Open banking is the practice of banks, fintech companies, and financial service providers sharing financial data through APIs—with customer consent—to create financial products and services and promote competition in the financial services industry. While the European Union’s revised Payment Services Directive (PSD2) and the United Kingdom’s Open Banking Standard enforce regulatory standards for open banking, the United States has not implemented a similar regulatory framework. Instead, the financial industry has led the development and adoption of open banking practices in the US, encouraged by consumer demand for more integrated and personalized financial services.

A 2022 Visa survey found that 87% of US consumers use open banking to link their financial accounts to third-party services. While open banking operates primarily through market-driven initiatives in the US, there has recently been progress toward formalizing open banking regulations, with the Consumer Financial Protection Bureau (CFPB) pushing for more standardized data sharing practices to protect consumer data privacy and ensure security. Open banking in the US is currently shaped by industry practices and voluntary agreements between private entities, with a focus on innovation and competitive differentiation.

This guide will explain what you need to know about open banking in the US: how it works, how it’s regulated, and how it compares to open banking in other regions.

What’s in this article?

• What is open banking?
  
• What do open banking regulations look like in the US?
  
• How open banking in the US compares with other global models
  
• Benefits of open banking for consumers and businesses
  
• Challenges in adopting open banking in the US
  
• Best practices for open banking
  

What is open banking?

Open banking is the practice of banks and financial companies sharing consumer data with third-party developers using open APIs (application programming interfaces), and only with consumer consent. Developers use this data to build financial applications and services. Open banking has promoted greater competition and faster development within the banking industry, including the creation of personalized financial products.

Open banking is built on the concept that consumers own their financial data and can choose to share it with third-party providers (TPPs) so these providers can create new apps and services. Regulations such as the PSD2 directive in the EU and the Open Banking Standard in the UK have mandated that banks open their systems to authorized providers, enabling the creation of a wide range of financial services and tools for businesses and consumers.

What do open banking regulations look like in the US?

The regulatory landscape of open banking in the US is fragmented and lacks the cohesive, formal regulatory framework of the EU or the UK. Instead of a centralized mandate, US open banking regulation is shaped by a variety of existing financial regulations, sector-specific guidelines, and some emerging industry standards.

Here’s how open banking is regulated in the US.

• Consumer protection and data privacy: Section 1033 of the Dodd-Frank Act is considered the legal basis for open banking in the US. It mandates that consumers have access to their financial data and can securely share this data with third parties. The Consumer Financial Protection Bureau (CFPB) is the primary US regulatory body that oversees open banking development.

• Data security standards: Regulations such as the Gramm-Leach-Bliley Act (GLBA) set standards for how financial institutions must safeguard consumer data and ensure privacy. When sharing consumer data with third parties, financial institutions must follow the strict protocols set by this act.

• Voluntary industry standards: Industry groups and consortiums have begun to create voluntary standards to facilitate data sharing. For instance, the Financial Data Exchange (FDX) is a nonprofit group that has developed and promoted an API standard for secure and convenient access and sharing of financial data.

• Interagency guidance and collaboration: Different regulatory bodies including the Federal Reserve, the Office of the Comptroller of the Currency (OCC), and the Federal Deposit Insurance Corporation (FDIC) have issued guidance on how banks should manage risks associated with the kinds of third-party relationships involved in open banking (i.e., sharing data with fintech companies or data aggregators).

Open banking regulations in the US are still in development. The goal of the CFPB’s phased implementation is to balance consumer benefits with necessary safeguards, and gradually expand the scope of open banking.

In October 2023, the CFPB proposed a Personal Financial Data Rights rule (the “Proposed Rule”) to accelerate the shift toward open banking. The Proposed Rule addresses these key areas.

• Consumer control: The Proposed Rule empowers consumers to access their financial data and authorize the secure sharing of this data with third-party providers.

• Standardized data access: The Proposed Rule establishes a standardized format for data sharing, making information consistent and accessible for all parties.

• Data privacy and security: The Proposed Rule emphasizes strong data privacy and security measures to protect consumer information. It forbids companies from misusing or wrongfully monetizing sensitive personal financial data.

How open banking in the US compares with other global models

While the US is still in the early stages of open banking development, it’s following a similar path to the EU and UK with a focus on consumer consent, data standardization, and increasing financial competition. The CFPB’s Proposed Rule is a major step for open banking in the US.

Here’s how the US model compares with those of the EU and the UK, two leaders in open banking regulation.

Regulations

• US: There is no specific open banking legislation. The financial industry guides implementation. Regulatory guidance has focused on data protection and consumer rights under existing financial laws such as the Dodd-Frank Act and the Gramm-Leach-Bliley Act.

• EU: Open banking is mandated by the revised Payment Services Directive (PSD2), which requires banks to provide third-party access to consumer banking, transaction, and other financial data through APIs, after obtaining consumer consent.

• UK: The UK established its own specific set of open banking regulations, similar to the PSD2, which is managed by the Open Banking Implementation Entity (OBIE). This regulation is more structured and aims to standardize how banks and third parties interact.

Implementation

• US: Implementation is voluntary and varies widely between institutions. Some large banks have proactively developed APIs and collaborated with fintech companies, while others have been slower to adopt.

• EU and UK: Banks are required to create and maintain APIs that TPPs can use to build financial services. This practice is subject to strict regulatory standards and oversight.

Consumer data access

• US: Consumer data access is guided by the principle of consumer consent under existing privacy laws. There is an emphasis on data security but less focus on enabling TPP ecosystems.

• EU and UK: Consumer data protection and consumer access to data are emphasized equally.

Focus and outcomes

• US: The focus is on improving consumer convenience and data security within existing financial services.

• EU and UK: The focus is on increasing competition and lowering costs in the financial services sector.

Industry participation

• US: Participation is optional and occurs through partnerships and collaborations, often dictated by market forces. Some industry-led initiatives (e.g., the Financial Data Exchange standards) seek to create common standards.

• EU and UK: Banks are obligated to participate and comply with regulatory standards, which are uniformly applied across all financial institutions.

Benefits of open banking for consumers and businesses

Open banking has improved financial services, creating new opportunities and benefits for consumers and businesses.

Consumer benefits

• Personalized financial management: Open banking allows consumers to aggregate their financial data from multiple accounts into a single platform, offering a holistic view of their finances that facilitates budgeting, expense tracking, financial goal setting, and investment recommendation services.

• Smart financial products: Using open banking APIs, fintech companies can offer financial products such as loans, insurance, and investment options that are tailored to individual needs and risk profiles. This leads to better rates, faster approvals, and improved customer satisfaction.

• User experience: Open banking has facilitated convenient and user-friendly digital finance features such as one-click payments, automated savings, and financial insights.

• Robo-advisors and automated investing: Open banking enables robo-advisors to access a wider range of financial data, leading to more accurate investment recommendations and automated portfolio management for investors.

• Financial inclusion: Open banking enables individuals with limited credit history or those underserved by traditional banks to access financial services. TPPs can extend credit and other financial products to a wider population by using alternative data sources and advanced algorithms to assess loan and credit applications.

Business benefits

• Payment solutions: Open banking facilitates faster, more efficient, and cost-effective payment methods. For example, TPPs can initiate payments directly from consumer accounts, reducing reliance on traditional methods.

• Financial data analytics: Aggregating and analyzing financial data from a variety of sources allows businesses to gain valuable insights into consumer behavior, spending patterns, and risk profiles. Businesses can use this data to develop targeted marketing campaigns and improve customer service.

• New business models: Open banking facilitates the emergence of new business models in the financial sector. Fintech startups are using open banking APIs to create platforms and services that challenge traditional banking institutions.

• Fraud prevention and security: By providing a more comprehensive view of financial activity, open banking can help businesses and individuals identify suspicious transactions and prevent fraud.

• Embedded finance: Open banking enables nonfinancial businesses to integrate financial services into their offerings. For instance, ecommerce platforms can offer instant loans or insurance at checkout, while ride-sharing apps can provide in-app payment solutions.

• Small and medium-sized enterprises (SME) financial solutions: SMEs can benefit from open banking-powered solutions such as cash flow forecasting, automated invoicing, and access to alternative financing options.

• Competitive advantage: Early adopters of open banking gain an edge by offering innovative, customer-centric financial services that attract new customers, increase market share, and drive long-term growth.

Challenges in adopting open banking in the US

The adoption of open banking in the US faces several challenges. These include:

• Regulations: Unlike the EU and the UK, where open banking regulations are well-established, the US regulatory landscape is still evolving. This uncertainty can deter some financial institutions and fintech companies from investing in open banking initiatives.

• Data privacy and security: Sharing sensitive financial data with TPPs raises concerns about data privacy and security. Strong security measures, strict data protection regulations, and clear consent mechanisms help maintain consumer trust and protect data from unauthorized access or breaches.

• Standardization and interoperability: Standardized APIs and data formats must be in place for financial institutions and TPPs to achieve interoperability. The lack of a unified standard can create technical barriers and hinder the development of a cohesive open banking ecosystem.

• Legacy systems: Many financial institutions in the US rely on outdated legacy systems that might be incompatible with open banking technologies. Upgrading these systems can be costly and time-consuming, which can pose a major barrier to adoption.

• Consumer trust: Consumers might be hesitant to share their financial data with TPPs due to concerns about security, privacy, and potential misuse of their information. To overcome this challenge, the industry will need to educate consumers about the benefits of open banking and establish transparent data-sharing practices.

• Competition and market dynamics: Open banking can disrupt the traditional banking industry, creating increased competition from fintech companies and other nonbank players. This can pose challenges for established financial institutions that might need to adapt their business models and invest in new technologies to remain relevant.

• Liability and risk management: The industry must determine who is responsible in case of data breaches, fraud, or other issues that might occur in open banking. Liability must be clearly defined to protect consumers and businesses.

• Balancing innovation and protection: Open banking standards and regulations must balance promoting innovation and protecting consumers. Regulations should be flexible enough to allow for experimentation and new business models while safeguarding consumer interests.

Best practices for open banking

The following best practices will help you participate in open banking securely and effectively.

• Phased approach: Start with a pilot project that focuses on specific use cases or customer segments. Test, refine, and scale gradually to minimize risks and maximize learnings.

• API security: Implement strong security measures such as OAuth 2.0 for authentication and authorization, encryption for data transmission, and regular security audits to identify and address vulnerabilities. Design APIs to be resilient and scalable to handle growing traffic and demand.

• API performance: Implement strong monitoring and analytics tools to track API performance, identify bottlenecks, and optimize response times. Analyze usage patterns to gain insights into customer behavior and preferences and tailor your offerings accordingly.

• Data governance and consent mechanisms: Define clear policies for data access, usage, and sharing. Obtain explicit and granular consent from customers before sharing their data with TPPs. Develop transparent data-sharing practices and provide customers with control over their data.

• Developer experience: Create comprehensive documentation, SDKs (software development kits), and sandbox environments to empower developers to easily build applications and services on top of your open banking APIs. Create a developer community and provide support channels to encourage innovation and collaboration.

• Fintech partners: Partnering with fintech companies can accelerate your open banking practice. Use their expertise in technology, customer experience, and regulatory compliance to develop new solutions and expand your reach.

• Regulatory developments: Stay informed about the latest open banking regulatory requirements and industry standards to ensure compliance and maintain a competitive edge.

• Customer engagement: Educate customers about the benefits of open banking and how you will use and protect their data. Provide clear and concise communication about data-sharing practices, consent mechanisms, and security measures to build trust and encourage adoption.

• User experience: Design user-friendly interfaces and intuitive experiences for your customers. Create accessible and easy to use open banking solutions that integrate with existing workflows.

• Experimentation: Open banking is an evolving practice. Embrace innovation to deliver superior financial services.