/regulation & compliance

News and resources on regulation, compliance, legal and governance issues for banks and fintechs.

CFPB urged to strengthen open banking data protection safeguards

The Consumer Financial Protection Bureau's planned new open banking rules do not go far enough to protect consumer data, say two industry groups.

  1 Be the first to comment

CFPB urged to strengthen open banking data protection safeguards

Editorial

This content has been selected, created and edited by the Finextra editorial team based upon its relevance and interest to our community.

In October, the CFPB proposed its long-awaited open banking rule in the hopes of improving competition in the US banking and payments sector, requiring consumer financial service providers to share data at the user’s direction with other companies in the ecosystem that offer more attractive products and services.

However, in a response to the recommendations, The Clearing House Association and Bank Policy Institute argue they do not go far enough in protecting sensitive consumer financial data or requiring data recipients to comply with the rules.

The two organisations say that many of the requirements in the proposed rule designed to protect consumers and their data, such as the requirements related to consumer authorisation and the permissible uses of consumer data, should apply to all third parties and aggregators in the ecosystem, and to all data.

They also call for a ban on screen scraping once a data provider has made a developer interface available.

The associations write: “It is critical that consumers’ personal and financial information remains secure when it is shared between financial institutions and third parties and when it is stored outside of the financial institution.”

Meanwhile, the CFPB should impose direct requirements on third parties and data aggregators and "articulate its intent to supervise those entities for compliance," as well as clearly define liability for unauthorised transactions or failing to protect consumer data.

The pair also argue that data providers should be allowed to receive compensation from third parties to recover their "commercially reasonable costs and a margin to cover the cost of enabling data sharing".

In its response to the proposal, the American Fintech Council raises different concerns, including about the limitations imposed on data providers and third parties regarding the acceptable use of consumer data.

The CFPB have previously stated they expect they would finalise open banking rules by 2024. Additionally, earlier this year the CFPB warned against large firms trying to control their open banking standards.

Sponsored [Webinar] Behavioural Biometrics: Meeting the deployment challenge

Comments: (0)

New Report – The Future of AI in Financial Services 2025Finextra PromotedNew Report – The Future of AI in Financial Services 2025