The Consumer Financial Protection Bureau’s (CFPB) Personal Financial Data Rights rule 1033, announced in late October, officially begins the countdown to an era of US Open Banking. By 2026, the top tier of large banks and credit unions will be required to open their APIs and share data with third-party companies. This mandate will apply to all US banks and credit unions with at least $850 million in assets by April 2030.
While open banking is not a new concept, the US has lagged in regulating open banking. For years, open banking has been a part of the financial landscape of serval markets, including the United Kingdom (UK), Europe (EU), Australia, and several Asian countries. Despite stark differences in the banking environment, most notably the sheer number of FIs across the US, overseas experiences can offer valuable lessons as the US market embarks on this journey.
Standardization Promotes Ecosystem Growth
It may not be coincidental that most banks and credit unions obligated to comply by April 2026 already engage in open banking in some fashion. These large institutions have APIs in place and possess the resources and market power to negotiate terms governing data access with third parties on a case-by-case basis. However, this ad hoc process is not scalable if the goal is to connect thousands of FIs and third-party providers.
Early inconsistencies between UK institutions and open banking APIs created implementation issues. Standardizing these APIs helped reduce friction, improve integration, and increase service reliability, leading to more cohesive third-party offerings and the ability to develop cross-bank services. The CFPB has expressed its desire for the US market to coalesce around a small number of standards, but it has yet to identify any player with its “seal of approval.”
Customer-Centricity, Trust, and Patience
Given the need to adhere to an unfamiliar set of legal mandates, early UK and EU open banking efforts focused more on compliance than end-user value. Successful market adoption requires that services address customer pain points or offer new, valuable experiences. Notably, the current CFPB rule does not include much of the data that drives lending decisions, although other countries have expanded data scope over time. As they grew comfortable with the “rules of the road,” players in these markets focused on use cases such as budgeting, lending, and personalized financial advice to drive customer engagement.
An emphasis on transparent consent management, secure APIs, and robust data governance also became central to open banking adoption. Many consumers are naturally concerned about sharing their financial information, and mistrust slowed early adoption in the UK and EU. Over time, third-party providers became integrated into these countries’ financial value chains and customers grew familiar with the process, gradually growing reticent to hand over data to “unknown providers.”
The current CFPB rule leaves unanswered questions regarding third-party vetting, liability for bad actors, and an FI’s authority to refuse data to a questionable party presenting valid customer consent. These issues will likely require resolution for US open banking to gain traction.
Expect the Unexpected
Other countries and regions experienced an initial lag between regulatory implementation and consumer activity, with interest eventually driven by the awareness and appeal of specific solutions rather than the concept of open banking itself. Such gradual adoption highlights the importance of patience and ongoing investment to create value, especially as new user cases are continuously explored.
A stated intent of UK and EU open banking was to promote competition in the consumer banking sector. However, SME adoption continues to be more widespread than traditional consumer accounts. CFPB Director Rohit Chopra frequently touts the simplification of bank switching, drawing an analogy to the FTC rule mandating portability of mobile phone numbers. However the UK reports little evidence of account migration, and it does not appear to be a focus of early US activity either.
However, this does not mean that portions of a customer’s business cannot be lost or gained. The safest bet is that some unexpected innovation will be a crucial catalyst.
The Bottom Line
Most US banks and credit unions aren’t required to comply with these new CFPB mandates for 3-5 years, if at all. This lead time is not an excuse to put it on the back burner. As other institutions make these features available, those lacking such capabilities will appear obsolete.
SRM has helped financial institutions navigate complex open banking landscapes across the UK and EU. Leveraging these insights, SRM can help US FIs not only meet compliance requirements but also position themselves as leaders in the open banking era, ready to capitalize on the opportunities that lie ahead.
