Risk, Rules, and the Gaps in Open Banking

Oct 29, 2025

Guest

Dan Murphy

Guest

Todd Taylor

Guest

Steve Smith

Join Steve Smith, co-founder and CEO of Invela with a rich background in open banking; Todd Taylor, a legal expert in technology transactions; and Dan Murphy, a former CFPB program manager, as they dissect the critical but often overlooked issues of risk and liability in data sharing. They explore why banks cling to outdated guidelines, the tension between consumer protection and regulation, and the pressing need for standardized accreditation. Their insights spark a discussion on how to navigate the evolving landscape of open banking.

Ask episode

AI Snips

Chapters

Transcript

Episode notes

INSIGHT

APIs Solve Transport, Not Liability

Open banking improved connection security by moving from screen scraping to APIs, but that only solves the transport layer risk.
The harder problem is allocation of liability and trust between banks and countless third parties when data use causes loss or regulatory exposure.

INSIGHT

Third-Party Rules Don’t Scale

Prudential regulators treat open-banking data recipients as third parties under existing guidance, forcing banks to apply vendor-like controls.
That model doesn't scale when thousands of direct data recipients can access APIs instead of a few aggregators.

INSIGHT

Regulatory Tension At The System's Core

U.S. open banking sits at an institutional fault line between the CFPB's competition mandate and prudential regulators' safety-and-soundness priorities.
Section 1033 enabled access but left risk allocation and third-party oversight to prudential agencies and market solutions.

Get the Snipd Podcast app to discover more snips from this episode

Get the app

Welcome back to the Fintech Takes podcast. I’m Alex Johnson, joined in this episode by three guests — Steve Smith (Co-founder and CEO of Invela; former Co-founder of Finicity and Founder of the Financial Data Exchange), Todd Taylor (Co-head of Intellectual Property; Co-head of Commercial & Technology Transactions at Moore & Van Allen), and Dan Murphy (Founder of Sunset Park Advisors; former CFPB Open Banking Program Manager).

That’s right, a rare four-person episode!

And we’re digging into a question that’s been mostly overlooked in the open banking debate: not how data is shared, but who bears the risk when it is.

As banks, fintechs, and regulators sort through liability, accreditation, and third-party risk management, the lack of a shared rulebook has become increasingly clear.

The core tension: the U.S. built open banking on top of a fragmented regulatory structure and outdated third-party guidance, and everyone’s been improvising ever since.

So, what happens when something breaks … and who pays for it?

Highlights include:

Why banks are still relying on OCC Bulletin 2013-29 and interagency third-party risk management guidance to govern a 2025 data-sharing market

How Section 1033’s competition mandate at the CFPB often collides with prudential regulators’ safety-and-soundness priorities

Why the industry may need a standardized accreditation framework and transparent risk registry for third parties

How liability insurance and warranty-based risk-sharing could help balance accountability between banks and fintechs

This episode unpacks how an open-access ecosystem can evolve toward shared accountability, and why industry-led solutions like accreditation, registries, and risk transfer mechanisms may be the only viable path forward.

Thanks for listening!

This episode was brought to you by Marqeta. Don’t sacrifice agility for stability. With Marqeta, launch payments experiences that perform at scale and flex with your business. Learn more at marqeta.com/ftt.

Sign up for Alex’s Fintech Takes newsletter for the latest insightful analysis on fintech trends, along with a heaping pile of pop culture references and copious footnotes. Every Monday and Thursday: https://workweek.com/brand/fintech-takes/

And for more exclusive insider content, don’t forget to check out my YouTube page.