The vast array of financial service providers in the United States can make managing money difficult. Critical to navigating this complexity is the ability for consumers to bring together disparate financial data and gain insights and advice about their financial picture. Open Banking makes this possible by creating a secure, seamless way for consumers to access, manage, and share their financial data.
Existing regulations to guide Open Banking in the United States have seen much debate over the past year — leading the Consumer Financial Protection Bureau (CFPB) to issue a new Advance Notice of Proposed Rulemaking to re-evaluate critical questions within the final rule issued under Section 1033 of the Dodd-Frank Act.
At MX, we’ve spent the last month unpacking these questions with policy experts and industry leaders. We believe any revisions to Rule 1033 should move the industry closer to the goal of giving consumers safe, seamless control of their financial data. Here are key takeaways from those conversations:
1. A Healthy Ecosystem is Essential
No single financial institution can meet every consumer or business need, and it’s neither realistic nor secure for individuals to manually transfer their data between multiple providers. Third parties — such as fintechs, data intermediaries, and other authorized representatives — are critical to enabling a healthy flow of data and creating a modern, innovative financial ecosystem.
Consumers deserve a system that reflects the digital world they live in and allows them to authorize trusted representatives to move their data securely and seamlessly. Third parties expand access, enable specialized services, and deliver capabilities that no single institution could provide on its own.
2. Open Banking is Bi-Directional
The financial services ecosystem is complex, and Open Banking is not a one-way flow of data. As Jane Barratt, MX Chief Advocacy Officer and Head of Global Public Policy, explained:
“There has been this binary view that financial institutions are the data providers and fintechs are the data recipients. That is one of the biggest things we need to change perception of because data is bi-directional. … At MX, our biggest use case is bank-to-bank or bank-to-credit union or credit union-to-bank again. People have multiple relationships.”
Enabling secure, scalable data sharing both to and from institutions is essential for a thriving ecosystem. It gives consumers more control and flexibility, while financial institutions benefit from incoming data that improves decision making, service personalization, and innovation.
3. Defining “Representative” Defines the Market
How the CFPB chooses to interpret and define a “representative” under Section 1033 will have far-reaching implications for the financial services ecosystem.
A narrow definition (i.e., limited to certain agents or intermediaries) could unintentionally stifle competition, reinforce data monopolies, and drive up costs for smaller institutions, fintechs, and consumers. When only a few entities are authorized to access consumer data, smaller players are pushed out and innovation slows down.
Conversely, a more inclusive definition supports a more balanced and competitive environment. Consumers own their data and should be able to choose who they authorize to access it. Recognizing a wider range of authorized third parties fosters a thriving ecosystem, encourages diverse solutions, and lowers costs for consumers and innovators alike.
Ultimately, how “representative” is defined will determine how easily data flows and how much choice consumers have in the marketplace. Permissioned third parties should be considered representatives in order to enable consumers to truly own and manage their data.
4. The Current Rule Provides a Strong Start for Privacy, Consent, and Control
The CFPB’s current rule represents a meaningful step forward in consumer privacy and data rights. It helps bridge the long-standing regulatory gap between banks and fintechs by introducing modern privacy principles like opt-in consent, consumer authorization, and greater control over personal data.
Still, key questions remain. There is opportunity to create more clarity around liability and risk management responsibilities and align secondary data use cases more closely with contemporary privacy networks. With refinement, future iterations of the rule can strengthen trust while supporting innovation.
5. API-Based Open Banking is the Solution, Not the Problem
Many of today’s security and fraud challenges stem from outdated, credential-based methods like screen scraping. Open Banking APIs solve this by enabling secure, tokenized data sharing. Consumers never have to share their credentials, making the process auditable, standardized, and significantly safer.
While API development can be a lift for smaller institutions, the benefits are clear: reduced fraud risk, fewer technical failures, and a stronger foundation for interoperability and trust. API-based access is not only more secure, it’s the infrastructure on which true Open Banking depends.
6. Fees and Standards Go Hand in Hand
Standards are the foundation of a scalable, competitive open banking ecosystem. The Financial Data Exchange (FDX) has emerged as a leading industry standard in the U.S., helping prevent fragmentation by establishing consistent technical and security protocols for data sharing.
Without such standards, each financial institution could define data access terms or “reasonable fees” differently, creating inefficiencies and uneven access. In addition, the current rule expressly prohibits fees. Charging fees under Rule 1033 is illegal. Full stop.
While standards don’t dictate pricing, they directly influence it. A consistent baseline enables transparency and fairness in how fees are structured and applied. Lessons from the UK — where regulators have introduced “premium API” frameworks that allow enhanced paid services beyond core open banking functions — show how alignment between standards and pricing can balance innovation and sustainability.
Active participation from fintechs and financial institutions in standard-setting and regulatory development will ensure that resulting frameworks are fair, interoperable, and representative of the full ecosystem.
7. Customer-Centricity Should be the Driving Force
At its core, the debate surrounding Section 1033 isn’t about banks, fintechs, or regulators — it’s about people. The ANPR asks who should act as a “representative,” whether fees can be assessed, what data can be shared, and how that data must be protected.
Each of these questions ultimately comes back to consumer empowerment and enabling people to access, understand, and use their own financial data. The best path forward will be the one that upholds transparency, choice, and consumer benefit above all else.
8. Open Banking is Here to Stay
Consumer demand, market innovation, and regulatory momentum have converged around a shared principle: people should be able to securely access and share their own financial data. Though the CFPB is reevaluating parts of Rule 1033, Open Banking in the U.S. will continue to gain adoption — fostering a competitive environment where those who prioritize secure access, transparency, and consumer control will be best positioned to thrive. Those who choose a “wait and see” approach to Open Banking will be left behind.
The Revised Rule is Just the Beginning
Wide scale adoption of Open Banking won’t be achieved through policy changes alone. It requires ongoing collaboration between regulators, financial institutions, fintechs, third parties, and consumers — each contributing to a secure, inclusive, and innovative financial ecosystem. The CFPB’s Rule 1033 is a strong starting point, but it’s only the beginning of a broader effort to build a financial system that works for everyone.