Open banking's real US risk is policy drift, not delay

American banks and fintech partners no longer need a finished federal playbook to start spending money on open banking. By late May, after the Consumer Financial Protection Bureau’s personal financial data rights rule had set an April 1, 2026 compliance date for the largest institutions but then been pulled into litigation and reconsideration, the more immediate question was not whether data sharing would arrive. It was who would control the connection, who would price it and which business models would be squeezed first.

That shift is why open banking now looks less like a niche policy file and more like a live competition story for banks, payment firms and data aggregators. The rule still envisages a phased rollout running from April 1, 2026 for the largest banks to April 2030 for the smallest institutions, according to the CFPB’s rule text. Yet the market is already behaving as if the unresolved part of the framework is the part that matters most: the economics.

From the banks’ vantage, the job has already started. API builds, fraud controls, token management and partner negotiations all sit on real budgets and product roadmaps. But the same evidence looks different from the policy side. Regulators still frame data portability as a consumer right that should be secure and usable, while analysts are asking a harsher question: if big banks can charge for access, does open banking become a utility for incumbents and a toll road for everyone else?

In announcing the final rule, then-director Rohit Chopra argued that better data portability was supposed to break consumer inertia, not create a fresh venue for gatekeeping.

“Too many Americans are stuck in financial products with lousy rates and service.”

— Rohit Chopra, CFPB

That tension, between a rights-based framework in Washington and a pricing battle in the market, is what makes the US version of open banking look unfinished even when strategy is already hardening. The broader fight touches the same questions that sit underneath interchange, deposit gathering and fintech-bank distribution: not just whether customers own the data, but whether an incumbent bank can still own the economics of the pipe.

The deadline passed. Strategy did not

The American Banker’s account of the April 1 milestone captured the current shape of the market: open banking in flux, not in retreat. Even with the largest-bank deadline on the calendar, institutions and aggregators were still negotiating how much traffic would move from screen scraping to direct APIs, how consent would be refreshed and who would shoulder the cost of maintaining those connections at scale.

APIs should improve the plumbing. They replace credential sharing with tokenized, permissioned access, which is why even critics of the current rulebook rarely argue for a return to screen scraping as the long-term model. The unresolved issue is commercial, not technical. Secure connectivity is only pro-competitive if the terms are open enough for smaller fintechs to reach customers without signing away their margins.

Unlike the UK, where open-banking infrastructure evolved with a more prescriptive framework, the US is edging toward a messier arrangement. UK Finance’s comparison of EU and US approaches notes that the United States still lacks the kind of standardized architecture that made open banking look more like public rails than a patchwork of private deals. That does not mean the US will fail to converge on APIs. It means convergence is more likely to happen through bilateral contracts, large-aggregator scale and bank-specific pricing schedules.

The stakes are also widening beyond budgeting apps and account dashboards. The Verge reported this month that OpenAI plans to let ChatGPT connect to users’ bank accounts through Plaid. Once AI assistants, payment apps and financial software all want the same secure account connection, control of that connection starts to look less like compliance work and more like distribution power. A bank that can shape the terms can shape which products reach the customer first.

The fight is shifting to price

If the first phase of US open banking was about replacing scraping with APIs, the next phase is about whether those APIs will be priced like neutral infrastructure or like premium bank inventory. CNBC reported in November that JPMorgan Chase had won a fight with fintech firms over data-access fees, with 95 per cent of the bank’s data pulls covered by fee agreements. That figure matters because it suggests one of the country’s largest banks has already moved from theory to precedent.

Fintech groups do not describe that shift as ordinary cost recovery. In CNBC’s reporting, Financial Technology Association chief executive Penny Lee argued that charging high tolls for customer-authorized data access would twist the point of the law itself.

“Introducing prohibitive tolls is anti-competitive, anti-innovation, and flies in the face of the plain reading of the law.”

— Penny Lee, Financial Technology Association

Banks, for their part, can make a serious operational case. Replacing scraping with APIs is expensive. Permissioning, uptime, fraud monitoring and dispute handling do not come free, especially when a large bank is handling massive request volume. One of the open questions from the insider perspective is therefore fair: do fees simply recover the cost of building safer rails?

The problem is that the market context makes the answer look only partial. In Reuters Breakingviews’ analysis of Jamie Dimon’s fintech posture, JPMorgan’s systems were handling about 2 billion account-access requests a month. The same piece pointed to roughly $34 billion in interchange fees as part of the wider moat the bank has reason to defend. That does not prove every API fee is predatory. It does suggest the fight is not just about server costs. It is also about who gets to sit between the checking account and the payment, lending or advice product that follows.

banks should be “scared shitless” about technologically savvy financial challengers

— Reuters Breakingviews

For analysts, that is the key economic question. If data access becomes expensive enough, the market stops rewarding the best customer experience and starts rewarding scale. Large aggregators may be able to absorb fees, negotiate volume terms or pass costs through. Smaller fintechs, especially those trying to build account-to-account payments or deposit-switching tools, may find themselves competing in a two-tier system before the regulatory text is even settled.

Why the unfinished rule still matters

This is why policy drift, not policy failure, may be the real market event. A dead rule would freeze everyone. An unfinished rule does the opposite. It gives the largest participants room to write private norms in advance, whether through fee schedules, preferred API partners or consent standards that smaller firms have little bargaining power to challenge.

That matters for payments competition in particular. Open banking has always promised more than easier personal-finance apps. In the US context, it also points toward cheaper bank-to-bank transfers, better account verification, more precise underwriting and stronger competition for primary customer relationships. If the connectivity layer ends up bank-priced, then the economics of those downstream products change as well. A service that depends on frequent balance checks or transaction refreshes is not just buying data. It is buying access to a bank-controlled channel.

The competitive read-through is straightforward. Incumbent banks do not need to kill open banking to preserve control. They only need to make participation predictable for large partners and expensive for marginal challengers. That would leave the US with a recognizable open-banking market on paper, but a very different outcome from the free-portability vision that animated Section 1033.

None of that means the banks are wrong to push for safer infrastructure or clearer liability rules. On the policy side, the strongest question remains whether customer-authorized access should ever be treated as a product that the bank can monetize against the customer’s downstream choice. On the market side, the answer is already emerging through contracts rather than speeches.

The result is an uncomfortable but familiar American pattern. Washington declares a consumer right, litigation and lobbying slow the standard-setting, and private actors move first to decide how the right will actually be exercised. Open banking can still widen competition in payments and data-driven finance. But by the time the rulebook looks finished, much of the commercial architecture may already belong to the institutions that were never willing to wait for one.