On October 22, the US Consumer Financial Protection Bureau (CFPB) introduced long-awaited open banking rules aimed at increasing competition and giving consumers greater control over their financial data.
These regulations allow consumers to easily transfer their personal data between financial service providers at no cost, facilitating the ability to switch between banks and fintech platforms.
The CFPB’s open banking rule, part of Section 1033 of the Dodd-Frank Act, is designed to promote innovation and competition in the financial industry. It allows consumers to securely share their data, such as transaction history and account balances, with third-party apps like PayPal’s Venmo or other financial services. This move is expected to improve service quality, lower the cost of loans, and encourage more competitive rates.
CFPB Director Rohit Chopra compared the rule to the ability to switch mobile phone providers while keeping the same number.
“Too many Americans are stuck in financial products with lousy rates and service. Today’s action will give people more power to get better rates and service on bank accounts, credit cards, and more,” Chopra said.
However, the rule has been met with criticism from large banks, which argue it could compromise consumer data security and oversteps the CFPB’s authority. The Bank Policy Institute and the Kentucky Bankers Association quickly filed a lawsuit challenging the rule, claiming it poses risks to sensitive financial information. Banking groups are particularly concerned about potential security breaches if third-party providers mishandle customer data.
In contrast, fintech companies and data aggregators, such as Plaid and Akoya, have praised the rule for promoting safe data sharing and fostering competition. They argue it will enhance consumer choice by enabling easier and more secure connections between banks and digital platforms.
One of the rule’s key provisions limits the secondary use of consumer data, restricting its use for cross-selling or targeted advertising. This aspect has drawn criticism from parts of the fintech industry, which claim it restricts their ability to leverage consumer data for broader purposes.
The new rule will be phased in over the next several years, with large banks and fintech companies required to comply by April 2026. Smaller financial institutions will have until April 2030 to meet the new standards. As part of the rollout, banks must develop secure systems to enable consumer data sharing through APIs (application programming interfaces) to replace the less-secure method of screen scraping, where consumers provide their login information to third-party apps.
Republican Representative Patrick McHenry, chair of the US House Financial Services Committee, welcomed the announcement and called for Congress to codify the rule into law, highlighting its potential to drive innovation in the financial sector.
With input from Reuters, Financial Time, and Bloomberg.
