The US open banking reset: fees, rule rewrites, and what the UK can teach

The US is rewriting its open banking rules just as major banks move to charge for data access and Visa retreats from US open banking. Here is what that means, and how Asima thinks the UK and EU playbook can help the US avoid a costly dead-end.

The US open banking reset: fees, rule rewrites, and what the UK can teach

What just changed

In late July, the Consumer Financial Protection Bureau (CFPB) told a federal court it would replace the Biden-era open banking regulations under an “accelerated” process, and the court paused ongoing litigation while that happens. The Bureau then kicked off a formal redo on 21 August, signalling it will revisit fundamental questions like who can access data on a consumer’s behalf and whether banks may charge fees to defray access costs.[1]

Days later, Visa closed its US open-banking unit, saying it will focus on Europe and Latin America, where rules mandate data sharing with licensed third parties. It was a telling vote for regulatory certainty abroad and against the current US patchwork.[2]

Meanwhile, JPMorgan signalled plans to charge data aggregators for customer-permissioned access, sparking pushback across fintech and crypto and sharpening the stakes of the CFPB’s rewrite. Coverage suggests fees could begin quickly and may be significant enough to reshape business models for aggregators and apps.[3]

Our take at Asima

We build regulated open banking infrastructure in the UK market, so our bias is clear: open banking works best when consumer-permissioned access is a right with proportionate, standardised APIs and clear liability, not a revenue toll controlled by the incumbent holding the data. The past month in the US reinforces three points.

1) Rules before revenue

Visa’s retreat looks less like a product decision and more like a regulatory arbitrage decision: invest where the rules are predictable and adoption is compounding. In the UK, regulators mandated standardised access under PSD2 and the CMA order, and the ecosystem is now mainstream - 15+ million users and more than 2 billion API calls in July 2025.[4]

By contrast, the US is debating who qualifies to access data and whether fees are payable to data holders. That is not a peripheral detail; it determines whether data portability is a consumer right or a paid privilege.[1:1]

2) ‘Cost recovery’ can become a competition weapon

Banks understandably incur cost to secure and deliver data. The question is how to recover cost without creating exclusionary tolls. If each large bank sets bespoke, volume-based fees for access, aggregators and app developers face high, fragmented costs and uncertain unit economics. That dulls competition and innovation before it starts. Reports on JPMorgan’s plans demonstrate why markets care: even rumoured fee schedules have moved fintech share prices and prompted public political interventions.[3:1]

The UK and EU avoided this trap by pairing mandated access and standardisation with obligations on consent, security, and liability, rather than monetising the data gate itself. It is not that no one pays; it is that competition happens on services built atop the rails, not on the right to touch the rails.[5]

3) Policy stability attracts investment

When a global network like Visa shifts its US posture while leaning into Europe and Latin America, it signals a risk-adjusted return judgment: deployment is easier where the regulatory surface area is stable. That carries a broader lesson for US policymakers: if the goal is safer data portability, more consumer choice, and better pricing, then durable rules beat discretionary deals.[2:1]

“The choice facing US policymakers is whether open banking becomes a consumer right or a paid privilege. The UK shows that when you treat portability as a right, adoption scales for everyone - banks, fintechs and consumers alike.”
~ Kieron James, CEO, Asima

What a better US framework could look like

Taking lessons from the UK and EU experience - and staying neutral on domestic politics - Asima believes a practical US framework should include:

  • Consumer primacy: Consumers can instruct access for free; any API cost recovery is reasonable, standardised, and non-discriminatory, with bans on tolls that chill small entrants. The 2024 rule set that direction; if it is being rewritten, preserve the principle even if mechanics evolve.[3:2]
  • Clear authorisation and liability: Define who can act as a consumer’s representative, require registration or certification for third parties, and allocate liability for misuse or breaches across data holders and accessors.[1:2]
  • Standardised, performant APIs: Interoperability is not a nice-to-have. As the UK shows, usage inflects when APIs are consistent and performant, which lowers integration cost and raises trust.[4:1]
  • Payments built on top: In the UK, variable recurring payments and account-to-account checkout are moving from pilots to production. The US should ensure the data rule complements instant-payment rails, so innovation shifts from screen scraping to safer, consented flows.[4:2]
“For compliance teams, the risk is clear: fees and fragmented standards create opacity, not trust. Stable, consistent rules help everyone - banks, regulators, and fintechs - know exactly where accountability lies.”
~ Carmen James, Head of Operations, Asima

Why this matters now

The CFPB has reopened the question set precisely as market behaviour is changing. If bespoke access fees proliferate before the rule lands, the US risks entrenching a two-tier system: privileged platforms that can afford the tolls, and everyone else slowed by cost and complexity. Conversely, a settled, balanced rule would attract Visa-like investment rather than repel it, and deliver real gains for consumers and merchants.[1:3][2:2][3:3]

At Asima, our position is simple. Consumers own their data; access should be portable, secure, and practical; and competition should happen on product quality, not on control of plumbing. The UK’s trajectory shows that when policymakers enforce those basics, usage scales and everyone - banks, fintechs, and customers - wins. The US can still choose that path.

Footnotes

  1. Reuters, US consumer finance watchdog says it will replace Biden-era 'open banking' regulations (29 July 2025). Link ↩︎ ↩︎ ↩︎ ↩︎
  2. Reuters, Visa closes US open-banking unit as data fight heats up, source says (22 August 2025). Link ↩︎ ↩︎ ↩︎
  3. Barron’s / Reuters coverage, JPMorgan plans to charge fintechs for data access (July 2025). Link ↩︎ ↩︎ ↩︎ ↩︎
  4. Open Banking Limited, Open banking surges to 15 million UK users as July marks record adoption (July 2025). Link ↩︎ ↩︎ ↩︎
  5. European Commission, Payment Services Directive (PSD2) framework overview. Link ↩︎

Kieron James

Recent posts