Open Banking in 2026: How Your Financial Data Moves
A clear guide to open banking in 2026 — what it is, how the APIs work, the global regulations (PSD2, Section 1033), the data-toll debate, benefits, and risks.
Fintech · Global · 2026-07-12 · 8 min read · By John Awab
For decades, your bank held your financial data in a walled garden. If you wanted a budgeting app to see your transactions, it had to log in as you — screen-scraping your data with your own password. Open banking upends that model. Instead of handing over your credentials, you grant a trusted app secure, permissioned access to specific data through a standardized connection — a digital handshake you can revoke with one tap. This quiet infrastructure shift is reshaping finance across more than 60 countries.
This guide explains what open banking is, how it works technically, the global regulatory landscape, the fierce debate over "data tolls," the benefits, and the risks. (This is general educational information, not financial advice.)
What Is Open Banking?
Open banking is a system that lets consumers securely share their financial data — and in some cases authorize payments — with licensed third-party providers through standardized application programming interfaces (APIs), with their explicit consent. The core principle is simple but radical: you own your financial data, and you should be able to share it with whatever authorized service you choose, rather than having it locked inside your bank.
It has two key components: data access rights (authorizing an app to read your account information, typically read-only) and payment initiation (allowing a third party to move money directly from your account on your instruction). Together, these dismantle the data monopolies banks have held for decades and open the door to a wave of competition and innovation.
How Open Banking Works
Technically, open banking relies on familiar software building blocks used in a new way. APIs let banks expose specific data to outside parties in a structured, secure format. OAuth-style consent screens let you authorize access without ever sharing your password. Token vaults store secure access tokens instead of credentials, and audit logs track every access. The novelty is that banks now expose these interfaces to third parties under a customer's instruction, rather than keeping them private.
Crucially, this replaces screen scraping — the old, insecure practice where an aggregator used your login credentials to access your online banking and copy data. Open banking substitutes token-based, permissioned access, which is far more secure and reliable. Sitting in the middle are data aggregators — companies like Plaid, MX, Finicity, and Akoya — that verify data and connect banks to the apps you use, abstracting away the differences between thousands of institutions.
Security is layered: Strong Customer Authentication (two-factor or biometric verification) is required for each new consent, and data minimization principles limit what any app can pull to exactly what you authorized — nothing more.
The Global Regulatory Landscape
Open banking has advanced unevenly across the world, driven by two different models — regulatory mandate versus market-led adoption:
- Europe pioneered the mandate approach with PSD2 in 2018, requiring all banks to provide APIs, and is now finalizing its next-generation PSD3 and a broader "open finance" framework (FIDA) extending to insurance, pensions, and investments.
- The United Kingdom went furthest, with standardized APIs and the world's highest adoption rates — consumers now make millions of open banking payments monthly.
- Brazil, India, and Australia built ambitious frameworks; India's Account Aggregator network covers billions of accounts, and Brazil processes billions of API calls monthly.
- Canada is rolling out a government-mandated framework in phases.
In total, more than 60 countries now have open banking or open finance regimes — though actual consumer usage still lags well behind the regulatory mandates.
The US: Regulation in Limbo
The United States took a different path — open banking grew bottom-up through aggregators like Plaid before regulators formalized it. That formalization is now in extraordinary flux. The Consumer Financial Protection Bureau finalized its Section 1033 rule (implementing part of the Dodd-Frank Act) in October 2024, requiring banks to share consumer-permissioned data via free APIs, with compliance set to phase in by institution size starting April 2026.
But the rule was immediately challenged in court by banking industry groups. A federal court blocked enforcement before the first deadline. The CFPB then announced it intends to revise or even withdraw the existing rule and start a new rulemaking process. The result is a strange limbo: the rule technically exists but is unenforceable, and a new rulemaking is underway with an uncertain outcome.
Yet the market hasn't waited — driven by consumer demand and the need to kill off insecure screen scraping, major banks like Truist have pushed ahead with API partnerships, and some (Wells Fargo, PNC) have issued cease-and-desist demands against aggregators still scraping their data. Meanwhile, states like New York have introduced their own open banking legislation. The direction is clear even if the federal path is tangled.
The Data-Toll Debate
One issue has moved to the center of the fight: should banks be allowed to charge for data access? The original Section 1033 rule prohibited banks from charging fees for sharing covered consumer data. But banks argue that supporting secure, high-volume APIs is costly — especially when third parties make enormous numbers of automated requests — and some, notably JPMorgan Chase, have signaled they intend to charge aggregators "data tolls," with the highest fees aimed at payment and lending apps that compete most directly with bank products.
This debate reflects the deeper fintech-versus-bank tension. Fintechs generally favor free, open access (it fuels their business models and competition), while banks argue they shouldn't have to bear the cost and risk of building infrastructure that primarily benefits competitors. Reasonable arguments exist on both sides — one frames free access as essential consumer choice and competition, the other as an unfunded mandate with liability and security gaps. If pricing flexibility wins in the final rule, open banking could split into a tiered system: free commodity data and premium paid data.
The Benefits
For consumers and businesses, open banking unlocks real advantages. Simpler money management — budgeting apps automatically categorize spending across all your accounts. Faster lending — lenders can verify income and cash flow in minutes instead of requesting pay stubs, and price offers against real financial behavior rather than a credit score alone. Cheaper payments — account-to-account transfers ("pay-by-bank") can bypass card networks, reducing fees for merchants and potentially consumers. More competition — new entrants can compete on product quality without needing decades of branch networks. And greater control — you see and manage exactly who has access to your data.
The Risks and Challenges
Open banking also raises genuine concerns. Data privacy and security top the list — sharing financial data across more parties expands the attack surface, and consumers worry about how their data is used. Consent fatigue is real, as people click through authorizations without fully understanding them. Liability remains contested — who is responsible if data shared through the system is breached or misused? Fragmentation burdens providers, who must integrate with inconsistent standards across jurisdictions. And competitive risk means banks may design APIs to share the bare minimum of data while keeping the most valuable insights proprietary.
Toward Open Finance
The clear trajectory is from "open banking" toward "open finance" — extending data portability beyond bank accounts to investments, mortgages, pensions, insurance, and more. Europe's FIDA framework explicitly aims for this, and the logic is compelling: if your bank data can be portable and composable, why not your entire financial life?
Alongside this, watch for the rise of pay-by-bank checkout (potentially resetting online payment economics), variable recurring payments for subscriptions and bills, and embedded finance — financial services woven directly into non-financial apps and experiences. The infrastructure being built for open banking is the foundation for all of it.
Conclusion
Open banking is quietly rewiring the financial system — replacing walled gardens and insecure screen scraping with secure, consented, API-driven data sharing that puts consumers in control of their own financial information. It powers simpler budgeting, faster lending, cheaper payments, and fiercer competition, and it's spreading across more than 60 countries through both regulatory mandates and market demand.
In 2026, the story is one of momentum amid uncertainty: Europe advances toward open finance while the US navigates a tangled legal battle over its Section 1033 rule and a pivotal fight over whether banks can charge for data. However the "data toll" debate resolves, the underlying shift is durable — financial data is becoming portable and services composable. Understanding open banking reveals the invisible infrastructure increasingly shaping how everyone interacts with money. As always, this is general educational information, not financial advice.
Want more? Explore AxionSquare for ongoing coverage of open banking, digital payments, embedded finance, and the future of money.
What is open banking?
Open banking is a system that lets consumers securely share their financial data — and sometimes authorize payments — with licensed third-party providers through standardized APIs, with explicit consent. Its core principle is that you own your financial data and should be able to share it with authorized services you choose, rather than having it locked inside your bank.
How does open banking work?
It uses APIs to let banks share specific data securely, OAuth-style consent screens so you authorize access without sharing your password, and secure tokens instead of credentials. This replaces insecure "screen scraping." Data aggregators like Plaid connect banks to the apps you use, and Strong Customer Authentication adds security.
Is open banking mandatory in the US?
It's in flux. The CFPB finalized its Section 1033 rule in 2024 to mandate open banking, but a federal court blocked enforcement after banks sued, and the CFPB is revising or withdrawing it. So the federal mandate is effectively frozen, though many banks are adopting open banking voluntarily due to consumer demand, and some states are introducing their own rules.
What is the "data toll" debate?
It's the fight over whether banks can charge fees for sharing consumer data. The original rule prohibited fees, but banks argue supporting secure, high-volume APIs is costly and some (like JPMorgan) want to charge aggregators. Fintechs favor free access to fuel competition. The outcome could split open banking into free commodity data and premium paid data.
What are the benefits and risks of open banking?
Benefits include simpler money management, faster lending (verifying income in minutes), cheaper account-to-account payments, more competition, and greater control over your data. Risks include data privacy and security concerns, consent fatigue, unclear liability if data is breached, and fragmentation across inconsistent standards and jurisdictions.