Open banking regulation in North America: A guide

By allowing consumers to securely share their financial information with trusted third-party providers like personal finance apps, open banking unlocks the trifecta of positive customer experience: greater convenience, more financial insights, and hyper-personalized services that improve how consumers move, manage, and make money.

In the era of instant gratification, consumers expect better experiences everywhere, and financial services are no exception. Personalized, instant, and more secure experiences are at the core of consumer expectations for a financial services provider. Open data sharing is, quite simply, the future of financial services — a fact supported by accelerating regulatory standards across the globe. North America is no exception: the U.S. and Canada could finalize new regulations as early as this year.

Yet, some financial services providers have opted to lag behind, allowing fintech and neobanks to forge the bleeding edge of open banking—and soon, the open finance revolution. Financial service providers that neglect to incorporate open data sharing into their offerings risk obsoletion at a time when consumers have made clear their willingness to jump ship.

The time to embrace open banking is now — and Identity technology is ready to support widespread adoption.

Consumer demand for open banking is clear

For those asking, “What’s the rush?” here’s your answer: Open banking has already arrived. 

Whether they know it or not, most American consumers already use open banking as part of their daily lives. According to Visa, 87% of US consumers in 2023 reported having connected a bank account to a third party to access a financial service, and a growing number (34%) know what open banking is and how it can help streamline their financial lives (Visa, 2023)

In response, the banking industry has already begun transitioning to a distribution model built on open banking’s core API structure. Banks and other financial services providers are not in a position to “wait and see.” Acting on this new dimension of financial services within the next few years should be a core priority for any provider looking to build loyalty into the DNA of their customer relationships.

Regulators are stepping in, formalizing the shift

Open Banking standards vary from region to region. In Europe, for example, the Payment Services Directive 2 (PSD2) requires banks to develop APIs that facilitate the secure sharing of customer data while ensuring that customers have a high degree of control over what data they share with third parties (European Commission, 2023). In the United Kingdom, the UK Open Banking Standard accomplishes something similar by driving secure data sharing and consumer privacy through a clear regulatory framework (UK Competition and Markets Authority, 2020).

North America has taken a different approach, but that’s starting to change. Historically, the United States and Canada have relied on the Financial Data Exchange, an independent nonprofit organization, to lead a market-driven approach.

  Without a formal regulatory push, most North American banks have yet to deliver truly secure open banking to their customers via secure financial APIs. Although it’s not widely known, many open banking services employ screen scraping, a risky technique vulnerable to breaches, to access financial data. 

Here’s how screen scraping works: The consumer provides their bank login credentials to the third party, who then uses bots to log in as them, effectively “scraping” their financial data. This process grants the third party full access to the consumer's account, raising serious privacy and security breach risk concerns.

In other words,  open banking has already arrived in North America, even if a standardized open banking security protocol hasn’t.  Without secure open APIs, third parties often attempt to meet market demand by engaging in risky, archaic methods that fail to meet modern security standards.

Regulators understand the risks inherent to this unregulated open banking landscape and are taking appropriate action to protect the privacy and security of consumer financial data. The United States and Canada are preparing to enforce stricter regulations for North American financial service providers who’ve been holding off on delivering secure financial APIs for financial data sharing.

Navigating open banking with Okta 

As financial service providers launch and manage their open banking initiatives, robust security measures beyond the login process are highly critical. Without it, you’re basically building a house without a foundation. That’s where Okta steps in. 

1. Grow your business

Okta supports the efficient, effective, and more secure delivery of the open banking services your customers are looking for, helping your business meet its growth targets and keep up with consumer demand.

2. Protection you can count on

Built on financial industry standards, our Highly Regulated Identity solution suite delivers robust authentication and authorization methods that safeguard data comprehensively. 

3. Get to market faster

Okta helps maximize your agility with our pro, low, and no-code solutions and API-first architecture. That means you can roll out new integrations and improve customer experiences quickly and at scale. 

4. Keep better  pace with compliance

Our certified FAPI 1 Advanced security profile implementation lays the groundwork for solutions that meet open banking requirements. This allows financial institutions like yours to navigate the ever-increasing complexity of regulatory compliance confidently.

5. Accelerate adoption 

Our unified Identity platform integrates with your risk engine,  streamlining the user experience so you can send enriched transaction approval requests only when necessary. This drives user adoption and keeps the process intuitive and efficient.

To learn more about Okta Highly Regulated Identity for open banking transactions and other sensitive scenarios, check out the datasheet. 

The future of banking is already here. Are you ready?

We’re not alarmists. We’re realists. The truth is open banking is already a key area of focus for consumers and regulators alike. The window of opportunity is closing, and financial service providers that continue putting off adopting open banking services do so at their own peril.

The choice is clear: Don’t wait and get outpaced by a crowded market. Don’t allow your institution to get boxed into costly, reactive changes that leave everyone dissatisfied. Set yourself apart with streamlined, Financial Grade Identity™ security and privacy controls that help you drive compliance and customer loyalty.

Looking for more information on making the open banking leap? Connect with our team to get started.

These materials and any recommendations within are not legal, privacy, security, compliance, or business advice. These materials are intended for general informational purposes only and may not reflect the most current security, privacy, and legal developments nor all relevant issues. You are responsible for obtaining legal, security, privacy, compliance, or business advice from your own lawyer or other professional advisor and should not rely on the recommendations herein. Okta is not liable to you for any loss or damages that may result from your implementation of any recommendations in these materials. Okta makes no representations, warranties, or other assurances regarding the content of these materials.  Information regarding Okta's contractual assurances to its customers can be found at okta.com/agreements.