The “Open Banking Era” Begins as Financial Data Rights Rule Finalized
- CFPB has finalized a transformative open banking rule under the Dodd-Frank Act
- The rule allows consumers to control their financial data and share it with third-party service providers
- Compliance will roll out in phases based on institution size
As we noted previously, Open Banking is a hot topic for financial institutions. It allows consumers to share their financial data with third-party providers and enables access to a wider range of financial services. It's popular all over the world, but only recently emerging in the United States
Global Government Fintech reports that the U.S. Consumer Financial Protection Bureau (CFPB) has finalized a transformative open banking rule under the Dodd-Frank Act, enabling consumers to control their financial data and share it with third-party service providers. This initiative aims to increase transparency and competition within the financial sector, granting consumers more freedom to choose services that best fit their needs. Under the rule, individuals can now direct banks to share data—including transactions, account balances, and payment information—with authorized third parties without additional fees.
Twelve months on from the proposal, the final version has now been published (in a 594-page publication; the regulatory text is 38 pages). "The rule moves the US closer to having a competitive, safe, secure and reliable 'open banking' system," the Washington DC-headquartered agency said in a press announcement.
Restrictions
A critical aspect of the rule is the restriction on third-party data usage. Authorized parties can access consumer information solely for the purpose of delivering requested services, prohibiting data use for unrelated activities, such as targeted advertising. This provision, designed to ensure data privacy and security, also includes consumer rights to revoke access at any time. The CFPB has specified that data providers must create secure consumer and developer interfaces, but they are not allowed to transfer regulatory responsibilities to external vendors, keeping compliance and data management within the institution’s control.
Compliance will roll out in phases based on institution size, reflecting the rule’s wide reach across financial entities. Large banks with $250 billion or more in assets must comply by April 2026, with smaller institutions granted deadlines extending to 2030. This phased approach is intended to allow financial institutions ample time to adapt, especially for smaller firms that may face higher relative costs in updating technology and processes.
According to CFPB Director Rohit Chopra, the rule is intended to empower consumers by improving access to competitive banking options, especially for those stuck in financial products with poor rates and service. By easing data sharing, the CFPB anticipates a ripple effect that could lower costs across credit, payments, and banking services. Financial industry groups, however, have voiced concerns about the financial burden of compliance, especially for smaller banks, and potential conflicts with existing regulations.
A Major Shift
This rule marks a major shift in U.S. financial data rights, putting consumer data control at the forefront of the financial ecosystem and potentially paving the way for a competitive, secure open banking landscape. However, the Bank Policy Institute (BPI), the Washington DC-based trade association chaired by JP Morgan Chase chief executive Jamie Dimon, reacted quickly with two press releases on the same day the CFPB final rule’s were published.
“On initial review, it appears the CFPB’s final rule retains many of the deficiencies and omissions that plagued the proposed rule,” the association’s president and chief executive Greg Baer said in the first press release. “Banks have worked for years to establish secure ways to share customer data whenever the customer asks. The CFPB’s rule disrupts this established process, requiring banks to share financial data with any third party without adequate safeguards to ensure the data is protected from fraud, misuse and abuse.”
A second press release announced that the BPI and Kentucky Bankers Association had filed a lawsuit (56-page complaint) against the CFPB "challenging aspects of the agency’s rulemaking." They assert that the CFPB had overstepped its statutory authority and finalized a rule that "jeopardizes consumers’ privacy, financial data and account security".
Open Banking Benefits for FIs
We have already noted some benefits in a previous post:
- Embracing technological advancements for enhanced customer experience
- The disruptive impact of open banking and APIs
- Unleashing new revenue streams and operational efficiency
- Fostering collaboration and innovation
- Envisioning a hyper-personalized future
- Operational benefits and enhanced security
Through the utilization of APIs, Open Banking enables core providers like Jack Henry & Associates, FIS, Fiserv, Alogent, etc. to utilize new technologies as well. This is the primary method for fintechs to provide their technologies to banking without the need of direct installations and integrations -- a benefit for those banks who do not possess the internal resources to install, integrate, and/or maintain these new systems.
This includes utilizing AI and machine learning technologies like OrbNet AI and OrbNet Forensic AI. These APIs enable OrboGraph to receive the check images for analysis and return scores directly to banks, core platforms, and also check fraud review platforms -- rather than needing to install on premise.
Is it time to embrace Open Banking?