In April, Penny Lee, President and CEO of the Financial Technology Association, and Daniel Gorfine, Senior Advisor to the Financial Technology Association and CEO of Gattaca Horizons joined a recent session to discuss the CFPB’s proposed rule on open banking and its impact on alternative data.
Key Elements of the CFPB’s Open Banking Rule
On October 19th, 2023, The Consumer Financial Protection Bureau (CFPB) announced a new rule advancing open banking aiming to establish a framework for open banking by granting consumers the right to access and share their financial data with third parties. This includes the ability to transfer their data to any financial institution and authorize financial providers to share their data with third parties, facilitated by standardized APIs to replace less secure data-sharing methods like screen scraping, which would potentially reshape data management practices in the financial services industry.
The proposed rule includes bank and non-bank transaction and deposit accounts, as well as credit card accounts under what is called Reg E and Reg Z. Regulations E is focused on the transfer of funds and protecting consumers from errors or unauthorized transactions. In contrast, Regulation Z is focused on providing consumers with clear and truthful information about credit terms and protecting them in credit transactions.
The rule includes robust protections to prevent misuse of data. According to the proposed rule, third parties authorized to access consumer data must use it only for the purposes explicitly allowed by the consumer and are prohibited from using it for targeted advertising or other commercial purposes without consent. Consumers can revoke access to their data, and the rule mandates that third parties must delete the data if access is revoked. The CFPB also aims to make it easier for consumers to switch between financial providers and improve the industry’s competitive landscape.
Why It Is Important for Data Users, Institutional Investors, and Other Stakeholders
The important part of this to note is that in its current state, a blanket ban would be imposed on any secondary use of data received through this new framework saying that consumer data collected using Open Banking can only be used for the specific purpose specified at the time of collection, such as offering a specific financial product. There are concerns regarding the ban on the use of anonymized and aggregated data for research and development, which is essential for improving AI models and fraud detection among other reasons.
The rule’s restrictive approach to data use has raised concerns about its impact on innovation and product development within financial services. The Financial Technology Association views the rule’s implementation timeline as aggressive, especially since the standard-setting body responsible for the technical standards has not yet been established. Financial institutions are concerned about the feasibility of complying with the rule without clear standards in place.
The implementation of this rule also faces challenges related to data privacy and security concerns. Financial institutions and regulators are wary of potential risks, such as cyberattacks and identity fraud, that could arise from more open data-sharing practices. The CFPB is working to strike a balance between enabling consumer data control and ensuring robust security measures are in place.
Eagle Alpha’s Perspective
The discussion on Eagle Alpha’s webinar suggests that there might be some adjustments to the strict prohibitions on secondary data use, particularly concerning de-identified or anonymized data, which could be used more broadly. However, the current stance is a significant barrier to the kind of data-driven innovation that has been central to recent advancements in financial technology.
One worry for organizations that are currently acquiring anonymized consumer transaction data from data providers, is that this rule could create a bifurcated environment. For example, data acquired directly from consumers under existing relationships can be used more freely under regulations like the Gramm-Leach-Bliley Act (GLBA), and data acquired through the open banking framework would be subject to stricter controls. The risk here is that this could complicate data management for financial institutions and impact consumer panels of data providers.
Future Outlook and Industry Responses
The proposed rule represents a significant shift in how consumer financial data is handled in the U.S., aligning more closely with European open banking standards but introducing stringent restrictions on data commercialization that could stifle innovation and affect the competitive dynamics in the financial sector. The industry’s response, ongoing regulatory developments, and potential legal challenges will shape the final implementation and impact of the rule.
The Supreme Court recently upheld the CFPB’s funding structure in a 7-2 decision, rejecting a conservative-led challenge. Justice Clarence Thomas, writing for the majority, found the CFPB’s funding mechanism constitutional, reversing a lower court’s ruling. The proposed rule on open banking is expected in October 2024.