7 min read

What is Open Banking?

Your bank holds your financial data — but open banking says it belongs to you. Here's how the APIs, consent frameworks, and data aggregators behind open banking actually work, and why the US is only now catching up to the UK and Europe.
What is Open Banking?
Banks have always held your financial data. Open banking is the framework that says you can take it with you.
Payments & Fintech

What is Open Banking?

When you connect a budgeting app to your bank account, or allow a mortgage lender to verify your income directly from your bank statements, or use a fintech to pay a bill directly from your checking account — you are using open banking. It is one of the most significant structural shifts in retail banking in decades, and most people have never heard the term.

What Open Banking Is

Open banking is a framework that allows customers to authorize third-party applications to access their financial data and, in some implementations, initiate payments on their behalf — through secure, standardized programming interfaces called APIs.

The core premise of open banking is data portability: your financial data belongs to you, not your bank. If you want to share it with a budgeting app, a lender, or a payment service, the bank must provide a secure way for you to do so. The bank is the custodian of your data, not the owner.

This sounds simple, but it represents a fundamental shift in the power dynamic between banks and their customers. Historically, banks held customer data in proprietary silos — making it difficult for customers to switch banks, compare products, or use third-party services. Open banking dismantles those silos, at least in principle.

The Two Pillars of Open Banking

1. Account Information Services (AIS)

AIS covers read-only access to financial data. A third-party application — with the customer's consent — can retrieve account balances, transaction history, and other account data directly from the bank.

Use cases include:

  • Personal finance management apps (Mint, YNAB) aggregating accounts across multiple banks
  • Lenders verifying income and spending patterns for underwriting
  • Accountants accessing client transaction data for bookkeeping
  • Credit scoring models using real bank data instead of proxy indicators

2. Payment Initiation Services (PIS)

PIS covers write access — the ability to initiate a payment from a customer's bank account on their behalf, without going through a card network.

Use cases include:

  • Paying a merchant directly from your bank account at checkout — bypassing Visa or Mastercard
  • Rent payment apps initiating ACH debits on behalf of landlords
  • Tax payment services sending funds directly to the IRS from a customer's account
  • Business-to-business invoice payments initiated by accounting software

How It Works Technically

Open banking relies on APIs — Application Programming Interfaces — that banks expose to authorized third parties. The flow works like this:

Customer Grants consent Third-party app e.g. Mint, Plaid Bank auth server OAuth 2.0 / PKCE Bank API Account data / payments Bank core systems Account data, ledger 1. Login & consent 2. Access token 3. API request 4. Data fetch 5. Response 6. Data returned Customer never shares bank password with the third party — consent is granted via the bank's own login

Open banking API flow — the customer authenticates directly with the bank, which issues an access token to the third party.

The critical security feature of open banking is that the customer authenticates directly with the bank — not with the third-party app. The bank then issues a limited-scope access token to the third party. The third party never sees the customer's banking credentials.

Screen Scraping vs APIs — Why It Matters

Before open banking APIs existed, fintech apps accessed bank data through screen scraping — the customer gave the app their bank username and password, and the app logged in on their behalf and scraped the data from the bank's website.

Screen scraping works but it is deeply problematic:

  • The customer shares their full banking credentials with a third party
  • The third party has unrestricted access to the entire account
  • Banks have no visibility into or control over the access
  • It violates most banks' terms of service
  • It creates significant security and liability exposure

Open banking APIs replace screen scraping with a controlled, consent-based, credential-free access mechanism. The customer grants specific permissions, the bank issues a scoped token, and access can be revoked at any time.

Open Banking in the US vs the Rest of the World

The US approach to open banking differs significantly from other markets — and understanding this distinction is important.

UK and Europe — Mandated

The UK's Open Banking Standard (launched 2018) and the EU's PSD2 directive (Payment Services Directive 2) mandated that banks expose standardized APIs to authorized third parties. Banks had no choice. Compliance was required by regulation, timelines were set by regulators, and API standards were defined centrally.

The result: a highly developed open banking ecosystem in the UK and Europe, with thousands of regulated third-party providers and payment initiation services widely used by consumers and businesses.

United States — Market-Driven (until recently)

The US took a different path. There was no federal mandate for open banking until the Consumer Financial Protection Bureau (CFPB) issued Section 1033 of the Dodd-Frank Act rules in 2024 — requiring banks to provide customers with access to their financial data upon request and to share it with authorized third parties.

Before this rule, US open banking was driven by market forces — banks built APIs voluntarily, data aggregators like Plaid and Finicity (acquired by Mastercard) bridged the gap, and screen scraping remained common. The 1033 rule marks the US formally joining the mandated open banking framework, though implementation is phased over several years.

MarketApproachKey regulationStatus
United KingdomMandatedOpen Banking Standard / CMALive since 2018
European UnionMandatedPSD2 / PSD3Live since 2019
United StatesMarket-driven → mandatedCFPB Section 1033Rule finalized 2024
AustraliaMandatedConsumer Data Right (CDR)Live since 2020
BrazilMandatedOpen Finance BrazilLive since 2021

The Role of Data Aggregators

In the US, much of the open banking infrastructure is provided not by banks directly but by data aggregators — companies that sit between banks and third-party apps, normalizing data access across thousands of financial institutions.

The major players:

  • Plaid — the dominant US aggregator, connecting 8,000+ financial institutions to thousands of fintech apps. Used by Venmo, Robinhood, Coinbase, and hundreds of others.
  • Finicity — acquired by Mastercard in 2020, focused on lending and mortgage verification use cases
  • MX — focused on financial wellness and data analytics for banks and credit unions
  • Akoya — a bank-owned aggregator network, competing with Plaid as a bank-controlled alternative

Aggregators historically relied heavily on screen scraping. As banks build direct APIs, aggregators are transitioning to API-based connections — a shift accelerated by the CFPB's 1033 rule.

Open Banking Use Cases in Practice

Use CaseTypeExample
Personal finance managementAISMint aggregating all accounts in one view
Mortgage income verificationAISLender verifying 12 months of bank statements instantly
Account-to-account paymentPISPaying at checkout directly from bank account
Credit underwritingAISLender analyzing spending patterns for loan approval
Bank account switchingAIS + PISMoving direct deposits and recurring payments to a new bank
Business cash flow analysisAISAccounting software pulling transaction data automatically

What Banks Think About Open Banking

Banks have a complicated relationship with open banking. On one hand, sharing customer data with third parties that may compete with the bank's own products is not obviously in the bank's interest. On the other hand, banks that build good APIs attract fintech partnerships, improve customer retention through better integrated services, and position themselves as platform players rather than legacy institutions.

The strategic risk for banks is disintermediation — becoming the dumb pipe that holds the money while fintech companies own the customer relationship. Open banking makes this easier for fintechs to achieve. Banks that respond by building compelling products on top of their own data will compete. Banks that treat open banking purely as a compliance exercise risk losing the customer interface entirely.

The Bottom Line

Open banking is the infrastructure framework that gives customers control over their own financial data and enables a new generation of financial services built on top of bank account access. In the US it is evolving from a market-driven patchwork into a regulated framework under the CFPB's 1033 rule. For anyone working in retail banking, payments, or fintech, understanding what open banking enables — and the tension it creates between banks and the companies that want to build on their data — is increasingly foundational knowledge.


Enjoyed this? Subscribe to The Ledger Brief.

Clear explanations of banking and fintech concepts — written for people who work with financial systems.