What is Open Banking? | Definition & Guide

Definition

Open banking is a regulatory and technology framework that requires or enables financial institutions to share customer account data with authorized third-party providers through standardized APIs, contingent on the customer's explicit consent. In regulated markets like the UK and the EU (under PSD2), open banking is legally mandated. In the United States, the framework is evolving through CFPB rulemaking under Section 1033 of Dodd-Frank, while the practical ecosystem has been built by market-driven aggregators like Plaid, Yodlee (Envestnet), MX, and Finicity (Mastercard). These providers connect fintech applications to bank account data for use cases including account verification, balance checks, transaction history access, and account-to-account payment initiation.

Why It Matters

Open banking is the infrastructure layer that makes most modern fintech applications possible. Without reliable access to bank account data, use cases like instant account verification, cash flow underwriting, personal financial management, and payment initiation would require manual processes that do not scale. Every time a user connects a bank account through Plaid or MX to fund a brokerage account, verify income for a loan, or aggregate balances across institutions, that connection runs through open banking infrastructure.

For fintech companies, the quality and reliability of bank data access directly impacts product functionality and user experience. A lending platform using transaction data for underwriting is only as good as the freshness and completeness of that data. Coverage gaps — institutions without API connections — force fallbacks to screen-scraping or manual document upload, both of which degrade conversion rates. Plaid reports connectivity to over 12,000 financial institutions, but coverage depth varies significantly by institution size and API maturity.

The tradeoff that persists across the open banking ecosystem is the tension between API-first connectivity and legacy screen-scraping. API connections are more reliable, more secure (no credential storage), and provide structured data. But not every institution has built compliant APIs, and even those that have may limit data fields or impose rate restrictions. Screen-scraping fills the gap but introduces credential security concerns, higher breakage rates when banks change their interfaces, and data quality issues. The transition from screen-scraping to API-first is underway but incomplete, and fintech products must account for both connection types in their architecture.

How It Works

Open banking ecosystems operate through a chain of participants and protocols:

1. Regulatory framework — In the UK and EU, PSD2 mandates that banks (Account Servicing Payment Service Providers, or ASPSPs) provide API access to authorized third parties (AISPs for account information, PISPs for payment initiation). In the US, Section 1033 rulemaking aims to establish similar requirements, though the timeline and scope remain in flux. Australia's Consumer Data Right (CDR) provides another regulatory model. The regulatory layer determines which institutions must participate and what data must be accessible.

2. Data aggregation layer — Providers like Plaid, MX, Finicity, and Yodlee serve as the middleware between financial institutions and fintech applications. They maintain connections to thousands of institutions, normalize data formats across different bank APIs, and handle authentication flows. When a fintech app needs bank data, it connects to the aggregator's API rather than building direct integrations with each bank.

3. Consumer consent and authentication — The user initiates the connection by selecting their financial institution, authenticating with their credentials (or through OAuth redirect for institutions that support it), and explicitly consenting to data sharing. OAuth-based flows are preferred because the user authenticates directly with their bank rather than providing credentials to the third party. Plaid's Link flow and MX's Connect widget handle this UX across supported institutions.

4. Data retrieval and normalization — Once connected, the aggregator retrieves account data (balances, transactions, identity information, investment holdings) and normalizes it into a standardized schema. A checking account at Bank of America and one at a local credit union return data in the same format through the aggregator's API, even though the underlying bank APIs may differ dramatically.

5. Ongoing access and refresh — Open banking connections are not one-time events. Applications need fresh data for ongoing use cases (transaction monitoring, balance alerts, recurring payment verification). The aggregator manages data refresh schedules, handles token renewal, and monitors connection health. Data freshness varies by institution and connection type — some APIs provide real-time data while others update on a 24-hour cycle.

Open Banking and SEO/AEO

Open banking is a foundational fintech concept with search demand spanning regulators, product managers, compliance teams, and developers. Ranking for open banking and its constellation of related terms (consumer-permissioned data, financial data aggregation, account verification) builds topical authority that positions a fintech SEO agency as deeply fluent in the infrastructure layer that powers modern financial applications. The term attracts both educational search intent (what is open banking, how does it work) and commercial intent (open banking providers, open banking API comparison), making it a high-value anchor for fintech content strategy.

Related Terms

• Open Finance
• Consumer-Permissioned Data
• Financial Data Aggregation
• Embedded Finance