ru24.pro
News in English
Календарь
Январь
2025
1 2 3 4 5 6 7 8 9 10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31

CFPB’s Open Banking Standardization Push Faces Legal, Logistical Hurdles

0
PYMNTS.com 

The news this week that the Consumer Financial Protection Bureau (CFPB) has recognized Financial Data Exchange (FDX) as a standard-setting body — to help determine how permissioned financial data will be shared during the rise of open bankingilluminates the long and winding road ahead.

The concept behind the data sharing may be simple: All manner of stakeholders, including banks and other providers have to grant third parties access to customers’ financial data, provided that access has been requested by the customer.

That’s the general principle, but getting to that point, in a widespread manner, where individuals’ data truly can be portable, and safe, and where access is tailored on a use case by use case basis will see some back and forth.

In the rule, which debuted in October, the CFPB said, “In the [earlier] proposed rule, the CFPB noted that Federal regulations with very granular technical requirements could rapidly become obsolete, while industry-led standard-setting would be better able to keep pace with changes in the market and technology, as long as that standard-setting was fair, open, and inclusive.”

The push to standardization, the CFPB added,  should be “open to all interested parties, including public interest groups, app developers, and a broad range of financial firms with a stake in open banking.” The pool of interested parties also can, and will, include consumers, and the CFPB can revoke the recognition of standard setters with a maximum tenure of five years.

Some Objections

It’s interesting to note that in the final rule on standards setting, the CFPB details some of the objections that at least some firms had during the commentary period predating the rule’s issuance: “Several industry commenters disputed the Bureau’s legal authority to recognize standard setting bodies that would then issue consensus standards for purposes of facilitating implementation of a final Personal Financial Data Rights rule. In response, the CFPB notes that, as discussed above in this final rule, establishing a framework for standard setting is authorized by CFPA section 1033(a) and (d),” which is a nod to that particular section of the Dodd-Frank legislation that grants the CFPB’s the power to issue financial data rules.

There’s much speculation out there, at the moment, as to what the powers of the CFPB might be, and the structure of the agency itself, in the months and the years ahead.

In the meantime the largest financial institutions (FIs) will have to comply with the new rule within six months after final publication. Smaller FIs, depending on asset size, will have one to two years to comply. The smallest FIs, with less than $850 million in assets, would have as long as four years. 

The CFPB has noted in the rule that consensus does not require unanimity. And in the documentation on the standards themselves (through the earlier proposed rule), the CFPB noted that the process “promote the development and use of standardized formats for covered data, including interfaces and security protocols.”

For banks, there’s a staggered timeline for compliance. Compliance begins April 1 of the years 2026, 2027, 2028, 2029 or 2030 for data providers, which includes depository institutions (including credit unions). The providers also include non-depository institutions that hold or issue credit cards and other types of accounts.

But between now and then there’s sure to be spirited debate. Just after the CFPB released the rule in October, banking groups filed a suit against the CFPB, alleging that the new mandates carry risk: “Placing additional copies of consumers’ private financial data in the hands of more nonbank third parties necessarily increases the opportunities for that data to be stolen, compromised, or otherwise misused. And those third parties are less regulated than banks, which are subject to extensive oversight and supervision by financial regulators. Indeed, a number of fintech companies have been victimized by data breaches,” the suit stated, and banks would allegedly carry an unreasonable set of liabilities while incurring significant costs to comply, while being prohibited from charging fees for that data access to offset those costs.

The post CFPB’s Open Banking Standardization Push Faces Legal, Logistical Hurdles appeared first on PYMNTS.com.