In 1975, a 24-year-old Kodak engineer named Steve Sasson built the world's first digital camera in a company lab using spare parts. It weighed eight pounds, captured a black-and-white image at 0.01 megapixels, and took 23 seconds to write a single photo to a cassette tape. When Sasson presented it to management, they understood what the invention meant. Kodak wasn't blind to the future, but they were protecting the present. Film was the business, and digital was at its infancy. They watched, they planned, and they waited for the right moment to move. The problem wasn't that Kodak missed the signal; It was that the market stopped waiting for Kodak. By the time the company was ready to adapt, the commercial architecture of digital photography — the chips, the software, the consumer expectations — had already been built around them.
Likewise, the final regulatory framework for open banking remains unsettled, but the commercial architecture is already taking shape. Today, US open banking is going through a pre-regulation moment. April 1st was supposed to mark the first compliance deadline under the CFPB’s Personal Financial Data Rights rule (the long-awaited implementation of Section 1033 of the Dodd-Frank Act). Instead, the CFPB stayed the rule, reopened the rulemaking process, and pushed the first compliance date back to June 30, 2026, with revisions on the table.
The original framework already exempted CFIs with less than $850M in assets from building third-party developer interfaces. Although the regulatory pause isn’t all that material, commercial activity hasn’t paused. JPMorgan Chase, Wells Fargo, PNC, and Truist have all signed (or are negotiating) bilateral API agreements that dictate how aggregators (Plaid, Yodlee, Akoya) connect to consumer data. Pricing models, security requirements, and access terms are being set right now without regulators in the room.
The implications differ depending on institution size, but the practical questions are similar. And no matter the CFI size, the ones paying attention now will see the benefits in the not-so-distant future. Below is a framework for thinking about open banking less as a compliance topic and more as a matter of proper positioning.
Map Your Existing Data-Sharing Footprint
Open banking is often framed as a future-tense topic. In practice, customers at most CFIs already share their bank credentials with third-party apps whenever they connect an account to QuickBooks, Mint, Venmo, Robinhood, or any of the thousands of services that rely on aggregators. Plaid alone connects to over 12,000 financial institutions and serves 7,000 downstream clients.
At smaller institutions, that connection happens via screen scraping: the customer enters their online-banking credentials into an aggregator’s interface, which then logs in on their behalf to copy account data. But screen scraping is widely seen as the highest-risk form of data sharing. It stores credentials, generates traffic that can appear to monitoring systems as fraud, and gives the aggregator the same access as a logged-in customer.
For almost any CFI, the question is not whether customers are sharing data, but how. A useful first step is to ask which aggregators are currently pulling customer data and by what method. Most cores and digital banking platforms can produce some version of this report. Knowing the volume, frequency, and method of connection is paramount.
Treat FDX As A Vendor-Selection Question
The Financial Data Exchange (FDX), a nonprofit consortium of banks, fintechs, and data aggregators, was officially recognized by the CFPB in January 2025 as the first standard-setting body under the Section 1033 framework. Its API specification now underpins data sharing for more than 114 million consumer accounts in North America, with adoption up roughly 50% YoY as of early 2025.
For CFIs, FDX matters for two reasons:
- It’s a free, interoperable specification that lowers the cost of supporting a developer-facing API compared to bespoke connections to each aggregator individually.
- Regardless of how the CFPB’s revised rule turns out, an FDX-aligned API is generally considered to provide compliance indicia with any future data-sharing requirement.
Most CFIs won’t develop FDX integrations in-house, which makes FDX readiness primarily a vendor-selection decision for digital banking and core systems. FDX is widely viewed as the front-running open finance standard and has been formally recognized by the CFPB as a standard-setting body, but the bureau’s future rulemakings could still shift technical and operational expectations under Section 1033. By asking today how vendors support FDX-style data sharing—and under what terms—CFIs can identify which partners are truly ahead of the regulatory curve, even before the next wave of rules is locked in.
Treat Data Sharing As Wallet Share
Customer expectations have outpaced the regulatory framework. The Plaid and Harris Poll Fintech Effect study found that 78% of Americans now use fintech applications, up 20 percentage points since 2020. Among that group, 77% say their bank needs to integrate with the apps they already use, 72% call it a top priority when choosing a bank, and 66% say they’d consider switching if their bank couldn’t connect.
The expectation is even more concentrated among small-business customers. Younger SMB owners typically run accounting (QuickBooks, Xero), payroll (Gusto, ADP), and budgeting tools that all rely on a clean connection to the operating bank account. When that connection is unreliable — think frequent re-authentications, missing transactions, broken syncs — the friction usually shows up as dissatisfaction with the bank, not the app.
Framing data sharing as an acquisition and retention question changes the budget conversation. The relevant numbers become customer stickiness and lifetime value. A CFI that makes accounting and payroll integrations seamless gives younger consumers and small-business customers a concrete reason to stay.
Follow The “Data Toll” Debate
Arguably, the most consequential development in U.S. open banking over the past year hasn’t come from the CFPB at all, but from the commercial sector. In July 2025, JPMorgan Chase informed aggregators it would begin charging for data access, citing data showing that, of 1.89 billion API requests in a single month, only 13% were tied to direct customer activity. This proposed fee schedule could cost Plaid up to $300M per year.
By November, JPMorgan had reached paid-access deals with Plaid, Yodlee, Morningstar, and Akoya, together accounting for more than 95% of third-party data requests on its systems. Wells Fargo and PNC have also pushed aggregators toward Akoya, a bank-backed network with its own fee structure, and PNC CEO Bill Demchak has publicly applauded JPMorgan’s stance.
Whether the eventual revised CFPB rule allows banks to charge for data access is one of the most consequential unanswered questions in open banking. If fees are permitted, data sharing becomes a potential revenue line. If they aren’t, the cost of building and maintaining APIs sits entirely on the data provider. Either outcome reshapes the business case for investment in open banking infrastructure.
The Architecture Is Being Set Commercially
The operating architecture of US open banking — who connects to whom, on which technical standard, under what economics — is being defined via bilateral agreements among large banks, aggregators, and bank-backed networks like Akoya. Truist and Plaid have signed an API agreement replacing screen scraping. Wells Fargo issued a cease-and-desist letter to one aggregator in October 2025. Meanwhile, JPMorgan has set the first real pricing benchmarks for data access.
For CFIs with under $850M in AUM, none of this is a compliance question. It’s all about positioning. The infrastructure being built now is the infrastructure customer-facing apps will integrate with by default. CFIs that align with FDX-standard APIs through their digital banking or core vendor will plug into that architecture, while those that rely on screen scraping may end up on the sidelines.
For community institutions in the $1B–$50B range, the situation is more direct. These banks are large enough to be in scope under any plausible revised rule, to negotiate their own aggregator agreements, and for vendor decisions made in the next 12 months to shape their data-sharing economics for years.
Drafting Blueprints Before The Rule Catches Up
The CFPB’s open banking rulemaking will eventually produce some version of a Section 1033 framework, but the technical and commercial architecture of the US system is being chosen now, while the rule is on pause. Here are five considerations worth keeping in mind:
- Map the existing data-sharing footprint: Most CFIs share customer data with aggregators today, often through screen scraping. Understanding the volume, method, and counterparty mix is the prerequisite to any deliberate decision about what to do next.
- Make FDX a vendor-selection question: A CFI doesn’t need to build FDX-aligned APIs internally, but it can ask whether its digital banking and core vendors support them. Ask questions that help you identify which vendors are staying on top of the ball.
- Treat data sharing as wallet share: Most customers under 40 (and most small-business owners) expect their CFI to connect smoothly to the apps they already use. Reliable connectivity is increasingly a retention factor, not a nice-to-have.
- Track the data toll question closely: Whether banks will be permitted to charge aggregators for API access will reshape the economics of open banking infrastructure. The answer matters even for institutions that aren’t directly in scope.
- Watch what big banks are doing: JPMorgan, Wells Fargo, PNC, and Truist are setting the practical terms (e.g., API standards, pricing models, network architecture) that the rest of the ecosystem will plug into. Their decisions provide a useful reference point for all community financial institutions.
Customers rarely leave their CFI because it runs the wrong API specifications. They do notice, however, when it becomes difficult to connect their accounts to the tools they use every day. A deliberate posture on data sharing — informed by where the industry is actually heading, not just where the rule eventually lands — is what keeps friction low and valued customers coming back.
