Another Fork in the Road for the Future of Open Banking

MX recently submitted a new comment letter to the Consumer Financial Protection Bureau in response to its new advanced notice of proposed rulemaking regarding its reconsideration of Section 1033 of the Dodd-Frank Act on personal financial data rights. In our response, we continue to advocate for secure, permissioned data sharing that drives consumer-centric innovation forward for our clients, consumers, and the broader financial services industry.

As the CFPB evaluates the nearly 14,000 comment letters received, we believe this is a pivotal moment for the U.S. financial services industry. Preserving key elements of the current 1033 Rule is necessary to foster a more competitive and consumer-centric ecosystem. 

The U.S. financial system can be complex and difficult for many Americans to navigate, compounded by the fact that the average consumer has at least 5-7 financial accounts across multiple different providers. Without access to, and a unified view of, their financial information, it becomes nearly impossible for consumers to make truly informed financial decisions. 

Consumers need access to digital financial technology that will bring disparate financial information together and provide the tools and insights needed to effectively understand their finances and make informed financial decisions. 

Open Banking is the key to promoting innovation, increasing competition, and ultimately empowering consumers. And, it’s not just consumers who benefit from Open Banking. Banks, credit unions, fintechs, and all data providers benefit from Open Banking, such as: 

• Reducing potential exposure or misuse of consumer login credentials and associated fraud costs by moving from screen scraping to token-based API access for authorized third parties
• Gaining insight into which authorized third parties are accessing consumer-permissioned data through an API, which enables both enhanced security controls and intelligence into areas where the data provider could create better experiences for consumers.
• Enhancing overall data protections and liability exposure by requiring the execution of bilateral agreements with authorized third parties as a pre-requisite to providing data access, which establishes clear access, security, and liability parameters

Our comment letter dives into the benefits of Open Banking for the entire ecosystem, as well as our perspectives on key questions raised by the CFPB and areas of consideration. These key questions and areas of additional consideration include:

1. Data Access Fees

We strongly support the existing PFDR Rule’s prohibition on fees for data access. A fee for access fundamentally contradicts the nature of a right. A consumer’s financial data belongs to the consumer, and financial institutions are merely the custodians of that information. Allowing financial institutions to charge fees would not only obstruct a consumer’s right to their own data, but also create an anti-competitive environment where some large banks could use fees as a gatekeeping mechanism to stifle innovation and crush smaller players in the market.

2. Defining Consumer “Representatives”

How “representative” is defined will determine how easily data flows and how much choice consumers have in the marketplace. Permissioned third parties should be considered representatives in order to enable consumers to truly own and manage their data. 

Limiting the definition of “representative” would hinder the consumer’s ability to choose and work with their preferred financial technology or other third-party service provider, or potentially eliminate the consumer’s choice altogether if those third parties cannot adequately compete without necessary access to data.

3. The Secondary Use of Data

The rule limits the collection, use, and retention of covered data to what is "reasonably necessary" to provide the consumer's requested product or service, even where broader use may ultimately benefit the consumer without any sale of covered data. We believe this interpretation is too narrow, which could prevent more tailored and beneficial financial products being offered to consumers. 

If a consumer gives informed consent, they should be able to authorize uses of their data that add value for them. For example, these beneficial use cases can unlock a range of powerful benefits for consumers:

• Fraud prevention and product improvements: By analyzing a consumer's entire financial footprint, banks can more effectively detect and prevent fraud. And, data analysis helps companies improve the design and functionality of their financial products, making them more user-friendly and secure.
• Better, more tailored offers: Companies can use transaction data and spending patterns to create personalized credit card and loan offers, rewards programs, payroll deposit switching, and other financial management tools that are more relevant to a person's lifestyle. 
• Public interest uses:Anonymized and aggregated data can be used by researchers to analyze economic trends, inform public policy decisions, and improve access to the financial system by helping lenders build more complete credit profiles for consumers with thin credit histories. 

4. Re-authorization Requirements

The current rule requires third-party data recipients to obtain a new authorization from a consumer at least once every 12 months to continue collecting data. This creates an unnecessary and burdensome administrative hurdle to the detriment of consumers and service providers alike. It could also disrupt the continuous services provided by third parties, such as long-term financial planning, budgeting and tax tools, or fraud monitoring, which rely on a consistent flow of updated data. 

The Road Ahead

As we’ve said before, consumer demand, market innovation, and regulatory momentum have converged around a shared principle: people should be able to securely access and share their own financial data. Though the CFPB is reevaluating parts of Rule 1033, the current PFDR Rule takes a significant step in the right direction by ensuring permissioned data sharing is a statutory right for consumers. 

The stakes are incredibly high. In addition to the ANPR, the U.S. District Court for the Eastern District of Kentucky issued a ruling to halt the CFPB from enforcing Rule 1033 until the Bureau completes its ongoing reconsideration. This could further disrupt the timeline for Open Banking implementation and lead to additional activities by Congress, federal and state regulators, and the broader industry. The CFPB’s reconsideration of key parts of Rule 1033 will determine how competitive and consumer-centric the financial services industry in the United States is going forward. Speed and clarity are of the essence. 

We look forward to further collaboration across the ecosystem to foster innovation, protect consumers, and ensure the continued growth of the U.S. Open Banking market.  Regardless of what happens, MX remains committed to ensuring that secure and permissioned data access continues to drive innovation forward and deliver positive outcomes for consumers and businesses.