Matt Whetton, CTO Quint Group and Acquired.com, writes for Payment Expert on the current trajectory the US finds itself when it pertains to Open Banking, or perhaps, lack thereof.
A recent repeal by the Trump Administration around Open Banking regulations has meant banks have been able to charge third-party vendors premiums on customer data at prices they can ultimately not afford.
Whetton emphasises why the US should look to their transatlantic counterparts to see how it has become a global leader in Open Banking in how to feed adoption amongst merchants and consumers, and the benefits currently being felt with Open Banking-powered payment methods such as Variable Recurring Payments.
The US’s journey towards open banking has been stop–start. Visa’s recent closure of its US open-banking business unit (despite pioneering the technology in Europe) was the latest example in a series of battles between banks and fintechs over data privacy and regulatory uncertainty. Despite this contestation, the underlying idea remains sound: give people and businesses secure, permissioned access to their financial data and the ability to initiate payments from their bank accounts, opening the door to more efficient, practical, and intuitive services.

The sticking points are privacy, control, and coordination: who sees what, who decides, and how everyone plays together. The UK’s experience offers useful lessons here, not a blueprint to copy line-by-line but a path to turn principles into predictable outcomes and, in doing so, unlock better, cheaper, faster payments and more useful financial services.
Build privacy into the plumbing
Opposition to open banking in the US is frequently framed as a data exposure risk: if more parties can access data, more can go wrong. While this is a legitimate concern, it’s a problem that can be designed out of the system.
In the UK, data exchange has moved away from asking customers to share online banking passwords with third parties. Instead, access happens through secure, purpose-built digital APIs that only open for a specific task the customer has approved, like letting an app read last month’s transactions or approving a one-off payment. Crucially, this access isn’t open-ended: it’s easy to see who has access to data points, for what purpose, and for how long, and it can be switched off at any time.
These aren’t difficult to implement. Engineering teams can build them without drowning in acronyms, designing secure interfaces instead of passwords, and ensuring access expires with easy permission revocation. When those basics are standard, the main objections to overcollection and unclear liability are engineered out. Privacy goes from being a promise to part of the pipes.
From “encroachment” to empowerment
In fact, far from a feeling of ‘Big Brother is watching’, open banking has empowered the users who’ve adopted it. It replaces hidden operational flows with visible, predictable controls that work for people and businesses.
For consumers, that means consent screens in plain language (why access is needed and for how long), a simple dashboard showing who has access and what they can do, one-tap pause or revoke, and alerts when something changes. It also means sensible limits – on amount, frequency, and merchant type – so ongoing permissions never drift beyond the customer’s intent. The result is fewer surprises, faster checkout, and a clearer picture of who is accessing what on your account.

Businesses also benefit. Accepting a direct bank payment can mean lower acceptance costs than cards, fewer chargebacks because the bank has already verified the customer, and quicker settlement as the middleman is cut out. Clear permissions reduce “are you sure?” friction that kills conversions; transparent recurring limits reduce disputes and involuntary churn.
In the UK, these patterns have moved from novelty to normal: people are increasingly comfortable authorising account-to-account payments at checkout and giving trusted services temporary, narrow access to data for budgeting, affordability checks, and switching. The lesson for the US is not that every use case is ready on day one, but that control drives confidence, and confidence drives adoption.
Move together: coordinate rollouts, don’t pick winners
Interoperability is not a by-product of open banking; it’s the point. If every participant improvises their consent flows, limits, and dispute processes, the result feels inconsistent and risky. The UK’s journey is instructive precisely because it sequenced change. A phased approach began with lower-risk, high-utility use cases and expanded as safeguards were implemented and confidence grew.
The emergence of variable recurring payments (VRPs) is a case in point. Rather than jumping straight to every kind of repeat payment, the UK started with lower-risk “sweeping” (me-to-me) transfers that help people keep balances tidy across accounts. Only after consent, limit, and dispute flows proved themselves did the model broaden to commercial uses where customers authorised repeat payments with clear caps and instant cancellation. The value isn’t the acronym; it’s the approach: start narrow, prove the guardrails work, certify consistently, then scale.
A coordinated US model can take the same path without copying the exact steps. Begin where incentives align and outcomes are easy to measure. Publish a shared rulebook so “open banking” means the same thing in every integration. Most importantly, keep decisions neutral: set standards, not vendor preferences. When everyone builds to the same expectations, the ecosystem compounds in value for banks, fintechs, merchants, and customers alike.
Open banking will be judged by how safe it feels, how much real control people have, and how consistently it works. The UK’s journey shows how to get there: bake privacy into the plumbing, treat user control as a first-class feature, and coordinate via a shared rulebook that lays the groundwork for continued innovation in the open banking ecosystem.
Do that, and arguments give way to delivery: account-to-account payments that are cheaper and reliable, data access that’s transparent and revocable, and recurring permissions that are clear and cancellable. These aren’t grand promises; they’re design choices. Make them early, enforce them fairly, and the benefits will translate across the pond.