Open Banking has been hailed as the future of financial services globally. The idea is simple: consumers should own their financial data and have the right to share it with whomever they choose, securely and seamlessly.
Yet, as open banking evolves, the nuances of implementation often separate the pioneers from the followers. The United States, despite its reputation for leading innovation, recently finalized its long-awaited Personal Financial Data Rights Rule, a significant step forward for open banking in the country.
But, a deeper dive into the regulation reveals missed opportunities—opportunities that countries like Nigeria have already seized upon.
Nigeria’s Open Banking framework may not have received the global fanfare it deserves, but in its details lie innovations that have addressed real-world challenges head-on.
From robust data categorization to a phased implementation strategy that acknowledges market readiness, Nigeria’s approach combines practicality with ambition. It’s a playbook the U.S. could have borrowed from to strengthen its open banking rule and position itself as a global leader.
In this article, we’ll explore five key features of Nigeria’s Open Banking framework that could have elevated the U.S. regulation.
These aren’t mere tweaks; they are foundational principles that could make or break open banking’s success in any market.
If there’s one lesson to be learned, it’s this: even the giants can learn from emerging markets.
But first, let’s review how both U.S. and Nigeria are approaching open banking.
U.S. Personal Financial Data Rights Rule: How it began and where it stands today
The journey of open banking in the United States has been one of cautious progress. At its core, the concept was born from the idea that financial data should belong to consumers—not the banks or institutions that hold it.
This principle was enshrined in Section 1033 of the Dodd-Frank Act, passed in 2010 in the wake of the global financial crisis.
The provision gave the Consumer Financial Protection Bureau (CFPB) the authority to craft rules that would empower consumers to access and share their financial data freely.
For years, however, Section 1033 remained dormant. While other countries like the UK and Australia moved aggressively to implement open banking frameworks, the U.S. hesitated, weighed down by its fragmented regulatory system and a fiercely competitive financial services industry resistant to disruption.
In 2020, the CFPB signaled its intent to finally bring Section 1033 to life. After years of stakeholder consultations and feedback, the bureau published its Notice of Proposed Rulemaking (NPRM) in October 2023, outlining the draft rules for the Personal Financial Data Rights Rule.
These rules aimed to set the stage for a standardized, API-driven ecosystem where consumers could securely share their data with third-party providers to access innovative financial services.
The finalized rule, released in October 2024, codifies several key requirements:
- Consumer data access: Financial institutions must allow consumers to access their financial data and share it with authorized third parties via secure APIs, free of charge.
- Standardized data sharing: Covered accounts include deposits, digital wallets, and credit cards, with APIs providing up to 24 months of historical data.
- Strict privacy protections: Data usage is limited to consumer-authorized purposes, with strong bans on unauthorized secondary uses or bait-and-switch practices.
- Introduction of Tokenized Account Numbers (TANs): A security measure allowing payment initiation without exposing sensitive account details.
- Implementation phases: Compliance deadlines are staggered, starting with the largest institutions by 2026 and extending to smaller entities by 2030.
The rule also aims to end reliance on outdated methods like screen scraping, a common but risky practice where consumers share their bank credentials with third-party apps. Instead, secure APIs are expected to become the industry standard, enabling safer and more reliable data exchange.
Despite these advancements, the rule has not been without contention. Large banks, represented by organizations like the Bank Policy Institute, have pushed back, filing lawsuits to challenge the rule’s provisions.
Critics argue that the phased compliance timeline may slow innovation, while others see the limited scope of covered accounts as a missed opportunity to fully embrace the potential of open banking.
Still, the U.S. Personal Financial Data Rights Rule represents a landmark moment for the country’s financial ecosystem.
It’s a foundation, not a finish line—a step toward an open banking framework that, while imperfect, promises to reshape the way Americans interact with financial services.
How open banking began in Nigeria and where it stands today
Nigeria’s journey into open banking officially began in 2017 when forward-thinking stakeholders in the financial and fintech industries saw the need for a more integrated and inclusive banking ecosystem.
By 2020, the Central Bank of Nigeria (CBN) formally recognized the potential of open banking and released its “Regulatory Framework for Open Banking in Nigeria” in 2021, making Nigeria the first country in Africa to adopt such a framework.
The initiative was fueled by a clear goal: to improve financial inclusion in a country where a significant percentage of the population is unbanked or underbanked.
At its core, open banking in Nigeria is designed to give consumers control over their financial data and the ability to share it securely with authorized third parties.
It is about creating a level playing field for traditional banks, fintech companies, and other financial service providers.
The framework released by the CBN lays the foundation for how open banking should operate in Nigeria. It introduced a phased approach, starting with standardization and registration.
Data sharing was categorized into four key tiers: Product Information and Service Touchpoints (PIST), Market Insight Transactions (MIT), Personal Information and Financial Transaction (PIFT), and Sensitive Personal Data (SPD). This categorization ensures that only the necessary data is shared for specific use cases, balancing innovation with privacy.
In 2022, the Nigerian Inter-Bank Settlement System (NIBSS) and the Open Banking Nigeria initiative worked with financial institutions to develop standardized APIs, setting technical guidelines for seamless data sharing.
The CBN further mandated that all participants, including banks, fintechs, and payment service providers, register to ensure compliance and oversight.
Today, Nigeria’s open banking ecosystem is thriving. With banks and fintech companies actively adopting APIs, the framework is creating a wave of new financial products, from personalized loans to innovative payment solutions.
These changes are unlocking access to credit for small businesses, fostering financial literacy, and driving digital payments in rural areas.
However, the road hasn’t been without challenges. Consumer trust in data sharing, cybersecurity threats, and the cost of compliance for smaller financial institutions remain hurdles.
Yet, Nigeria’s open banking journey stands as a model of how collaboration between regulators, industry players, and technology providers can create a system that empowers consumers and drives financial inclusion.
This is just the beginning. Open banking in Nigeria is set to expand, incorporating more sectors like insurance, pensions, and investments, solidifying the country’s role as a trailblazer in financial innovation on the continent.
Featured read: Technologies and use cases for Open Banking in Nigeria
Now considering how both countries approach open banking, let’s look at what’s missing from U.S. open banking rule that Nigeria has.
1. Transparency through a public registry
Nigeria made sure that everyone involved in open banking is listed in a public registry—the Open Banking Registry (OBR). It’s simple: if you’re a consumer or another financial institution and you want to verify that a fintech is legit, you can go straight to the registry. This transparency means less guessing about who you’re dealing with.
In the U.S., participation is voluntary, and while groups like the Financial Data Exchange (FDX) have developed industry standards, there isn’t a publicly available registry that lists every participant. This lack of transparency makes it harder for both consumers and other businesses to know if a third-party provider is authorized and trustworthy. The U.S. could take a page from Nigeria’s book by establishing a public registry to make open banking participants easily verifiable.
2. Standardized consent management
When it comes to consent, the U.S. open banking regulation is a bit vague. Consumers are expected to manage who has access to their data, but there’s no standardized process for giving or revoking consent. According to Forbes, this leaves consumers in the dark, struggling to understand and control how their data is used across multiple providers.
Nigeria handles this differently. With the Open Banking Consent Management System (OBCMS), there are clear rules on how consent should be managed—how it’s given, tracked, and revoked. This system ensures that consumers know exactly who has access to their financial data and that they can easily change or revoke that access at any time. If the U.S. adopted a similar standardized approach, consumers would have a much clearer understanding of their rights and a simpler way to manage their data sharing.
Featured read: Nigeria will use BVN for open banking consent management, is it a good move?
3. Tiered levels of data access
Another key difference is how data access is managed. In Nigeria, open banking regulations include tiered levels of access to data, meaning different categories of data are accessible based on the specific service being provided. For instance, a payments app might only need to access transaction data, while a lending service could need a more detailed view of account history. This ensures that consumer data is not overly exposed and only the necessary information is shared.
In the U.S., there’s no clear specification for tiered access. Once a consumer gives consent, a third-party provider may get more data than necessary, which can lead to issues like unwanted profiling or targeted advertising. Nigeria’s tiered approach makes sure that data access is both purposeful and limited, which could help the U.S. add another layer of protection for consumer data.
Featured read: How business owners can leverage open banking in Nigeria
4. Eliminating screen scraping
Screen scraping is still a thing in the U.S.—third parties log in on behalf of users, capturing data by simulating their online banking sessions. It’s less secure and involves sharing usernames and passwords, which raises obvious privacy concerns. The U.S. has made strides toward eliminating it, but it hasn’t been explicitly banned in regulations.
In Nigeria, screen scraping is outright banned. Data access is provided only through secure APIs, which are designed to ensure that every data request is logged, verified, and secure. This method greatly reduces the risks of unauthorized access or data breaches. The U.S. could enhance its open banking security by following Nigeria’s lead, fully eliminating screen scraping and promoting the use of secure APIs for all data-sharing activities.
What next?
As the U.S. continues to develop its open banking framework, adopting some of these practices could go a long way in creating a system that’s secure, transparent, and beneficial for consumers.
Ultimately, it’s about ensuring that people feel in control of their data and that innovation serves them in the best way possible—something that both countries are aiming for, but with different paths to get there.
