CFPB’s Proposed Open Banking Rule Will Require Mind Shift For Banks

The Consumer Financial Protection Bureau in late October released its long-anticipated proposed open banking rule as part of the implementation of section 1033 of the Consumer Financial Protection Act of 2010. If adopted, this requirement would give consumers control over the ability to share their financial data with third parties like fintech apps, helping the U.S. to catch up to other jurisdictions like the U.K. and Europe. However, despite quite a lot of institution-led activity around open banking, the country’s banks don’t seem ready for regulation.

Specifically, very few institutions appear to be embracing open banking in its true form — according to CCG Catalyst’s Banking Stability and Innovation Study 2023, only 17% of C-level bank executive respondents in the U.S. said they are committed to providing open data access to third parties. A much greater number — 48% — said they are interested in working with select third-party partners.

The problem with this is that it completely misses the point and spirit of open banking. This concept is built around the idea that financial data ultimately belongs to the customer, and that the customer should be able to share it with third parties as they see fit. The bank doesn’t get to choose.

Many banks are likely going to have to undergo a major shift in mindset as open banking makes its way to the U.S. Open banking regulation elsewhere like the Second Payment Services Directive, called PSD2 or now PSD3, in Europe mandates that financial institutions share data with third parties at a customer’s request. And it’s expected to take a similar form here. According to the CFPB, this rule “would require depository and nondepository entities to make available to consumers and authorized third parties certain data relating to consumers’ transactions and accounts; establish obligations for third parties accessing a consumer’s data, including important privacy protections for that data; provide basic standards for data access; and promote fair, open, and inclusive industry standards.”

The issue for bank executives can probably be boiled down to the prospect of sharing data freely in an already competitive environment, and doing so via application programming interfaces that they will have to build (amid legacy technology hurdles and often with reliance on their core provider). Admittedly, it’s not hard to see why neither of these is particularly appealing from where they are sitting at first blush.

As Lex Sokolin, global director of fintech strategy at Autonomous Research, explained to American Banker, there are fewer and fewer moats banks have to protect their legacy business, and one of them is internal data on clients.

To Continue reading the article, follow the link