CFPB’s Chopra: Banking Needs to Be ‘Open and Decentralized’
The Bureau’s director says the Personal Financial Data Rights Rule will give more power to consumers and members.
On Tuesday morning, as the CFPB’s Personal Financial Data Rights rule became final, Director Rohit Chopra spoke to members of the Federal Reserve Bank of Philadelphia to lay out the vision and reasoning of the new rule and how it will empower individuals in a way that could lead to “a more open and decentralized market for financial services.”
In comments to the audience, Chopra said, “By allowing consumers to permission their personal financial data, people can more easily sign up, switch accounts and take their financial history with them. But, much of the data sharing that does take place today uses unsafe methods – like third parties using consumer credentials to scrape vast amounts of data from online banking interfaces.”
Chopra indicated that many large financial organizations are monopolizing consumers’ data and purposefully make it difficult to port data. Years ago the telecom industry fought back when cell phone companies were forced to allow consumers to keep their phone numbers when switching providers. Chopra said this rule addresses a similar situation.
“To make our banking and payments market more competitive, it needs to be open and decentralized using a common set of data standards, free of powerful gatekeepers and middlemen that can impose private regulations and extract fees,” Chopra said.
Chopra explained to the group how the new rule will work.
“If you are a consumer who uses a checking account, credit card or mobile wallet, your provider holds a lot of your personal information. For example, they may have records of your recent transactions, account balances, upcoming bill payments and information needed to initiate payments. If you want to use that information to make a payment, apply for credit or switch banks, your provider might throw up roadblocks to keep you from leaving for a competitor offering you a better deal.
“Our rule prevents companies from doing that. That means you can more easily walk away from mediocre products or services and choose financial institutions that offer higher rates for your savings, lower rates on loans, free access to your paycheck before payday or ways to more effectively manage your finances.
“Under the Personal Financial Data Rights Rule, if a consumer chooses, they could allow mortgage lenders to use data from their checking account on their income and expenses in the underwriting process, also known as cash-flow underwriting. This data could help supplement and improve the accuracy of traditional credit histories and help more people obtain credit on better terms. Over the long run, this could reduce the system’s dependence on credit scores,” he said.
When accessing data, financial institutions need to act on behalf of the consumer. “That means companies can’t offer you a payment product that uses your data, but then use your data against you by feeding it to a dynamic pricing model that ends up charging you more for an airline ticket,” he said as an example.
Chopra continued, “Similarly, if you authorize sharing your data with a company so that you can get a cheaper loan, the data needs to be used to provide you that loan, not for other purposes. And it doesn’t matter that the company has included those purposes in legal fine print that you don’t have any practical ability to reject. Our rule also means companies can’t offer something as a pretext to collect data to sell it or use it to target advertisements at them.
“Our rule also recognizes that personal financial data is sensitive, and there are basic protections and rights that should go along with accessing this kind of information. Specifically, the rule ensures that personal financial data is collected and used minimally, stored securely, transferred accurately, and deleted when it’s no longer needed or when the consumer revokes access.”
As it concerns the implementation of the rule, Chopra told the audience, “With respect to implementation, the law asks that the CFPB prescribe standards through the rules, but it also asks that CFPB make an effort to avoid requiring a particular type of technology. We know that technical standards are critical to make sure that the system is open and interoperable. Without these standards, each incumbent would create its own set of complicated hurdles.
“Rather than micromanage the specifics of open banking, the rule sets out an architecture for standard-setting bodies to align on technical standards. Those organizations can seek accreditation from the CFPB, but only if they have a structure and process to develop standards and further the goals of the rule in a fair, open and inclusive manner. This approach will allow the standards to evolve over time as technology and market needs change.”
During his speech, Chopra did not specify what accreditation would entail for those financial institutions impacted by the rule.
The largest institutions will have to comply while the new rule by April 1, 2026, while the smallest covered institutions will have until April 1, 2030.
READ MORE: Text of Tuesday’s speech given by CFPB Director Rohit Chopra