What is open banking?

Open banking is a system where banks share customer account data and allow payment initiation through secure APIs, with the customer's consent. Before open banking, a fintech app that wanted to read your balance had to use screen scraping. That meant logging in with your real bank password behind the scenes. Open banking replaces this with a token-based connection. Your password is never exposed.

Once you grant permission, your bank can share data with an approved third party. This can include your balance, transaction history, and account details. The third party can also be authorized to start a payment straight from your account, without going through a card network.

How does open banking work?

Open banking runs through standardized APIs. These connect a bank's systems to an approved outside provider. Three parties make up the model:

• The bank (data provider): Holds the account and exposes the API
• The third-party provider (TPP): The app or service that requests access
• The customer: Grants and can revoke consent at any time

Third-party providers come in two main types. An Account Information Service Provider (AISP) reads account data. It uses this for budgeting apps, lending decisions, or account verification. A Payment Initiation Service Provider (PISP) goes further. It can trigger a payment directly from the customer's account.

The connection runs through a token, not a password. This means the customer can revoke access anytime, without changing their bank login.

What are the main open banking regulations?

Each region has built its own rules on a different timeline. This is where things get complicated.

The US case is worth a closer look, since its status is unsettled. The CFPB finalized its Personal Financial Data Rights rule in October 2024. The first compliance deadline was set for April 1, 2026. In late 2025, a federal court in Kentucky blocked enforcement of the rule. The court granted this while the CFPB runs a new rulemaking process. The CFPB itself has since told the court it thinks the rule goes beyond its legal authority. As of mid-2026, the rule still exists on paper. But it is not being enforced. Its final shape is still an open question.

What technical standards sit behind open banking?

APIs only work at scale if banks and providers speak the same format. A few standard-setting bodies define this for each region.

• OBIE: The UK's Open Banking Implementation Entity, which sets the API standard used across UK banks
• Berlin Group: A pan-European group that many EU banks use to implement PSD2
• FDX (Financial Data Exchange): The standard-setting body the CFPB has formally recognized for the US. This recognition runs through January 2030, regardless of how the Section 1033 case turns out

What are the main business use cases for open banking?

Open banking has moved well past personal finance apps. It now sits inside core payment and treasury infrastructure.

• Account verification: Confirming a bank account is real and belongs to the right person. This replaces slower methods like a penny test with instant API confirmation
• Account-to-account payments: Starting a payment directly from a payer's bank account. This is a core mechanic behind many A2A payments products, often cheaper than card rails
• Cash flow and treasury data: Pulling live account balances and transaction data into treasury and reconciliation tools, instead of manual statement uploads
• Credit underwriting: Using verified transaction history to assess creditworthiness faster than document-based underwriting
• KYC support: Confirming identity and account ownership as part of a broader KYC process

Why open banking matters for payment platforms

For neobanks, PSPs, and platforms building on bank infrastructure, open banking offers another way to move and verify money. It does not depend on card networks or manual file uploads. A payment API that supports open banking initiation can collect funds straight from a customer's bank account. This is often faster and cheaper than card-based collection.

The regulatory uncertainty in the US is a real planning issue. A platform building US open banking connectivity right now needs a strategy that works no matter what happens next. The current rule could survive, get replaced, or get narrowed. Building specifically around requirements still in court is a risk worth avoiding.

‍