BID® Daily Newsletter
Dec 18, 2024

BID® Daily Newsletter

Dec 18, 2024

What CFPB’s Rule Means for Consumer Data and Competition

Summary: Even if your institution isn't required to comply with the new Personal Financial Data Rights rule, preparing for open banking is essential. As consumer demand for data sharing grows, adopting secure digital interfaces will help you stay competitive and meet evolving expectations.
For over 150 years, library patrons searched for books to check out with the library card catalog. If they wanted to borrow a book the library didn’t have, the librarian would initiate an interlibrary loan and track it through book-borrowing cards. Now that we have computer databases that keep a catalog of what libraries all over the world have, such as WorldCat, patrons can use their local library card to access books from all over the country and beyond.
Just as a library card lets you access books from any library in the digital library catalogs, financial data is about to become accessible across a wide range of third parties through open banking — and it could very well explode now that regulators have put their stamp of approval on new open banking guidelines.
How the New Rule Works
In October, the Consumer Financial Protection Bureau (CFPB) finalized the Personal Financial Data Rights rule, per Section 1033 of the Dodd-Frank Act. This rule will enable willing individuals to share their financial data with third parties, including fintech apps, via a secure “digital interface” implemented by their financial provider at no charge. In doing so, it fosters open banking principles by promoting data portability and consumer control and encouraging greater competition and innovation in financial services.
Such data includes the following customer information: 
  • Credit card and checking account numbers
  • Prepaid and digital wallet accounts
  • 24-month transaction histories
  • Terms and conditions such as fees, APY, credit limit, rewards program terms, etc.
Exceptions include a financial provider’s proprietary data to remain competitive, information collected to prevent fraud or money laundering, and other confidential information required by law.
Third parties can then use this information to counter with offers of competing products and services. They are allowed access to an individual’s information for one year, after which they must seek the person’s reauthorization. A future rule would enable individuals to share financial information about their mortgages, auto loans, and student loans.
According to the CFPB Director Rohit Chopra in a speech last month, the rule will “provide more freedom, promote decentralization, and spur greater competition.” Indeed, the ideal outcome is to give individuals vastly more personalized offers, better choices, expedited services, and greater purchasing power.
How It Will Be Implemented
The rule takes effect in stages, with the largest institutions required to comply by April 1, 2026. Institutions with $850MM or less in assets are exempt, but banking experts urge community financial institutions (CFIs) to still consider implementing such an interface because customers might start to demand it — particularly younger, more digitally savvy customers. If CFIs don’t oblige, they may become less competitive in the marketplace, experts contend.
But there is a flip side: CFIs that implement these digital interfaces and craft targeted marketing campaigns can also be on the receiving end of valuable data from other institutions, digital-only banks, fintechs, and digital wallet providers — and CFIs can then counter with their own competitive offers.
While banking associations last month filed a lawsuit to set aside the rule, experts say that financial institutions should nevertheless take steps now to allow willing customers to share their data via open banking. There may well come a time when the market demands it, and early adopters may reap the most benefits.
How To Prepare
If you choose to implement a digital interface for sharing customer information, here's how best to prepare:
  • Work with your core data processor, data aggregator, or other trusted vendors. If your CFI has less than $850MM in assets, you may want to rely on your service providers that are currently developing interfaces. Make sure whichever provider you work with has the proper authentication, identity management, security standards, and controls to meet regulatory and compliance standards. Even though third parties receiving customer information are required to protect their privacy per Gramm-Leach-Bliley, no regulators are currently examining them to make sure they comply. That means that financial providers are essentially on the hook if the third party experiences security lapses. Hence, partnering with a trusted core provider or other vendor with known security standards is paramount.
  • Focus on the customer experience. For you to truly be competitive, your digital interface needs to be as user-friendly as possible. You need a system that easily allows customers to authorize, track, and revoke access whenever they want to. You must also make sure that customer data stored in various systems across your institution is accurate, consistent, up-to-date, and can be easily shared via APIs. Moreover, your systems must be capable — and scalable — enough to handle increasing API traffic, to make the experience as seamless as possible for customers.
  • Mitigate for potential fraud. CFPB’s final rule now states that financial providers must share customer information within a reasonable time, as opposed to the agency’s initial proposal that called for response times to be no more than 3.2 seconds. Providers can now let third parties know that they will confirm whether a customer actually consented to share their financial information, thwarting fraudsters from obtaining customer data without their permission. Experts also advise providers to include warnings about the potential risks, in case customers are unwittingly giving their information to bad actors posing as legitimate fintechs. 
  • Encourage both existing customers and prospective customers to share outside data with you. Target prospects that you would like to acquire from other institutions, fintechs, and entities by offering to match or better the deals they’re getting from others after receiving their account information. With existing customers, present use cases of how your institution can provide more value by partnering with third parties via open banking. You can also increase the stickiness of existing customers by offering "actionable advice” on your mobile app, particularly about specific transactions they just made with another provider.
Even if your institution is not required to comply with the rule immediately, it's essential to start preparing now. Open banking, as a broader industry trend, may rapidly gain traction as more consumers demand the ability to share their financial data. By implementing a digital interface today, you’ll be ahead of the curve and able to capitalize on new opportunities, both for acquiring customers and offering better financial products.
Subscribe to the BID Daily Newsletter to have it delivered by email daily.

Related Articles:

PCBB’s President’s Top Predictions for CFIs in 2025
We interviewed PCBB President Mike Dohren about the key trends he anticipates affecting CFIs in 2025, including regulatory changes, mergers and acquisitions, lending trends, and technology.
2024 in Review: Part 2 of 3 — Regulations & Digital Banking
In this second part of our review of 2024, we look at the challenges and opportunities arising from increased regulatory scrutiny, the rise of open banking, and the adoption of faster payments.