‘Open banking’ rules for consumer data unveiled by US watchdog
By Douglas Gillison
(Reuters) – The top U.S. watchdog agency for consumer financial protection on Tuesday unveiled long-awaited rules intended to drive a shift toward open banking and spur competition, allowing consumers to control and share their own data when shopping for services.
The new rules also aim to govern relations between the burgeoning world of financial technology companies that offer consumer apps for an expanding array of services and the sometimes competing interests of traditional banks that can be hesitant to grant access to their customers’ accounts and data.
U.S. Consumer Financial Protection Bureau Director Rohit Chopra compared the transition to the rules that now allow mobile phone users to switch providers while keeping the same number, and said the coming change should help bring U.S. payments systems more in line with advances in other developed countries.
He also said the rule incorporates strong privacy protections and consumer choices.
“A company that ingests (a) consumer’s data can use the data to provide the product or service the consumer asked for, but not for unrelated purposes the consumer doesn’t want,” he said in prepared remarks released ahead of a speech planned for later on Tuesday.
First proposed a year ago, the new regulations were 14 years in the making, having been called for in the 2010 Wall Street reforms enacted following the 2008 financial crisis.
According to the CFPB, as the rules take effect, consumers will be able to transfer their data between banks free of charge and without obstacles. They will also be able to borrow on better terms, for example by allowing lenders to issue loans using data held by other financial institutions, and to make payments directly from their bank accounts rather than by card.
Consumers will also be able to revoke access to their data immediately, according to the CFPB.
Ahead of the announcement, CFPB officials said the agency had made some changes to the version originally proposed in response to concerns from industry and public comment, sparing banks with less than $850 million in assets from having to provide data, for example.
Companies will have more time than originally proposed to come into compliance. Larger financial technology companies will have until 2026, while the smallest will have until 2030.