BNM ED-OFIN-25 Ready

Open for
What's Next.

finX delivers the API-first, consent-driven Open Finance platform that helps banks, insurers, takaful operators, and EMIs comply with Bank Negara Malaysia's upcoming regulatory framework — securely and on schedule.

Explore Platform

finx/consent-api / v1

// POST /v1/consent/initiate

{

"institution_id": "CIMB-MY-001",

"customer_ref": "cust_9f2a...",

"scope": [

"account.read",

"transaction.read",

"insurance.read"

"expiry": "2025-12-31",

"encryption": true

}

200 OK — Consent Token Issued

Data Requests Today

2.4M+

Avg. Latency

38 ms

The Challenge

Malaysian FSIs Face a Compliance Countdown

BNM's ED-OFIN-25 mandates open finance participation from January 2027. The infrastructure challenge is real — and time is short.

Tight Regulatory Timeline

Phase 1 compliance (banks with >1M customers) begins 1 Jan 2027. Building in-house API infrastructure in time is a significant engineering challenge.

Consent Management Complexity

BNM requires explicit, time-limited, revocable customer consent for every data-sharing event — a sophisticated consent layer most FSIs don't have.

Interoperability Across Institutions

Open Finance demands standardised APIs that work across banks, insurers, takaful operators, DFIs, and EMIs — a complex, cross-industry integration effort.

Security & Data Residency

All customer data must traverse encrypted channels without storage or leakage at intermediary layers — compliant with both BNM and PDPA requirements.

The Platform

Every Layer of Open Finance, Delivered

finX is a modular, BNM-aligned Open Finance platform built for the Malaysian market — deploy as a full stack or adopt individual modules.

Open API Gateway

Standardised REST & event-driven APIs for data providers and consumers. PayNet-compatible, BNM-schema aligned, with built-in rate limiting and versioning.

Consent Orchestration Engine

End-to-end consent lifecycle management: initiation, customer authorisation, granular scope control, time-bound expiry, and revocation — all auditable.

Encrypted Data Relay

Zero-storage relay architecture: customer data flows encrypted between institutions without finX ever persisting or viewing the payload.

Compliance Dashboard

Real-time monitoring of data-sharing events, audit trails, consent statuses, and SLA adherence — purpose-built for compliance and risk teams.

Third-Party Provider Portal

Onboard, verify, and manage approved data consumers (TPPs) with KYB workflows, access controls, and sandbox testing environments.

Legacy Core Integration

Pre-built adaptors for Malaysia's dominant core banking systems. Go live in weeks, not months — without ripping out existing infrastructure.

Regulatory Alignment

Built for BNM's
Open Finance Framework

finX's architecture was designed from the ground up against the requirements set out in BNM's Exposure Draft ED-OFIN-25, ensuring mandated financial institutions can meet their Phase 1 deadline on 1 January 2027.

✓Supports all BNM-mandated data categories: account, transaction, insurance, takaful, and EPF data schemas
✓Customer consent meets BNM's explicit, time-limited, purpose-bound, and revocable requirements
✓PDPA-compliant data handling with Malaysian data residency options
✓Interoperable with PayNet's technical infrastructure and ISO 20022 standards
✓Audit logs and reporting aligned with BNM supervisory expectations

BNM Open Finance Rollout Timeline

Nov 2025

Exposure Draft Released (ED-OFIN-25)

BNM publishes proposed regulatory framework; industry feedback window opens.

Mar 2026

Stakeholder Feedback Deadline

Final date for industry submission of comments to BNM.

Mid-2026

PayNet Pilot Launch

Technical pilot with 7 banks and EPF; policy document finalised.

1 Jan 2027

Phase 1 Mandatory Go-Live

Banks with >1M customers must be fully compliant.

1 Jan 2028

Phase 2 — Broader Banks

Banks with >100K customers come into scope.

1 Jan 2029

Phase 3 — DFIs & EMIs

Development financial institutions and EMIs with >5M users participate.

How It Works

From Integration to Live in Weeks

A structured, low-disruption onboarding process designed for Malaysian financial institutions.

Assess & Scope

We audit your existing core banking infrastructure and map BNM-mandated data schemas to your systems.

→

Connect

Deploy our pre-built connectors into your environment. API Gateway and Consent Engine go live in your preferred hosting model.

→

Test & Certify

Use our BNM-sandbox environment to validate data flows, consent journeys, and encryption against regulatory requirements.

→

Go Live

Launch with full monitoring, SLA guarantees, and our Malaysia-based support team available around the clock.

Open forWhat's Next.