The US’ open banking journey is one of twists and turns. It began as an industry-led movement to get consumer data into third-party apps that customers were hungry for. In the meantime, regulation loomed on the horizon, and last year it looked as though it might finally become a reality. But then a change of administration ushered in a new era, putting the rule in limbo. Fast-forward a few months, and JPMorgan Chase just announced that it will begin charging for access to its customers’ data.

Are you keeping up? It’s not easy.

From where I sit, open banking in the US has gone through two distinct phases, and JPMorgan Chase may have now kicked off a third. Let me break it down as I see it:

Phase 1: Industry-led — defensive

The first phase of open banking in the US was characterized by financial institutions (FIs) creating data access via application programming interfaces (APIs) to third parties to satisfy consumer demand for fintech apps. This was in response to several factors, including heightened competition and the prevalence of screen-scraping by which third-party apps access consumer bank data through shared login credentials, a practice that is far less secure than using direct interfaces. Ironically, perhaps the most well-known example is JPMorgan Chase’s 2018 agreement with Plaid.

This era saw banks taking a proactive approach to consumer data-sharing, though they still sought to retain control over what that looked like — each year in our annual study we ask bank executives about their open banking strategy; for 4 years in a row, the largest group said they were “interested in working with select third-party partners.”  

Phase 2: Regulatory push

The Consumer Financial Protection Bureau (CFPB) issued its final open banking rule in October of 2024. The rule, written to compel FIs to share specific types of customer data, including from deposit accounts, credit cards, and payment services, marked a major shift in US open banking. For the first time, the prospect of a government-led open banking framework, like those in the UK and Europe, was on the table.

The rule received considerable pushback from the banking industry, which argued that it would be burdensome especially to the country’s community banks. Then, with the change in administration and subsequent changes at the CFPB, the rule essentially died on the vine. Most recently, the CFPB moved to rescind the rule in its current form.

(Potential) Phase 3: Industry-led — offensive

The regulatory about-face made open banking in the US a question again. It created a vacuum, ripe for industry participants to take a shot at offering their own definition once more. That appears to be what JPMorgan Chase is up to now. Specifically, the bank has circulated proposed pricing to data aggregators like Plaid and Yodlee. This would effectively charge those companies, and thereby the fintech industry, for access to customer data.

Under traditional open banking models, this is a big no-no. But there is no traditional open banking model in the US and no longer one on the horizon. Instead, there’s a brand new blank slate. Industry analysts don’t expect much of an impact to larger fintech companies but warn that, “smaller fintechs that depend heavily on automated clearing house (ACH) rails or open banking frameworks for onboarding and compliance may face real pressure if the fees take effect,” according to CNBC.

The major implication for US banks is that this could create yet another shift in the US open banking landscape. To be fair, Section 1033 of the Dodd-Frank Act, which permits consumers to access and share their financial data, still exists, even if the CFPB’s rule currently does not. But it will take time to work out how it will be enforced (if it is at all; it’s already 15 years later). In the meantime, we may begin to see more FIs take an offensive position and work to turn open banking into a revenue stream. While it’d likely start at the top, this tactic could make its way downstream through established technology vendors, effectively standardizing open banking in the US as a monetization play.

Alternatively, seeing the first mover advantage the biggest banks have, the industry may consider banding together to — plot twist — speed up the implementation of Section 1033. In this scenario, by taking advantage of the current administration’s pro-innovation stance, the banking community could seize the opportunity to push for standards that work for everyone. This would represent a truly offensive move that sees beyond the immediate potential for monetization and to the value of creating an open banking framework that is formal and aligned with the banking industry long term.

What does it all mean for my bank?

Regardless of what happens next, the foundational implications for bankers are the same. In every single phase, being able to share data easily, efficiently, and securely is key. In every single phase, thinking about what data-sharing means strategically for a bank’s business is key. This is an excellent example of the perils of the regulatory wind — it’s important to have a plan and strategy for open banking regardless of external factors. That plan can then be tweaked as necessary. The risk lies in waiting for everything to play out.  

It’s not easy to be a community bank, and it’s certainly not easy for a community bank to achieve the openness necessary to compete. But thinking about how the principles of open banking apply internally and getting a strategy in place is an imperative. That was true 10 years ago, and it’s still true today.