Digital Transactions Authoritative, insightful and timely information for payments professionals
The Consumer Financial Protection Bureau’s oversight effort in data-sharing regulation is more than a year old, but with its newly proposed data-rights rule—released last week—the agency is making a substantial move in the field.
Under the Personal Financial Data Rights rule, consumers would have the power to share data associated with their checking and prepaid accounts, credit cards, and digital wallets to access competing products and services without worrying that their data might be used to serve commercial interests other than their own, according to the CFPB, which first outlined a data-rights rule in 2022. In June, the agency said it would not “micromanage” open banking itself.
Equally important, the bureau says, is that the rule would ensure consumers can be “certain that their data would be used only for their own preferred purpose—and not for financial institutions or tech companies to surveil and manipulate.”
So far, reaction from the payments industry has been largely positive, with the Electronic Transactions Association, which largely represents acquiring participants, and GoCardless Ltd., an open-banking specialist, lauding the proposed rule.
If enacted as a rule—which could happen in a year, Ashwin Vasan, CFPB associate director, said during a panel discussion at the Money 20/20 conference Sunday in Las Vegas—the proposal could herald a deliberate shift away from screen scraping, a procedure where third parties seek to verify accounts by means of copying data displayed on a screen after gaining account access.
The proposed rule originates from section 1033 of the Consumer Financial Protection Act of 2010, which authorized the CFPB to address consumer-data access and to prescribe rule standards. It is essentially asking data holders to “build mature developer interfaces, APIs, for third parties to access that data,” Vasan said, when asked to consider how the proposal may develop (APIs are application programming interfaces). “In some ways, it’s a deliberate shift away from screen scraping,” Vasan said in acknowledging that the shift away from screen scraping to open banking has been “pretty substantial.”
While adopting APIs will contribute to improving connectivity, the proposed rule also will address the standards issue, said Vasan. Rather than design one, the CFPB wants to hear from financial-services companies and does not want to “micromanage” into a standards regulation that might have to be revisited routinely, he said.
“We don’t want to lock ourselves into a technical regulation,” Vasan said, adding the proposal calls for a qualified industry standard. What the agency will be looking at, at this stage of the proposal, is whether the backer has the reach to connect with participants of all sizes, and not just large ones, he said, adding, “Does it really reflect all of the players in the ecosystem?”
The second component is the process, Vasan said. The agency likely will want to know if the standards-development process “brings voices to the table” that otherwise might not be at the table, he continued, adding, “Once the rule is finalized, our intention is to say which standards meets these criteria.”
