The Consumer Financial Protection Bureau (CFPB) has proposed a rule that would accelerate a shift toward open banking, where consumers would have control over data about their financial lives and would gain new protections against companies misusing their data.
The proposed Personal Financial Data Rights rule activates a dormant provision of law enacted by Congress more than a decade ago. It would jumpstart competition by forbidding financial institutions from hoarding a person’s data and by requiring companies to share data at the person’s direction with other companies offering better products. The proposed rule would allow people to break up with banks that provide bad service and would forbid companies that receive data from misusing or wrongfully monetizing the sensitive personal financial data.
Currently, people’s access to their financial data is inconsistent from one financial institution to another. Even among companies that do share data at a customer’s request, the terms of the sharing vary greatly. This lack of norms in the market allows incumbents to play games to their own customers’ detriment – including hiding or obscuring important data points like prices. This undercuts the ability of small or upstart institutions to compete with incumbents, even when people want their data shared.
Under the proposed Personal Financial Data Rights rule, people would have the power to share data about their use of checking and prepaid accounts, credit cards, and digital wallets. This would allow them to access competing products and services without worrying that their data might be collected, used, or retained to serve commercial interests over their own. Importantly, people could be certain that their data would be used only for their own preferred purpose—and not for financial institutions or tech companies to surveil and manipulate.
The proposed Personal Financial Data Rights rule would ensure that consumers:
The proposed Personal Financial Data Rights rule would protect the interests of both consumers and financial firms through:
Under the proposal, the requirements would be implemented in phases, with larger providers being subject to them much sooner than smaller ones. In addition, the many community banks and credit unions that have no digital interface at all with their customers would be exempt from the rule’s requirements.
The proposed rule is the first proposal to implement Section 1033 of the Consumer Financial Protection Act, which charged the CFPB with implementing personal financial data sharing standards and protections. The CFPB intends to cover additional products and services in future rulemaking.
Read the regulatory text of section 1033.
Comments must be received on or before December 29, 2023. The CFPB invites comments on any aspect of this proposal, including on other consumer financial products and services that could be covered via subsequent rulemaking.