Dylan October 29, 2024 Middle East, Regulation Open Banking in Oman – 2025 Update Oman’s Open Banking Framework Monetisation Are there Open Banking Leaders in Oman? Other Important Fintech Regulation in Oman Updated 11 November 2025 Oman’s open banking development started with a call from local banks themselves. Indeed, the Oman Banks Association (OBA) warned financial players in October 2020 at the New Age Banking Summit not to ignore fintech firms, pointing out that all lenders around the world are now considering them in their strategies. The idea of open banking became even more pregnant in the Sultanate as, like everywhere else, the sector had to face the consequences of the coronavirus pandemic: a growing demand for mobile banking apps, contactless credit card services, and e-commerce. December 10th 2020 marked the launch of the Fintech Regulatory Sandbox (FRS), and a suite of Fintech laws were issued and passed between 2021 and 2022, including: The Financial Consumer Protection Regulatory Framework (2021) The New Securities Law (2022) The Personal Data and Protection Law (PDPL) (2022) Finally in 2023, the Central Bank of Oman issued the first Data and Information Security Specifications for the use of APIs in the banking sector. In 2024 it published a Technology Framework and API Specifications, after which the much awaited Regulatory Framework for consultation with the industry. In June 2025, the CBO issued the final version of Oman’s Open Banking regulatory framework, which mainly consolidated earlier versions of the API Specifications and Technology Framework and came into force immediately. Oman’s Open Banking Framework Below is the OBP Open Banking canvas applied to Oman, outlining the key pillars of the country’s Open Banking framework. Much like PSD2, Oman’s Open Banking framework does not specify the standards to be used and instead leaves it to the market. Those who follow us regularly know that this is the Architect approach: the regulator provides the legal and security framework for the regime but not the specific technical interfaces. Unlike PSD2, it does specify the need to use REST APIs. The data in scope is based on a broad definition of “Customer Data”: “personal and non-personal data, including data related to Customer Payment Accounts that is […] processed by a Bank, PSP Licensee, Financial Institution or Licensee […] which covers both, data provided by a Customer and data generated as a result of Customer interaction with Banks, PSP Licensees, Financial Institutions and Licensees.” The broad scope presents similarities with the EU General Data Protection Regulation (GDPR) principles, though with its own flavour. Monetisation The CBO mentions the topic of commercialisation, albeit with some conditions. It divides APIs in Basic, Standard and Premium APIs, with the first referring to read-only information including account information and balances. Like in the UK and the EU, Basic API functionality cannot be charged, while the two other API types provide opportunities for monetisation. Basic APIs Standard APIs Premium APIs Basic read-only information (account information, balances, etc.) Restricted transactional information like e.g. Account details, Customer personal details etc. Read/write, full set of data and functionality. E.g. Credit scoring, payment initiation. Example: All banks will be required to expose these. Example: Customer Data APIs Example: Embedded loan affordability checks and loan applications The CBO also includes guidance for which monetisation models are available. Banks in Oman will have to share their monetisation strategies for approval before commercialising their APIs. Are there Open Banking Leaders in Oman? A snapshot of Open Banking leaders is already emerging in Oman. In 2024 Sohar International launched the country’s first public API portal and, a year later in June 2025 – shortly after the final CBO regulation went live – the bank announced the first Open Banking platform. The National Bank Of Oman followed soon after with its own API gateway announcement in July 2025, covering basic payments and accounts but also cards, loans, etc. In the same month of July, Bank Nizwa announced Sharia-compliant Open Banking services, in particular targeting Fintech companies wanting to launch fintech services that are grounded in principles of Islamic Finance. Despite the above announcements, the ecosystem is in its infancy, making it too early to conduct a proper analysis into who is leading the market. Announcements are one thing, successfully implementing safe technologies and establishing ecosystems of value is another. We will likely publish another update as the initiative progresses. Oman presents an opportunity for fintech to grow and help it in its journey for economic development and diversification. For a more comprehensive analysis of the regulation and to learn how the Open Bank Project can help you launch your open banking initiative in the region, contact us by using the contact form or by emailing contact@tesobe.com. Other Important Fintech Regulation in Oman The Open Banking API Strategy forms part of the wider fintech framework and roadmap for Oman. This comprises various initiatives to mature the ecosystem such as: regulation in fintech, a regulatory sandbox, release of a cloud computing framework for the financial and banking sector, initiatives to boost electronic know-your-customers (eKYC), virtual assets and fintech education. The Financial Consumer Protection Regulatory Framework The CBO issued the FCPRF on the 29th of December 2021 in order to improve local consumer protection when it comes to using financial services. The idea is to mandate all licensed institutions in the Sultanate to comply with the best international standards in terms of consumer protection as well as to promote healthy competition in the financial sector. The framework is based on five main principles : the Principle of Disclosure and Transparency, the Principle of Unfair Terms and Conditions, Data Protection and Privacy, the Principle of Dispute Resolution mechanisms, and Principle of Financial Education & Financial Capability. These different components were key in laying off a solid foundation for a successful future growth of the fintech ecosystem. The Personal Data and Protection Law The PDPL touches on topics like data processing, transfers, notification, and record-keeping requirements, and makes Oman’s Ministry of Transport, Communications and Information Technology the regulatory enforcer of the law. The new regulation offers a broader definition of “Personal Data” compared to the previous ones which should improve the consumer’s protection and privacy. It also gives a clear definition of the parties involved in the collection of data and their respective responsibilities. Ultimately, this law should lead to more transparency and privacy. The New Securities Law Entered into force on the 20th of June 2022, the new Securities Law enabled the Capital Markets Authority (CMA) to approve fintech apps as well as to regulate innovative financing solutions and virtual investments. The goal being to help the regulation for the fintech sector become more mature and help the ecosystem grow in a safe and controlled manner. Combined with the CMA’s active work in the field of virtual assets in order to potentially implement a regulatory framework for them, the law will certainly contribute to the development of innovation in financial services in Oman. The Legal Framework of the National Payment Systems Although it was developed before 2021, this framework has been important for the development of financial services in the Sultanate. The main law, which represents the CBO’s national payment strategy, is the National Payment Systems Law (NPSL) and was promulgated in 2018. Key components of this law include the mandatory licensing for all companies involved in activities related to payments, the oversight and supervision of the national payments systems and enabling the development of innovative ideas to provide payment services.