On October 19, 2023, the Consumer Financial Protection Bureau (CFPB) announced the release of a proposed rule requiring U.S. financial firms such as banks and credit unions that offer transaction accounts – like checking accounts, prepaid cards, credit cards, and digital wallets – to give consumers access to their personal financial data at no charge, so it can be shared with another provider.
The rule is aimed at leveling the playing field, empowering smaller financial institutions to better compete and giving consumers more freedom and access to new services.
This proposed rule aims to (1) expand consumers’ access to their financial data across a wide range of financial institutions, (2) ensure privacy and data security for consumers by limiting the collection, use, and retention of data that is not needed to provide the consumer’s requested service, and (3) push for greater efficiency and reliability of data access across the industry to reduce industry costs, facilitate greater competition, and support the development of beneficial products and services. – Source: CFPB Proposed Rule
“At Axway, we’ve been championing open banking for years, and the CFPB proposed rule represents an exciting shift in the North American financial services landscape,” says Laurent Van Huffel, Senior VP of Financial Services & Open Banking for North America at Axway. “This is an opportunity for financial institutions to eliminate sharing customer data via unsecured screen scraping and to seize first-mover advantage”
“Today, the CFPB estimates that about half of third-party data access currently occurs through APIs; scraping comprises the bulk of the balance” – Source: CFPB Proposed Rule
Unleashing market competition and leveling the playing field for smaller financial institutions
Similar to U.S. phone number portability regulations that helped open the market for telecommunications services, the new rule promises to create opportunities for firms to move forward with open banking. For example, the proposed U.S. open banking rule could help open the door for smaller, more nimble organizations to offer their services as part of open banking ecosystems, connecting multiple companies.
The accuracy of data exposed to third-party entities must be the same as in the internal systems. In terms of data privacy, consumers are able to give restricted access to their data, while it’s incumbent on the data provider to ensure secure access.
Keeping data timely and secure
Efforts to create open banking rules in North America also underscore the importance, within financial institutions, of providing fast, secure access to quality data, with APIs as the enabling technology.
If customers request it, data holding companies will have to share customer data with authorized third parties securely. According to the CFPB, screen scraping is considered an unsecure method of sharing data with a third party. The bureau will therefore require financial institutions to use APIs to share data instead of compelling customers to give out their account credentials.
For consumers, the new rules represent a meaningful way to control how their data is used, beyond opt-out data privacy rules. Financial services firms will face more pressure to maintain or win customer loyalty, compete on individual products, and integrate third-party services into their own offerings.
And while open banking does require banks to securely expose data for greater interoperability and competition – essentially becoming an API provider – it’s important to note that open banking also offers up a goldmine of actionable intelligence that can yield rich cross-selling opportunities and other benefits.
Understanding the CFPB rulemaking process – the clock is ticking
The CFPB Proposed Rule issued on October 19 is followed by an open comment period, which closes on December 29, 2023. The rule will be finalized around June 2024 and will go into effect 60 days from when it’s posted in the federal register. Compliance is tiered by FI size.
According to CFPB Director Rohit Chopra: “We will also be issuing additional information on how industry standard-setting organizations can obtain recognition from the CFPB. As proposed, it would include conformance with standards promulgated by fair, open, and inclusive standard-setting bodies recognized by the CFPB”
There are already efforts underway to implement open banking and ensure a common set of standards to exchange data, not least of which is the Financial Data Exchange. This consortium of key stakeholders maintains a free, common API standard that provides interoperability around financial data sharing. It has quickly established itself as the de facto North American open banking standard, with 65 million consumer accounts using the FDX API at last count.
Turning open banking regulation into opportunity
In a recent report by PYMNTS Intelligence, 50 percent of millennials stated that their choice of merchant or provider would be “very or extremely” influenced by open banking connectivity. Overall, more than a third of consumers — across all demographics — said the same about open banking. Consumers are demanding open banking capabilities, now it’s up to banks to implement them.
Axway gives financial services firms the tools, flexibility, and scalability they need to unlock their customer data securely and comply with new CFPB rules as they come into force.
“Amplify Platform is built with our ‘Open Everything’ philosophy at its heart: that a financial ecosystem connected via APIs needs to be open to every player in the value chain,” says Van Huffel. “It’s why our solution is agnostic from the API infrastructure of the customer in order to bring together APIs from any platform, whether based on an open banking standard like FDX or OBIE, or proprietary, regardless of vendor or cloud deployment model. An open ecosystem can only benefit the API provider and the consumer as it drives greater innovation.”
With the Axway solution, APIs built to common open banking standards are easily discoverable and consumable to accelerate new services. Coupled with Amplify Enterprise Marketplace, the solution lets companies govern and control the APIs they need to stay securely connected to customers and partners. Beyond the technology, Axway helps them take their open banking initiative from compliance to business acceleration.
Discover keys to successful adoption of APIs in financial services.