Digital Transactions Authoritative, insightful and timely information for payments professionals
Beyond opposing a sweeping new rule on data sharing, the financial industry will have to cope with the new digital reality that led to the rule.
In October, the Consumer Financial Protection Bureau issued its final rule on “Personal Financial Data Rights.” To oversimplify, it requires that companies share their customers’ information, at the customers’ request, with third parties. The data must include costs, charges, and use data.
Additionally, banks cannot charge customers or third parties a fee to cover the costs of providing the data. They must, however, build out the infrastructure to supply information to third parties and to make sure they verify that the customer, the consent, and the third party are all legitimate.
The Bureau is required to issue this rule under section 1033 of the Consumer Financial Protection Act of 2010. But the law did not require banks to pay for the data sharing, nor did it prohibit charging fees for access to the data.
The industry is not simply accepting the new rule. The same week it was finalized, the Bank Policy Institute and the Kentucky Bankers Association filed a lawsuit in the U.S. District Court in Lexington, Ky., arguing the Bureau overstepped its statutory authority and put consumer financial data at risk.
Another path of opposition opened after the election. Congress could overturn the rule through the Congressional Review Act. Congress has 60 legislative days from the delivery of the final rule to the House to vote to take the rule off the books. (The Bureau is required to deliver the rule to Congress at least 60 days before the effective date.)
It is easy to forgive the industry for being cynical about this rule. In June 2023, the Bureau issued a consumer advisory recommending that individuals move their money from payment apps to accounts with deposit insurance. Then, a little more than a year later, it issued a rule requiring banks and credit unions to give customer data to these presumably unsafe companies and to pay for the infrastructure to do so.
Whether the rule stands or is overturned, the industry must face the reality that customers will need to share financial information from one provider to another. While they might not call it open banking, customers will demand access to their information for things like applying for credit and using personal financial-management apps or programs.
This new reality will force companies to develop new strategies to adapt. The Bureau’s rule paints a picture of banks and credit unions as data providers and fintechs as the recipients. But there is nothing in the law or the rule that says banks cannot request information for their customers from third parties.
For example, a bank could offer a single dashboard for its customers that would consolidate all the balances, payments, and other services provided by third-party apps in a trusted environment shielded from hackers and marketers. The bank could then more efficiently offer money-management help, streamline services like loan applications, and enable pay-by-bank options.
In an interview on the Innovative Payments Association’s podcast, Kate Lybarger, the director and head of payments innovation at Discover Global Network, suggested that financial institutions need to reframe their thinking on open banking. Banks and credit unions should think about how they can use the ability to request information from third parties to get a better understanding of customers’ finances.
“You’re kind of getting back to that ability to give the right advice at the right time with a much fuller picture,” she said. ‘It feels like it might come full circle with open banking.”
—Ben Jackson bjackson@ipa.org
