Open banking is nothing new for banks in the UK and Europe, but the concept is now coming to the US market and is set to proliferate in 2025. While there is regulatory approval to move ahead, there are some obstacles ahead that will need addressing.

The Consumer Financial Protection Bureau (CFPB) finalised the Personal Financial Data Rights Rule, also known as “open banking”, in October 2024. This regulation mandates that financial institutions make consumer financial data accessible through secure, standardised APIs, provided with explicit consumer consent, thereby offering consumers greater control over their financial data.

While promising in its aims to foster transparency and competition, open banking presents formidable challenges for financial services institutions (FSIs), particularly those grappling with legacy systems, data security, and regulatory compliance.

To meet these challenges, US banks must undergo a significant transformation in data management and interoperability. By adopting modern data unification techniques, FSIs can transform these challenges into opportunities, ensuring compliance while positioning themselves as leaders in an increasingly data-driven financial ecosystem.

The open banking mandate and core requirements

The CFPB’s rule sets out six strict requirements for data access, security, and compliance oversight in how US banks and financial service providers apply open banking.

Data Accessibility

How well do you really know your competitors?

Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.

View profiles in store

Company Profile – free sample

Thank you!

Your download email will arrive shortly

Not ready to buy yet? Download a free sample

We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below form

By GlobalData

Submit

UK USA Afghanistan Åland Islands Albania Algeria American Samoa Andorra Angola Anguilla Antarctica Antigua and Barbuda Argentina Armenia Aruba Australia Austria Azerbaijan Bahamas Bahrain Bangladesh Barbados Belarus Belgium Belize Benin Bermuda Bhutan Bolivia Bonaire, Sint Eustatius and Saba Bosnia and Herzegovina Botswana Bouvet Island Brazil British Indian Ocean Territory Brunei Darussalam Bulgaria Burkina Faso Burundi Cambodia Cameroon Canada Cape Verde Cayman Islands Central African Republic Chad Chile China Christmas Island Cocos Islands Colombia Comoros Congo Democratic Republic of the Congo Cook Islands Costa Rica Côte d"Ivoire Croatia Cuba Curaçao Cyprus Czech Republic Denmark Djibouti Dominica Dominican Republic Ecuador Egypt El Salvador Equatorial Guinea Eritrea Estonia Ethiopia Falkland Islands Faroe Islands Fiji Finland France French Guiana French Polynesia French Southern Territories Gabon Gambia Georgia Germany Ghana Gibraltar Greece Greenland Grenada Guadeloupe Guam Guatemala Guernsey Guinea Guinea-Bissau Guyana Haiti Heard Island and McDonald Islands Holy See Honduras Hong Kong Hungary Iceland India Indonesia Iran Iraq Ireland Isle of Man Israel Italy Jamaica Japan Jersey Jordan Kazakhstan Kenya Kiribati North Korea South Korea Kuwait Kyrgyzstan Lao Latvia Lebanon Lesotho Liberia Libyan Arab Jamahiriya Liechtenstein Lithuania Luxembourg Macao Macedonia, The Former Yugoslav Republic of Madagascar Malawi Malaysia Maldives Mali Malta Marshall Islands Martinique Mauritania Mauritius Mayotte Mexico Micronesia Moldova Monaco Mongolia Montenegro Montserrat Morocco Mozambique Myanmar Namibia Nauru Nepal Netherlands New Caledonia New Zealand Nicaragua Niger Nigeria Niue Norfolk Island Northern Mariana Islands Norway Oman Pakistan Palau Palestinian Territory Panama Papua New Guinea Paraguay Peru Philippines Pitcairn Poland Portugal Puerto Rico Qatar Réunion Romania Russian Federation Rwanda Saint Helena, Ascension and Tristan da Cunha Saint Kitts and Nevis Saint Lucia Saint Pierre and Miquelon Saint Vincent and The Grenadines Samoa San Marino Sao Tome and Principe Saudi Arabia Senegal Serbia Seychelles Sierra Leone Singapore Slovakia Slovenia Solomon Islands Somalia South Africa South Georgia and The South Sandwich Islands Spain Sri Lanka Sudan Suriname Svalbard and Jan Mayen Swaziland Sweden Switzerland Syrian Arab Republic Taiwan Tajikistan Tanzania Thailand Timor-Leste Togo Tokelau Tonga Trinidad and Tobago Tunisia Turkey Turkmenistan Turks and Caicos Islands Tuvalu Uganda Ukraine United Arab Emirates US Minor Outlying Islands Uruguay Uzbekistan Vanuatu Venezuela Vietnam British Virgin Islands US Virgin Islands Wallis and Futuna Western Sahara Yemen Zambia Zimbabwe Kosovo

Industry * Academia & Education Aerospace, Defense & Security Agriculture Asset Management Automotive Banking & Payments Chemicals Construction Consumer Foodservice Government, trade bodies and NGOs Health & Fitness Hospitals & Healthcare HR, Staffing & Recruitment Insurance Investment Banking Legal Services Management Consulting Marketing & Advertising Media & Publishing Medical Devices Mining Oil & Gas Packaging Pharmaceuticals Power & Utilities Private Equity Real Estate Retail Sport Technology Telecom Transportation & Logistics Travel, Tourism & Hospitality Venture Capital

Tick here to opt out of curated industry news, reports, and event updates from Retail Banker International.

Submit and download

Visit our Privacy Policy for more information about our services, how we may use, process and share your personal data, including information of your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.

US banks must provide customers’ access to their financial data and enable third-party access upon consumer authorisation. This includes data such as account balances, transactions, and payment history.

Secure APIs

Financial institutions must adopt standardised, secure APIs for data sharing, moving away from less secure methods like screen scraping.

Explicit Consent Management

Banks are required to establish robust consent management systems, ensuring consumers understand and authorise third-party access to their data.

Privacy and Security Measures

Ensuring that data is only shared for authorised purposes and managed securely is paramount.

Third-Party Compliance Monitoring

Institutions are held accountable for third-party providers’ adherence to regulatory standards.

Regulatory Audit Preparedness

Detailed records and documentation are necessary to demonstrate compliance.

US banks-majority unprepared for open banking

For US financial service providers, these requirements entail adopting advanced data practices, regulatory frameworks, and infrastructure capable of supporting real-time, secure data sharing. However,  past reports like the Sopra Steria report on digital banking trends suggest  75% of banks report that they are unprepared for the demands of open banking.

Challenges for financial institutions

The push for open banking in the US comes with considerable obstacles, particularly in the areas of technology and compliance. Many US financial institutions continue to rely on legacy systems that are not designed to support real-time data sharing or the seamless integration of APIs essential for open banking. Transforming these outdated infrastructures to meet open banking’s requirements demands a substantial investment in modernisation and technical reengineering.

Adding to this complexity is the US adoption of API standards from the Financial Data Exchange (FDX), a move aimed at ensuring data interoperability across financial systems. However, aligning existing systems with FDX standards involves extensive work in developing APIs and restructuring data, challenging institutions to adapt quickly and cohesively.

Data security and privacy represent additional critical concerns, as banks must rigorously protect consumer data both in transit and at rest.

With the heightened regulatory focus on secure data exchanges, banks are responsible for ensuring that all shared information with third parties complies with stringent security standards, requiring meticulous oversight of data usage and access controls. Furthermore, open banking’s regulatory compliance demands are formidable, necessitating comprehensive audit trails and systems with fine-grained data traceability. Legacy systems, often lacking these capabilities, face significant difficulties in meeting these complex regulatory requirements.

Modern data management: An essential tool for open banking

Effective data management and unification strategies can help US banks overcome these challenges, allowing them to build the required infrastructure, ensure regulatory compliance, and securely manage customer data. This approach centres on creating a unified data platform capable of supporting open banking functionality while maintaining flexibility for future regulatory developments.

The key elements of this start with a platform that  enables a holistic view of each customer, integrating data from multiple systems and applications into a unified, real-time view. By leveraging such platforms, banks can provide more tailored services, improving the customer experience while ensuring data is securely managed and consented to.

For FSIs, consent management is a cornerstone of regulatory compliance and crucial to how they will enable open banking. Advanced consent management systems allow banks to capture, manage, and audit consumer consent dynamically, ensuring that data sharing activities comply with regulatory standards in real time.

As US banks roll out open banking, they will be under the microscope from the CFPB. This means they will need data governance frameworks equipped with access controls, data provenance, and audit trails to assure regulatory compliance. By embedding governance into their data management systems, banks can securely handle open banking related data exchanges with third parties while maintaining full traceability, reducing the risk of regulatory penalties.

And finally, there is how the banks create and manage those APIs that are so crucial to the underlying Interoperability that enables open banking.  Developing APIs aligned with FDX standards is essential for compliance. A modern data platform can simplify this by providing a centralised point of data access, enabling standardised and secure API integrations that facilitate compliance with open banking requirements without extensive reengineering of legacy systems.

The competitive advantage of embracing open banking

While open banking may seem like an added regulatory burden for US banks, it offers competitive advantages for those institutions that embrace it. By adopting robust data unification and management solutions, financial service providers can gain a first-mover advantage, positioning themselves as leaders in a market where consumer trust and data privacy are paramount. Banks that can offer seamless, secure access to financial data are likely to attract a new wave of digitally-savvy consumers, ultimately driving loyalty and growth.

Furthermore, open banking aligns with a broader trend toward consumer empowerment. With consumers increasingly expecting greater transparency and control over their financial data, banks that meet these expectations stand to benefit from increased customer satisfaction and brand loyalty.

As the US embarks on its open banking journey, financial institutions face significant challenges and transformative opportunities. Modern data management practices, coupled with effective unification strategies, offer a pathway for banks to not only comply with the stringent requirements of open banking but also to lead in an evolving financial landscape. By embracing these technologies, US banks can ensure data security, meet regulatory demands, and foster consumer trust—ultimately reaping the competitive advantages that open banking promises and already delivers elsewhere in the world.

Karthik Narayan is Product Management Director at Reltio