On October 22, the Consumer Financial Protection Bureau (CFPB) issued a final regulation that will make it easier for debt resolution companies and other financial services and financial technology providers to gather data from clients and their banks.
The so-called open banking rule stems from authority given to the CFPB under Section 1033 of the Dodd-Frank Wall Street Reform and Consumer Protection Act. Over the 14 years since Dodd-Frank was enacted, both Republican and Democratic administrations have worked to advance the regulation. The rule also enjoys widespread bipartisan support on Capitol Hill — in fact, it is one of the few CFPB regulations that does.
What would the CFPB’s open banking rule do, and how would it make financial freedom easier to achieve? Let’s take a look.
What is open banking?
Open banking puts consumers in charge of their own financial data so they can use it for their own benefit.
Traditionally, only a consumer and their bank could access a consumer’s financial data. If a consumer wanted to share access with a third party — a financial technology provider or a debt resolution company, for example — they could, but the process by which that third party actually retrieves the data is cumbersome. Indeed, it often involves a risky, intensive, and inefficient process known as screen scraping, which requires people to share their usernames and passwords with third parties.
Alternatively, open banking allows consumers to share their financial data with third parties instantly, allowing them to provide better service.
“Too many Americans are stuck in financial products with lousy rates and service,” said CFPB Director Rohit Chopra in a press release announcing the final rule. “Today’s action will give people more power to get better rates and service on bank accounts, credit cards, and more.”
House Financial Services Committee Chair Patrick McHenry, a Republican, praised the rule. “The CFPB’s final 1033 rule is a promising step forward to protect Americans’ financial data privacy,” he said. “As Republicans have said for years, Americans should have greater control over their sensitive financial data. … This is progress for American innovation and consumers.”
What would the CFPB’s open banking rule do?
The CFPB’s final rule would allow consumers to share covered data from their savings, checking, buy now pay later (BNPL), digital wallet, credit card, and other accounts. It leaves open the possibility of including other types of accounts, including pass-through wallets, mortgages, auto loans, and student loans. Covered data includes transaction information, account balance, information to initiate payment to and from an account, terms and conditions, upcoming bill information, and basic account verification information.
To participate in the open banking framework, creditors must make data available electronically to a consumer and via a dedicated “developer interface” to an authorized third party. Exceptions to this requirement include confidential commercial information, information collected by the creditor for the purpose of preventing fraud or money laundering, confidential information under the provision of law, or information that the data provider cannot retrieve in the ordinary course of its business with respect to that information. Creditors may restrict credential-based screen scraping once their developer interface has been built, but they may not charge fees for the establishment, maintenance, receipt of requests, or provision of making covered data available.
Depository institutions have between six months and four years to comply with the rule, depending on their size.
Third parties, including debt resolution providers, that want to participate in the open banking framework must do several things, including:
- Be accessing covered data on behalf of a consumer for a product or service the consumer has requested;
- Establish a maximum collection duration of one year after the consumer’s authorization;
- Provide consumers with an easy method to revoke data access;
- Prohibit third parties from accessing data for secondary purposes beyond the primary consumer request;
- Furnish consumers with authorization disclosures as a prerequisite for accessing consumers’ covered data; and
- Establish and maintain policies and procedures to ensure retention of records.
The benefits of open banking
Consumers and debt resolution providers will be better off with open banking.
Because consumers will finally be able to use their own data for their own benefit, they will gain added control and security. As the CFPB noted in its press release, the rule establishes strong privacy protections, requiring that personal financial data can only be used for the purposes requested by the consumer. The rule also will force banks to compete with third parties, resulting in more innovation, more competitive fees, and more consumer-friendly policies. This competition should improve the landscape for budgeting tools, savings apps, credit providers, and more.
By giving consumers the ability to easily share data to companies, like debt resolution firms, for thousands of families it means a better shot at financial freedom.
For debt resolution providers, the ability to validate what a consumer is telling them in real time about total debt, income, assets, and payment history will speed up onboarding time. This rule is a sound alternative to relying on credit bureau data.
The rule also could facilitate the opportunity to offer more financial coaching based on a more holistic view of consumer’s financial standing.
Next steps for debt resolution providers
While the banking industry immediately launched a lawsuit challenging the open banking rule, the CFPB is moving forward with implementation. (The lawsuit alleged the CFPB overstepped the authority given to it by Congress. As noted in the introduction, Section 1033 of Dodd-Frank mandates that Congress act on open banking.)
Debt resolution companies interested in leveraging this rule have two options. They can register to become an authorized third-party provider themselves or they can partner with an aggregator. An aggregator brings together information from different financial accounts into a single place. Providers include Yodlee, Plaid, Method, and MX.
Notably, companies that choose to work with an aggregator still must:
- Provide a written authorization disclosure that includes the key terms of access to the consumer on whose behalf it would access covered data;
- Provide a statement in the authorization disclosure certifying your company agrees to certain obligations;
- Obtain the consumer’s express informed consent to access covered data by having the consumer sign the authorization disclosure electronically or in writing;
- Only use consumer-permissioned data for the express purpose for which the consumer reasonably expects it to be used; and
- Comply with data security, data privacy, and data minimization requirements.
Interested in learning more? Contact the team at AADR. Our government relations team can discuss the rule in depth and explore your firm’s options.
