The Fight Over Open Banking in the U.S.
JPMorgan Chase’s recent decision to start charging fintechs for access to customer data and the CFPB’s unexpected move to vacate its own Section 1033 rule, signals a major shift. With 91 million consumer accounts and 20 million checking accounts, JPMorgan’s policy could set a powerful precedent, potentially reshaping how data flows between banks, fintech apps, and consumers in the U.S.
This move is only possible because, in June, the CFPB asked federal courts to vacate its own Section 1033 rule, also known as the Personal Financial Data Rights Rule. The CFPB’s Section 1033 rule was intended to give U.S. consumers a clear legal right to access and share their financial data securely and for free, enabling competition and innovation in fintech. A vacatur by the federal courts would nullify this rule.
Why this matters: Understanding the Fallout
In his article titled “CFPB Open Banking 1033 Rule Died, Now What?” CEO of LendAPI Timothy Li analyses the potential fall out from vacating the CFPB’s rule. The article stresses that fintech startups that had banked on free, regulated access via the rule now face strategic uncertainty. The rule’s sudden reversal leaves them with no guarantee of third-party access frameworks, fee protections, or industry-standard APIs.
Alex Rampell, GP at A16Z and co-founder of several prominent fintechs, spoke out on X to paint a much starker picture: “JP Morgan Chase is an $800B company. Make no mistake: this isn’t about a new revenue stream. It’s about strangling competition. And if they get away with this, every bank will follow.”
JPMorgan’s decision raises broader questions about what this means for fintech innovation and consumer rights.
How Financial Data Rights Stack Up Against Other Data Policies
JPMorgan’s recent decision to charge aggregators for access to customer data got me thinking about how financial data rights in the U.S. compare to other major data policies. Section 1033 of the Dodd-Frank Act aims to give consumers control of their banking information, but its rules are still evolving. The latest development has any enforcement by the CFPB in question. In Europe, PSD2 has already created a fully open banking ecosystem, while HIPAA has long set strict standards for patient access to health records. Meanwhile, consumer platforms like Facebook and Google operate under a different model entirely, monetizing user data as a core part of their business. The table below highlights how these different regimes approach data ownership, access rights, fees, and standardization.
