Fraud will be harder to stop without changes to open banking rule

Rafael Henrique - stock.adobe.com

The Consumer Financial Protection Bureau's open banking proposal has the potential to unlock massive benefits for American consumers and jump-start competition in the economy. Establishing strong financial data rights and protections for consumers will ensure they can easily and securely access the financial apps and products that work best for them. Open banking underpins the innovations that enable faster payments, expand access to credit and provide convenience and value for millions of consumers today. The CFPB's proposed rule could reaffirm and expand those benefits for all.

At the same time, we are concerned that one provision in the CFPB's open banking proposal would undercut the bureau's aim to promote consumer-centric innovation and competition. The agency is proposing to ban companies from using consumer-permissioned data to develop or improve products, a common practice across most industries. If the CFPB fails to clarify that data can be used for these purposes, the agency risks freezing innovation, curbing access to affordable consumer credit products and sabotaging our most powerful tools to fight fraud. 

One of the most critical consumer protections is fraud prevention, for both the safety of consumers and the broader financial ecosystem. Fintech companies are already at the forefront of these efforts, leveraging digital solutions to secure accounts, empowering customers with tools to prevent fraud before it happens and working with law enforcement to monitor and report it when it does. However, as fraudsters continue to evolve their practices, our systems must keep pace and allow for the improvement and development of new tools to effectively take on bad actors.

Unfortunately, the current open banking proposal would discourage the fintech industry from developing the next generation of fraud prevention tools and deprive consumers of critical financial services. The proposed rule goes beyond any existing privacy regime by specifically banning firms from using data permissioned by the consumer to improve existing products or develop new ones. In doing so, the proposed open banking rule cements a leg up for incumbents, especially the largest banks, whose use of consumer data would remain unencumbered.

More broadly, the CFPB's proposed ban on companies' ability to use open banking data to improve and develop products would have far-reaching impacts on consumers. It would halt many companies' ability to test products and prevent consumers from getting personalized financial advice. The proposed ban would also jeopardize the ability to train and improve cash flow-based underwriting, which the CFPB has recognized stands to improve pricing and expand access to credit, especially for the millions of Americans who are credit invisible. Academics and economists have even pointed out that they would be blocked from using anonymized or de-identified open banking data to conduct critical research to inform the public good.

Regulation and compliance

Transfer of CFPB $8 late fee rule lawsuit stayed pending appeal

A federal appeals court is putting the transfer of a lawsuit challenging the Consumer Financial Protection Bureau on hold pending the outcome of a hearing on the suit's appropriate venue.

By John Heltman

April 1

Meanwhile, many of America's largest banks are applauding this restriction — perhaps because it will not apply to them when leveraging the same data generated by the consumer within the bank. In fact, it threatens to further secure a competitive advantage for big banks to the detriment of startups, nonbanks, fintechs and consumers. The proposal also ignores a well-established precedent: the Gramm-Leach-Bliley Act, which governs how financial institutions share and safeguard their customers' data but does not limit the secondary use of data.

There's still time to amend these open banking rules before they are finalized. Consumers deserve an approach that safeguards their data while allowing companies to leverage it for widely beneficial purposes like fraud prevention. The open banking proposal already relies on GLBA as its framework for data security and should do the same for data use and privacy. The bureau should recognize the established precedent of GLBA and allow covered entities to collect data beyond a "reasonable necessity" standard, subject to strong consumer privacy and data protections. Doing so would ensure product innovation and fraud prevention efforts can continue. Furthermore, companies should be allowed to use data on an anonymized basis to research and develop novel products. 

Like banks, fintechs have robust measures in place to protect users' privacy and safeguard their data. Financial Technology Association member companies have endorsed privacy principles prioritizing transparency, security, data minimization and consumer control. We also applaud the CFPB's focus on data minimization and support efforts to enact comprehensive national privacy legislation, providing clear, consistent and uniform standards for the digital age. However, as those efforts continue in Congress, cementing a leg up for large banks and limiting the power of fintechs to innovate is not the answer. 

The CFPB must make clear that the digital finance ecosystem can and should use open banking data to combat fraud, improve and develop products and more. Divergent privacy rules for incumbents versus newer entrants would go against the intent of the CFPB's rulemaking, hinder the innovation it wants to promote and leave Americans more vulnerable to fraud.