Banking & Finance

Open Banking & PSD3: A Strategic Roadmap for Banks in Türkiye and Azerbaijan

PSD3 is maturing in Europe, Türkiye’s Open Banking is in its second year, Azerbaijan has published its own framework. The decisions banks must make on APIs, consent and real-time payments.

BIART Ekibi2 min read10 views
Açık bankacılık ve dijital ödeme görseli

Open banking is no longer a regulatory checkbox; in 2026 it is a routine part of the customer journey. The latest draft of PSD3 has been published in Europe, Türkiye’s BDDK Open Banking framework just completed its second year (account aggregation and payment initiation flows are in production at the major banks), and the Central Bank of Azerbaijan published its own regulation late in 2025 — pilots begin in mid-2026.

How PSD3 differs from PSD2

PSD3 brings three key shifts: redistribution of fraud liability (in the customer’s favour), mandatory standardisation of beneficiary verification (Confirmation of Payee across Europe), and performance SLAs for TPP access. The new Payment Services Regulation (PSR) aims to reduce national interpretation gaps, narrowing the conceptual distance between European, Turkish and Azerbaijani frameworks.

Two years of Turkish experience

Year one was about integration; year two has surfaced two real questions. First, consent management: a user-friendly view of which TPP holds which data for how long is now a competitive surface. Second, real-time payment integration: connecting TPP flows with instant rails such as FAST (Türkiye) and SCT Inst (Europe) collapses payment initiation into seconds.

Azerbaijan’s pilot phase

The Central Bank of Azerbaijan defined open banking API standards on top of OpenID FAPI. The first wave covers AIS (account information sharing) and PoC PIS (payment initiation). Major players such as ASB, PASHA Bank and ALBANK are running integration tests in their sandbox environments.

Critical decisions for the bank

  • Build vs Buy: an off-the-shelf API gateway and consent module saves the first month; differentiated analytics and fraud layers will still need in-house work.
  • Data strategy: up to 20% of TPP-bound traffic can be fraud probing. Risk scoring must be enriched with TPP_id, IP geo, time series and device fingerprint.
  • Operational SLA: PSD3 makes access performance measurable; 99.5% monthly TPP API uptime is no longer an aspiration but a threshold.
  • Internal customer experience: aggregation visible via TPPs must also surface inside your own mobile app, or a fintech competitor will own the channel.
Real-timeCore BankingCompliance
Share

Related posts