The Financial Brand
Strategic insights for growth-focused banking leaders.

Open Banking Isn’t Dead. The Battle Over Regulation 1033 Now Pits Banks vs. Fintechs

By Steve Cocheo, Senior Executive Editor at The Financial Brand

Published on June 18th, 2025 in Banking Technology

Simple Subscribe

Subscribe Now!

Stay on top of all the latest news and trends in the banking industry.

Consent Granted*

Executive Summary

  • In a twist, the Trump CFPB joined banking groups in a court case to kill its own Dodd-Frank Section 1033 regulation on open banking and data sharing. Meanwhile, a major fintech group won the right to defend the old CFPB’s regulation.
  • The case will likely drag on past mid-2025, barring an unforeseen event. If the original rule dies, will CFPB’s new management draft a limited take on the 1033 regulation, which it is legally required to address?
  • What can banks below the mega class do in the meantime? Keep moving forward with compliance, but use the exercise as an opportunity to clean up your bank’s own data act.

Not long after the 2024 presidential election, a panel of open banking experts at a big bank payments gathering in Manhattan was asked if the Trump victory would change the timing or the tenor of the Consumer Financial Protection Bureau’s implementing its take on the 2010 Dodd-Frank Act’s Section 1033.

The Act was the same law that established the CFPB itself. The bureau had taken over a dozen years to propose the open banking regulation, publishing the draft in October 2023. After a process that included receipt of approximately 11,000 comment letters, not much had changed in the final version. The industry faced a tight adoption schedule, with some allowance for smaller institutions.

The day the final regulation was published, banking industry interests sued immediately to stop the implementation. But few were betting that victory was likely.

Not all of the panelists agreed on the outlook, but one speaker ventured something like this: “This train is way too far down the tracks. They’re not going to stop this one. Get to work complying with it.”

Famous last words?

The Open Banking/1033 Switcheroo

At the time of the panel discussion, no one knew how drastically the Trump administration would gut the CFPB and cancel, pause, reverse and otherwise upend the Biden CFPB’s actions and agenda.

In an article about the situation at the time and the potential for change,The Financial Brand noted that “Certain late-stage regulatory moves in the [first term] Trump years were paused and killed when President Biden took office, so it’s not inconceivable.” Understatement, in retrospect.

For open banking and Section 1033 regulation, the result was even more bizarre. Essentially the CFPB switched sides.

The very day that the Biden CFPB unveiled its final rule in October 2024, the Bank Policy Institute, the Kentucky Bankers Association, and Forcht Bank, a Lexington, Ky., institution with $1.5 billion in assets, sued in the U.S. District Court for the Eastern District of Kentucky to set aside the CFPB’s rule.

Long story short, under its new acting management, and after a stay in the case to find its new bearings during which the district court judge extended compliance deadlines, the CFPB asked the court in early June to kill its own regulation. It joined the bank side to ask for summary judgment, to kill the reg.

That might have been the end of the matter.

Except for this: The conflict between traditional banking and fintechs, widely seen as the main corporate beneficiaries of the regulation, has been characterized as a “cold war.” In February, the Financial Technology Association, a leading fintech trade group, filed to intervene in the case and become a defendant. (It cited concerns that the CFPB might not continue to defend its rule — which it didn’t.) In other words, it stood up to defend the regulation, even though the bureau abandoned it after the smoke cleared. In mid-May, District Judge Danny Reeves approved the request, accepting, among other points, that the fintech members of the association had a stake in the fate of the open banking rule.

Having approved that, Judge Reeves later did not approve FTA’s request for an extension of time for filing a brief regarding the other side’s request for summary judgment. So its brief is due June 29, with more legal wrangling to come.

The ultimate fate of the 1033 reg is therefore uncertain and will be for some time. Conceivably, even if it somehow survives the court process, the bureau’s current management could simply decide not to enforce it. There’s already precedent for the new bureau explicitly not making a priority of existing regs. And there’s precedent for Trump officials to disrespect federal judges. (Reeves was appointed by President George W. Bush.)

However, the fate of the reg and that of open banking in the U.S. are only partially intertwined. Even if the final result supports the banks — and now the CFPB — writing the obituary on open banking would be premature.

In a mid-June client update, attorneys at Morrison & Foerster LLP indicated that if the case ultimately results in striking down the 1033 regulation, that’s not the end.

“The CFPB will still have a statutory obligation to rewrite the 1033 rule, albeit likely with a narrower scope,” the paper says. Thus far, it continues, it can’t be discerned if the new CFPB would lean toward only addressing a customer’s access to their data or if it would also cover access for third-party providers that have the consumer’s OK. If the bureau goes as far as that, it might impose limitations on secondary use of the data the third parties obtain.

“It may follow that a rewritten 1033 rule that acknowledges third-party access would limit third-party access to data usage that more directly benefits the interests of the individual consumer,” Morrison & Foerster say.

Read more: Why Banks Can Lead — and Win — the Open Banking Revolution

-- Article continued below --

A Taste of the 1033 Court Case

One thing both sides of the court case agree on is that financial services have evolved drastically, such that people with accounts at fintechs and at traditional institutions can readily ask to have the bank provide data to the third party on the consumer’s request. (As written, the regulation covers only certain types of bank relationships.)

“The rule arises out of the recent explosion in new ways that consumers can organize, analyze, and deploy their financial assets,” said the banks in a motion. “Thanks to rapid technological advances, thousands of companies now offer products or services that involve access to or use of consumers’ bank accounts.”

Said the FTA: “The ability to control and share financial data empowers consumers with more efficient and convenient ways to manage their finances, and allows consumers to explore tailored, cost-effective financial products and providers.” The association’s motion to intervene included key quotes from comment letters filed by Plaid, Ribbit Capital, Stripe and Wise, all FTA members.

For their part, the banks argue that CFPB “drastically overstepped its statutory authority, injected itself into a well-functioning ecosystem that was thriving under private industry initiatives, and installed a burdensome, irrational, and risky regulatory framework in its place.”

The banks think the bureau rule sets up a risky framework that puts them on the hook if something goes wrong, such as leaks to bad actors or misuse of data by third parties. The industry also objects to the rules forbidding banks from charging fees to fintechs and others for the expenses of providing the consumer data they request. (For its part, CFPB now holds that that provision was shaky from the get-go and that “the prohibition is therefore arbitrary and capricious.”)

The banking case also includes concerns about enabling money transfers out of consumers’ bank accounts by third parties permitted to access their data

FTA argues that consumer have and need a strong “financial data right,” and holds, in a blog, that 1033 “protects this right, ensuring that consumers can access and share their financial data on their terms.” That includes the right to assign that access to an agent, such as a fintech. FTA also criticizes the idea of charging a fee for allowing a third-party to access data from a bank provider.

“Instead of being locked into traditional banks’ limited offerings,” the blog continues, “Americans can choose the services they want through open banking.” A June study by Morning Consult for FTA bolstered its case with a finding that 31% of those sampled said they strongly agreed that fintech services make personal financial management easier than do traditional banks. Another 43% somewhat agreed with the point.

FTA also says that the 1033 regulation increases security by encouraging adoption of application programming interfaces (APIs).

When the CFPB indicated its plans to repeal its rule and file for summary judgment, FTA attacked the decision. It called the move “a handout to Wall Street banks, who are trying to limit competition and debank Americans from digital financial services.”

From the archive: Has CFPB Started a War Over Open Banking — or Created New Opportunities for Banks?

-- Article continued below --

The State of Consumer-Side Open Banking in the U.S.

The use of APIs isn’t actually anything new, conceptually, for delivering open banking. They are a key element in the replacement of primitive and risky screen scraping. An early spur to negotiations between bank and fintech for use of APIs was the refusal of some large institutions to permit the practice any longer. Much of the U.S. open banking scene developed independently of federal involvement until the bureau proposed its regulation.

According to a paper by McGlintchey Stafford PLLC, when data is delivered via API, it’s typical the provider who sets the requirements to gain access to data. “These terms are ordinarily captured in bilateral agreements between the data provider and data recipient, and can range from click-through, take-it-or-leave-it developer terms to highly negotiated bespoke data access agreements,” according to the paper.

In late April, the Financial Data Exchange (FDX) reported that as of the spring, 114 million customers connections between banks and third parties were being used via APIs structured according to the nonprofit organization’s standards. This is a 50% jump over the same point in 2024. (In January, prior to the changeover at CFPB, FDX was named a standard setter by the bureau. It had been functioning in that role for years before.)

While that’s major growth, FDX also noted that “tens of millions of consumers and small businesses in North America are still sharing financial data through methods that require sharing login credentials with third parties and may offer less customer control.”

In written testimony in early June before the House Financial Services Subcommittee on Financial Institutions, Zoe Strickland, senior fellow at the Future of Privacy Forum, noted the continuing risks of this practice.

“Screen scraping destabilizes website security of data providers, which need to distinguish between actual consumer access, screen scraping, and bad actor intrusions,” wrote Strickland. Her career has included a stint as global chief privacy officer for JPMorgan Chase.

A white paper from Mastercard found that 80% of U.S. consumers connect their financial accounts to tools they use for conducting financial tasks.

And a study released earlier this year by MX Technologies found that 55% of U.S. consumers would give financial providers access to more of their data if they believed doing so would produce a better experience.

“Given the maturity of this market, consumer demand for using third-party service providers is too significant to simply shut off the aggregation model,” says the Morrison & Foerster update. “Instead, it seems more likely that the CFPB and courts would endeavor to avoid the adverse market impact that would result from cutting off third-party access.”

Read more: Busting Three Myths about Community Banks and Open Banking

What to Do While the Wheels of the Courts Turn

Many institutions don’t have the command of their own data that the largest players seem to enjoy. A report from PwC US recommends using the framework of the existing 1033 regulation to develop a bank’s internal framework to a more up-to-date approach. After all, if a data regimen for sharing can help competitors, couldn’t it help a bank gets its own act together?

PwC provides four questions to ask:

  • How are we adding value to our customers’ financial health?
  • Are we using data and new technologies (such as GenAI) to help customers make smarter financial decisions rather than selling another commoditized banking product?
  • With more information at our fingertips, what can our bank do for our customers that our less-informed competitors can’t?
  • How can we use data to eliminate the data-entry steps that annoy customers who stop before completing an application?

Maybe sharing can begin at home.

Read more: Banks Are Swimming in Data But Starving for Insights. AI Will Make Things Worse

About the Author

Profile PhotoSteve Cocheo is the Senior Executive Editor at The Financial Brand, with over 40 years in financial journalism, including the ABA Banking Journal and Banking Exchange. Connect with Steve on LinkedIn: linkedin.com/in/stevecocheo.

The Financial Brand is your premier destination for comprehensive insights in the financial services sector. With our in-depth articles, webinars, reports and research, we keep banking executives up-to-date with the latest trends, growth strategies, and technological advancements that are transforming the industry today.

© 2026 The Financial Brand. All rights reserved. The material on this site may not be reproduced, distributed, transmitted, cached or otherwise used, except with the prior written permission of The Financial Brand.