- Key Insight: The CFPB is reading through thousands of comments as it writes a new rule on personal financial data rights.
- What's at Stake: The CFPB opened a new rulemaking after JPMorganChase started charging fees to data aggregators.
- Supporting Data: Small banks want an exemption for banks with $10 billion in assets or less from a requirement to create and maintain a third-party developer interface.
The Consumer Financial Protection Bureau has received nearly 14,000 comments on its plan to write a new open banking rule that would potentially allow banks to charge fees for access to personal financial data.
Open banking allows consumers to provide their financial transaction data with payment apps and other service providers. More than 100 million Americans currently "share" their data.
Thousands of the comments are form letters urging the CFPB to stick with a Biden-era rule that the Trump administration is rewriting, largely over the issue of whether banks can charge fees for data access. Still, several people described how they had been scammed in providing access to their data and have no idea how their data is being used.
"My family and I frequently use open banking apps…because they offer a convenient way to transfer money quickly and easily," wrote Melanie White, in a
"Now, my information is exposed and likely circulating on the dark web," she wrote. "I didn't realize I was consenting to these practices. The consent forms are confusing, filled with complex language and legal jargon, so much so that you'd need a lawyer to fully understand them."
The 1033 rule, known for its section of the Dodd-Frank Act, was first initiated in 2016 and was
With the Trump administration embarking on its own rulemaking on personal financial data rights, a district court judge on Wednesday sided with banks by halting compliance dates and enforcement of the Biden-era rule.
The ruling was a major win for banks. The former open banking rule prohibited banks from charging fees. But the banks' lawsuit challenging the rule and
Now the CFPB under acting Director Russ Vought is
The statutory text of section 1033 "is quite sparse," the CFPB said in its
Section 1033 of the Dodd-Frank Act states, in legalese, that "a covered person shall make available to a consumer, upon request, information in the control or possession of the covered person concerning the consumer financial product or service that the consumer obtained from such covered person."
Specifically, the CFPB asked
While most of the focus of the new proposal has been on fees, consumers appear far more concerned about fraud and misuse of their data.
"I'm concerned about the security of my personal information," wrote
Meanwhile, Chi Chi Wu, director of consumer reporting and data accuracy at the National Consumer Law Center, and Adam Rust, director of financial services at the Consumer Federation of America, urged the CFPB to maintain data privacy safeguards from the Biden-era rule.
Those protections include a prohibition against the secondary use of data, a one-year limit on authorizations, a requirement to honor revocations and to delete data, and clear disclosures.
Banks also are not on completely the same page.
Mickey Marshall, vice president and regulatory counsel at the Independent Community Bankers of America, asked the CFPB to exempt all community banks with assets of $10 billion or under from the proposed rule. Under the Biden-era rule, banks with assets under $850 million were exempt from a requirement to create and maintain a third-party developer interface.
Large banks are against any exemption for their smaller counterparts. The American Bankers Association urged the CFPB to remove any exemption for community banks and credit unions.
"While we understand the noble motivation behind carving out small entities," wrote Ryan T. Miller, the ABA's vice president and senior counsel of policy innovation, "it leaves over 74% of community banks and over 89% of credit unions out of the rule's reach for data providers, and will have the effect of perpetuating screen scraping, injecting additional risk into the ecosystem, creating inconsistent consumer experiences (and protections), and harming the competitiveness of community banks in an increasingly digital world."
Miller said that if the CFPB allows banks and other data providers to charge fees, it "will alleviate the removal of the exemption for smaller depository institutions." He said the Biden-era rule, which now has largely being scrapped, was focused on "picking winners (fintechs and data aggregators) and losers (banks and consumers)."
Many bankers also urged the CFPB to end screen scraping, with some suggesting that the agency should designate the practice of using a consumer's credentials as an "unfair, deceptive, or abusive act or practice."
The Financial Technology Association and the American Fintech Council want the CFPB to stick with the former rule and continue to prohibit banks from charging fees.
"Legacy data providers have a direct economic incentive to charge high, deterrent fees in order to block the transfer of data they would prefer to hold captive," wrote Penny Lee, FTA's president and CEO. "Constitutional and statutory 'rights' in America are not subject to gatekeeping fees, and the plain statutory text of Section 1033 clearly forecloses fees as a barrier to exercise this right."
Community bankers have countered the arguments of fintech providers by claiming they shouldn't be forced to subsidize nonbank financial firms.
Rose Oswald Poels, president and CEO of the Wisconsin Bankers Association, said the former rule's prohibition on fees "creates a disproportionate burden on financial institutions, particularly when third parties, many of which are unregulated, monetize the data they receive."
"Financial institutions are expected to build and maintain complex interfaces to support third-party access, yet those third parties are not subject to the same supervisory standards or compliance obligations," she wrote. "This imbalance forces regulated institutions to subsidize the operations of unregulated entities."
The CFPB is trying to move quickly to finalize a new open banking rule. It will consider the public's comments and will issue a formal notice, and then provide another opportunity for the public to comment before finalizing a rule.
