Open banking has taken the world by storm, transforming how financial data is shared and utilised. Now, with the passage of the Personal Financial Data Rights Rule (PFDR) under Section 1033 of the Dodd-Frank Act, the US is making its official leap into open banking. Passed by the Consumer Financial Protection Bureau (CFPB) on 22 October 2024, this groundbreaking legislation positions the US to follow in the footsteps of global pioneers in open banking initiatives, such as the UK, EU, and Australia.
Open banking has taken the world by storm, transforming how financial data is shared and utilised. Now, with the passage of the Personal Financial Data Rights Rule (PFDR) under Section 1033 of the Dodd-Frank Act, the US is making its official leap into open banking. Passed by the Consumer Financial Protection Bureau (CFPB) on 22 October 2024, this groundbreaking legislation positions the US to follow in the footsteps of global pioneers in open banking initiatives, such as the UK, EU, and Australia.
For identity security professionals, this legislative shift offers opportunities—and challenges. Not only must businesses align with strict standards, but they must also prioritize robust identity and access management (IAM) to protect data—making their role more central than ever.
This blog explores the implications of the US entering the open banking ecosystem, the global context of this movement, and why safeguarding consumer identity should be a top priority.
What is Open Banking?
At its core, open banking enables consumers to securely share their financial data with third-party financial service providers, such as fintech apps. This data-sharing system allows consumers to access innovative products and services tailored to their financial needs, spurring competition and innovation in the financial industry.
Open banking gives consumers greater control and options for managing their finances while promoting a more customer-centric financial landscape. However, this revolution, while exciting, naturally raises concerns about identity protection and data access—particularly in the US, where the framework is in its early stages.
Open banking around the world
The US may be new to the open banking landscape, but countries like the UK and Australia have set strong precedents with thriving ecosystems already in place.
Global leaders in open banking include:
- European Union (PSD2 – 2016): The EU’s Payment Services Directive 2 introduced open banking regulations to promote competition and innovation in financial services.
- United Kingdom (CMA/Open Banking API Standards – 2016): The UK established robust API and security standards through the Open Banking Implementation Entity (OBIE).
- Australia (Consumer Data Rights Act – 2018): Focused on citizen control over data, Australia introduced competitive consumer-focused data sharing.
- Hong Kong (Open API Framework – 2018): Launched to standardise data sharing among financial institutions and fintechs.
Other nations, including Canada and Brazil, are now working to establish their own open banking ecosystems.
The potential of open banking
Experts forecast a promising future for open banking. Globally, the industry is projected to grow from $25.14 billion in 2023 to $135.17 billion by 2030, reflecting a CAGR of 27.4% according to Grandview Research.
In Europe, the open banking market was valued at $6.14 billion in 2020 and is expected to reach $48.30 billion by 2030, growing at a CAGR of 23.18% from 2021 to 2030 (Allied Market Research). The UK has emerged as a global leader in open banking adoption. Since 2021, daily API calls have surged from 32.4 million to 56.4 million in 2023. As of October 2023, £4.5 billion in payments were processed via open banking, with key use cases including tax payments accepted by HMRC and charitable donations.
As the sector continues to evolve, open banking is not only reshaping financial ecosystems but also unlocking transformative opportunities for businesses and consumers alike.
US Open Banking & Regulatory Timelines
The Personal Financial Data Rights Rule (PFDR) mandates US financial institutions to provide consumers and authorised third parties with access to financial information like account balances, transaction histories, and verification.
The rollout follows a phased timeline based on institution size:
| Tier | Criteria | Implementation Date |
| 1 | >$250 billion in assets or >$10 billion in receipts | 1st April 2026 |
| 2 | $10b – $250 billion in assets | 1st April 2027 |
| 3 | $3b – $10 billion in assets | 1st April 2028 |
| 4 | $1.5b – $3 billion in assets | 1st April 2029 |
| 5 | $850m – $1.5 billion in assets | 1st April 2030 |
This phased approach ensures a smoother transition for smaller institutions, allowing for incremental adoption across diverse markets.
Standards & The Need for Consistency
Unlike some regions that have adopted fragmented approaches, the US is prioritising standardisation to expedite open banking adoption. Organizations like the Financial Data Exchange and the Digital Governance Standards Institute have already started applying to become official standard-setters.
ProofID strongly advocates for the use of open standards like OAuth2, OpenID Connect, and FAPI2 to ensure seamless interoperability and heightened security. These standards are already recognized globally, providing assurance and scalability for robust open banking ecosystems.
Identity at the Core of Open Banking
At the heart of open banking lies identity security. Strong IAM practices ensure that consumers retain control over their financial data, protecting both their sense of trust and financial well-being.
Core components of IAM in open banking include:
Leading Through Innovation and Trust
As the US embraces open banking, identity security professionals have a unique opportunity to lead. By implementing advanced IAM frameworks, leveraging proven security standards, and fostering a consumer-first mindset, financial institutions can set a strong foundation for trust, innovation, and growth.
ProofID is here to help you navigate this new landscape. Whether designing IAM solutions or managing compliance across complex ecosystems, we specialize in securing identities in the most challenging environments. Let’s work together to shape the future of open banking.
Learn how ProofID helped Tesco Bank secure customer experiences and drive innovation through open banking. Read more.
Be the first to hear about news, product updates, and innovation from proofid
