With an open banking rule blocked in court – and a new version being crafted at an agency that may shutter – it’s easy to see a bleak fate for U.S. open banking.
But any pessimistic outlook belies an expansion of data sharing already happening between banks and fintechs. That was evidenced in several comments to the Consumer Financial Protection Bureau for its rulemaking on the issue.
The open banking trend, which revolves around consumers being more easily able to share their financial data, has taken hold in other parts of the world, particularly Europe.
About 1,000 data providers – “including banks, credit unions, and fintech data holders” – are currently sharing customer-permissioned data using application protocol interface (API) standards from Financial Data Exchange, the standard-setting organization said in recent comments to the CFPB about open banking.
API connections between companies have grown 50% in the past year to about 114 million, and have more than tripled since 2022, FDX said. “The continued growth in FDX API standards adoption has also come amid growth in the ‘open finance’ ecosystem overall,” the exchange wrote Oct. 20 in its comments to the CFPB.
FDX, a Reston, Virginia-based nonprofit formed in 2018, says it has about 200 members, including banks, credit unions, fintechs and technology companies.
“Open banking is happening at scale right now without major disputes coming up,” Adam Maarec, an attorney with the law firm McGlinchey Stafford, said in an interview last week. “We haven’t seen any high-profile data breaches, which means that the security implementations have been relatively good.”
The October 2024 rule was enacted during the Biden administration and drew an immediate federal lawsuit from banking groups seeking to overturn it.
Banks argued that the rule imposed heavy compliance costs and did not address liability issues around fraud and misuse of consumers’ financial data. The plaintiffs also said the bureau had exceeded its authority in formulating the rule.
Last week, a federal judge in Kentucky issued a preliminary injunction preventing the Consumer Financial Protection Bureau from enforcing the rule until it has “completed its reconsideration” of the rule. The bureau is now digesting about 14,000 comments it collected over the past two months to inform revisions on the final rule.
The open banking rule now in regulatory limbo gives consumers a right to share their detailed financial data with third parties under the notion that a consumer’s ability to easily swap accounts among banks, credit unions or fintechs will boost competition in the financial services industry.
Much of the proliferation in APIs has accompanied consumers’ interest in new fintech apps and digital offerings, where people share their financial data to use a new tool or service.
The growth of API connections has also come amid the industry’s shift away from a practice known as “screen scraping,” in which a consumer shares account information with a new financial services provider to log in, letting it gather data on behalf of the customer. Such scraping is rife with inefficiencies, errors and fraud, according to industry experts.
Screen scraping “accounted for a vast majority of user-permissioned financial data access just a few years ago,” but APIs now account for around two-thirds of financial data access traffic, the FDX wrote.
There’s a history of bilateral agreements between players in the open banking field, with banks and financial technology firms signing deals on how they share data, said Maarec, who advises such companies.
One of the more notable: A September agreement between financial data aggregator Plaid and JPMorgan Chase that included a joint press release about the largest U.S. bank reaping new payments for sharing customer data.
That deal was among the first to be struck after the bank notified fintechs over the summer that further access to consumer financial data would require payment. Although JPMorgan Chase is the only bank known to have imposed access fees – which fintechs have assailed as contrary to Congress’s intent in the 2010 law mandating open banking – other large banks are watching the matter closely.
The number of apps linked to JPMorgan Chase accounts has grown from 5,000 to 11,000 over the last two years, with monthly data calls via APIs doubling from 1 billion to 2 billion, the bank said in its open banking comments to the CFPB.
“This growth happened because of free market participants — not government mandates,” said the bank’s Oct. 21 letter to the CFPB, signed by Melissa Feldsher, a JPMorgan Chase managing director and head of consumer payments.
JPMorgan Chase also told the bureau it has reached fee-payment deals with “80% of the aggregator-volume” using its APIs to exchange data. Terms requiring payment support the bank’s maintenance costs “and disincentivize unnecessary data access from customer accounts,” Feldsher wrote.
Bilateral contracts can “manage key risks around ... liability for errors, minimum and evolving data security requirements, third-party and fourth-party risk management, and so forth, to fill in gaps that the final rules left,” Maarec said. “And that was the bureau’s expectation, too, that bilaterals were going to be critical for the market.”
Steve Boms, executive director of the Financial Data and Technology Association-North America, said in an email last week that the group “remains committed to advocating for consumers’ rights to access and share their own financial data.”
Similarly, the American Fintech Council is “confident that a pragmatic open banking framework will be developed,” Ian P. Moloney, an AFC senior vice president and head of policy and regulatory affairs, wrote Wednesday in an email.
“The consumer demand and market need are simply too strong to ignore,” he said. “The goal should be a durable, bipartisan framework that ensures consumers can access and share their data without fees or friction, and that fosters responsible innovation and competition across the financial system.”
Still, even with a revamped rule that could offer some provisions that banks and fintechs like, abundant strategic reasons remain to continue litigating, said James Kim, a partner in law firm Cooley’s financial services enforcement and regulatory practice and a former CFPB attorney.
Technical work to implement open banking “would be very expensive, long-term undertakings,” for some players, Kim said last week. “Nobody wants to go down that road until they’re sure that they have to, and they know what that looks like. That’s part of the reason why you litigate.”
