Financial institutions (FIs) are expected to ensure strong API governance, encryption, and third-party oversight under Open Banking rules.
Banks and fintechs are mandated to apply clear consent and data minimisation frameworks to avoid consumer data from being misused or over-collected.
The rise in Open Banking users is driven heavily by rising digital payments. In the UK alone, Open Banking reached 15 million users by July 2025, nearly one in three adults.
Open Banking creates a larger surface attack area for cybercrimes or breaches to occur; regulators urge firms to implement robust processes to protect against this.
The challenge for Fis is making sense of fragmented regulatory standards and balancing consumer protection and innovation across borders.
In the US, fintechs and banks are locking horns over whether banks are benefitting as much as fintechs from these developments and account fees under the Consumer Financial Protection Bureau’s (CFPB) Open Banking rule.
Across the pond, regulations such as the General Data Protection Regulation (GDPR) and the Payment Services Directive 2 (PSD2) apply to businesses operating in the EU.
For many other jurisdictions, countries are still defining Open Banking and Open Finance governance standards.
Having an advanced regulatory technology solution that automatically tracks, maps, and provides insights on multi-jurisdictional regulatory updates is the key to thriving in today’s changing landscape.
US Open Banking: Regulators to revise rule
Open Banking is covered under the Dodd-Frank Act by the CFPB’s rule. It allows Americans to control their personal financial data and move between financial services firms easily, boosting market competition.
The policy has received a great deal of backlash and created a divide among banks and fintechs.
The Bank Policy Institute, the Kentucky Bankers Association, and Forcht Bank have filed a lawsuit against the CFPB to block the rule, arguing that the Bureau’s no-fee requirement for data access could hinder innovation and impose undue burdens on financial institutions.
In turn, this had delayed the full implementation of the rule, and the CFPB is set to revise the regulation after public consultations.
J.P. Morgan has begun charging fintechs for access to consumer financial data, underscoring the perception among many banks that Open Banking offers greater advantages to fintechs than to traditional financial institutions.
If fees are widely adopted, it could hinder fintech startup progress by making it costly to attract new customers.
In August 2025, the Federal Transit Administration (FTA) released a public letter, co-signed by more than 80 fintech firms, advocating for Trump to “use the full power of your office and the broader Administration to prevent the largest institutions from raising new barriers to financial freedom”.
“If the large banks are successful, it will choke off access to the finances of consumers and businesses, effectively killing competition and crippling American innovation in three critical, future-defining fields,” the FTA-led letter continues.
The CFPB stated, in a court filing, that it will undertake an “accelerated rulemaking process” to issue a “new final rule.”
Canada Open Banking
Canada’s Open Banking framework took a significant step forward last year with the passage of the Consumer-Driven Banking Act within Bill C-69.
The legislation mandates read-only data sharing for designated entities, annual consent renewal, and a standardised API framework. A technical standards body will guide implementation, while the Financial Consumer Agency of Canada (FCAC) was appointed as the oversight authority.
Key components of Part Two of the legislation, including accreditation criteria for fintechs, liability frameworks for fraud and outages, and finalised technical standards, remain in development. These must be completed in 2025 to support a full launch in early 2026.
UK Open Banking
The UK government’s Financial Services Growth and Competitiveness Strategy (July 2025) set out major steps for Open Banking and Open Finance. The FCA will launch a Smart Data Accelerator to test Open Finance use cases, develop solutions, and shape policy.
The government also plans a new model for retail payments infrastructure, led by the Bank of England’s Retail Payments Infrastructure Board and a new industry-led Delivery Company, chaired by Vim Maru (Barclays UK).
Industry bodies like Open Banking Limited, Innovate Finance, and UK Finance welcomed the plans but urged faster progress to strengthen the UK’s position as a global fintech leader.
Henk Van Hulle, chief executive officer of Open Banking Limited, said: “Open Banking is now part of everyday life for millions of people and businesses across the UK – from paying taxes to shopping online. It’s fast, secure, and built on trust.”
“To maintain momentum and unlock its full potential, we look forward to working closely with government, regulators and the wider ecosystem, ensuring Open Banking delivers even greater value, innovation and impact for everyone.”
EU Open Banking
Across the EU, Open Banking is governed by the Payment Services Directive 2 (PSD2), which requires banks to provide secure API access to licensed third-party providers with customer consent. This framework has enabled the rise of account-to-account payments and improved competition in financial services.
The upcoming PSD3 and Payment Services Regulation (PSR) aim to strengthen API security, improve consumer protection, and harmonise supervision across member states.
Together, these reforms will enhance cross-border payment efficiency and further support the EU’s transition toward Open Finance.
New Zealand Open Banking
New Zealand’s Inland Revenue (IR) is the country’s first government agency to procure Open Banking technology, issuing an RFP in July 2025 for bank-account validation and payment services.
The phased rollout will begin with account validation to reduce errors and fraud, later expanding to payment initiation and request-to-pay features.
The initiative supports the Consumer and Product Data Act 2025, which establishes a Consumer Data Right (CDR) for banking, taking effect in December 2025.
Alongside Payments NZ’s API Centre, these steps mark major progress toward a secure, standardised Open Banking framework in New Zealand.
What is Open Banking?
Open Banking is the process by which consumer financial data flows freely between two seamless user experiences and creates insights into consumer behaviours.
It can be vital for inclusion, enabling affordable and consistent API access – meaning small businesses can gain the same high-quality financial tools as large enterprises.
Under Open Banking rules, consumers are offered more control over their personal financial data, and they can choose where it goes, improving innovation and spurring more market competition.
For example, users can directly transfer funds from the Chip app to their Monzo Banking app, without manually transferring from the Monzo account.
Or pay off credit cards like American Express directly from the app and link to other banks like TSB, RBS, or NatWest.
Contrary to popular belief, Open Banking is not a competition between banks and fintech; it is about data flowing both ways.
Banks can gain valuable insights into consumers’ financial behaviours, such as which services they are using outside of banking, and use this to guide product development.
How FinregE can help
Our regulatory compliance platform can help automatically track, interpret, manage, and map Open Banking or Finance regulations to ensure your business is always one step ahead of the changing landscape.
Our system automatically maps global frameworks such as PSD2/PSD3 in the EU, the CFPB rule in the US, and CDR in Australia and New Zealand to your internal policies, controls, and processes.
We provide real-time regulatory updates, cross-border mapping, and insights powered by AI to ensure complete compliance across jurisdictions.
Book a demo today.
