Open Banking Moves From Access to Economics
Open banking has been discussed as another way to move money, where debate over who controls the data that makes those payments possible is giving way to how that data is delivered, who bears the cost of maintaining secure application programming interfaces (APIs), and whether every data request should be treated equally.
Those questions are becoming more pressing as financial institutions continue investing in the infrastructure needed to support a more connected ecosystem.
That preparation in the financial services industry is captured in PYMNTS Intelligence research with Velera on credit unions, which suggests that many institutions view digital capabilities, and open banking, as central to retaining both consumer and business relationships.
For many institutions, open banking therefore is being positioned as service, and in terms of technology, it depends upon modern API architecture, identity management and data governance.
The Regulatory Picture Evolves
The Consumer Financial Protection Bureau’s Section 1033 rule, finalized in October 2024 under the Dodd-Frank Act, established consumers’ right to authorize third parties to obtain financial data electronically. That rule, however, is not currently being enforced after a federal court issued an injunction, and the CFPB has indicated it is revisiting portions of the framework while litigation remains pending.
One of the principal issues under review concerns whether financial institutions should be permitted to charge fees for certain categories of data access rather than providing unlimited access without charge.
States have not waited for Washington to resolve the issue.
New York lawmakers introduced companion legislation this year that would establish consumer and small business financial data rights at the state level. Senate Bill S9483 and Assembly Bill A10640 would require financial institutions to provide machine-readable financial data through developer interfaces while prohibiting fees for transferring that data to authorized third parties. The proposal also extends data portability rights to small businesses, an area not covered by the original CFPB rule.
Although the legislation remains in committee, it demonstrates that states may be prepared to establish their own frameworks if federal policy continues to evolve slowly. That possibility raises another challenge for financial institutions that operate nationally: complying with multiple data-sharing regimes rather than a single federal standard.
Consumer Interest Still Exceeds Consumer Usage
Consumer adoption presents a more nuanced picture than the industry’s long-term projections sometimes suggest. PYMNTS Intelligence finds meaningful consumer interest in paying directly from bank accounts, but routine usage remains modest. The report, done in collaboration with Trustly, estimates that roughly 46% of U.S. consumers are willing to use open banking payments for at least one type of purchase, with monthly bills, groceries and subscriptions drawing the strongest interest. But only 11% of consumers reported using an open banking payment. The read across is that providers still face work explaining when consumers should choose account-to-account payments instead of cards, digital wallets or traditional bank bill pay.
The economics behind those choices may soon become more complicated.
The CFPB’s original Section 1033 rule prohibited financial institutions from charging fees for making covered consumer data available to authorized third parties. That prohibition has become one of the most closely watched elements of the ongoing rule revision. Industry discussions have shifted toward whether institutions should be permitted to recover at least part of the cost of supporting secure APIs, particularly when third parties generate large volumes of automated requests.
If pricing flexibility ultimately becomes part of the federal framework, open banking may begin separating into two distinct markets.
Basic account verification and standard transaction histories could become commodity services delivered at little or no cost. Richer datasets, including high-frequency transaction updates, enriched merchant information, cash flow analytics, income verification or continuous account monitoring, could carry usage fees that reflect both their operational cost and commercial value.
Such an outcome would require FinTechs to become more selective about the information they retrieve.
Instead of requesting every available data element simply because technology permits it, providers would need to determine which information genuinely improves underwriting, fraud detection, personal financial management or payment initiation. High-frequency API requests that produce little incremental value would become more difficult to justify if each request carries a measurable cost.
For banks, that could create an opportunity to distinguish between essential consumer rights and premium commercial services. For FinTechs, it could shift attention from collecting the largest possible datasets to extracting greater value from fewer, more targeted data requests.
As regulators refine the rules and states consider their own frameworks, determining which data remains free, which becomes premium and who decides that distinction will need to be in place before open banking scales.