President Trump just signed an Executive Order directing federal financial regulators to review and streamline the rules that govern fintech firms. The stated goal: break down barriers holding back fintech innovation.
We support that goal entirely.
Open banking is not a niche technology story. It is the foundational infrastructure for the kind of fintech competition and innovation the Executive Order is designed to unlock. And right now, two specific regulatory failures are artificially constraining it - one at the Consumer Finance Protection Bureau (CFPB), one sitting with the prudential regulators. Until both are resolved, the ambition of this Executive Order will remain exactly that: ambition.
The CFPB's Personal Financial Data Rights rule - the Section 1033 rulemaking - was reopened in early 2025. More than a year later, it still has not been replaced.
That regulatory vacuum is not neutral. It favors incumbency. Banks are not certain whether they will be required to provide reliable, standardized API access. Fintechs cannot build confidently on data they may not reliably receive. And consumers - whose data it is - have no guaranteed right to share it.
The Executive Order directs the CFPB to review regulations that "unduly impede fintech firms from entering into partnerships with federally regulated institutions." Section 1033 is the single most direct answer to that mandate. A new 1033 proposal, issued quickly and implemented clearly, would do more to unlock fintech competition in the US than any other single regulatory action.
Until it happens, the open banking market will remain in a holding pattern. And fintech innovation will be constrained not by competition, but by uncertainty.
The Executive Order gives regulators 90 days to identify regulations that impede fintech-bank partnerships, and 180 days to act on what they find.
There is an obvious place to start: third-party risk management.
TPRM guidance was not designed with open banking in mind. It was designed for traditional vendor relationships - IT suppliers, payment processors, outsourced operations. When banks apply that same guidance to open banking relationships - fintechs and intermediaries connecting to bank APIs under consumer consent - it creates disproportionate compliance burdens that slow everything down, add cost, and in practice prevent smaller fintechs from building relationships with banks at all.
The result is that prudential caution, applied through a framework designed for a different world, is doing the same damage as regulatory obstruction. Banks want to innovate. Fintechs want to compete. Both are hamstrung by the absence of clear guidance on how TPRM applies - or doesn't - to open banking participants.
This is not a fringe concern. It is raised consistently across banks, fintechs, and industry bodies. Prudential regulators have the authority to clarify this. The Executive Order gives them the mandate. The question is whether they will use it.
The Executive Order frames the challenge correctly: fintech innovation and bank stability are not opposing goals. They need to work together. Getting that relationship right requires infrastructure that neither banks nor fintechs have to build themselves.
Banks and fintechs are not natural adversaries. They are natural partners - if the infrastructure exists to make the relationship work.
That is what Invela provides.
The Invela Network delivers three things the open banking ecosystem needs to function: standardized accreditation that tells banks which fintechs and intermediaries have met a defined security and compliance standard; dynamic risk monitoring via the Invela Risk Indicator, which provides a continuous, real-time risk score for every participant in the network; and an insurance-backed warranty - in development - that will ensure liability lands in the right place when something goes wrong.
Risk management is cited in the Executive Order as a balance to innovation, not an obstacle to it. That framing is correct. The problem is not that banks want to manage risk - they should. The problem is that the current risk management infrastructure was not designed for open banking, and no one has yet told them what infrastructure should replace it.
Invela is building that infrastructure. Across the US, UK, and Canada, we are building the network to make fintech competition and innovation actually work - without introducing unnecessary risk into the system.
The Executive Order sets a 90-day review and a 180-day action window. By November 2026, the regulators named in the order must have taken steps to encourage innovation.
The test is simple. Two questions will tell you whether the ambition translated into action.
Has the CFPB issued a new Section 1033 proposal?
Have the prudential regulators clarified the application of TPRM to open banking relationships?
If yes to both: the Executive Order will have done something real. The open banking market will have a foundation to build on. Fintech competition and bank partnership can accelerate together.
If no: the review will have identified the problems, the 180-day window will have passed, and the barriers will remain. Not because anyone opposed innovation, but because the two specific unlocks that make innovation possible were not delivered.
