Banking is no longer just about branches, checks, and wire transfers. Over the past decade, a quiet revolution has changed the plumbing of financial services: open banking. This term describes a system where banks let consumers (and businesses) share their financial data securely with other service providers, often through standardized application programming interfaces (APIs).
In practice, it means you can link your bank account to a budgeting app, switch banks without filling out endless forms, or get a loan offer from a lender that already knows your financial profile — all with your consent. It also means banks no longer have a monopoly over account data. But how this works depends heavily on where you live.
In the United States, the United Kingdom, and the European Union, regulators have taken very different routes to the same destination. If you’re a consumer, a fintech founder, or an incumbent bank, the differences matter. Here’s a deep dive into how open banking regulations compare across these three major markets.
Understanding Open Banking
Before diving into regional differences, let’s pin down what open banking actually is.
At its core:
- Consumer-permissioned data sharing: You, not your bank, decide who gets access to your transaction history, balance, or other account details.
- Standardized, secure connections: Instead of giving your password to a third-party app (a practice called screen scraping), banks provide APIs — digital gateways that safely deliver the data.
- Competition and innovation: With more players able to offer financial services, consumers gain better products, lower fees, and new experiences.
Regulators see open banking as a way to stimulate competition, protect consumers, and support digital transformation in finance. But regulatory philosophies differ.
The European Union: PSD2 and Beyond
The EU’s journey began with the original Payment Services Directive (PSD) in 2007, designed to create a single market for payments. The revised version, PSD2, adopted in 2015 and implemented by 2018, went further. It explicitly required banks to open up access to account data and payment initiation to licensed third-party providers.
Key features of the EU model:
- Legal mandate: Banks must provide access. No negotiations, no voluntary arrangements.
- Scope: Applies to all payment account providers across the 27 member states.
- Security: PSD2 introduced Strong Customer Authentication (SCA), requiring two-factor (or more) authentication for most electronic payments.
- Supervision: National regulators enforce PSD2, coordinated by the European Banking Authority (EBA).
Benefits:
- Clear rights for fintechs to access bank data.
- Consumer protections baked into law.
- Cross-border potential: A fintech licensed in one EU country can operate across others.
Challenges:
- Fragmentation. Each member state interprets PSD2 slightly differently.
- Technical inconsistency. Multiple API standards (Berlin Group, STET, proprietary) lead to uneven user experiences.
- Limited beyond banking. PSD2 covers payments and accounts, but not investments, insurance, or pensions.
The EU is now planning PSD3 and the Financial Data Access (FIDA) framework to broaden open banking into “open finance” — a more holistic data-sharing regime.
The United Kingdom: Standardization and Speed
The UK was part of the EU when PSD2 was passed but layered on its own competition agenda. In 2016, the Competition and Markets Authority (CMA) ordered the nine largest banks (the “CMA9”) to adopt a common API standard and share data with authorized third parties. This mandate led to the creation of the Open Banking Implementation Entity (OBIE), tasked with defining technical standards, security protocols, and even customer experience guidelines.
Key features of the UK model:
- Mandatory for the biggest banks: The CMA9 had to comply, but others followed voluntarily.
- Unified technical standard: All banks use the same API specification, ensuring consistent performance.
- Central registry: The Financial Conduct Authority (FCA) authorizes and lists all third-party providers.
- Consumer-centric design: Consent flows, authentication screens, and error handling follow common rules, reducing confusion.
Benefits:
- Fast adoption. Millions of UK consumers now use open banking services daily.
- High trust. Clear rules and standardization reduce perceived risk.
- Innovation ecosystem. London’s fintech scene has thrived, attracting capital and talent.
Challenges:
- Limited scope. The CMA order applied to current accounts; expansion to mortgages, savings, and pensions requires new regulatory work.
- Profitability concerns. Some fintechs struggle to monetize open banking services sustainably.
- Brexit complexity. UK and EU regimes now diverge, adding compliance burdens for cross-border firms.
The UK is actively exploring open finance and a Smart Data framework to extend data portability across sectors.
The United States: From Market-Led to Regulated
Until recently, the US had no open banking regulation. Data sharing emerged through bilateral contracts between fintechs and banks, often intermediated by aggregators like Plaid, Yodlee, or MX. Most connections relied on screen scraping: fintechs logged in on behalf of users, mimicking browser sessions to collect data.
Recognizing the risks and inefficiencies, the Consumer Financial Protection Bureau (CFPB) invoked its authority under Section 1033 of the Dodd-Frank Act. In late 2024, it finalized the Personal Financial Data Rights rule, which:
- Gives consumers a right to access and share their financial data in a usable electronic form.
- Requires banks to provide secure, standardized API access to covered data.
- Phases in compliance based on institution size — largest first, smallest later.
- Allows industry standards (e.g., Financial Data Exchange, FDX) to define the technical details rather than imposing a government-built API.
Benefits:
- Brings clarity and legal backing to data sharing.
- Reduces reliance on insecure screen scraping.
- Stimulates competition among banks, fintechs, and technology providers.
Challenges:
- Fragmented oversight. The US has multiple federal and state regulators; harmonizing them is complex.
- Legal uncertainty. Banks and trade groups may challenge parts of the rule, potentially delaying implementation.
- Timeline. Full coverage may take years, leaving uneven consumer experiences in the meantime.
Unlike the EU and UK, the US model is more principles-based than prescriptive. It sets rights and obligations but leaves technical architecture to the market.
Side-by-Side Comparison
| Feature | European Union (PSD2) | United Kingdom (CMA + PSD2) | United States (CFPB Rule) |
|---|---|---|---|
| Legal basis | EU directive (PSD2) | PSD2 + CMA order | Dodd-Frank Section 1033 |
| Mandate | Yes, all payment account providers | Yes, largest banks (others voluntary) | Yes, phased by institution size |
| Technical standard | Multiple (Berlin Group, STET) | Single (OBIE) | Industry-developed (e.g., FDX) |
| Scope | Payments & accounts | Current accounts (expanding) | Broad consumer financial data |
| Security | Strong Customer Authentication | Strong Customer Authentication | Left to standards (must be “secure”) |
| Adoption (2025) | Medium, uneven | High, widespread | Early, emerging |
| Future direction | PSD3, open finance (FIDA) | Smart Data, open finance | Refinement, legal stabilization |
Impact on Stakeholders
Consumers
- EU: Strong rights and protections, but user experience varies by country and bank.
- UK: Smooth, predictable experiences; growing range of apps and services.
- US: In transition — opportunities emerging, but caution needed as rules roll out.
Fintech Companies
- EU: Pan-European passports are attractive, but local quirks raise costs.
- UK: Ideal sandbox; predictable rules help startups scale quickly.
- US: Enormous market potential; regulatory clarity may unlock innovation, but legal uncertainty can spook investors.
Banks
- EU: Compliance complexity; competition pressure.
- UK: Required investments in APIs already paid off in resilience and customer engagement.
- US: Balancing defensive legal strategies with the need to modernize infrastructure.
Emerging Themes Across Regions
- Shift from open banking to open finance: All three regions are contemplating broader data sharing beyond payments and deposits.
- Interoperability matters: Fragmented standards slow innovation and frustrate users.
- Security vs. convenience: Regulators wrestle with balancing robust authentication and frictionless customer experiences.
- Business models still evolving: Data access is free or capped by law in many regions, forcing fintechs to seek revenue in adjacent services.
Looking Ahead: Convergence or Divergence?
Will the US, UK, and EU eventually converge on a common approach? Probably not fully — regulatory cultures, market structures, and political priorities differ too much. But we can expect:
- Technical convergence: As global players demand consistent APIs, industry standards may align.
- Cross-border services: Multinational fintechs will build abstraction layers to smooth local differences.
- Consumer expectations: Once people experience seamless data portability in one market, they’ll demand it everywhere.
In the end, open banking is not about technology alone. It’s about trust: trust that consumers control their data, trust that systems are secure, and trust that competition benefits everyone, not just the fastest movers. The US, UK, and EU are writing different chapters of the same story — a shift from closed, bank-centric finance to open, consumer-centric ecosystems.