-p-2000.jpg)
In the US, open finance has been forced to operate under third-party risk management (TPRM) rules built for bank vendors, not data sharing. This whitepaper argues that's the wrong fit, and lays out why open finance needs its own framework. It traces the regulatory landscape, from Section 1033's Personal Financial Data Rights Rule to the statutes (FDIA, GLBA, BSCA) underpinning TPRM, showing where existing guidance leaves account providers, aggregators, and regulators without clear direction. TPRM, the paper argues, doesn't account for risks specific to open finance, like read vs. write access, screen scraping, or the scale of small data recipients, and inconsistently protects information security. The paper proposes a dedicated open finance risk management (OFRM) framework, better aligned with both Section 1033 and GLBA, built on three pillars: ongoing accreditation, ongoing risk monitoring, and an efficient risk transfer mechanism, offered as Invela's answer to bringing clarity and safety to the US open finance ecosystem.
Download the report