FinTechs and Community Banks Tell OCC to Open the Data Pipes

PYMNTS Intelligence data shows that 32% of lower-revenue small and mid-sized businesses favor community banks and credit unions, citing personalized service and nearby branches, even as many flag weaker digital capabilities as a barrier to broader adoption. On the consumer side, 52% of Gen Z and millennial customers say they would consider switching to community banks, provided those institutions can pair local engagement with competitive technology.

Those expectations formed the backdrop for the Office of the Comptroller of the Currency’s Request for Information, issued in December, on how community banks work with core processors and other essential third parties. The agency said it launched the inquiry to understand whether these relationships are limiting banks’ ability to compete, and what supervisory or regulatory steps might help.

What arrived in response by the end of the commentary period late last month was a record that reads less like a debate between FinTechs and banks, and more like a joint diagnosis of structural friction.

In effect, regulators were probing whether today’s market structure is keeping community banks from meeting changing customer expectations, and whether existing supervisory frameworks are helping or hindering that transition.

Connectivity and Data Access

Across submissions, access to data and integration emerged as first-order problems. The American Bankers Association (ABA) wrote that some core providers “treat APIs as a premium feature rather than baseline infrastructure,” charging high fees or imposing long timelines that delay new products and services. Banks reported waiting 12 to 18 months for basic data extraction to support innovation projects, with timelines stretching further when working with third parties outside a core provider’s preferred network.

MX Technologies described this dynamic as an “implementation bottleneck,” arguing that community banks often identify the right digital tools but remain “almost entirely controlled by their legacy core service providers” when it comes to integration schedules. The result, MX said, is customer attrition as larger institutions iterate faster while community banks stand still.

Braid Technologies, which works directly with community banks on bank-owned infrastructure, pointed to contractual limits on interoperability and data portability. In its comment, Braid said concentrated core markets produce “high switching costs that effectively prevent core migration” and restrict banks’ ability to integrate third-party tools or move systems without disruption.

A community bank perspective echoed those concerns. First Seacoast Bank cited legacy architectures, costly custom reporting, and additional licensing fees simply to access product-level data. It also noted that conversion projects are expensive and slow, often delaying strategic plans and acquisitions.

Contracts, Transparency, Support

Several respondents focused on opaque pricing and governance. Braid wrote that boards are frequently asked to approve core relationships without clear visibility into total cost of ownership, bundled modules, service levels or exit conditions, complicating oversight.

Operationally, First Seacoast Bank described uneven post-implementation support, slow response times, and fragmented service teams within providers, making it difficult to resolve issues efficiently.

Fiserv, one of the largest core providers, acknowledged that banks have raised concerns about fees, termination rights, conversions and innovation.

Security, AI and Emerging Rails

Artificial intelligence (AI) surfaced as both promise and risk. First Seacoast warned that AI capabilities are sometimes introduced into products without banks’ knowledge, creating “unknown risk” depending on how models are used, and called for standardized best practices to govern controls, data sources and disclosures.

The ABA took that further, urging regulators to support industry-led, consensus-based due diligence standards for third-party providers, including AI developers. Without shared baselines, it argued, individual banks lack the leverage to obtain the information needed to manage model risk, bias and audit gaps.

Digital currencies and real-time payments also appeared in community bank submissions. First Seacoast said cores have been slow to support digital currency conversions and instant payment services, and asked regulators to provide clearer guidance and infrastructure pathways similar to FedNow to reduce uncertainty.

Why Banks Still Want These Partnerships

Despite the friction, providers and financial institutions were careful to note that third parties remain essential. MX wrote that core providers have historically enabled community banks to deliver “big bank” capabilities on constrained budgets, outsourcing much of the regulatory and security burden while connecting institutions to modern payment services.

Fiserv emphasized that community banks cannot replicate the scale economics of national institutions that spend billions annually on in-house technology. By spreading development costs across thousands of clients, it argued, core providers make real-time payments, digital banking and fraud tools economically viable for smaller banks.

Braid likewise framed a call to recalibrate market structure so banks can adopt complementary technologies under their own oversight, rather than through restrictive vendor frameworks.

Where FinTechs and Banks Converge

What stands out in the comment record is the degree of alignment on remedies.

Several commenters were explicit that the current structure places community banks in a dependent posture that slows modernization. Braid wrote that market concentration has produced “limited negotiating leverage for smaller institutions,” alongside “high switching costs that effectively prevent core migration,” conditions it said “materially constrain strategic options available to community banks.”

MX reinforced that assessment, warning that integration timelines stretching “from several months to over a year” create an “implementation bottleneck” that leaves community banks’ digital offerings stagnant while larger competitors move faster. MX called for “standardized, open APIs and greater timeline transparency” so banks can deploy technology on schedules that reflect market urgency.

The ABA pressed regulators to move beyond piecemeal fixes, urging the OCC to support “transparent, industry-led, consensus-based due diligence standards” for third-party providers, including AI developers. Such standards, it argued, would reduce duplicative reviews while giving banks clearer visibility into model governance, bias testing and performance monitoring.

FinTechs and banks also aligned on the need for clearer data rights and contract transparency.  A further point of consensus centered on proportional supervision. Braid argued that third-party risk management expectations often mirror those applied to large institutions, despite materially different scale and complexity, leading to higher costs without commensurate supervisory benefit.

Taken together, the submissions sketch a pragmatic agenda: Open the pipes, clarify the rules, and scale oversight. For community banks facing digitally fluent customers and intensifying competition, the message to regulators was consistent as modernization depends on removing the structural barriers that prove impediments to innovation.