# Cyber Risk Management of API-Enabled Financial Crime in Open Banking Services

**Authors:** Odion Gift Ojehomon, Joanna Cichorska, Jerzy Michnik

PMC · DOI: 10.3390/e28020163 · 2026-01-31

## TL;DR

This paper introduces a new framework to manage cyber risks in open banking by simulating financial crime scenarios and testing risk mitigation strategies.

## Contribution

The novelty lies in combining System Dynamics, Agent-Based Modelling, and Monte Carlo simulation for cyber risk management in open banking.

## Key findings

- Stricter onboarding and tighter API rate limits reduce operational tail losses by 20–30%.
- The framework is adaptable to cross-border regulations and BigTech interactions.
- The hybrid approach provides actionable risk metrics for resource allocation and stress testing.

## Abstract

Open banking reshapes the financial sector by enabling regulated third-party providers to access bank data through APIs, fostering innovation but amplifying operational and financial-crime risks due to increased ecosystem interdependence. To address these challenges, this study proposes an integrated risk-management framework combining System Dynamics, Agent-Based Modelling, and Monte Carlo simulation. This hybrid approach captures feedback effects, heterogeneous agent behaviour, and loss uncertainty within a simulated PSD2-style environment. Simulation experiments, particularly those modelling credential-stuffing waves, demonstrate that stricter onboarding thresholds, tighter API rate limits, and enhanced anomaly detection reduce operational tail losses by approximately 20–30% relative to baseline scenarios. Beyond these specific findings, the proposed framework exhibits significant universality; its modular design facilitates adaptation to broader contexts, including cross-border regulatory variations or emerging BigTech interactions. Ultimately, this multi-method approach translates complex open-banking dynamics into actionable risk metrics, providing a robust basis for targeted resource allocation and supervisory stress testing in evolving financial ecosystems.

## Full-text entities

- **Diseases:** injury to (MESH:D014947), spike (MESH:D031261), SD (MESH:D000092242), Shock (MESH:D012769)
- **Chemicals:** TPP (-)
- **Species:** Homo sapiens (human, species) [taxon 9606]

## Figures

8 figures with captions in the complete paper: https://tomesphere.com/paper/PMC12939948/full.md

---
Source: https://tomesphere.com/paper/PMC12939948