The proposed Personal Financial Data Rights rule looks to challenge the industry to compete for customers by forbidding financial institutions (FIs) from hoarding a person’s data and requiring companies to share data with other companies providing better products as directed by the person, protect customers from excessive surveillance, and help people walk away from bad service, while concomitantly banning companies that receive data from misusing or wrongfully monetising sensitive personal financial data. The rule activates a dormant provision of law enacted by Congress over a decade ago.
Get their data free of junk fees: banks and other providers subject to the rule would have to make personal financial data available, at no charge to consumers or their agents, via dedicated, safe, secure, and reliable digital interfaces.
Have a legal right to share their data: people would have a legal right to grant third parties access to information associated with their credit card, checking, prepaid, and digital wallet accounts, helping firms offer an extensive array of products and services, including cash flow-based underwriting to better pricing and access across credit markets. When said firms offer the wanted product or service, people can switch providers more easily, and can better manage accounts from multiple providers.
Can leave a bad service: in addition to increasing competition among FIs, the rule would also enable people to walk away from bad services and products. As people can be trapped by providers holding their data, the proposal would allow them to shift their data to a competitor providing better or lower-priced products and services.
The proposed Personal Financial Data Rights rule would protect the interest of consumers and financial firms alike through:
Extensive protections to prevent unchecked surveillance and data misuse: companies authorised by people to access data on their behalf would need to agree to certain conditions. Third parties could not collect, use, or retain data to advance their commercial interest via actions like targeted or behavioural advertising, but be required to limit themselves to what is reasonably needed to offer the individual’s requested product.
Consumer control: people would be able to revoke access to their data, and once this is done, the proposal would require that data access end immediately, with deletion as the default practice. Access can be maintained for one year maximum, absent the individual consumer’s re-authorisation.
A move away from risky data collection practices: currently, many companies access consumer data through screen scraping, which oftentimes requires people to share their usernames and passwords with third parties, and the proposal seeks to move the market away from such risky data collection practices.
Fair industry standard-setting: the rule contains several requirements to ensure industry standards are fair, open, and inclusive, instead of offering detailed technical standards, and the CFPB looks to assess future standards developed by the private sector under the terms described in the rule.
The proposal would see the requirements implemented in phases, with larger providers being subject to them earlier than smaller ones. Additionally, the multitude of community banks and credit unions with no digital interface with their customers would be exempt from the rule’s requirements.
The rule is the first proposal to implement Section 1033 of the Consumer Financial Protection Act, which charged the CFPB with implementing personal financial data sharing standards and protections. The CFPB intends to cover more products and services in future rulemaking, and for the current proposal, it accepts comments until December 29, 2023.
CFPB officials said that with appropriate consumer protections, a shift towards open and decentralised banking could supercharge competition, better financial products and services, and discourage junk fees. Per their statement, the rule proposition seeks to empower consumers to walk away from bad services and choose the FIs that provide the best products and services.
Reacting to the news of a draft Personal Financial Data Rights rule from the US Consumer Financial Protection Bureau, industry representatives from GoCardless expressed that the proposal marks a milestone achievement for Open Banking. Whilst the technology has been present in the US for years and consumer demand has seen a monumental increase, with more than 65 million consumer accounts now leveraging a common, free API standard to connect securely to advanced fintech services, the announcement helps push the agenda forward. The company spokesperson believes that putting Open Banking on a regulatory footing is set to boost consumer confidence and trust, ultimately helping expedite adoption.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now