Open Banking on Hold: How CFIs Can Use the Pause

While usually associated with the internet and mobile technology, the digital transformation actually began with the invention of microchips and semiconductors in the 1950s. These allowed companies to shift outdated manual processes to digital technologies and data. The widespread use of personal computers in the 1990s, along with the introduction of the internet and the World Wide Web, ushered in the current digital age.Digital transformation has advanced rapidly over the past two decades, but the laws and regulations governing digital technology use haven’t always kept pace. One good example is open banking, or the ability of consumers to control how their data is transmitted from one financial institution to another.The Personal Financial Data Rights Rule, which was issued by the Consumer Financial Protection Bureau (CFPB) in October 2024, was intended to address this problem. Also known as Section 1033 or the “open banking rule”, this regulation was intended to create a secure, standardized mechanism for consent-based sharing of financial data between financial service providers.However, a federal court issued a preliminary injunction this year, preventing the CFPB from enforcing the open banking rule while the agency reconsiders its scope. The CFPB has initiated an accelerated new rulemaking process with the stated aim of “substantially revising” the regulation. This pause has created uncertainty for community financial institutions (CFIs), fintech companies, and consumers as they await further action from the CFPBHow the US Compares in Open BankingDespite a sense of urgency in digital transformation and continually expanding digital financial capabilities, open banking is one area where the US is not in the lead, compared to other countries. For example, the United Kingdom and the European Union have established rules governing data portability and making it a baseline consumer right. In the US, however, consumers cannot formally request that CFIs share their financial information with third-party apps. Instead, data access relies on private contracts and arrangements, such as data aggregation by large intermediaries and proprietary application programming interfaces (APIs). For example, Financial Data Exchange (FDX) has developed an API standard that simplifies data sharing between CFIs and fintechs and currently supports 114MM customer connections.With the introduction of new fintech products for everything from budgeting to payments, consumers have come to expect more control over how their financial data is transmitted between financial services providers. In response, many CFIs have begun exploring platforms and upgrades along with fintech partnerships that allow secure and scalable connectivity.The Hidden Opportunities of a DelayThe injunction delaying the open banking rule’s compliance dates gives CFIs more time before they must meet new data sharing requirements, and an opportunity to engage in the ongoing policy discussion, such as how it defines cost, liability, and security.Passage of regulations allowing open banking in the US isn’t a matter of if, but when. In the meantime, CFIs will benefit from continuing to make decisions that enable them to build the infrastructure that will be necessary for data portability, resilience, and transparency. One example could be investing in systems that support data access and portability. This includes standardized APIs for simplified collaboration with third parties, including fintech partners. Streamlining integration with these partners will make it easier to launch new digital products tailored to your customers’ needs.Another initiative that’s beneficial now is to focus on maintaining transparent infrastructure so you can provide access to customers’ account information and verify its accuracy when requested. This infrastructure should provide independent access to account-level details in real time while allowing reconciliation and auditing of financial records without relying on third parties.Of course, it also goes without saying that cybersecurity should be at the top of every CFI's priority list, but this is especially crucial if your CFI is going to be opening a gateway to other providers. Without proper assessment of cybersecurity initiatives and the time to test new boundaries for effectiveness, meeting a compliance deadline could lead to a vulnerability. With the pressure on open banking compliance released, your CFI has time to court more vendors, bring on more internal expertise, and build up cyber defenses. In addition, establish internal protocols and align cross-functional teams around data governance. Be sure to include stakeholders who influence and execute engineering, compliance, and legal decisions at your CFI to ensure that data-sharing practices and protocols remain consistent despite regulatory changes.Keep Your Momentum Moving ForwardDon’t let regulatory uncertainty stymie your progress toward the open banking environment that will become a reality, whether sooner or later. Keep your “pedal to the metal” as you prepare for the implementation of the revised open banking rule when it is eventually finalized.