The new deal: JPMorgan starts charging for data
For more than a decade, U.S. open banking ran on an odd subsidy: banks carried the cost and risk, while data aggregators and fintech apps captured most of the value. Plaid, Yodlee, Morningstar, Akoya, and others plugged into thousands of institutions, normalised the data, and resold connectivity to budgeting apps, robo-advisers, neobanks, and lenders, usually without paying the originating banks a cent for access.
That equilibrium has just cracked.
JPMorgan Chase has now reached agreements with several major aggregators that will see fintech firms pay the bank for access to customer account data via APIs. The deals, reported by Reuters and others, followed weeks of negotiation: JPMorgan reportedly accepted lower fees than it initially proposed, while aggregators secured concessions on how data requests are prioritized and handled.
Publicly, JPMorgan says “the free market worked” and that the agreements will make open banking “safer and more sustainable” while preserving customers’ ability to connect their favorite apps. Strategically, the message is sharper: one of the world’s largest banks has formally moved to monetize API-based data access at scale and treat “connectivity” as a product line, not just a cost of doing business.
For banks, fintech’s, and aggregators, this is not a one-off commercial tweak. It’s a signal that data, and the pipes that move it, are becoming explicit revenue infrastructure, even as regulators are still arguing over whether those same pipes should be free at the point of use.
Open banking, U.S.-style: what the rules actually say
Unlike the UK or EU, the U.S. did not legislate open banking as a single clean mandate. Instead, it arrived via the Consumer Financial Protection Bureau’s (CFPB) Personal Financial Data Rights rule under Section 1033 of the Dodd-Frank Act.
In October 2024, the CFPB finalized its “open banking” rule, granting consumers the right to access and share key account data, balances, transactions, payment details, and more with third parties they authorise. The rule required banks and certain other providers to supply that data at no charge to the consumer, aiming to make switching providers and using fintech tools easier.
Banks pushed back hard, arguing that the rule underpriced the cost of building secure APIs, consent dashboards, and monitoring, and downplayed cyber and fraud risks from large-scale data sharing. Fintechs, by contrast, largely welcomed it as a long-awaited, regulated alternative to screen scraping.
Then politics intervened. In 2025, under new leadership, the CFPB told a court it would replace the Biden-era rule with a substantially revised version and asked to pause ongoing industry litigation. Banking trade groups then secured a federal injunction temporarily blocking enforcement and delaying key compliance dates while a new rulemaking plays out.
That leaves the market in limbo: consumer rights have been articulated, but the operational and pricing model is anything but settled. JPMorgan’s move slots neatly into this gap, assuming a future in which consumer access is protected, but enterprise-grade data pipes are not necessarily free.
From screen scraping to paid APIs: the new value chain
To see why JPMorgan’s shift matters, it helps to compare the old and new plumbing.
Legacy model:
- Customers share online banking credentials with an app.
- Aggregators “screen scrape” bank websites, mimicking user logins.
- Aggregators standardise and enrich data, then sell access to fintechs.
- Banks carry the operational risk and security exposure, often unpaid and unhappy.
This set-up was fragile (breaks whenever a UI or security flow changes), noisy (lots of bot traffic that looks like fraud), and politically toxic (regulators and privacy advocates hate widespread credential sharing).
Evolving model:
- Banks expose tokenized, standards-based APIs for authorized data access.
- Aggregators connect via formal contracts instead of scraping screens.
- Access is logged, rate-limited, and governed by agreed scopes and SLAs.
- Fees flow from aggregators (and ultimately fintechs) back to the bank for that connectivity.
With its new deals, JPMorgan is effectively productizing open-banking connectivity:
- Revenue: API access becomes a billable B2B service, with pricing tied to volume or service quality.
- Risk: Call volumes, scopes, retention periods, and security standards are defined in enforceable contracts.
- Reliability: Aggregators get more stable feeds, fewer breakages, and cleaner availability commitments.
From a platform-strategy lens, this is a familiar play. Once connectivity becomes table stakes for the ecosystem, the owner of the critical node can start attaching fees to performant, premium access. The novelty here is that the “platform” is not a flashy app – it’s the bank’s compliance-grade plumbing.
Who pays in the end? Banks, aggregators, fintechs… or customers
Data fees don’t vanish; they move through the stack until they land somewhere.
On paper, the direct payer in the JPMorgan model is the aggregator. In practice, expect costs to cascade:
- Aggregators are likely to rework pricing from flat platform fees to structures that include per-user, per-institution or per-API-call tiers.
- Fintech apps that lean heavily on multi-institution connectivity, PFM tools, spend analytics, alternative lenders, BaaS use cases, will see higher cost of goods sold (COGS). Typical responses:
- Raise subscription prices or add “connect more accounts” to paid tiers;
- Add limits on how many institutions a free user can link;
- Prioritise connections to banks with better economics.
- Other banks may follow, creating a tiered landscape where large institutions monetise access, while smaller FIs keep data “free” to stay attractive as endpoints.
Will consumers be directly charged to access their own data? That remains politically toxic. The most likely near-term outcome is that regulators continue to prohibit direct consumer data-access fees but tolerate B2B pricing between banks and third parties. The impact on users then shows up indirectly:
- Higher app prices or fewer freemium options;
- Patchy connectivity if some banks are “too expensive” to support;
- Slower experimentation where margin-thin fintechs can’t absorb rising data costs.
For product leads and CFOs, this isn’t just regulatory risk. It’s an immediate unit-economics recalibration: every API call now has an implied marginal cost that needs to justify its existence.
Regulatory grey zone: fees vs. “free access” mandates
The original CFPB framework leaned toward “no-fee” data access for consumers and their authorised third parties, framing certain charges as potential “junk fees” that could stifle competition.
Banks counter that:
- Building and running secure APIs, consent dashboards, monitoring, and fraud controls is expensive.
- High-volume aggregators effectively create wholesale data products out of bank infrastructure.
- A blanket ban on fees ignores the scale and complexity of that wholesale traffic.
The current pause and planned rewrite of the rule create room for a more nuanced regime, for example:
- Explicitly banning fees on the end consumer, while permitting cost-based or risk-based pricing for heavy third-party usage.
- Differentiating between basic, “must-provide” access (recent transactions, balances) and value-added services (enriched data, analytics, extended history windows).
- Standardising security, consent, and revocation requirements so banks can monetise premium services without quietly throttling competitors.
JPMorgan’s paid-access model forces that debate out of the theoretical and into the operational. Regulators now have a live, large-scale example to react to.
There is strategic risk on both sides:
- For banks: if the eventual rule hard-bans most third-party fees, existing commercial arrangements may need to be unwound or re-papered.
- For fintechs: betting that “free data will return” could be dangerous; once paid models are embedded in multi-year aggregator contracts, they tend to stick.
Strategic takeaways for banks and fintechs
For BFSI leaders, this is more than JPMorgan being JPMorgan. It’s an early blueprint for how U.S. open banking may actually operate in the wild.
For banks and credit unions
- Treat data access as a product with SLAs, roadmaps, and pricing, not just a compliance obligation.
- Build an internal coalition across legal, risk, tech, and product so your API strategy doesn’t get blindsided by the next version of the CFPB rule.
- Avoid single points of failure: working with multiple aggregators and standard-setting bodies where feasible.
For fintechs and aggregators
- Re-forecast COGS and unit economics assuming that more large banks will seek some monetary compensation for connectivity.
- Design products to be API-efficient, smart refresh intervals, caching, event-driven updates, so you’re not burning margin on unnecessary calls.
- Engage in the rulemaking process; comment letters and industry coalitions will shape how “reasonable” data fees are defined, if they’re allowed at all.
The bottom line: when banks start charging for data, open banking stops being a feel-good policy slogan and becomes a real business model. The winners will be the firms that can navigate both the regulatory expectations and the emerging economics of API-driven data monetisation.