The Consumer Financial Protection Bureau recently proposed a rule to hasten the shift toward open banking.
Open banking requires large institutions — banks, credit unions and other companies that hold consumer accounts — to allow customers to request their financial data held with fintechs, other banks and online lenders. The proposal would ban financial institutions from misusing or wrongfully using consumer financial data and require them to share such data with third parties by consumer request.
The rule doesn’t include requirements on data sharing to auto, student or mortgage loan and other credit accounts. According to the CFPB, doing so would allow consumers to know that their data will not be used to serve commercial interests over their own and enable them to leave poor products for better offerings. Customers would also have the right to revoke access to their data.
“People can become trapped by providers that hold their data, but this proposal would allow them to more easily shift their data to a competitor offering better or lower-priced products and services,” the agency stated.
According to the CFPB, consumers currently have inconsistent access to their financial data depending on the financial institution. “Even among companies that do share data at a customer’s request, the terms of the sharing vary greatly,” the agency stated. “The lack of norms in the market allows incumbents to play games to their own customers’ detriment — including hiding or obscuring important data points like prices. This undercuts the ability of small or upstart institutions to compete with incumbents, even when people want their data shared.”
The requirements would be phased in, with larger providers needing to comply sooner than smaller companies. Community banks and credit unions without any digital interface with their customers would be exempt from the requirements.
In June, CFPB Director Rohit Chopra said his agency would propose open banking regulations in the coming months and finalize the rule in 2024. Chopra sees the rule as providing for a more competitive environment while giving consumers the option to control their own data.
“With the right consumer protections in place, a shift toward open and decentralized banking can supercharge competition, improve financial products and services and discourage junk fees,” said CFPB Director Rohit Chopra. “Today, we are proposing a rule to give consumers the power to walk away from bad service and choose the financial institutions that offer the best products and prices.”
In response to the proposal, Independent Community Bankers of America President and CEO Rebeca Romero Rianey said the rulemaking should not require banks to provide data outside the scope of Section 1033. Also, she called on the CFPB to minimize data requirements that could harm consumers and banks and create safe harbor protections for community banks.
To Romero Rainey, the proposal does not focus on nonbanks, which already use customer information and store bank login data but do not take the same care as community banks to protect such information.
“ICBA and the nation’s community banks look forward to fully reviewing today’s proposal to ensure it supports responsible financial services innovation and accounts for the privacy, regulatory compliance burden, data security and legal implications presented by permissioned third-party access to consumer bank accounts,” Romero Rainey added.
The American Bankers Association supported the proposal’s provision moving away from screen scraping and clarifying obligations that nonbanks face to protect consumer privacy.
“It is critical that the bureau right-size the scope of the rule pertaining to the types of accounts involved and the information data providers are required to share, as well as addressing the question of liability if something goes wrong,” the ABA stated. “We remain concerned with the significant implementation costs our members will face, as well as the ambiguity caused by the CFPB’s parallel efforts in amending the Fair Credit Reporting Act.”