On December 31, 2024, the State Bank of Vietnam officially issued Circular No. 64/2024/TT-NHNN, setting the regulatory foundation for Open Banking through the implementation of Open Application Programming Interfaces (Open API) within the banking sector – a key driver of digital finance innovation globally.
Open Banking is a new financial ecosystem in which banks and financial institutions allow third parties (fintech companies, financial service providers, etc.) to access customer data, with customer consent, to develop new services such as personal financial management, integrated payments, etc., through Open Application Programming Interfaces (Open APIs).
Amid the rapid global development of Open Banking, in Vietnam, the State Bank of Vietnam issued Circular 64, effective from March 1, 2025, which is considered a legal tool paving the way for establishing a controlled, secure, and transparent data-sharing infrastructure, fostering innovation in the financial and banking sector.
Key highlights in Circular 64:
- Banks, customers, and third parties implementing Open APIs in the banking sector must comply with legal regulations on confidentiality, customer information provision, and personal data protection.
- The processing of customers’ personal data must serve only the respective customer, except as stipulated by law.
- Data processed must be managed, stored, utilized, and used for the intended purposes as agreed in contracts between parties and in compliance with legal regulations.
- Banks are responsible for: Enhancing information system infrastructure to support Open API implementation, ensuring readiness for data connection and processing. Ensuring data quality during Open API implementation. Ensuring cybersecurity and safety for the information systems deploying Open APIs.
Accordingly, the Bank must comply with API security technical standards as stipulated in Annex 01 and Annex 02 issued with Circular 64/2024:
- Data Standards: ISO20022, ISO 8583, OFX, ISO 4271, RFC 3339
- Information Security Standards:
- Authentication and customer consent solutions: RFC 6749, RFC 6750, RFC 7009, OIDC, SAML v2.0
- Transport layer security: HTTPS, TLS v1.2 or higher
- Encryption algorithms: TCVN 7816:2007, PKCS #1, ECC, JWE, TCVN 11367-2:2016
- Electronic signatures: JWS, PKCS #1, ECDSA, TCVN 1635:2001
- Information system security: ISO27001:2022, TCVN 11930:2017
These regulations have a profound impact on the development of Open Banking in Vietnam. Most crucially, they establish a clear and consistent legal framework for the secure and controlled connection, sharing, and processing of customer data, thereby laying the foundation for building innovative, personalized financial products and services. This enables the realization of comprehensive digital banking goals by allowing third parties to access user data with user consent. This is the key factor in forming an expansive, flexible, and customer-centric open banking ecosystem. Simultaneously, these regulations create significant opportunities for the Fintech community to engage more deeply in the financial ecosystem, enhancing the provision of new and innovative services.
In the initial phase, financial institutions may face challenges in adapting. However, the issuance of Circular 64 fundamentally provides a robust legal foundation, serving as a springboard for building a modern Open Banking ecosystem in Vietnam, where data is leveraged and managed rigorously, with users at the center of all financial services.
