All Posts
Mon, 14 Apr 2025
Understanding the U.S. Open Banking Landscape: What Regulations Apply?
Open banking is gaining global traction, but what does it actually look like in the U.S.? Spoiler: it’s not what you might expect. While Section 1033 of the Dodd-Frank Act sets the foundation, the U.S. still lacks a cohesive regulatory framework. Here’s what’s in place, what’s missing, and how Fiskil is navigating the landscape.
Section 1033 of the Dodd-Frank Act: The Core of U.S. Open Banking
The Consumer Financial Protection Bureau (CFPB) has interpreted Section 1033 as the legal foundation for consumer data access rights. In June 2024, the CFPB issued its Final Rule on Personal Financial Data Rights (12 CFR Part 1033), marking a major step toward a more standardized and secure data-sharing ecosystem.
Under this rule:
- Consumers can authorize third-party access to their financial data.
- Data providers (e.g., banks, digital wallets) must make certain information available in machine-readable electronic formats.
- The CFPB may recognize standard-setting bodies (like FDX) to define technical implementation standards.
While this creates a baseline for data access, it is not a comprehensive open banking regime like Australia’s CDR or the EU’s PSD2. Crucially, it lacks mandatory accreditation, robust oversight of third-party providers, and unified API standards.
Other U.S. Regulations That Support Open Banking
In addition to Section 1033, several existing laws help shape the contours of consumer-permissioned data sharing:
| Regulation | Role in Open Banking |
|---|---|
| Gramm-Leach-Bliley Act (GLBA) | Sets rules around privacy notices and limits on financial data sharing. |
| Fair Credit Reporting Act (FCRA) | Applies if consumer-permissioned data is used for credit decisioning. |
| Electronic Fund Transfer Act (EFTA) / Regulation E | Protects consumers in cases of unauthorized transactions, particularly relevant if third parties initiate payments. |
What’s Missing from the U.S. Framework?
Compared to more mature open banking regimes, the U.S. lags behind in several critical areas:
- No accreditation regime for third-party data recipients (like Australia's ADR model)
- No prohibition on screen scraping, which continues to pose data security risks
- No clear liability framework between banks and fintechs in the event of a data breach
- No mandated universal technical standards, leading to fragmentation
These gaps mean the U.S. framework does not yet deliver the full benefits of secure, competitive open banking—such as consumer confidence, fintech accountability, and standardized interoperability.
Final Thoughts
U.S. open banking is entering a formative stage. Section 1033 is a powerful tool for consumers—but without supporting infrastructure, it won’t unlock the full promise of open banking on its own.
At Fiskil, we’re committed to operating in full compliance with U.S. laws while holding ourselves to a higher bar of consumer trust and technical rigor.
Want to learn more about our approach to open banking compliance? Contact us.
Posted by
Fiskil
Share this post