Smaller banks are urging the CFPB to consider more gradual technological change and weigh their cost burdens as the regulator crafts a new “open banking” rule to make it easier for consumers to share financial information.
The Consumer Financial Protection Bureau’s open banking proposal aims to allow consumers to seamlessly switch between financial service providers by requiring banks and credit card companies to develop technology that consumers can use to share their financial data with fintechs and other emerging competitors. Public comments on the CFPB’s outline for its plans were due on January 25.
Credit unions and community banks asked the CFPB in particular to slow down a provision of the rule to eliminate the practice of so-called “screen scraping,” where a third-party app or website uses the credentials A consumer’s login to access a bank or card issuer account. Big banks and privacy advocates support ending the practice, arguing that scraping poses security and privacy risks.
The ability for consumers to easily transfer data to their banks’ competitors could drive better and cheaper services. But the public comments also show that the agency’s rulemaking, required by Section 1033 of the Dodd-Frank Act of 2010, is plagued by concerns about privacy, fairness and industry readiness to adopt changes.
“In the long run, the commodification of financial data driven by the CFPB’s goal of ‘reducing switching costs’ could have the opposite effect than intended: rewarding the largest, most technologically sophisticated companies at the expense of credit unions. savings and credit and other community institutions focused on relationship banking,” said Independent Community Bankers of America (ICBA) in a letter to the CFPB.
Currently, data aggregators like Plaid and Yodlee use screen scraping as a key tool to facilitate data transfers between banks or other financial companies.
Banks and privacy advocates have warned of security and privacy risks associated with scraping, such as allowing a third party to misuse consumer credentials or collect more data than authorized.
Data aggregators have also been accused of selling consumer data without consent, according to the nonprofit Electronic Privacy Information Center.
The CFPB’s open banking scheme envisions moving from almost entirely scraping to a system in which banks configure an application programming interface (API) and data portals to transfer consumer information.
APIs are a type of standardized interface software that data providers would use to authenticate the consumer and pass on the requested information without the consumer having to share their credentials with a third party.
But switching to data exchange portals like APIs is expensive and may be out of reach for smaller financial institutions, according to the ICBA.
It could put them at a further disadvantage to Wall Street banks and emerging fintechs, the National Association of Federally Insured Credit Unions told the agency.
EPIC supports the adoption of standard APIs to reduce reliance on data aggregators, the group said in a letter to the CFPB.
The industry is constantly moving towards the use of APIs and data portals to enable the exchange of customer information. Plaid estimates that more than 60% of its traffic is currently on APIs, largely due to its contracts with the largest banks, according to its letter to the CFPB.
ICBA said it supports moving to an API standard for sharing customer data. But the community banking advocacy group said in its letter that there is currently “limited adoption” of APIs, largely because the technology is expensive to buy.
The group and NAFCU urged the CFPB to consider “technology neutral” requirements that could allow for screen scraping or the phasing in of API requirements. That would allow smaller financial institutions time to adopt them, while avoiding the requirement that financial institutions accept all screen scraping requests.
Other commenters, including the nonprofit Future of Privacy Forum, also urged the agency to tighten data security requirements for companies that receive consumer financial information.
PNC Financial Services Group Inc., the parent company of PNC Bank, told the CFPB that it is concerned about an increased risk of consumer identity theft and financial fraud if data recipients are not subject to the security standards of bank-level data and regulatory oversight. Federally regulated financial institutions are subject to strict information security requirements.
“Consumers have the right to equally rigorous data protection, regardless of whether their data is held by a bank or a nonbank,” PNC said in a letter to the agency.
The CFPB could put data aggregators and fintech apps under its watch as a way to protect consumer data.
FDATA North America, a trade group representing data aggregators, urged the CFPB to monitor its members.
The CFPB so far contemplates subjecting banks and credit card companies to increased data sharing requirements.
But other consumer finance players who are not part of the CFPB’s schemes are playing an increasingly important role in the industry. Nonbank mortgage lenders issue the majority of mortgages in the United States. Auto lenders owned by auto companies issue a large portion of auto loans in the US Consumers are also increasingly making purchases using installment loan and “buy now, pay later” services.
Including only banks and credit card companies in Section 1033 might give an idea of the money going in and out of consumers’ bank accounts on a monthly basis, but it wouldn’t give a complete picture of, say, the interest rate and remaining term. of a mortgage. said most industry associations.
“To better assess a consumer’s financial health, it would make sense for the industry to turn to a broader scope of a consumer’s financial accounts,” the Consumer Bankers Association said in a comment letter.
The CFPB should expand the scope of its 1033 rules to provide a fuller picture of a consumer’s financial life, according to the Financial Technology Association, an industry group that includes data aggregators and fintech lenders.
Data sharing requirements should be phased in for FTA members and other non-bank businesses, the FTA said.
“Consumers will enjoy the greatest benefit from Section 1033 to the extent that it provides them with a holistic ability to assess financial health and well-being, as well as to purchase the broadest range of financial products and services,” the FTA said in its statement. letter.