Is it finally showtime for open banking in the United States?

Tuesday, January 28, 2025

4 Minute Read

Why issuers should lay the groundwork now

The concept of open banking might soon have its day in the United States. Driven by regulations and market demand, there are tremendous opportunities for banks, businesses and consumers. However, it puts pressure on issuers to prepare with product offerings and data security measures, among other priorities.

Open banking is meant to help people manage finances and make payments. It's been slow to develop in the U.S. partly due to a fragmented market, with thousands of banks and hundreds of fintech firms, and the lack of a regulatory mandate. But that could all be changing.

What does Open Banking do?

Open banking allows accountholders to share their personal data with third parties, such as fintech companies, merchants, currency exchanges and other financial institutions. Consumers authorize sharing their data typically with an app, which uses application programming interfaces (APIs) to form the connection.

Regulations advancing

On the regulatory front, the Consumer Financial Protection Bureau (CFPB) issued the Personal Financial Data Rights rule (also known as the opening banking rule) in October 2024, a potential major step toward centralization of open banking regulation in the U.S. The rule, to take effect in stages starting in 2025, requires financial institutions (FIs), credit card issuers and other financial providers to unlock a customer’s personal financial data and transfer it to another entity at the consumer’s request — free of charge.

It’s meant to help consumers more easily change providers, allowing them to take advantage of better rates and services. With greater competition and consumer choice, the rule will help lower prices on loans and improve customer service across payments, credit and banking markets, the CFPB notes.

The banking industry has expressed concerns about data security and increased regulatory burdens. In fact, the Bank Policy Institute challenged the final rule by suing in U.S. District Court, citing security concerns in the sharing of data and alleging a lack of oversight for third parties.

Consumer demand leads the way

Regardless of how regulations unfold, issuers need to plan for a new world of open banking, driven by consumer demand. People increasingly want convenient, personalized services to manage their finances. Open banking brings expectations of greater control of financial data and greater transparency to make more informed decisions — particularly with savings and borrowing.

We are on the cusp of rapid growth in open banking. It empowers consumers to make more informed and better financial decisions in the way they pay, the way transactions are settled, and how money is managed. Issuers need to be ready for this coming wave. - Gaylon Jowers, SEVP and President, TSYS Issuer Solutions We are on the cusp of rapid growth in open banking. It empowers consumers to make more informed and better financial decisions in the way they pay, the way transactions are settled, and how money is managed. Issuers need to be ready for this coming wave. - Gaylon Jowers, SEVP and President, TSYS Issuer Solutions

The open banking landscape

There are already open banking technology players in the market. For example, banking API providers Plaid and Yodlee offer services for those wanting a clearer picture of their finances. Plaid notes on its website that more than 8,000 financial apps use the service, and 1 in 3 U.S. adults has connected a financial account to an app with Plaid.

Among other notable companies are LendingClub, which handles peer-to-peer lending, and Chime's fee-free banking services that rely on its relationship with banks to store funds.

These apps rely on voluntary data-sharing agreements with banks, rather than mandatory API-based ecosystems, something that’s further along in Europe.

Market disruptors

What are some considerations that issuers should prepare for in a market that’s ripe for disruption? Here are five:

1. Progress made toward a standard. The Financial Data Exchange (FDX) is a non-profit standards body working to build a common, interoperable and royalty-free technical standard for user-permissioned financial data sharing, using its FDX API. The CFPB in January issued an order recognizing FDX as a standard setting body under its Personal Financial Data Rights rule. The move was viewed by the industry as a step toward uniformity in opening banking. FDX members include banks, fintechs and financial services groups that have rallied behind a single data-sharing standard. FDX reported in September that 94 million consumer accounts were using its API, up from 65 million accounts a year earlier.

2. Potential for differentiation. FIs that use open banking can offer enhanced services such as allowing customers to link all of their financial accounts into a single dashboard. On the lending side, consumers can use open banking to apply for credit cards and other loans by sharing financial data from their home institution, giving other lenders an ability to better score a client’s application, using data such as monthly income and spending patterns.

3. Real-time payments and pay-by-bank. Open banking could help accelerate adoption of real-time payments, since APIs can be used to direct access to bank accounts to verify funds. Issuers need to incentivize customers to still use credit and debit cards as a way to pay, such as with rewards and cash back programs. Consumers could also take advantage of the growth of account-to-account payments via open banking, also known as “pay-by-bank.”

4. Global competition coming to the U.S. Some regions are ahead of the U.S. with open banking. The European Union implemented the Payment Services Directive 2 (PSD2) in 2018, mandating banks provide open APIs to third parties for access to customer data, with their consent. In the United Kingdom, there were nearly 12 million active users of open banking products and more than 22 million payments made monthly, according to Open Banking Ltd, a UK organization that oversees standardization. In Brazil, 35 million consumers were using open banking as of October 2024, according to Banco Central Do Brasil, the country’s central bank. A government mandate in 2021 is helping fuel the market there. Providers worldwide will likely look to expand in the U.S. soon.

5. Advancing data security. Market solutions have helped advance security features in data sharing. API-based data sharing has become the lynchpin of open banking. FDX promotes standardized API specifications and best practices, which is preferred over screen scraping. Open Authorization 2.0 (OAuth 2.0) is a standard for ensuring only authorized users access data. Some companies adopted strict security protocols that allow banks and fintechs to share intermediary levels of data to minimize the exposure of sensitive data. U.S. issuers can keep an eye on what’s transpiring overseas to fine-tune their approach. Europe’s Digital Operational Resilience Act (DORA) marks another step in erecting security safeguards. (See sidebar)

DORA: Europe’s oversight of third-party reporting takes effect

Europe’s Digital Operational Resilience Act (DORA) took effect Jan. 17, strengthening requirements for data management between financial organizations and third parties. European Supervisory Authorities entities now must have operational resilience safeguards in place. FIs must meet new reporting obligations, specifically their registers of so-called information and communications technology (ICT) contractual arrangements with third-party providers to make sure they are available for competent authorities. They also need to ensure they are equipped to classify and report their major ICT-related incidents from the date of application.

Issuers need to act

With the open banking landscape rapidly changing, issuers should be ready for what's next. “Issuers need to lay the groundwork by bolstering data-sharing security and developing new products,” Jowers says.