Open Finance Platform Software for Participants across the UAE

Who this is for: UAE banks as deemed licensees preparing Open Finance data exposure (typically alongside core-banking augmentation scope), aspiring CBUAE-licensed Open Finance Providers (TPPs consuming data for analytics, onboarding, or customer experience), Service Initiation Providers (TPPs initiating transactions), Technical Service Providers supporting licensed entities, and fintechs building consent-aware propositions. Not positioned as a Tarabut Gateway, Lean Technologies, or Fintech Galaxy platform replacement - those operate established TPP infrastructure at regional scale.

Six connected capability areas: (1) Nebras API Hub integration layer. (2) Consent and Authorisation Manager integration. (3) Data Holder exposure engine. (4) Multi-role participant support across Data Holder, Service Owner, OFP, SIP, TSP. (5) CBUAE NOC and Trust Framework evidence. (6) Customer-facing consent-aware surfaces.

Tarabut Gateway, Lean Technologies, Fintech Galaxy, Brankas, and Salt Edge are established regional Open Banking and Open Finance TPPs with significant MENA deployment. These operate as licensed or licensing-path TPPs delivering data aggregation, payment initiation, and consumer-facing products.

Custom Open Finance platform software is designed for operators building their own participation - whether a bank preparing data-holder exposure aligned to Nebras and Consent Manager specifications, a new TPP building its own CBUAE-licensed proposition rather than white-labelling an existing TPP, or a TSP supporting licensed entities. The platform is designed to align with CBUAE Open Finance Regulation from day one rather than retro-fit UAE compliance onto UK/EU Open Banking patterns.

CBUAE Open Finance uses a centralised API Hub operated through a CBUAE-aligned entity (publicly referenced as Nebras) - structurally different from UK and EU Open Banking which use direct bank-to-TPP APIs. Banks expose customer data through Nebras; TPPs consume data through Nebras. Nebras handles TPP identity, consent routing, and audit trail.

The platform handles Nebras API conformance as structural capability - message formats per CBUAE Open Finance data standards, performance SLAs, authentication mechanisms, and error handling aligned to Nebras specifications. Version migration as Nebras extends API scope (new product types, additional data fields, transaction initiation scope in Phase 2+) is handled as configuration rather than code release.

The CBUAE Consent and Authorisation Manager operates as a standalone user app - customers manage consents centrally rather than per-bank or per-TPP. Consent lifecycle events - grant, active, renewed, revoked, expired - trigger platform behaviour across data exposure (bank side) and data consumption (TPP side).

Customer-facing surfaces respect consent scope at transaction-time - data beyond granted scope is not returned; queries beyond consent duration fail with appropriate customer communication. Consent audit trail captures each event with timestamp, scope, customer context, and downstream platform action. Integration with CBUAE Consent Manager native APIs handles the lifecycle.

Phase 1 CBUAE Open Finance scope covers current and savings accounts, credit cards, personal and auto loans, mortgages, overdrafts, and insurance products. Banks and insurers as deemed licensees expose this data through Nebras per customer consent.

The exposure engine formats data per CBUAE Open Finance data standards. Consent-scope enforcement at response-time ensures only consented fields for consented product categories are returned. Access logs capture TPP identity, timestamp, customer, and scope for each query. Performance SLAs against Nebras expectations are monitored. Data quality checks prevent exposure of stale or inconsistent data.

An entity can be a Data Holder (bank exposing data), Service Owner (product-holding licensee), Open Finance Provider (TPP consuming data), Service Initiation Provider (TPP initiating transactions in future scope), and Technical Service Provider (technology supporting licensed entities). A UAE bank is always Data Holder and Service Owner; a fintech may be OFP, SIP, and TSP for different products.

The platform supports multi-role operation with configurable role per product and customer segment. CBUAE No Objection Certificate evidence is captured per role. AED 1 million minimum capital evidence for TPP roles (OFP, SIP) is tracked. Cross-role coordination where the entity operates multiple participant types is native rather than managed through separate integrations.

Here's where custom Open Finance platform software typically sits in a wider stack.

Established TPPs and data aggregators - we sit alongside Tarabut Gateway, Lean Technologies, Fintech Galaxy, Brankas, and Salt Edge where they operate as peer licensed entities. For banks as data holders, we handle the Nebras exposure layer alongside the bank's core-banking augmentation scope.

API management and gateway - we integrate with Kong, Apigee, MuleSoft Anypoint, and AWS API Gateway for API exposure management alongside Nebras-specific conformance.

Core banking and identity - we connect with Infosys Finacle, Oracle FLEXCUBE, Mambu, Thought Machine Vault for underlying customer data; UAE PASS for customer identity at consent grant.

Integration approach is scoped during discovery. We don't ask you to rip and replace anything that works.

Discovery runs five to seven weeks. Working with your product, compliance, API, engineering, and regulatory affairs teams, we map current Nebras readiness, Consent Manager integration approach, data-exposure scope (for Data Holders) or consumption scope (for TPPs), and multi-role coordination. Output is a detailed report covering current-state map, platform architecture, integration scope, phased implementation plan, and fixed-price build proposal.

Build for a core Open Finance platform layer runs twelve to sixteen weeks from discovery completion. Full Nebras integration, Consent Manager lifecycle, Data Holder exposure or TPP consumption, and multi-role coordination rollout phases in over nine to fifteen months depending on scope and Phase 2 extensions.

Pricing varies by role count, data scope, and customer segment breadth. A bracket isn't published; discovery produces a fixed-price proposal with no obligation to proceed.