The US now has an Open Banking regulation, and banks need to provide financial APIs as early as 2026. But what does this mean for your institution? This post gives some background infos and guidance on next steps.
Open Banking News for the US
These Open Banking rules will impact over 100 million consumers and will require thousands of businesses (banks, credit card issuers, digital wallet providers, and other financial institutions) to change how they share or collect consumer-permissioned data. API technology will be central to the approach.
Unlike in other countries (see the Open Banking Map for a worldwide comparison), where regulatory bodies defined the technical details of the API, the CFPB is inviting industry-led bodies to define the APIs and technical standards. The financial industry is coming together at the Financial Data Exchange (FDX) to meet the call.
Who will offer Open Banking APIs?
A broad range of financial service providers offer the Open Banking APIs. More specifically:
- Financial institutions such as banks, saving associations, and credit unions
- Card issuers
- Payment facilitators, including digital wallet providers
Smaller institutions (less than $850 million is assets) are exempt from this rule.
What data is provided via Open Banking APIs?
The APIs should cover the following data points:
- Payment Initiation Information: Data to initiate payments from accounts.
- Account Balance and Transaction Information: Transaction history (24 months), which includes: amounts, dates, payment types, merchant names, rewards credits, and fees or finance charges.
- ToC (Terms and Conditions): Details such as fee schedules, interest rates, credit limits, rewards program terms, and whether the consumer has entered into an arbitration agreement.
- Upcoming Bills: Upcoming payments due, including scheduled payments.
- Basic Account Verification: Names, mailing addresses, email addresses, and phone numbers.
When do the Open Banking APIs need to be operational?
Implementation deadlines for Open Banking in the US are staggered and depend on the size of the institution, measured as follows:
-
Deadline April 1, 2026
-
Deadline April 1, 2027
-
Deadline April 1, 2028
-
Deadline April 1, 2029
-
Deadline April 1, 2030
Institutions are advised to start preparing for the regulation as early as possible to be able to offer the services to customers, build up their digital ecosystems, and also to avoid penalties.
Takeaways
Recommendations for financial institutions in the US:
- Prepare for compliance: Get familiar with the compliance procedures and timelines.
- Enhance privacy and security measures: Harden your APIs with robust data and API security, including API governance practices, and best practices for API security, such as OWASP API Security Top 10.
- Increase API maturity with state of the art API management solution.
- Implement API best practices for API governance.
- Create Digital Ecosystems: Take an active role in shaping your role in the digital financial ecosystem. Find ecosystem partners and develop joint value propositions based on the data shared via banking APIs.
- Support industry standards: Participate in standard setting committees for Open Banking, such as FDX.
Sources