Google’s AP2 and the Future of OpenBanking

Google’s new Agents to Payments (AP2) protocol has attracted attention as a potential framework for AI-driven commerce. At its core, AP2 introduces “mandates” and verifiable credentials that let digital agents initiate payments securely across multiple rails (cards, bank transfers, even stablecoins). It’s open, cryptographically verifiable, and designed with privacy and auditability in mind.

But here’s the catch: aside from card networks like Amex and Mastercard, the big U.S. banks are nowhere to be seen. That absence is telling.

In the U.S., open banking is still emerging under the Dodd-Frank 1033 mandate, which will require banks to provide consumer data access in a structured, digital format. There are a lot of banks that are just scratching the surface of open banking, and with that lack of maturity may miss the mark on things like security and compliance in open banking, especially in areas such as KYC and AML in addition to API security. At the same time, every large financial institution is rushing to “adopt AI,” a phrase that currently means wildly different things depending on the bank. Without coordination, that creates serious risks of fragmentation:

• Neobanks and fintechs may adopt open, AI-compatible payment standards like AP2 more quickly, offering smoother, more innovative customer experiences.

• Large banks, by contrast, could fall behind or build proprietary “AI + payments” capabilities that don’t interoperate. That would recreate the very silos open banking is supposed to break down.

• Consumers and businesses will face a patchwork of payment processes depending on whether they use a fintech, a neobank, or a legacy institution.

If open banking in the U.S. is to succeed, regulators and banks alike need to pay attention. AP2 shows where the industry is headed: AI-mediated payments, verifiable credentials, and interoperable mandates. But without active participation from major banks, the U.S. risks watching fintechs and card networks define the future of payments while traditional institutions scramble to catch up.

What U.S. Banks Should Do Now

1. Engage in standards development

   • Join open consortia around AP2 or similar protocols instead of building proprietary “AI payments” stacks.

   • Actively shape how mandates, credentials, and consent flows map to U.S. regulatory frameworks, especially Section 1033 (regardless of whether 1033 stays or not).

2. Test interoperability early

   • Pilot AP2-like flows in sandbox environments with neobanks, BaaS providers, or card networks.

   • Measure how cryptographic mandates could integrate with existing API security and fraud monitoring programs.

3. Clarify AI governance in payments

   • Define policies for when and how AI agents can initiate transactions on behalf of customers.

   • Establish clear liability frameworks: if an agent misfires, who is accountable? The bank, the agent developer, or the customer?

4. Invest in credential infrastructure

   • Build partnerships with identity providers and regulators to ensure these credentials are recognized legally.

5. Coordinate with regulators

   • Work with the CFPB and OCC to ensure that emerging AI-driven payment standards don’t outpace the regulatory environment.

   • Push for clarity on consumer protections, consent revocation, and liability in agent-initiated payments.

The takeaway: Open banking isn’t just about APIs anymore; it’s about ensuring that the infrastructure of U.S. finance evolves alongside AI-driven payment protocols like AP2. Without leadership from major banks, the future of U.S. payments could fracture between fintechs and card networks compared to banks. Now is the moment for banks to step up, shape the standards, and ensure open banking keeps pace with the next wave of digital commerce.