The Consumer Financial Protection Bureau (CFPB) has issued a final rule the agency says is aimed at providing consumers with greater control over their personal financial data, promoting competition within the financial services industry, and improving customer service.
This move is intended to make it easier for consumers to switch financial institutions or fintechs, allowing them to access better rates and services, and to hold providers accountable for their service quality.
Open banking, in simple terms, allows consumers to securely share their financial data with third-party services, such as budgeting apps or other banks, to access new or improved financial services.
By allowing consumers to access and share their financial data across providers, the CFPB said it aims to reduce costs associated with financial products, particularly loans, while driving competition that will force financial institutions to improve customer service.
“Too many Americans are stuck in financial products with lousy rates and service,“ said CFPB Director Rohit Chopra. ”Today’s action will give people more power to get better rates and service on bank accounts, credit cards, and more.”
Some stakeholders in the financial industry have criticized the new rule.
The Consumer Bankers Association (CBA) expressed strong opposition, particularly to what it calls an overreach of the CFPB’s authority.
“The CFPB, though, has contorted this very clear and limited statute into enabling thousands of third parties to access consumers’ data. In doing so, the CFPB far exceeds its statutory authority.”
Johnson went on to dispute the CFPB’s rationale for the rule, arguing that the consumer credit card and deposit account markets are already highly competitive and that the CFPB is mischaracterizing the need for further intervention.
“Many CBA members support an open-banking framework. Nevertheless, even if the Bureau has the statutory authority to utilize this rulemaking to introduce an open banking framework, this final rule severely misses the mark as it failed to incorporate much of the critical feedback provided by industry through the comment period,” Johnson added, noting that the rule does not reflect practical realities of the marketplace.
“As we have stressed throughout this rulemaking process, America’s banks firmly believe that customers own their own financial data, and no industry goes to greater lengths to protect that data than the banking sector,” Nichols said.
“Today’s long-awaited proposed rule brings us one step closer to achieving our common goal of enhancing consumers’ access to their financial data and allowing them to share it safely with companies of their own choosing, whether that sharing is from bank to bank, bank to fintech, or fintech to bank.”
Nichols added, however, “It is critical that the Bureau right-size the scope of the rule pertaining to the types of accounts involved and the information data providers are required to share, as well as addressing the question of liability if something goes wrong.”
The ABA said it is also “concerned with the significant implementation costs” for its members and wary of regulatory complexity, particularly in light of other ongoing efforts to amend the Fair Credit Reporting Act.
Beyond encouraging competition, the CFPB said the new rule introduces stronger privacy protections.
Financial institutions and third-party providers will be allowed to use consumer data only for the purposes explicitly authorized by the consumer.
The rule will establish procedures for consumers to revoke access to their data, and companies will be required to delete data upon the consumer’s request, ensuring that personal information is not misused, the agency added.
The rule is set to be implemented in phases, with larger institutions required to comply by April 2026 and smaller institutions by April 2030.
