The Consumer Financial Protection Bureau (CFPB) has proposed a new rule that will enable customers to freely share their financial information with third-party financial service providers.
The rule prohibits financial institutions from stockpiling their customers’ personal data and mandates that companies release this information if the customer requests it. Essentially, at the very core, the CFPB is looking to protect consumer data and put more control back in their hands.
Companies that receive consumer financial data are forbidden from misusing or monetizing this information. Consumers are also free to leave a bank if they are receiving bad service.
“With the right consumer protections in place, a shift toward open and decentralized banking can supercharge competition, improve financial products and services, and discourage junk fees,” said CFPB Director Rohit Chopra in a prepared statement. “Today, we are proposing a rule to give consumers the power to walk away from bad service and choose the financial institutions that offer the best products and prices.”
Open Banking and Consumer Data
Open banking gives third-party financial service providers access to data from consumer banking and transactions, derived from both banks and non-bank financial institutions.
Open banking regulations can be traced back to the European Union in 2015. Since then, many countries, including Australia, Brazil, and the United Arab Emirates, have moved forward in adopting open banking regulations.
Although open banking can transform the financial system, protecting personal data has been tricky. With personal data accumulating, being stored in various places by various companies, data is now more susceptible to risk.
According to James Wester, Director of Cryptocurrency and Co-Head of Payments at Javelin Strategy & Research, having “data silos and fragmented security measures is unsustainable.” As more companies fear the potential liabilities for data breaches or the mismanagement of customer data, now is the time for them to look into a more secure data management strategy—including multi-factor authentication, role-based access control, and encryption.