Contact: Laine Williams, (202) 897-4757, lwilliams@allonadvocacy.com
Washington, DC, August 13, 2025 – MYTH VS. FACT: What the Big Bank Lobby Gets Wrong About Open Banking and Security
Recently, the big bank lobby has pushed misleading claims under the guise of championing consumer data safety. In reality, these positions are a facade to mask anti-competitive and anti-innovation practices.
The big banks argue that today’s consumer financial data ecosystem is unsafe. But they built it. In fact, last month the Bank Policy Institute and the Consumer Bankers Association argued that ‘a robust, competitive data-sharing environment already exists in the U.S., and it’s working.’ Banks can’t have it both ways. They are using security claims and misinformation as a smokescreen for blocking competition and monetizing customer data, but their talking points don’t hold up under scrutiny.
MYTH: “1033 Encourages Screen Scraping and Puts Consumer Data at Risk”
FACT: The 1033 rule actually mandates adoption of APIs for consumer data sharing and would phase out ‘screen scraping’ for all but the smallest banks and credit unions. The rule also requires fintechs to adhere to additional consumer data privacy and security protections.
To be clear: open banking is already happening today. More than 114 million Americans are using secure APIs to access and share their information with third-party providers, enabling people to use apps they rely on to manage their finances. The 1033 rule adds additional guardrails and helps standardize disparate practices across the ecosystem. Eliminating the 1033 rule – and these additional consumer protections – would reduce protections for consumers.
MYTH: “Fintechs are Hoarding and Selling Consumers’ Data”
FACT: Fintech apps and services access data only at a consumer’s request to deliver services the consumer has chosen. Most companies rely on data aggregators to facilitate this access. These aggregators invest heavily in security infrastructure, fraud monitoring, data minimization, and consent management to ensure safe, standardized connectivity. Without them, thousands of apps would have to build one-off integrations with individual financial institutions, creating high costs and exposing consumers to inconsistent and often weaker privacy and security safeguards.
Ironically, if the big bank lobby is concerned with hoarding and selling consumer data, they should start with their own members. Banks put barriers in place to prevent consumers from sharing their own data so they can monopolize it themselves, and most of those banks sell that data or use it for their own marketing and cross-selling. Some even let companies target marketing based on, and monetize, their consumers’ private financial transaction information.
MYTH: “Banks Should be Able to Charge Fees for Data Access.”
FACT: These charges are illegal, and are banned under both the 1033 rule and the Dodd-Frank statute. Rather than follow the law, the nation’s largest banks have chosen to invest in litigation and misinformation campaigns to preserve their gatekeeper role and to attack the fintech industry, which they view as a competitive threat. One bank has even proposed illegal charges designed to price-gate competing services and put competitors out of business.
Banks claim these competition taxes are about recouping costs, but building and maintaining APIs is a cost of doing business and serving customers in the digital age–akin to maintaining a website, or securing a database. That is why the nation’s largest banks began unilaterally pushing for and implementing API technology and voluntarily building out and maintaining their own APIs in the late 2010s to enable their customers to access financial services they want to use.
JPMC’s charges would serve as a ‘competition tax’ that could kill small fintech companies and make it cost-prohibitive for new entrants. Reports suggest that the fees could equal more than 10x the total annual revenue of the companies being asked to pay them.
Until now, no bank has ever attempted to charge these fees, either in the U.S. or in any other market that has enabled open banking. The charges would set a dangerous precedent for consumers’ autonomy and personal rights, even beyond financial services. Moreover, big banks would have no incentive to ensure they are running modern, efficient tech stacks, particularly if they can pass the cost of their failure to improve their systems on to others.
MYTH: “JPMC’s Proposed Fees Won’t Impact Consumers”
FACT: Consumers don’t have to pay to withdraw their own money from the bank, why should they have to pay to withdraw and use their own data? The JPMC charges would impose a tax on consumers for using the apps they want. These costs will directly affect consumers and will be passed on through increased prices. Pricing out competitors will also result in less competition and consumer choice in financial services.
Personal financial information belongs to the consumer, not their bank. People must have the right to access their personal data and securely share it with the companies of their choice and without paying a fee. Imagine if a consumer had to pay the bank for every check they wrote, every loan they applied for, or every time they moved money into investments or crypto accounts. This is the world the big banks envision.
Americans overwhelmingly oppose banks restricting personal data access. 8 in 10 Americans oppose banks restricting their access to financial apps and services, while 75% of Americans support the right to share their bank data with trusted apps.
MYTH: “The 1033 rule is a Partisan, Biden-Era Regulation”
FACT: This rulemaking isn’t partisan. It began under the first Trump Administration and received bipartisan support. It’s a long-overdue modernization, supported by a broad cross-section of industries, and an important tool to protect against debanking.
The rule began with an ANPR under the Trump-appointed CFPB Director Kathy Kraninger (Oct 2020). This rule is grounded in longstanding legal authority and reflects a bipartisan commitment to modernizing how Americans manage their financial lives. While players across industry agree the rule could be improved, it has long been viewed on both sides of the aisle as a driver for competition and innovation.
MYTH: “Fintechs are Continually Accessing Consumers’ Data Without Their Knowledge”
FACT: Consumers authorize all open banking connections. A small percent of those connections are for the initial account linking to an app. The rest of the ‘traffic’ is for consumer-requested services which don’t require active consumer involvement for things like ensuring budgeting, expense tracking, or investing apps are updated and accurate, or getting notified when they’ve been paid. If those apps don’t have accurate, up-to-date information, they are useless.
Many apps update regularly because that’s what is required to provide the service that the consumer expects and has signed up for. Whether it’s the initial connection or the continued data sharing that follows (which a consumer can choose to stop at any time), the purpose is the same: to deliver a service the consumer has chosen. Without that consistent access, the apps consumers rely on every day simply wouldn’t work. Think of a budgeting app that helps manage spending and saving. Keeping that app up to date on the consumer’s transactions is not “excess traffic,” it’s the whole point. Without access, apps that help consumers save, manage expenses, make bank payments, or invest wouldn’t work.
Bottom Line:
Banks are calling open finance a threat and spreading misinformation. But what they’re really afraid of isn’t risk — it’s competition, consumer choice, and a future they don’t control.
