Framework 01 — Open Banking

Least-Data Banking Protocol

v1.0 RFC  ·  Open Standard  ·  CC BY 4.0

A privacy-by-design API protocol that replaces all-access bank data extraction with:

  • "Is there enough?" — not "Here is the amount"
  • Single-use verification tokens, not persistent data access
  • Fraud detection stays with the bank — never exposed to intermediaries
  • Data minimization enforced at the protocol layer — not by policy
  • A user Kill Switch that revokes access instantly
Read the Whitepaper → View on GitHub →

The Problem

Open banking was built for access.
Not for privacy.

Today's open banking APIs — introduced under frameworks like PSD2 and the Open Banking Standard — grant authorized third parties full read access to a customer's transaction history, balance data, and behavioral signals. The consent layer is present. The data minimization layer is not.

The data extracted routinely exceeds what any individual use case requires. A lender verifying affordability doesn't need six months of transaction history. A landlord checking rent eligibility doesn't need investment account details. Yet the protocol grants access to all of it, and relies on downstream parties to self-limit their use.

This is structural overreach — not a compliance gap, but an architectural one. The protocol layer never asked: what is the minimum data needed to answer this specific question? LDBP asks that question. And builds the answer into the API.

The Protocol

One verification.
Zero exposure.

LDBP introduces a scoped Boolean verification endpoint to the open banking stack. Rather than returning raw financial data, the /balance/verify endpoint accepts a verification intent and returns only what the use case requires: a pass/fail.

A lender doesn't need your balance. They need to know if it's enough. LDBP encodes that distinction at the protocol level — making privacy-by-design structurally enforced, not policy-dependent. The data never leaves the institution. Only the answer does.

POST /balance/verify — response

{ "verified": true, "intent_id": "ldbp_abc123", "expires_at": "2026-12-31T23:59:59Z" }

Built For

01

Lending & Underwriting

Verify affordability without extracting transaction history. LDBP lets lenders confirm a threshold is met — not browse a balance sheet.

02

Rent & Utility Verification

Enable landlords and utilities to confirm financial eligibility with a single Boolean — no income details, no account data, no behavioral trail.

03

Agentic AI Finance

Give AI financial agents the minimum signal required to act — constraining data scope at the protocol layer, not through model-level guardrails.

04

Regulatory Compliance

Demonstrate data minimization at the API layer — a verifiable, auditable architecture for GDPR, PSD2, and emerging open finance regulation.

Artifacts

Everything you need to evaluate, adopt, or build.

Whitepaper

Full specification and design rationale

View →

OpenAPI Spec

Machine-readable API specification, GitHub

View on GitHub →

GitHub Repo

Source repository and README

View on GitHub →

Conformance Definition

How to certify LDBP compliance

View →

All artifacts published under CC BY 4.0.
Cite as: Belarmino, M.A. (2026). Least-Data Banking Protocol v1.0 RFC. BelarminoAdvisory.com/frameworks/ldbp

Get Involved

Adopt it. Challenge it. Build on it.

Implementing LDBP

If you're a fintech, bank, or platform evaluating LDBP for your open banking stack, reach out to discuss implementation support and conformance review.

Regulatory Dialogue

If you work in financial regulation or standards bodies and want to discuss LDBP's design rationale, Mary Ann is available for technical briefings.

Research & Collaboration

If you're a researcher, protocol designer, or standards contributor who wants to engage with the RFC, open a discussion on GitHub or reach out directly.

Direct contact maryann@belarminoadvisory.com