- Key insight: Despite the freeze on the CFPB’s mandate, major banks are moving forward with API partnerships to meet consumer demand and end unsecure practices.
- What’s at stake: Without a finalized federal rule, the industry is fiercely divided over whether banks should be allowed to charge “data tolls” for API access.
- Forward look: Observers expect the CFPB to initiate a new rulemaking process for Section 1033 in the coming weeks.
Overview bullets generated by AI with editorial review
Processing Content
Wednesday was meant to be the start of the regulatory rollout of open banking.
Turns out that was a fool.
April 1, 2026, marked the original deadline to comply with a landmark federal mandate requiring banks to share consumer financial data seamlessly with third-party developers.
Instead, the day has arrived with the open banking rule trapped in legal limbo, leaving the industry to navigate an ongoing transition without regulatory guidance.
Under the Consumer Financial Protection Bureau’s original Section 1033 rule, finalized in late 2024, banks holding over $250 billion in assets faced the Wednesday deadline to launch dedicated developer interfaces for data sharing. Many have done this already, of their own accord, to meet customer demand.
However, a federal judge paused that clock last year after banking groups, including the Bank Policy Institute and the Kentucky Bankers Association, sued the agency, and the Trump administration’s CFPB questioned its own funding mechanism.
The judge enjoined the CFPB from enforcing the mandate while the agency formally reconsiders the regulation.
The regulatory pause leaves bank executives at a crossroads. While the federal mandate is effectively frozen, the market is not.
Driven by consumer demand and the need to kill off unsecure data-gathering practices, many financial institutions have moved ahead with data-sharing partnerships with the likes of Plaid and other financial data aggregators.
Others remain in limbo amid the legal uncertainty, stalling their open finance initiatives as they wait to see what the Trump CFPB changes about the Biden CFPB’s proposed rule.
Observers privately say they expect the CFPB to start a new rulemaking process on 1033 in the coming weeks, but the exact timeline and content of the rule remains uncertain.
In the interim, the banking industry views the delay as a welcome reprieve from building compliance infrastructure for a rule that is actively undergoing substantial revision.
The pause allows banks to avoid investing time and resources into a flawed rule, and “consumers will continue to reap benefits achieved without regulation thanks to industry standard-setting, innovation and partnerships,” according to an October 2025 statement from Rob Nichols, president and CEO of the American Bankers Association.
Forging ahead: Market demand drives API adoption
Despite the paused federal rule, major banks continue to launch open banking partnerships to improve data security and the customer experience.
Last month, Truist Financial announced a data-access agreement with the financial data aggregator Plaid. The partnership transitions the bank’s customers to a secure, tokenized application programming interface, or API.
This connection eliminates the need for consumers to share their banking usernames and passwords with third parties. JPMorganChase, Wells Fargo, Citi and many other banks have signed similar agreements with data aggregators.
The two companies will also share risk indicators and data from their respective networks to help prevent fraud.
These types of partnerships expand API connectivity and advance “data-driven innovation, including shared intelligence, to provide clients with secure and convenient access to their accounts,” according to Christy Sunquist, head of open finance at Plaid.
The partnership is a strong signal that “real-world demand continues to be a strong driver in the U.S. market,” according to Eyal Sivan, a board member at the Financial Data Exchange, or FDX.
Sivan previously told American Banker that financial institutions are focusing on providing better, more reliable and more secure bank connectivity for their customers rather than simply reacting to pending CFPB rules.
Adopting an industry standard like the one FDX provides lowers the cost to build this infrastructure for banks, and “getting ahead of Section 1033 is a bonus,” he said.
The ongoing skirmishes: Screen scraping and integration friction
As financial institutions build out their dedicated developer interfaces, they are targeting screen scraping, an outdated practice in which data aggregators use consumers’ digital banking login credentials to access their online portals and copy data.
In November, Wells Fargo and PNC Bank told Trustly, a data aggregator, to stop screen scraping their customer data. Wells Fargo sent two cease-and-desist letters to Trustly in October demanding the company halt the practice and stop using the bank’s trademarked logos.
Both banks advised Trustly to transition to application programming interfaces through Akoya, their data-sharing vendor.
Trustly did not respond at the time to American Banker’s requests for comment. While the aggregator stopped using Wells Fargo’s trademarked logos as demanded, it has continued to screen scrape the bank’s customer data.
The push to end screen scraping extends beyond individual bank actions. Akoya, a data access network, recently urged the CFPB to implement an outright ban on the practice.
Failing to ban screen scraping leaves a dangerous loophole, allowing third parties to bypass regulatory requirements and bank oversight, according to an October comment letter Akoya submitted to the CFPB.
The network said that, without a ban, data providers must build expensive API infrastructure while their customers remain exposed to the systemic risks of screen scraping.
To pay for that infrastructure, Akoya has argued that banks should be allowed to charge so-called data tolls to recover the compliance costs that come with open banking requirements.
The fight over data tolls
The most contentious battle in the open finance transition centers on who pays for the digital infrastructure.
JPMorganChase recently established a massive precedent by implementing data access fees, culminating in a renewed agreement where the data aggregator Plaid will compensate the bank to access its secure developer interface.
Financial institutions argue that they bear a heavy financial burden to build and secure these connections. The American Bankers Association strongly supports the ability of data providers to charge fees for the services they afford to data recipients, noting that banks incur substantial costs to develop, maintain and safeguard the data pipelines.
Some data networks are on board. Akoya submitted a comment to the CFPB in October saying that data providers (i.e., banks) “should be able to charge reasonable fees to promote investment in expensive open banking infrastructure.”
However, the financial technology industry is fiercely resisting these new data tolls, raising concerns that such tolls could price data aggregators out of the market.
“The nation’s largest banks want to roll back open banking, weaken consumer financial data sharing, and crush competition to protect their position in the marketplace,” according to a public letter to the CFPB from a number of trade associations, including the Financial Technology Association, which represents fintechs.
The trade groups warned the Trump administration that allowing banks to charge for access lets them pass operating costs onto consumers and competitors, which ultimately undermines consumer choice.
All eyes are now on the CFPB as it rewrites the Section 1033 rule with a skeleton staff. The agency’s decision on data tolls will ultimately dictate the financial realities of data sharing for U.S. banks.
