Recently the Consumer Financial Protection Bureau (CFPB) received dozens of comments on a proposed rule that could give consumers more control over their financial data. This rulemaking on open banking presents a rare opportunity for bi-partisan agreement, and may determine the pace of innovation for the financial services industry.
The term open banking describes the technology and services that enable consumers to share their financial data across institutions. If you send money using Venmo, use Acorns to automatically save money, obtain a mortgage through Rocket Mortgage, or manage your retirement savings through Wealthfront, you are using open banking technology in the background. In fact, virtually all of today’s most popular financial applications rely on open banking technology, and many traditional financial services do, too, from Charles Schwab to Fannie Mae.
Originally called “aggregation,” this technology was developed alongside internet banking in the late 1990s to enable financial advisors to see all of a client’s accounts in one place without sorting through a shoe box of account statements. FinTechs created a vast array of new financial products from this technology by connecting to consumers’ financial accounts.
All of this innovation has occurred without a clear regulatory framework in the U.S., even though Congress authorized such regulations over a decade ago. A little-known provision of the Dodd-Frank Act, the vast post-2008 financial crisis overhaul of financial regulation, empowers consumers to share their financial data with the companies of their choice.
A quick comparison to other industries illustrates this principle’s uniqueness in American law.
For example, signing up for a social media account requires consenting to the company’s use of your data. Once the consumer clicks “Agree,” the company essentially controls the consumers’ data. Consumers can often download their data but cannot easily share their data with competitors.
Under Section 1033 of Dodd-Frank, financial data is different. Consumers can directly access or download their data from banks and brokerages. But Section 1033 goes further and allows consumers to share their financial data with an “agent, trustee, or representative.” It enables consumers to authorize data sharing with other banks, and FinTechs that can now efficiently compete for the consumer’s business.
Some banks have viewed open banking as a threat because their customers may now use their own account data to seek a better rate on a credit card or a loan from a competitor. This incentivizes institutions that hold consumer accounts to hinder data sharing. Examples include restricting access, imposing burdensome conditions, or requiring consumers to repeatedly re-enter their credentials. Many consumers report encountering these issues in the market today.
To address these challenges, governments around the world have created regulatory obligations for banks and other financial firms to permit data sharing, while imposing technical and security standards for companies that receive the data. For example, the European Union requires all financial institutions to provide customers with the ability to share their personal financial data with other companies at the consumer’s request. The U.K. Open Banking Initiative requires consumer-authorized data sharing and creates a technology standard to do it.
So far, consumer demand has largely driven the United States version of open banking. But commercial considerations, as well as legitimate legal and security questions, now hinder further growth of this consumer-empowering technology without some clear guidance.
The CFPB should establish a framework flexible enough to encourage continued competition and innovation. But the framework should not be as prescriptive as the UK or EU frameworks, particularly on technical standards. This will ensure greater innovation and opportunities for new products and services.
Risks to consumers must also be addressed, including data breaches, and data sales for purposes the consumers is largely oblivious to. Part of the solution is giving the consumer control: data sharing should correspond with the ability to control and revoke data permissions at some point in the ecosystem. Data recipients must also remain accountable so that consumers are protected.
The CFPB can address these consumer risks and recognize that consumer-permissioned data sharing mitigates longstanding risks already present within the financial system. Consumers need the functionality to comparison shop for credit and savings accounts, avoid overdrafts with quick fund transfers or microloans, and obtain analysis and recommendations for their personal finances. In short, consumers need a clear right to share all of their up-to-date data viewable today in an online account.
Consumer-permissioned data sharing has been a rare area of bipartisan agreement spanning the past two administrations. President Obama’s CFPB under Director Richard Cordray was an early champion, and President Trump’s CFPB under Director Kathy Kraninger also advanced the policy. We hope the Biden Administration builds on those efforts and fosters a data ecosystem that works for consumers.