Open Banking Makes Banks Nervous — But Now It’s Inevitable

Open Banking Makes Banks Nervous — But Now It’s Inevitable

March 28, 2024

By: Tyler Brown

Regulation and Data

Forty-six percent of US financial institutions (FIs) say the risks of open banking outweigh its benefits, according to a recent study by PYMNTS Intelligence, and 20% say the benefits and risks are in balance. That leaves just over a third of FIs who see value in open banking that outweighs the risk, and those that are enthusiastic about it may be even fewer. In CCG Catalyst’s Banking Stability and Innovation Study 2023, only 17% of US FIs said they were committed to providing open data access to third parties.

FIs’ discomfort with open banking and general reluctance to commit to providing data access puts them in a tough spot. The Consumer Financial Protection Bureau’s (CFPB’s) pending rule on open banking, implementing Section 1033 of the Dodd-Frank Act, will require banks to enable third parties’ access to consumers’ Regulation E and Regulation Z account data (such as from checking, savings, and credit card accounts) on consumers’ behalf. The banking industry has pushed back on aspects of the proposed rule, expressing concern about the CFPB’s regulatory restraint, the scope of data the proposed rule mandates banks provide access to, and the rule’s practical implications.

According to an American Bankers Association (ABA) policy brief, the industry is arguing for several changes in the final rule, which is expected this fall:

  • A provision related to data aggregators’ compliance with the 1033 rule and clarity on banks’ liability for ensuring it
  • Limits to the scope of certain types of data banks are required by the rule to offer, based on legal text and practical implications
  • Limits to obligations the rule imposes on banks indirectly related to consumer data, such as the initiation of payments from Regulation E accounts
  • Security requirements for certain third parties, such as compliance with the Gramm-Leach-Bliley Act (which requires that banks disclose information-sharing practices)
  • Stronger risk management protections for banks, including the conditions under which they can deny third parties access to data
  • The explicit ability for banks to recoup costs related to authorization, authentication, and infrastructure

FIs might feel frustrated while they wait for the CFPB’s final open banking rule. But open banking is part of the same macro trend as API-native, extensible, and flexible tech stacks — which are crucial to helping FIs overcome aging infrastructure and address customers’ affinity for services provided by fintechs and Big Tech. Therefore, instead of continuing to be reluctant, FIs should think about how to get ahead of these requirements as part of a wider technology conversation and find potential benefits.

For instance, open banking solves a security problem — consumers give third-party apps unsecure access to their bank accounts already, which open banking APIs empower FIs to stop. It also helps FIs fulfill demand for a diverse ecosystem of fintech apps and tools and create better experiences for customers.

The bottom line is that having an open banking strategy is poised to be mandatory, so FIs might as well make the best of it. Any that haven’t started board-level discussions about open banking should start now — and on the top of the agenda should be how open banking will affect the FI’s business strategy and how it will fit in with technological and strategic issues that should already be part of the discussion.