10/07/2024 | Press release | Distributed by Public on 10/07/2024 10:35
Consumer financial data is the foundation of payments, investments, and loans that, when used safely, can support a well-functioning and inclusive economy. Think of open banking as permissioned access to personal financial data. Consumers can authorize third parties to retrieve their information to transform it into useful services. Examples of this include payments and budgeting apps. My colleague, Chris Colson, recently wrote about pay by bank, a payment method that uses open banking technology. The data shared typically includes transaction account details.
This kind of data sharing currently lacks a solid framework to formally address who can be granted access to consumer data, and under what terms. In October 2023, the Consumer Financial Protection Bureau (CFPB) proposed a rule, authorized by section 1033 of the Consumer Financial Protection Act of 2010 (or Dodd-Frank Act), that would give consumers more control over their financial data. The Personal Financial Data Rights rule would also grant third-party access to consumer data. CFPB is expected to finalize the rule later this fall.
Key points in the proposed rule:
Besides financial institutions, there is another cohort that should be paying attention to the proposed rule. Payments and fintech firms often seek guardrails on how to innovate safely. They are especially interested in standards that are industry-specific. The new rule and resulting standards aim to help create those guardrails for the industry. Furthermore, the rule seeks to promote fair and inclusive innovation that could stimulate competition and better products in the long run.
The proposed rule is focused on the access rights. Meanwhile, the CFPB is working with the industry to develop standards. Standards are an integral part of making section 1033 a success. In June 2024, the CFPB issued a rule that outlines the attributes that a standard-setting body must possess in order to receive CFPB recognition. It also establishes a comprehensive set of standards when the full rule is finalized. The goal is that standards adopted by CFPB-recognized standard-setters might be used to facilitate the implementation of section 1033. As we await the new standards, those interested in general banking and fintech risk management perspectives might also be interested in reading Third-Party Risk Management: A Guide for Community Banks, published by the Board of Governors of the Federal Reserve System, the Federal Deposit Insurance Corporation, and the Office of the Comptroller of the Currency.