Despite housing the largest and most influential tech ecosystem in the world, the US has been notoriously lagging when it comes to adoption of new payments and banking technologies, new standards and the latest innovations – such as instant payments. As the open banking wave finally begins to take hold in one of the world’s largest economies – a payments ecosystem where seemingly outdated financial tools like physical checks still play a significant role – it remains to be seen whether instant payments and open banking innovation will play as large a role as they are in other markets.
US payments infrastructure didn’t change much over the past few decades until two groups of things happened. The first set was the introduction of instant open-loop retail payments via The Clearing House’s Real-Time Payments (RTP) Network in 2016 and the US Federal Reserve’s FedNow Service in 2023. The second set was the growth of infrastructure for API-based financial data sharing and a pending final regulation on open banking from the US Consumer Financial Protection Bureau (CFPB).
Instant payments and open banking in the US are important together because of their potential to combine faster payments with a new way of initiating them. Instant payments shorten clearing and settlement times for account-to-account payments relative to the ACH (Automated Clearing House) system, which has historically settled transactions in 1-3 days. Regulated open banking could popularize instant-payment initiation directly from bank accounts with apps’ universal API-based access to permissioned data.
Instant payments are an important development but mostly an evolution of legacy payments. Financial institutions’ participation is voluntary, and the back story has little drama. The greatest barriers to adoption are the size of the US banking system, which includes about 10,000 financial institutions, and the supporting technology, which could be costly.
Open banking, on the other hand, is a revolutionary concept for the US. Development has been driven by industry, and APIs have never truly been open. But with the release of the CFPB’s proposed open banking rule in 2023, it appears that all financial institutions will be required to securely share certain data from a consumer’s banking products with third parties at the consumer’s request. The proposed rule covers data associated with checking and savings accounts, prepaid cards, digital wallets, and credit cards, and would require that institutions provide a developer interface for third parties.
The US market is at least a decade ahead of its regulators. The fintech wave that took off in the early 2010’s included dozens of PFM tools that aggregated account information and payments apps that needed to move money into or out of consumer bank accounts. The solution was infrastructure providers that scraped data from bank accounts on behalf of fintechs, which connected to the infrastructure provider via an API. Without direct connections offered by financial institutions, infrastructure providers were the only easy access point.
Since the infrastructure for scraping financial data from digital banking emerged, several infrastructure providers have grown into vast networks with products that handle data aggregation, data enrichment, and payment initiation. Data aggregation has captured the imagination for use in cash flow-based credit scoring and underwriting, and is widely used for PFM tools, account verification, and payment initiation. The pressure has been on banks to adapt to third-party access to their customers’ banking data while they struggle with compliance obligations and technical limitations.
The rapid clip of the industry-driven march forward in open banking has sparked sharp disagreements between the banking and fintech industries. The crux of the fight is over who owns consumers’ data. Until recently, the banking industry was adamant about its members’ ownership of their customers’ data and deeply opposed to third parties’ access. As the CFPB’s final rule approaches, the banking and fintech industries continue to disagree about the amount of data that financial institutions should be required to share, standards for data security, risk management issues, and liability.
The banking industry has pushed for a provision related to data aggregators’ compliance with the CFPB’s rule, clarity on banks’ liability for ensuring it, limits to the scope of certain types of data banks are required by the rule to offer, limits to obligations the rule imposes on banks indirectly related to consumer data, security requirements for third parties, stronger risk management protections for banks, and the explicit ability for banks to recoup costs related to authorization, authentication, and infrastructure.
As regulation has plodded along, the banking and fintech industries have been able to agree on two general things. The first is that open banking should be regulated. From the banking industry’s perspective, the cat’s been out of the bag for over a decade and rules are the surest way its members can find legal protection when third parties access consumers’ data. From the fintech industry’s perspective, it’s how they guarantee the ability to access consumers’ banking data upon request. The second is that there are certain principles for the protection of consumers’ data that inform the technology and governance used for exchanging that data with third parties and now factor into access agreements and data-sharing APIs built in-house by vendors or large financial institutions.
Open banking technology, at a high level, is the two-sided API: An app calls an API to pull in consumer data, which connects securely to an API offered by the financial institution. Early “open banking” infrastructure meant a fintech would call an API that would programmatically log into a consumer’s online bank account and scrape and return information. It wasn’t a robust or consistent way to collect data. Connections could break when banks updated their digital banking, and it wasn’t secure.
Technical standards for open banking APIs have now been developed by the private sector. One standard, under the Financial Data Exchange (FDX), an industry body, is the FDX API. Some banks and technology vendors have adopted APIs that use this standard, although they’re not necessarily universal.
The governance principles for US open banking sound a lot like GDPR and PSD2, with a focus on privacy, security, and consumer consent. Concerns that the fintech and banking industries seem to share are limitations on the data that a third-party app can access and the security of a customer’s information, behind the walls of the bank and in transit to or used by a third party. As part of that, APIs on the bank side have been popularized and the mechanisms for consumers’ control over their data are typically comprehensive. APIs for access to consumers’ data have certain security standards.
The growth of open banking payments in the US depends in part on the CFPB’s rule, which as proposed would mandate that financial institutions release data required to initiate payments from certain accounts. But they already exist in practice as API-initiated transactions based on authenticated account information. Aggregator fintechs pull account and routing data from a consumer’s account and feed that information to a payments processor to initiate a bank-to-bank payment. Those transactions typically run on the ACH network.
But the sheer scale of the US banking industry is a hurdle. As written, the CFPB’s open banking rule will require all financial institutions to comply with open banking. Instant payments are voluntary, and some financial institutions may not be interested — small budgets in addition to a huge dependence on vendors means that meeting the technical requirements could be onerous.
What instant open banking payments in the US could mean remains to be seen. For consumers, the promise is that setting up bank-to-bank payments will be easier, making them usable without a digital wallet for day-to-day commerce. For merchants, the promise is that those bank-to-bank transactions will be cheaper by eliminating the cost of the merchant discount or float from card payments. The US market has yet to mature to that point.
Tyler Brown is an author, speaker, and strategist who covers trends in global consumer finance. He's spent the last nine years as an industry analyst, first in buy-side equity research covering financial services followed by B2B research and consulting for the banking industry.
As the senior research analyst at CCG Catalyst, Tyler publishes industry research, commissioned thought leadership, and weekly articles on banking and fintech and leads research-based consulting engagements.