Abstract
Open banking reshapes the financial sector by enabling regulated third-party providers to access bank data through APIs, fostering innovation but amplifying operational and financial-crime risks due to increased ecosystem interdependence. To address these challenges, this study proposes an integrated risk-management framework combining System Dynamics, Agent-Based Modelling, and Monte Carlo simulation. This hybrid approach captures feedback effects, heterogeneous agent behaviour, and loss uncertainty within a simulated PSD2-style environment. Simulation experiments, particularly those modelling credential-stuffing waves, demonstrate that stricter onboarding thresholds, tighter API rate limits, and enhanced anomaly detection reduce operational tail losses by approximately 20-30% relative to baseline scenarios. Beyond these specific findings, the proposed framework exhibits significant universality; its modular design facilitates adaptation to broader contexts, including cross-border regulatory variations or emerging BigTech interactions. Ultimately, this multi-method approach translates complex open-banking dynamics into actionable risk metrics, providing a robust basis for targeted resource allocation and supervisory stress testing in evolving financial ecosystems.