performance and scale: your external API endpoint has to handle high volumes of traffic, have 99.5%+ availability, good latency, stress/load testing, scaling, balancing, caching, rate limiting—handling database bottlenecks, etc. Non-technical challenges include third party risk management, which involves your entire organization beyond just tech and product teams.
Sid Maestre:
I’d like to pivot a little into developer experience. What are some key initiatives Akoya is undertaking to ensure developers find your APIs easy to work with?
Greg Chan:
A great developer experience is a key differentiator—it lowers the barrier to entry for fintechs and institutions. Some initiatives: fundamental things like good documentation, clear API specs, SDKs, and code samples. We provide a sandbox environment for testing; for example, a fictitious bank with test data that third parties can use before moving to production, along with other testing tools. The self-service developer portal is important—empowering third-party devs to generate API keys, client credentials, and provisioning. Troubleshooting and debugging is critical, so we provide logs, error messages, and codes—the little things that help a lot.
Sid Maestre:
I can vouch for your sandbox! Akoya’s sandbox is great for testing. I’d love to hear your thoughts about partnering with APIMatic—what’s the rationale behind this partnership and what are the benefits for developers?
Greg Chan:
Having a great developer experience is an ongoing investment. We’re always focused on providing great developer content, and our partnership with APIMatic makes sense; we’re leveraging your proven expertise in developer content for API products. It also frees us up to build more features. We work in lockstep with you to ensure as we develop features, there’s great developer content, code samples, SDKs in place, and that’s driven our decision to partner.
Sid Maestre:
What’s one key takeaway you’d like this audience to remember about Akoya’s role in the future of open finance?
Greg Chan:
The key takeaway is that open banking and open finance is really here to stay, and it’s primarily a consumer-driven market. There’s value and ROI beyond compliance, so if you’re not already in the space, you should proactively look into it. As for Akoya, I’d like to think we’ve contributed with our security-first, API-based network approach. I’m happy to chat with anyone interested in learning more.
Sid Maestre:
And where can attendees find you after the talk?
Greg Chan:
Go to akoya.com. That’s the best way. And of course you can reach out to any of us to chat—happy to talk more open finance.