Markets Closed
Global Markets
S&P 500 7,515.34 ▼ -0.8% DOW 52,498.64 ▼ -0.3% NASDAQ 25,873.18 ▼ -1.6% RUSSELL 2K 2,953.17 ▼ -0.8% VIX 17.16 ▲ +14.2% GOLD 4,008.7 ▼ -2.3% CRUDE OIL 78 ▲ +9.2% EUR/USD 1.14 ▼ -0.1% BTC 62,032 ▼ -3.3% ETH 1,760.41 ▼ -3.1%
Fintech

US open banking fight centers on control of consumer financial data

Section 1033 of Dodd-Frank has become a key test of how the US balances data portability, bank security duties and fintech competition.

Ingrid Halvorsen

By Ingrid Halvorsen · Staff Writer

· 3 min read

The implementation of Section 1033 of the Dodd-Frank Act is becoming a central US open banking policy fight in 2026, according to Stanley Epstein, an associate at Citadel Advantage Group. Epstein wrote on Finextra that the outcome could shape competition between banks and fintech firms, determine how consumers share account data, and set the terms for broader open finance services.

Section 1033 gives consumers a right to access and share financial information with authorized third parties, Epstein said. The Consumer Financial Protection Bureau has been working to translate that statutory right into operational rules, drawing banks, fintech companies, regulators, legislators and consumer advocates into a dispute over security, cost, liability and market access.

From account data to portability

Epstein described open banking as a shift away from a model in which banks largely control the practical terms of access to customer information. In his account, the policy premise is that consumers should be able to direct their own financial data to trusted providers, rather than remain dependent on the institution that stores the information.

If implemented as Epstein outlined, banks would share specified data with licensed third-party providers through standardized application programming interfaces, or APIs, rather than through older methods such as screen scraping. APIs allow systems to exchange defined data sets through controlled connections, which can make access more reliable and easier to supervise than a third party collecting information from a user’s online banking screen.

For consumers, Epstein said, data portability could support budgeting tools, loan comparison services, personalized financial guidance, automated investing, tax preparation and easier movement between providers. For fintech firms, access to standardized data could reduce the need to strike separate bilateral arrangements with many banks.

Banks cite cyber risk and cost

Banks have raised objections on operational and security grounds, according to Epstein. He said financial institutions argue that each additional connection to an outside provider can increase exposure to fraud, identity theft and cyberattacks, even as banks remain responsible for protecting customer accounts and data.

Liability is another unresolved issue in Epstein’s analysis. If data is compromised after a consumer authorizes a fintech company to receive it, responsibility could fall into dispute among the bank that transmitted the data, the third party that received it and the consumer who gave consent.

Epstein also noted that banks question whether they should bear the infrastructure costs of building and maintaining secure data-sharing systems while competitors use those connections to develop commercial services. Some institutions have limited access or sought fees, he said, while fintech companies argue that such steps weaken competition and restrict consumer rights.

Regulatory patchwork and global examples

The debate extends beyond the CFPB, Epstein wrote. State privacy and data protection laws are adding compliance requirements across privacy, cybersecurity, consent, data retention and third-party risk management. He also pointed to rising regulatory scrutiny of banking-as-a-service arrangements, where regulated banks provide infrastructure behind fintech products.

Epstein said smaller banks and start-ups may face higher barriers if compliance costs rise. He contrasted the US debate with the UK and European Union, where open banking systems have developed over several years using standardized APIs, while still requiring adjustments to technical standards, governance, liability and cyber controls.

The next policy question, in Epstein’s view, is whether open banking broadens into open finance, covering mortgages, investments, pensions, insurance, credit cards, savings products and digital assets. He said artificial intelligence could use broader financial data sets to provide more personalized recommendations, while also increasing the need for privacy protections, clear consent and oversight of automated decision-making.

This story draws on original reporting from Finextra Research.

More from Fintech

All Fintech →