BNM ED-OFIN-25 Ready

Open for
What's Next.

finX delivers the API-first, consent-driven Open Finance platform that helps banks, insurers, takaful operators, and EMIs comply with Bank Negara Malaysia's regulatory framework — securely and on schedule.

Explore Platform
finx/consent-api / v1
// POST /v1/consent/initiate
{
  "institution_id": "CIMB-MY-001",
  "customer_ref": "cust_9f2a...",
  "scope": [
    "account.read",
    "transaction.read",
    "insurance.read"
  ],
  "consent_valid_for": "90 days",
  "encryption": true
}
200 OK — Consent Token Issued
Data Requests Today
2.4M+
Avg. Latency
38 ms
The Challenge

Malaysian FSIs Face a Compliance Countdown

BNM's ED-OFIN-25 mandates phased open finance participation for Malaysian financial institutions. The infrastructure challenge is real — and time is short.

Tight Regulatory Timeline

Phase 1 compliance (banks with >1M customers) is a hard regulatory deadline. Building in-house API infrastructure in time is a significant engineering challenge.

Consent Management Complexity

BNM requires explicit, time-limited, revocable customer consent for every data-sharing event — a sophisticated consent layer most FSIs don't have.

Interoperability Across Institutions

Open Finance demands standardised APIs that work across banks, insurers, takaful operators, DFIs, and EMIs — a complex, cross-industry integration effort.

Security & Data Residency

All customer data must traverse encrypted channels without storage or leakage at intermediary layers — compliant with both BNM and PDPA requirements.

The Platform

Every Layer of Open Finance, Delivered

finX is a modular, BNM-aligned Open Finance platform built for the Malaysian market — deploy as a full stack or adopt individual modules.

01

Open API Gateway

Standardised REST & event-driven APIs for data providers and consumers. PayNet-compatible, BNM-schema aligned, with built-in rate limiting and versioning.

02

Consent Orchestration Engine

End-to-end consent lifecycle management: initiation, customer authorisation, granular scope control, time-bound expiry, and revocation — all auditable.

03

Encrypted Data Relay

Zero-storage relay architecture: customer data flows encrypted between institutions without finX ever persisting or viewing the payload.

04

Compliance Dashboard

Real-time monitoring of data-sharing events, audit trails, consent statuses, and SLA adherence — purpose-built for compliance and risk teams.

05

Third-Party Provider Portal

Onboard, verify, and manage approved data consumers (TPPs) with KYB workflows, access controls, and sandbox testing environments.

06

Legacy Core Integration

Pre-built adaptors for Malaysia's dominant core banking systems. Go live in weeks, not months — without ripping out existing infrastructure.

27+
FSIs integrated on platform
99.99%
Uptime SLA guaranteed
<50ms
API response latency (p95)
100%
BNM ED-OFIN-25 schema coverage
Regulatory Alignment

Built for BNM's
Open Finance Framework

finX's architecture was designed from the ground up against the requirements set out in BNM's Exposure Draft ED-OFIN-25, ensuring mandated financial institutions can meet their Phase 1 deadline with confidence.

  • Supports all BNM-mandated data categories: account, transaction, insurance, takaful, and EPF data schemas
  • Customer consent meets BNM's explicit, time-limited, purpose-bound, and revocable requirements
  • PDPA-compliant data handling with Malaysian data residency options
  • Interoperable with PayNet's technical infrastructure and ISO 20022 standards
  • Audit logs and reporting aligned with BNM supervisory expectations

BNM Open Finance Rollout Roadmap

Stage 1
Exposure Draft Released (ED-OFIN-25)
BNM publishes proposed regulatory framework; industry feedback window opens.
Stage 2
Stakeholder Consultation
Industry submits feedback and comments to BNM on the proposed framework.
Stage 3
PayNet Pilot Launch
Technical pilot with participating banks and EPF; policy document finalised.
Phase 1
Mandatory Go-Live — Large Banks
Banks with >1M customers must be fully compliant.
Phase 2
Broader Banks
Banks with >100K customers come into scope.
Phase 3
DFIs & EMIs
Development financial institutions and EMIs with >5M users participate.
How It Works

From Integration to Live in Weeks

A structured, low-disruption onboarding process designed for Malaysian financial institutions.

01

Assess & Scope

We audit your existing core banking infrastructure and map BNM-mandated data schemas to your systems.

02

Connect

Deploy our pre-built connectors into your environment. API Gateway and Consent Engine go live in your preferred hosting model.

03

Test & Certify

Use our BNM-sandbox environment to validate data flows, consent journeys, and encryption against regulatory requirements.

04

Go Live

Launch with full monitoring, SLA guarantees, and our Malaysia-based support team available around the clock.

Get Started

Don't Miss Your
Compliance Deadline

The window to build, test, and certify your Open Finance infrastructure is narrowing. Let's talk about your readiness today.