Welcome to GRIP, Global Relay’s new digital information service on practical compliance and regulatory change.

Please enjoy this free trial of our subscription content service, for a limited time only.

  

Rules

CFPB finalizes open banking rules for consumer data

Image of a woman holding a sign saying "Consumers Stand Up for the CFPB."
Photo: Alex Wong/Getty Images

Julie DiMauro

 Click to share on Facebook (Opens in new window/tab) Click to share on Twitter (Opens in new window/tab) Click to share on LinkedIn (Opens in new window/tab) Click to share on WhatsApp (Opens in new window/tab)

The CFPB finalized “open banking” rules designed to allow consumers to control and share their own data when shopping for services.

The Consumer Financial Protection Bureau (CFPB) has issued its long-awaited final rule on open banking, which would require financial institutions, credit card issuers and other firms to transfer personal financial data to other providers for free at the consumer’s request.

Although last year’s proposal applied to data linked to bank accounts, credit cards and mobile wallets, the final rule applies to payment apps as well. Banks and credit unions with less than $850m in assets are exempt.

Consumer control

The rules are meant to ensure consumers maintain control of their banking history if they switch from one financial institution to another. In other words, they seek to make sure the data surrounding the transfer of financial data, such as transaction records and the information needed to initiate payments, make the move to the new institution – and without a cost to the consumer.

“Too many Americans are stuck in financial products with lousy rates and service,” CFPB Director Rohit Chopra said in a statement. “Today’s action will give people more power to get better rates and service on bank accounts, credit cards and more.”

In addition to what Chopra mentioned as a benefit, the rule also may help users with shorter credit histories obtain credit by allowing lenders to access income- and expense-related data held on other platforms, the CFPB said. Plus it may boost security of “pay-by-bank” transactions, the agency said.

Chopra compared the transition to the rules that now allow mobile phone users to switch providers while keeping the same number, and said the coming change should help bring US payments systems more in line with advances in other developed countries.

Privacy concerns, surveillance pricing

Under the rule, third parties can only collect, use or retain data to deliver the product the consumer requested, the CFPB said. That means they can’t secretly use or keep consumers’ data for unrelated business reasons – marking a pivot away from some of the consequences generated by screen scraping.

The CFPB requires that the data be used only for the purposes requested by the consumer, and access cannot exceed one year without explicit reauthorization. When requested by the customer, any institution’s data access must be ended immediately. 

“The final rule makes clear that when consumers authorize companies to obtain their personal financial data on their behalf, these companies are not acting as service providers to the financial institutions holding the consumer’s data – those companies are acting on behalf of the consumer,” Chopra said in prepared remarks he delivered at a conference organized by the Federal Reserve Bank of Philadelphia.

“The rule is designed to ensure that open banking does not become a new data pipeline that fuels surveillance pricing or other manipulative mischief,” he said.

The rule does permit third parties to engage some secondary uses of consumer-authorized data, such as those to improve the requested product or service, though.

Pushback

Banking lobbying groups said the rule could jeopardize consumer data security and exceeded the agency’s legal powers. On the flip side of that argument, the American Fintech Council (AFC) complained the consumer data provisions of the new rules were too restrictive.

AFC represents fintech providers, a number of them in the earned wage access (EWA) space, and the AFC’s Head of Policy and Regulatory Affairs, Ian Moloney, said: “The rule will lead to a reduction in consumer choice, needless customer confusion, the elimination of fair competition and innovation, higher costs and less financial freedom for consumers, and the likely shuttering of smaller providers.”

The open banking rule is a long-overdue activation of Section 1033 of the Dodd-Frank Act, passed 14 years ago, labeled “Consumer Access to Financial Records.”

, , , , ,

You may also like