From Amazon to dentist offices to Uber, companies that aren’t banks are the new face of financial services. Embedded finance offers credit, buy now, pay later, card installment plans, payments and insurance for everything from Prada handbags and veneers to Uber driver wages. With three parties in that marriage, banks, FinTechs and nonbank companies, who’s on the hook when something goes wrong?
A more deregulatory tone in Washington has coincided with major growth in embedded finance. Market researchers estimate the U.S. embedded finance market at about $108 billion in 2024 and project it to reach roughly $116 billion in 2025. At the same time, a recent PYMNTS Intelligence report, in collaboration with Green Dot, found that companies building and using embedded finance expect the regulatory bar to rise over the next three years and are reshaping partnerships to match.
This year, the embedded finance industry is focused on the Consumer Financial Protection Bureau’s Personal Financial Data regulation, commonly known as the “open banking” rule. Under the original compliance schedule, the first deadline is April 1, 2026, and it applies to the largest data providers first. The regulation requires banks and other covered data providers to give consumers and authorized third-party apps access to personal financial data at no charge. It also limits how third parties can collect, use and retain that data.
PYMNTS Intelligence found that the promise of “seamless” embedded finance is often stymied by high costs and technical headaches. That reality is pushing buyers toward a simple question: can I trust my partner? In a survey of 515 senior leaders, “trust in the provider” was the top factor in partner selection, cited most often by B2B infrastructure providers (69.1%). But for emphasizing data security and privacy controls (50.6%), far more than speed to market.
That emphasis on trust helps explain why many firms are not reflexively anti-regulation. In the same PYMNTS Intelligence research, respondents largely said additional rules will harm the industry and end users, even while many expect tighter oversight. The market wants clearer standards, then wants the ecosystem to meet them.
Open Banking Angle
The CFPB’s Personal Financial Data Rights rule aims to standardize consumer-authorized data access and put guardrails around how that data can be used. The bureau has framed the rule as both a competition play and a privacy play, including limits meant to prevent third parties from using data for unrelated purposes.
Advertisement: Scroll to Continue
For embedded finance, that pushes two changes. First, consent becomes a product feature. Authorization flows, revocation and audit trails matter as much as APIs. Second, “data exhaust” becomes harder to monetize. Many embedded models thrive on reusing transaction data to cross-sell, retarget and build product profiles. The rule’s logic narrows that lane.
The timeline is also less certain than it looks on paper. A federal judge temporarily blocked enforcement of the CFPB’s open banking rule in late 2025 while the agency undertakes a new rulemaking process. Still, the direction of travel is clear. Consumers and regulators are both pushing for more portability and more control, not less.
Accountability in Lending
Lending is where embedded finance’s accountability problem shows up fastest. The “true lender” doctrine allows courts to look beyond the paperwork and ask which party is really taking the economic risk and driving key credit decisions. States have been moving to codify versions of true lender theory, and the pressure tends to fall on bank-FinTech partnerships that appear designed to evade state caps or licensing.
At the same time, federal consumer credit rules are tightening around popular embedded products. In 2024, the CFPB issued an interpretive rule treating many “buy now, pay later” lenders as credit card providers for certain protections, including dispute rights and refunds. Law firms tracking the space have noted that these moves bring embedded credit closer to the compliance expectations of traditional card and lending programs, even when the user experience feels new.
This is not only about enforcement. It is also about confidence. The World Bank has argued that embedded finance can expand credit access for micro-businesses and consumers by using alternative data such as transaction histories, sales performance, and supply chain activity. But the same approach can create blind spots if data stays locked inside platform “walled gardens.” The World Bank’s recommended direction is greater interoperability through open data frameworks, along with privacy rules that give individuals greater control over how their data is shared.
Nacha Forces Better Data Sharing
We’d love to be your preferred source for news.
Please add us to your preferred sources list so our news, data and interviews show up in your feed. Thanks!
Embedded on familiar rails, the ACH network moves payroll, bill pay and a growing share of account-to-account transfers. It is also a magnet for scams, especially “credit-push” fraud, where a victim is tricked into authorizing a payment.
Nacha’s 2026 fraud-monitoring rule changes are a response. Effective March 20, the rules require monitoring to identify ACH credit entries initiated by fraud. They extend beyond banks to include originators and third-party service providers and senders, and require receiving banks to implement risk-based processes to identify fraudulent credits.
Fang Yu, co-founder and chief product officer of DataVisor, told PYMNTS the hard part is not deciding to hunt fraud. It is assembling the picture. Banks see the transactions. FinTechs and platforms see customer behavior. Contracts often do not require behavioral data sharing in a way that supports real-time monitoring. Nacha’s direction implicitly pushes the ecosystem to close that gap.
Third-Party Risk and AI Governance
Banks have long been told they cannot outsource accountability. The 2023 interagency guidance on third-party relationships reinforces that idea, calling for risk-based oversight across the relationship life cycle, from due diligence through ongoing monitoring.
That matters because embedded finance is full of hidden seams. PYMNTS Intelligence found that B2C firms most often cited lack of transparency into a provider’s processes and performance (28.8%) and high integration costs (25.4%) as key frictions. Hybrids flagged regulatory or compliance issues (27.9%) and unexpected operational complexity (26.3%). Regulators and examiners tend to probe exactly where those seams show up: complaints, disputes, underwriting, servicing, fraud losses and data access.
The next seam is AI. Tiffany Magri, a regulatory adviser at Smarsh, told PYMNTS that accountability can blur across sponsor banks, FinTech platforms and brands. Regulators, she said, are focusing on model ownership, validation, ongoing monitoring and defensible audit trails, even when AI is built or operated by an external partner. Zahra Timsah, CEO of i-GENTIC AI, put it even more plainly: Regulators want proof that controls operate inside transaction flows and AI-driven systems before harm occurs.
For embedded finance, the takeaway is basic but powerful. Resilience, reconciliation and clear disclosures are not back-office hygiene. They are core trust mechanisms.
Regulation will add cost and slow some launches. It will also push weaker operators out of the market. But that is only half the story. Embedded finance is growing into something too large to remain informal. Bain estimates embedded finance transaction value in the U.S. will exceed $7 trillion in 2026.
PYMNTS Intelligence suggests the market is prepared for that maturation. Firms are prioritizing trust, transparency and governance over quick wins. In that environment, regulation can function like a common rulebook. It reduces uncertainty for banks. It raises confidence for platforms. It can make embedded finance easier to buy, not harder, because the buyer can point to standards rather than promises.