With Regulation, Less Is More

Open banking has great potential, but regulators should keep their thumbs off the scale.

In October, Rohit Chopra’s Consumer Financial Protection Bureau published its long-awaited Personal Financial Data Rights rule, implementing section 1033 of the Dodd-Frank Wall Street Reform and Consumer Protection Act. The CFPB’s open-banking rule mandates that banks, issuers, and data providers, like digital wallets, provide up to two years of consumers’ account and transaction data on request to consumers and to permissioned third-party providers, at no cost.

Open banking’s promise is more innovation and competition in financial services and payments, and, therefore, greater value for consumers. Reduced barriers to entry to financial services and payments should be good for consumers—if like activities are subject to like regulation and legal liability.

Data sharing, on top of enabling new and nontraditional competitors, enables banks on their own and with partners to more actively compete with each other for share of customers.

The lightly regulated U.S. market has led the world in open banking. Data aggregators like Intuit, CashEdge, VerticalOne, and Yodlee pioneered retrieving consumers’ financial data to help financial institutions personalize services. At the dawn of open banking, they relied primarily on screen-scaping. Laissez-faire regulation gave them space to develop a new market.

Now, open banking is global. The European Union’s prescriptive Payment Services Directive 2 mandated that banks enable retrieval by permissioned licensed third parties, through APIs, of payments and payment data—at no cost. After leaving the EU, the United Kingdom retained PSD2.

The CFPB’s open-banking rule has prominent fans and critics. Alexandre Gonthier, founder and chief executive of alternative payment system Trustly, says, “With CFPB’s new open-banking regulation governing consumer-permissioned data access, merchants and billers can now deliver offerings like pay by bank and real-time payments, allowing for faster, more cost-efficient transactions that bypass legacy card networks.”

The Bank Policy Institute, Kentucky Bankers Association, and Forcht Bank have a different take. They’re suing the CFPB, alleging that the rule violates the Administrative Procedure Act, that the CFPB exceeded its authority, and that the rule increases data security risk, along with other harms.

In comments on the suit at Money 20/20, CFPB Director Chopra’s animus toward large financial institutions was on full display. “It’s not a big surprise that some of the largest players are the ones who want to slow and stop it,” he said, adding he didn’t think that they’d read the rule.

Jamie Dimon, chief executive of America’s largest bank, called Chopra “a very smart guy” who uses his brains to justify what he already thinks. Come Jan. 20, Chopra will be out of a job. If consumers are lucky, his replacement won’t think that hostility to large banks and payment systems is synonymous with being pro-consumer.

‘Ripe for Challenge’

Banks are being forced to deploy capital to enable and subsidize firms that compete with them and that may cannibalize credit and debit interchange revenue, credit, and other financial products.

Dodd-Frank requires that banks make consumers’ financial data available to them on request—but not at no cost. It’s Congress’s prerogative, not that of the regulator charged with implementing the law, to make policy. Whether to permit fees is policy, not a regulatory detail.

Chevron deference—the doctrine that if a law’s text is not crystal clear, regulators have broad discretion to impose their policy preferences—was overturned by the Supreme Court in June. The CFPB’s data-sharing price controls, consequently, are ripe for challenge.

But pricing isn’t the only area where the CFPB’s policy preferences intrude.

In George Orwell’s epic novel Animal Farm, the pig Squealer observes, “All animals are equal, but some animals are more equal than others.” As of June, there were 4,533 and 4,539 federally insured credit unions and banks, respectively. In a nakedly political move, the CFPB exempted the overwhelming majority of banks and credit unions, those with under $850 million in assets, from its open-banking rule. The statute, however, doesn’t exempt small banks.

While open-banking payments offer merchants lower acceptance cost, there are tradeoffs. They will cost consumers benefits they now take for granted, and financial institutions will lose interchange revenue and revolving credit opportunities.

Current retail, person-to-person, and bill-payment systems deliver enormous value for consumers, merchants, and banks. They provide consumers with the ability to securely and conveniently make and accept payments any time anywhere, along with robust protections, grace periods for credit cards, rewards and benefits, and record keeping. They will be difficult to supplant even with the regulators’ help.

A Level Field

Nevertheless, there are sectors where open-banking payment is likely to get traction.

At the Philadelphia Fed’s October fintech conference, Plaid chief executive Zach Perret suggested that “surchargey” payment sectors would be particularly ripe for open-banking payments. For example, families may be motivated to use open-banking payment systems to pay tuition for their children rather than incur surcharges on credit card payments. They might happily use open banking to pay for a new car.

There’s space for open-banking payments. Gonthier reports Trustly will process almost $100 billion in payment volume worldwide in 2024. However, for most in-person and online retail payments, traditional payment cards remain a superior value proposition.

Some fear, and some hope, that open banking will relegate banks to backend utilities. Open banking will enable new competitors and force banks and traditional payment systems to up their game. Neither policymakers nor regulators, however, should try to tilt the playing field.

—Eric Grover is proprietor of payments advisory Intrepid Ventures.