By Roy Urrico
Finopotamus aims to highlight white papers, surveys, presentations, analyses and reports that provide a glimpse as to what is taking place and/or impacting credit unions and other organizations in the financial services industry.
Last month, Financial Data Exchange (FDX) hosted its FDX Spring Global Summit 2024 in Washington, D.C. The event brought together industry leaders, experts, and stakeholders to explore the future of open banking and its implications. Here we cover highlights of the prepared remarks from Consumer Financial Protection Bureau (CFPB) Director Rohit Chopra, who discussed the status of CFPB’s position on accelerating America’s shift to open banking.
“All of you in this room know that the United States has a clunky system when it comes to switching financial products. Moving to a new checking account with a better interest rate involves resetting direct deposits and recurring bill-paying, printing new checks, and obtaining a new card device,” he said. “Mistakes can be costly. It’s no surprise that the largest banks in the country have barely budged on their rates, but still retain their depositor base.”
Chopra noted, “Open banking involves less red tape and more seamless switching.” In his presentation, he referred to the CFPB proposed rules announced on Oct. 19, 2023 that would serve as a key foundation in the shift to open banking.
The proposed rules would allow consumers to have control over data about their financial lives and would gain new protections against companies misusing their data. Chopra said, “We are in the process of finalizing these rules, by reviewing feedback to our proposal, coordinating with our sister components within the Federal Reserve System, and thinking through enforcement with other financial regulators.”
Preparing for Open Banking
As part of the shift to open banking, Chopra explained there is growing discussion about how to set relevant industry data standards and sharing protocols. “The proposal we issued last year recognizes the important role standards and standard setting will play in open banking. However, the proposal also purposely avoids micromanaging or dictating prescriptive technical details.”
He added, “We all probably recognize the importance of standard-setting. Electronics sold in the U.S. have a common set of plugs that fit into outlets installed in our homes and offices. Motor vehicles sold in the U.S. are designed to drive on the right side of the road. Standards can help create a common understanding for engineers and designers to build products and offerings.”
When it comes to the need for standards, financial services are no different, he suggested. “Debit and credit cards generally follow a standard. American Express cards typically start with a ‘3,’ Visa cards with a ‘4,’ and Mastercard cards with a ‘5.’ Certain digits give us a clue on the issuing bank and the account number, while others help quickly determine if it’s a valid number.”
Chopra accepted some of this standard-setting might be technical in nature. For example, open banking would require reliance on intermediaries if developer interfaces always provided data in a standardized format. Other types of standard-setting might be more along the lines of best practices, such as norms for how data providers communicate and implement scheduled downtime or other disruptions that may interfere with consumers’ data access rights.
CFPB Director Warns About Unfair Practices
“Of course, we know dangers exist when more powerful players weaponize industry standards. We have to be vigilant that standard-setting does not skew to benefit dominant firms and their prevailing market power,” declared Chopra.
He added, “In financial services, we’ve also seen how the owners of networks and financial plumbing can distort the rules in their favor.” Chopra pointed out the CFPB “continues to hear reports about incumbents potentially coordinating efforts to limit consumers’ exercise of their rights to access data by forcing data sharing through a bank-owned venture.”
Said Chopra, “Anti-competitive behavior by dominant firms or standard setters is not going to advance open banking.” He emphasized financial institutions can choose their own service providers to enable open banking. “But we will be watching out to make sure that such service providers are not used to an anticompetitive effect.”
Chopra maintained the CFPB’s proposed rule anticipated the setting rules around formal recognition of standard-setting organizations. This will prevent large incumbents from rigging standards in their favor. “Well before we finalize the ‘Personal Financial Data Rights’ rule this fall, we intend to codify what attributes standard-setting organizations must demonstrate to be recognized under the rule. After we codify those attributes, we will invite standard-setting organizations to begin the process of seeking formal recognition from the CFPB.”
Dealing with Privacy, Interoperability
“There is no meaningful way for consumer privacy interests or the interests of small firms to be considered. That might also be a problem,” said Chopra. He urged, “All interested standard setters in this space to look hard at their practices and procedures to ensure your organization is not simply a puppet for a powerful player.”
Chopra acknowledged that interoperability is also an important component of a healthy open banking system. “I would eventually like to recognize more than one standard to allow the market to develop without complete reliance on one set of protocols. I also recognize that not every standard setter might be ideally suited to create standards for every part of the open banking system, and new standard-setting organizations may need to emerge as the system evolves.”
MX Technologies’ Chief Advocacy Officer Jane Barratt then hosted a “fireside” chat with Chopra on a wide range of topics, including the requirements and timing of naming qualified standards setting organizations (SSOs), the role of service providers and privacy.
“We do have a long tail of smaller banks and credit unions here. The vehicle by which they implement so much tools and technology is through these major service provider vendors,” said Chopra. “Thinking about how they are a vector of change in all of this is going to be important.”
In addition, Chopra said: “We will need all of you to figure out what do you want privacy and security enforcement. I do think that people will be turned off when there are incidents where their data is being misused. Right now, we just don't have a kind of robust way in which those abuses can be enforced. There's a limitation in our existing laws.”