Open banking has reshaped how consumers and businesses interact with financial institutions. At its core, it’s about empowering individuals to control and share their financial data securely with trusted third-party providers, enabling better budgeting tools, faster loan approvals, and more competitive services.
But not every region has embraced open banking in the same way. Europe, through its landmark PSD2 (Payment Services Directive 2), set a regulatory standard. The United States, by contrast, has long lacked a comprehensive open banking law, leaving the market to evolve on its own.
This blog compares the impact of the EU’s structured approach with the US’s market-driven evolution, highlighting key lessons and future implications.
Understanding the Two Models
The EU: PSD2 and a Regulated Framework
- Mandate: PSD2 legally requires banks to grant licensed third-party providers (TPPs) secure access to customer account data, with the customer’s consent.
- Scope: Applies to payment accounts across all EU member states.
- Security: Introduced Strong Customer Authentication (SCA) to reduce fraud and standardize safety.
- Standardization: Encouraged the development of common API frameworks (like the Berlin Group).
The result: A level playing field, where banks, fintechs, and consumers operate under consistent, enforceable rules.
The US: Market-Led Open Banking (Until Recently)
- No federal mandate: Banks were not required to share data; instead, fintechs often relied on “screen scraping,” using customers’ login credentials to access their accounts.
- Private agreements: Data aggregators like Plaid and Yodlee negotiated access deals with banks individually.
- Fragmented regulation: A patchwork of state and federal agencies governs financial services, creating complexity.
- New developments: The Consumer Financial Protection Bureau (CFPB) finalized its Personal Financial Data Rights rule (under Section 1033 of the Dodd-Frank Act) in late 2024 — the US’s first major step toward formal open banking.
The result: Innovation flourished, but without consistent safeguards or universal access, leading to uneven user experiences and security concerns.
Key Differences and Their Impacts
| Aspect | EU (PSD2) | US (Pre-Rule) |
|---|---|---|
| Legal Requirement | Yes, banks must provide access | No, voluntary and negotiated |
| Security Standards | Strong Customer Authentication | Variable, often weaker |
| Technical Standards | Multiple API frameworks | Proprietary, aggregator-driven |
| Market Consistency | High within the EU | Fragmented, bank-by-bank |
| Innovation Pace | Controlled, steady | Fast, but uneven |
| Consumer Protection | Legally enforced | Largely dependent on provider |
Impact on Consumers
- EU: Consumers gained confidence that third-party apps are regulated, safe, and widely available. But user experience varies by country and bank.
- US: Consumers enjoyed rapid innovation — budgeting, investing, and lending apps thrived — but often at the expense of transparency, privacy, and security.
Impact on Banks
- EU: Banks had to open their systems, increasing competition. Some used it as an opportunity to build their own APIs and partnerships; others viewed it as a regulatory burden.
- US: Banks maintained more control over data access, which slowed standardization but preserved competitive leverage over fintechs.
Impact on FinTech Companies
- EU: Clear regulatory paths allowed fintechs to plan and scale across borders, though they had to deal with technical fragmentation and compliance costs.
- US: Low initial barriers enabled rapid growth, but lack of certainty in data access agreements created risk, especially for startups without strong banking partners.
Lessons Learned
- Regulation Shapes the Playing Field
A mandate like PSD2 creates predictable conditions for all players, but can slow experimentation. A market-led model fosters innovation but can compromise safety and fairness. - Standardization Improves User Experience
Where APIs are consistent, onboarding is smoother, authentication is less confusing, and trust grows faster. - Security Cannot Be Optional
The US experience with screen scraping exposed vulnerabilities. Secure, token-based APIs are now becoming the norm in both regions. - Consumer Trust Drives Adoption
Users will only share sensitive financial data if they feel confident in the privacy, control, and value of doing so.
Looking Ahead: Convergence on the Horizon?
The US is now moving closer to Europe’s regulatory approach, while Europe is broadening PSD2 into open finance under PSD3 and the Financial Data Access (FIDA) framework. Both regions seem to be converging on common principles:
- Consumer control: Data belongs to the individual, not the institution.
- Secure, standardized APIs: Reduce risk while improving reliability.
- Ecosystem collaboration: Banks, fintechs, and regulators working together to balance innovation with protection.
For businesses operating on both continents, the emerging challenge will be adapting to two maturing but distinct ecosystems. For consumers, the future likely means more choices, safer access, and a growing suite of personalized financial tools.
Conclusion
The EU’s PSD2 demonstrated how clear regulation can unlock competition while protecting consumers. The US, historically slower to legislate, showed how market forces can rapidly drive innovation — but at the cost of consistency and safety.
As the US implements its new data rights rule and Europe transitions toward open finance, the two approaches are beginning to align. The ultimate goal remains the same: empower individuals, enhance competition, and modernize financial services for a digital-first world.