Cross-border interoperability is emerging as one of the most important frontiers for open finance and the recently announced Bank for International Settlements’ (BIS) Project Aperta makes meaningful progress in addressing some of its most complex challenges.

Led by the BIS Innovation Hub, the project has shown that cross-border open finance interconnectivity is technically possible. Its “network of networks” model was designed to connect existing domestic open finance infrastructures through a neutral interoperability layer, using APIs to enable secure, consent-based data sharing across jurisdictions.

The prototype connected open finance networks in the United Kingdom, the United Arab Emirates, Brazil, Hong Kong SAR and India. It focused on practical SME use cases, including cross-border business account opening and trade finance. In simple terms, it explored whether a business or provider trusted in one domestic ecosystem could be discovered, verified and connected in another, without every market having to redesign its own domestic framework.

The business case is clear. Cross-border interoperability has the potential to reduce friction, duplication and cost in financial services by allowing trusted data to move securely between domestic ecosystems. For SMEs, that could mean faster access to overseas accounts, credit and trade finance, without repeatedly submitting the same documents or going through the same manual checks in every market. It also has a particularly strong application in trade finance, where many processes remain paper-based, document-heavy and dependent on multiple intermediaries. By enabling trusted, consent-based financial data to be shared across borders, open finance interoperability could help digitise these processes, accelerate decision-making and support faster movement of funds through the trade cycle.

That is significant. It demonstrates that the technical components of cross-border open finance can be made to work. Data can be translated, APIs can be connected, identity can be validated, consent can be anchored in domestic processes, and trust frameworks can be designed to allow participants to recognise one another across borders.

But this is also where the harder question begins. Technology is not the biggest barrier to cross-border open finance. Arguably, it is the easiest part of the puzzle to solve. The more difficult challenge, the so called “elephant in the room,” is regulatory alignment.

The global direction of travel is clear

Across the world, policymakers and market participants are looking at how financial data, payments, identity and digital trade infrastructure can operate more effectively across borders.

Project Aperta is one example. In Africa, Ghana, Rwanda and Zambia have been reported to be testing a digital trade corridor focused on cross-border payments, digital identity, regulatory alignment and infrastructure interoperability. The African Union’s Digital Trade Protocol is also built around harmonised rules, common principles, open standards and interoperability for cross-border digital trade.

These examples all point to the same conclusion. Cross-border open finance is not just an API challenge. It is an ecosystem challenge.

Europe shows why common regulation matters

Europe provides one of the clearest examples of why regulatory alignment is so important. The European Economic Area is made up of 30 countries: the 27 EU Member States plus Iceland, Liechtenstein and Norway. It is not a single domestic market and its financial services ecosystem is far from simple. Each country has its own institutions, supervisors, market structures, banking relationships and levels of digital maturity.

Yet PSD2 was able to create the legal foundation for open banking across the region because it established a common regulatory baseline. Payment service providers and third-party providers operate within a shared European framework. Account access, authorisation, customer consent, liability and regulatory oversight are not left entirely to individual national interpretation. That common baseline is the reason cross-border open banking could exist at all.

It did not make implementation perfect. PSD2 told the market what needed to happen, but not always how it should happen. As we have written previously in “What Makes a Successful Open Banking Ecosystem?”, differing API standards emerged across Europe, creating fragmentation and complexity for third-party providers. The UK, by contrast, benefited from a more scheme-based approach, with a central entity developing common standards, processes and procedures.

The lesson is not that Europe solved everything. It did not. The lesson is that alignment of regulation is the foundation on which cross-border participation becomes possible.

Without it, every participant is forced to interpret the rules market by market. Every bank, fintech and data user has to ask the same questions again and again. Is this participant authorised? Is it permitted to access this data? Is the consent valid? Who is liable if something goes wrong? Which supervisor is responsible? Which standards apply? What happens when access crosses a border?

At the domestic level, these questions are difficult. At the cross-border level, they become exponentially harder.

Four workstreams must align

For cross-border open finance to move from proof of concept to live implementation, four workstreams need to align: technology, operations, governance and regulation.

Technology is the visible layer. It includes APIs, translation services, security protocols, encryption, identity credentials, directories and connectivity. Project Aperta has demonstrated that this layer can be built. It has also shown that existing domestic frameworks do not necessarily need to be replaced for cross-border connectivity to be possible.

Operations are what make the ecosystem work day-to-day. Participants need to be onboarded, verified, monitored and supported. Digital identities (i.e. certificates) need to be managed. Access decisions need to be logged. Incidents need to be handled. Disputes need to be resolved. Management information needs to be collected so the ecosystem can be supervised and improved.

Governance determines who sets the rules and how those rules evolve. A cross-border open finance ecosystem needs clear decision-making, representation, accountability, change control, participation criteria and funding. It also needs a responsible operating entity or network operator that can coordinate shared infrastructure across jurisdictions.

Regulation provides the legal basis for trust. It defines who can participate, what data can be shared, what consent means, how data can be used, how liability is allocated, how data protection rules apply and how supervisors cooperate when activity crosses borders.

These workstreams cannot be treated separately. Strong technology without regulation creates risk. Regulation without operational infrastructure creates friction. Governance without real-time participant validation creates weak oversight. Operations without common rules create inconsistency. The successful ecosystems are the ones that bring all four together.

Why cross-border is harder than domestic open banking

Domestic open banking can work within one legal system, one supervisory perimeter and one set of market rules. Cross-border open finance has to bridge different legal regimes, policy objectives, data protection requirements, supervisory expectations, identity systems, licensing models and liability frameworks. That is why regulatory alignment is so hard.

A provider that is licensed in one market may not be recognised in another. A data category that sits within scope in one jurisdiction may be outside scope elsewhere. A consent model accepted by one regulator may not satisfy another. A customer redress process that works domestically may not work when the data holder, data user and customer are in different countries. Even where the technical connection is secure, the legal and operational basis for relying on that connection may still be unclear.

Project Aperta’s proof of concept deliberately avoided some of these issues by using synthetic data and operating as an experimental prototype. That was the right approach for testing feasibility. But live deployment would require more. It would need legal clarity on cross-border data sharing, data controller and processor roles, consent portability, liability, supervisory cooperation and complaint handling.

In other words, the technology can show what is possible, regulation determines what is permissible, governance determines who is accountable and operations determine whether it can scale.

The path forward: common foundations, not identical systems

Cross-border open finance does not require every country to adopt the same domestic model. That would be unrealistic and, in many cases, undesirable. Markets have different starting points, different policy priorities and different levels of maturity. What is needed is a common foundation.

That means agreeing the minimum rules and standards that allow domestic ecosystems to trust one another. It means shared definitions for participants, data categories, consent, access rights, liability and supervisory cooperation. It means consistent approaches to participant onboarding, authentication, accreditation, revocation and monitoring. It means trust infrastructure that can validate who is asking for access, whether they are entitled to ask, and under what conditions access should be granted.

This is where the European experience is so relevant. PSD2 did not remove all fragmentation, but it created a shared regulatory foundation. Future cross-border open finance initiatives will need the same principles, applied more deliberately and at a broader scale.

The next phase should not be about connecting as many jurisdictions as possible as quickly as possible. It should be about building small, trusted clusters of markets with sufficiently aligned regulatory objectives, compatible use cases and clear governance. From there, the model can be tested, refined and scaled.

Trust is the real infrastructure

Open finance is often described in terms of APIs. But APIs are only the connection mechanism. The real infrastructure is trust.

Can the data holder trust the data user? Can the customer trust the process? Can regulators trust that access is authorised, traceable and revocable? Can participants trust that the same rules will be applied consistently across borders? Can the ecosystem prove who accessed what, when, why and under whose permission? These questions sit at the heart of cross-border open finance.

At Konsentus, our focus has always been on enabling trusted open ecosystems to operate safely, securely and efficiently. That means putting the right infrastructure around participant identity, regulatory status, authorisation, access control, monitoring and auditability. It means helping ecosystems move beyond policy ambition into operational reality.

Project Aperta has shown that cross-border open finance is technically achievable. That is a major step forward. But the next stage will not be won by the best API alone. It will be won by the ecosystems that can align technology, operations, governance and regulation into a trusted operating model.

Common regulation is not a nice-to-have. It is the foundation that allows trust to travel across borders. And without that, cross-border open finance will remain a proof of concept, rather than becoming part of the global financial infrastructure.