What Every CEO Needs to Know: Complete Guide to Entering the U.S. Open Banking Market

What Every CEO Needs to Know: Your Complete Guide to Entering and Succeeding in the U.S. Open Banking Industry.

With the U.S. Open Banking financial landscape entering a new era with the new rules for 1033 set to be established, many UK based Open Banking providers are re-setting their sights across the Atlantic.

And for good reason. Launching in the U.S. has always been a ‘when’ not ‘if’ for UK and European Open Banking providers. The pandemic-induced venture capital crunch and accompanying strategic shift to profitability over geographical expansion, however, sidelined many fintechs’ plans for a U.S. launch. Alongside plenty to do in the UK and European markets, it was a priority pushed further down the to-do list over the past five years.

Now, with the new U.S. Open Banking rules in place providing a mandate to access data and bring greater consistency across standards, excitement is building about the long term potential. The implementation of Section 1033 of the Dodd-Frank Act, the 2010 post financial crisis legislation ushered-in to bring greater consumer protections in financial services, is set to jump start the U.S.’ Open Banking ecosystem into action.

“The U.S. is something we are closely monitoring. Mostly because U.S. expansion is important to our biggest customers,” says Stefano Vaccino, CEO of London-based Open Banking provider Yapily. “When 1033 becomes law and we have a precise timeline we are going to have a plan around it and make U.S. expansion a priority for 2025,” Vaccino said.

Open Banking in the U.S. was previously an unfettered, market-driven environment. Now, the power of Federal regulations will apply with the potential to present new opportunities in the Open Banking ecosystem.

The U.S. is the largest market for financial services in the world and the U.S. Open Banking market currently stands at $7.08bn with projected growth to $35.79bn by 2031, according to a 2024 Markets and Data industry report into US Open Banking. Fintechs in the U.S. scooped up 45.6 per cent of the global share of fintech investment in the first half of 2024.

The experience of many UK and Europe-based companies is mixed when expanding to the U.S. Nearly nine in ten (86 per cent) of UK Open Banking companies surveyed recently by Open Banking Excellence, said they’d historically chased brand prestige rather than the bottom line return when setting out on U.S. expansion.

So how exactly do companies make it on the other side of the pond? What is the opportunity in both markets? What could trip you up? What are the implications of the Consumer Financial Protection Bureau’s (CFPB) ‘1033’ rules? And, if you want to make it in 36 months, where is the best place to start?

This chapter of the Transatlantic Index USA outlines the UK and U.S. markets’ differences and considers in practical terms what every CEO needs to know when considering their approach to this exciting next chapter of regulation. Whether you’re the CEO or leader of a financial regulator, bank, data provider, technical service provider or a customer proposition provider using Open Banking data, please, read on.

The U.S: The Land Of Opportunity

You only need to consider the population size of the U.S. to know that for a business model such as Open Banking, which thrives on user numbers, the U.S. is an exciting prospect.

Let’s dig into those numbers. The U.S. has c.94 million Open Banking users with a total addressable market of c.110-120 million users. The UK comparatively has just broken the 10 million mark of consumers and small businesses using Open Banking.

While the number of users in the UK has swollen four fold since 2020, in the U.S. the figure is nearly 5.5 times. But, user numbers are just one side of the story. Much like owning a car and needing to fill it up with petrol (or gas), Open Banking needs providers of the information to open up a breadth of data that then drives use cases. The story on the availability of data is difficult to unravel.

The CMA Order and the PSRs 2017 (the UK regulations that brought about Open Banking) led to significant opening up of bank account data in the UK. However, beyond that in both the UK and U.S. markets the provision of APIs is optional and the data surrounding usage is hearsay.

Here is what we are told: the UK is all about depth of data. All account servicing payment service providers (banks) are required under the PSRs 2017 to provide access to detailed transaction data, authentication details, beneficiaries, standing orders, and payment initiation across current and credit card accounts (along with savings and mortgage accounts where these are payment enabled) accounts for both personal and small business customers without obstacle.

This has generated a wealth of financial information that has enabled UK consumers to safely pay off their credit card balances, upload and submit their tax information, understand their personal finances, initiate payments and complete a range of other services at the touch of a button.

The U.S. meanwhile has a wider range of data providers offering the potential for a broad cross-sector snapshot; banks, payroll providers, auto loans, credit unions, mortgage providers, investment companies and others providing a range of data that makes multiple use cases possible from auto loans to student loans to crypto assets.

The provision of API data in the U.S has to date largely been considered optional, however. There is a wide range of data sources but what if only some of the data providers in each category are willing to provide the data?

CCG Catalyst’s latest Banking Stability and Innovation study, for example, suggests only 17 per cent of banking executives in the U.S. are committed to providing Open Data. If you have mortgage information for a handful of your customers but not the whole market does it still work? Undoubtedly, with careful understanding of the market the U.S. can be the land of opportunity, but you work your way through the puzzle.

The U.S: The Land Of The Brave – It’s A Jungle Out There

One of the first things should not be forgotten is the U.S. is a set of fifty individual states, each with differing considerations.

The second U.S. factor to consider is the sheer numbers are high. This includes banks along with savings and loan associations, insurance companies, payroll and credit unions. FDX, the major standards provider in the U.S. has 220 members but there are thousands of banks to contend with.

This is all the more complicated by there not being a central contract, multilateral agreement nor legislation that provides requirements in lieu of these.

To illustrate the impact, let’s take the UK under the PSRs 2017 payment service providers are required to provide access to account information “without obstacle” and combined with the existence and use of dynamic client onboarding a registered third party can access account data or initiate payments within minutes.

In the U.S. the third party wanting to access the data for users will need to get a contract in place with the data provider. If a data provider is agreeable to the idea at all, it can take months and this is repeated by the number of organisations you are looking to use information from. With more than 4,000 banks the mind starts to boggle, along with the potential cost of the lawyers involved.

There is surely some solution? The simple answer is yes and no. If you are a proposition provider, a fintech such as FormFree who help users speed up their loan approval process, and looking to use Open Banking data and are happy to use the services of a data aggregator (MX in this case) to provide that data, this removes the hassle.

But, what if you are a data aggregator e.g. a UK technical service provider equivalent to MX or Plaid who is looking to be in the U.S.? In this case, there isn’t a simple solution – the U.S. is an established market for this very reason.

Established data aggregators who have built up their business over decades and hold strong relationships with the data providers with formal contracts in place – woe betide the data aggregator or technical service provider that doesn’t give this due credence.

1033: A Silver Bullet To A U.S launch?

At its core, the Consumer Financial Protection Bureau’s (CFPB) proposed rules have aimed at creating a framework for consumers to more easily access and share their financial information with third-party providers, allowing them to access financial services innovation that promises to make their lives easier, faster and less expensive without sacrificing privacy and personal data security.

CFPB published its Personal Financial Data Rights Rule on 22nd October, however, the compliance timeline is April 2026 for the largest deposit taking financial institutions through to (an extended in the final rule) April 2030 for the smallest.

Seemingly this single set of data security requirements simplifies things for data aggregators. The requirement for common standards and the provision of data, a must have rather than a negotiated outcome, helps too. There will however, according to market participants, still be a need for a contract between the data provider and the data consumer, for two reasons.

Firstly the CFPB final rule leaves space in terms of the liability model for data sharing and consumer protection in the context of an API environment.

Secondly, 1033 relates to a narrow set of data provisions. Any data that sits outside of this will need bilateral agreement. That said, 1033 substantially eases things and is anticipated to prompt further simplification. For example, will it make sense for data providers to significantly simplify the onboarding process compared with today?

But also brings change in the short term – who will provide the central standards and will the existing standards need to be updated to accommodate the regulatory requirements and in turn will contracts between data providers and third party providers need to be updated? There is the potential that this period of change could be an ideal time for new entrants to consider a role in the U.S.

Similarly, when updating contracts, most have provision for updates that will inevitably be issued. The potential disadvantage is the commercial model. The loss of income from basic transaction data may well be balanced elsewhere, for example.

Finally, for users 1033 plays catch up with the UK but misses the opportunity to leap frog it completely. It is a rough level set with the UK requirement – account information and balances, transaction histories, payment initiation, bill information on where the data requirements are not going far enough and why this has limitations.

Let’s take an example.

Payments – the regulatory requirements are:

Current UK requirement: providers will allow “third party to access account information or initiate a payment on behalf of the customer (subject to the customer’s explicit consent)” U.S. proposed CFPB rules: it is anticipated this will include ‘information to initiate payment’ – subtly different from the requirement to allow third parties to initiate payments.

Anticipated UK requirement: Expansion of VRP (Variable Recurring Payments) beyond non-sweeping initially to low risk use cases – regulated financial services, regulated utilities and government this leave the opportunity of the experience of the UK to support the U.S.?

Divided By A Common Language 

The U.S. and the UK, so similar in many technical aspects of their Open Banking APIs, are made utterly dissimilar through their drivers and culture.

On the drivers – Open Finance has existed in the U.S. since the 1990s with ‘screen-scraping’.

As a data provider such as a bank, the operational cost and risk associated with customers providing third parties with their log on credentials with a purported one third of all online banking traffic being generated by those scraping the data is not an insubstantial factor and the ability for third parties to use log on credentials has stymied the ability for banks to move to biometrics. This acts as a carrot to adopt API based standards. The stick comes from the Dodd-Frank Act.

Where does this leave us? The UK has experienced growth in Open Banking payments, the CFPB rules don’t fully cover the requirement to the level of the UK and the UK is likely to move further ahead in terms of Open Banking payments.

The CFPB is constrained by the original 1033 requirements which were for financial services, however, the ability for Open Data cross industry is the U.S.’ competitive edge – have they missed a trick or does this present a massive opportunity at scale?

While the debate has continued since the publication of the principles in 2017 about what this really means for banks and other data providers on requirement to provide Open Banking data it has provided the threat of regulatory intervention.

In turn the central entities differ. Started in 2015, FDX in the U.S. saw the importance of having not only fintechs who wanted to use the raw data but in having data providers who wish to provide the data.

FDX says it “is dedicated to unifying the financial industry around a common standard for the secure and convenient access of permissioned consumer and business financial data” and should be heralded for the intrinsic role it has played in the success of Open Banking in the U.S.

Through its leadership, which includes representation from across the market and a two thirds majority before it does anything, it has built common standards for the industry. Not only for accounts and transactions but for tax, money movement, investments and pensions, fraud signals, student loans and colleges – in fact all areas where their members have demand.

It is unsurprising therefore that the U.S. has a breadth of use cases. Data on checking and credit card accounts fit the commercial drivers and pending legislation. Home loans and auto loans are welcomed by data providers as a way of reducing risk. Corporate treasury such as using APIs to upload information to SAP or Salesforce rather than rely on the CSV files is being monetised.

It also means the U.S. has a nimble model. FDX has consciously set itself up to be welcoming. It releases APIs twice a year, is constantly innovating and offers full local sovereignty giving the right to ratify a change to the specifications such as the ability for Canada to charge for APIs.

Open Banking can help banks innovate to improve products and services for their customers, but for banks to benefit from these opportunities, there are several technology challenges they must first overcome. Top of that list is data privacy and ensuring their customers’ financial data is kept safe and secure.

In conclusion, for UK-based Open Banking providers the U.S. market is a matter of “if,” not “when.”

However, there is still much to be done in Europe following the launch of PSD3 and some barriers remain. While 1033 is an exciting shift forward for U.S. Open Banking, the regulation currently lacks clarity.. One thing is clear – 1033 will simplify access to data and bring much needed standardisation.