Contact Us

The CFPB jumps into reducing the open banking/privacy/data traffic jam

Home > Banking > The CFPB jumps into reducing the open banking/privacy/data traffic jam

November 25, 2024

Banking

Suddenly, Section 1033 of the Dodd-Frank Wall Street Reform and Consumer Protection Act has gotten real.

Section 1033 requires financial institutions to provide consumers with access to their financial data. The Consumer Financial Protection Board (CFPB) is tasked with establishing rules and standards for how this information is made available.

It’s the space where open banking, consumer privacy and control, and data aggregation intersect. The CFPB has of late taken notice and is attempting to bring direction and clarity to the table.

What is “Open Banking?”

Open Banking, or open bank data, drives much of the innovation that allows customers to securely share their financial data with other financial institutions. The objective is to allow customers to have access to the best products and services that would meet their needs. This helps them find the best rate on a checking account, obtain more affordable mortgages, and easily move accounts from one institution to another.

Now that the CFPB is developing rules around the regulations, open banking will see large, established financial service providers needing to be more competitive with smaller and newer institutions, ideally resulting in lower consumer costs, better technology, and better customer service. Established financial service businesses will have to do things in new ways that they are not currently set up to handle and spend money to adopt new technology to manage information. However, service providers can take advantage of this new technology to strengthen customer relationships and customer retention by better helping customers to manage their finances instead of simply facilitating transactions.

What are the risks?

However, these new functionalities potentially pose severe risks to financial privacy and the security of consumers’ finances, as well as resulting liabilities to financial institutions. Open banking APIs are not without security risks, such as the potential for a malicious app to clean out a customer’s account, while extreme, broader concerns would simply be data breaches due to poor security, hacking, or insider threats that have become relatively widespread in the modern era, including at financial institutions, and will likely remain commonplace as more data becomes interconnected in more ways. A recent study shows that 84% of consumers currently express concerns about open banking safety. This statistic highlights why we need to think about both the opportunities and challenges carefully.

Enter the CFPB (and various States)

While the ultimate goal is to allow consumers to have greater control over their personal financial data, many states, starting with California, have adopted stricter requirements of data collectors, and given greater control to consumers above Federal Protections as to how their data may be used. Under at least some state laws, consumers now have the right to know what data businesses have about them, to correct inaccurate information, to take that data with them to another business, or to request the business delete the information entirely. Again, a further burden on those that collect and share data is managing and controlling these activities.

In the most recent report on the subject, the CFPB summarizes the state laws that give consumers more control over their data, how these rights complement the protections under federal law, and the gaps in protection that result from state-law exemptions for financial institutions subject to the Gramm-Leach-Bliley Act (GLBA) or the Fair Credit Reporting Act (FCRA).  They recognize that data aggregation and modeling are significant sources of revenue and the existing rules around protection for consumers have limits.

To address the issue, the CFPB issued its final ruling on October 24 as follows:

CONSUMER FINANCIAL PROTECTION BUREAU

12 CFR Parts 1001 and 1033 [Docket No. CFPB-2023-0052] RIN 3170-AA78 Required Rulemaking on Personal Financial Data Rights

AGENCY: Consumer Financial Protection Bureau.

ACTION: Final rule.

SUMMARY: The Consumer Financial Protection Bureau (CFPB) is issuing a final rule to carry out the personal financial data rights established by the Consumer Financial Protection Act of 2010 (CFPA). The final rule requires banks, credit unions, and other financial service providers to make consumers’ data available upon request to consumers and authorized third parties in a secure and reliable manner; defines obligations for third parties accessing consumers’ data, including important privacy protections; and promotes fair, open, and inclusive industry standards.

In addition, the CFPB issued the following report on November 12,outlining the evolution of Federal (GLBA) and State data collection and sharing and addressing their concerns as follows.

“State Consumer Privacy Laws and the Monetization of Consumer Financial Data”

Existing federal regulations on financial data privacy have drawn significant scrutiny,

  1. Due to pervasive digital surveillance—and financial institutions’ increasing role as suppliers of consumer data. Financial institutions have always held extensive, detailed, personal records about consumers, which may include the purchases a consumer makes, the debts a consumer owes, and the balance in their accounts.
  2. Today, when a consumer merely visits a website (even for their bank or credit card), numerous third parties can learn of the interaction, track the consumer across the web, and plaster individualized marketing across the pages the consumer subsequently views based on that data.
  3. Given these modern technologies and only limited restrictions, financial institutions have the ability to—and in some cases may already be—collecting and making money off of the troves of data they possess about the most intimate details of consumers lives. Many consumers may not even know that their financial data has the potential to be used in this way and are unaware of the harms they can suffer as a result of that use.

If your business collects consumer financial data, and even more, if you share that data, your organization must address the risks and ensure compliance with the many governing bodies that preside over these complex and intertwining regulations. This article merely scratches the surface.

John Miller is senior industry advisor for Predictive Analytics Group, which helps clients cost-effectively bridge the gap between analysis and making impactful strategic or tactical decisions. PAG can take a look at your compliance approach and identify opportunities for enhancing those efforts.

Managing Partner of U.S. Operations

Mr. LaRoche is a resourceful, results-oriented Executive with over 25 years of financial services experience; emphasizing collections risk management, dialer operations, MIS and reporting analytics, acquisition strategies, loss forecasting, credit policy, account management strategies, portfolio conversions, due diligence, and collections operations management. He also has over 15 years of direct risk management experience, with 3 years of collections line management experience possessing excellent analytical skills and the ability to manage diverse groups in strategies, modeling, collections, dialer operations, loss forecasting/loan loss reserve modeling, financial analysis, operations and loss avoidance.

David started his career in 1997 as a customer service representative for Travelers Bank. Since then, he has held the following senior positions:

  • Director, US Operations for Bridgeforce Consulting
  • Sr. Director and Call Center Leader for American Express
  • SVP. Collections Strategy and IT leader for Washington Mutual

Chief Risk Officer

Dale Hoops has over 25 years of experience within the financial services industry, with a focus on Risk Management, Collections, Fraud, Account Management Strategies, Loss Forecasting, stress testing, and economic analysis.

Dale started her financial services career in 1996 as a part time customer service representative and teller in a small financial center while attending the University of Richmond. Her career has included senior roles at Bank of America, Citi, and MBNA America. She has experience with multiple retail products, including consumer and commercial cards, private label and co-brand, deposits, vehicle lending, mortgage, and home equity. Her key strengths have been identifying opportunities for improvement through business analysis, strategy development, and risk governance.

In addition to her professional career, Dale has extensive leadership experience with non-profits with event planning, policy, budget, and audit management. She is a member of the Board of Directors for the Girl Scouts of the Chesapeake Bay, which serves 8,000 girls in Delaware, Maryland, and Virginia. She is the former President, Vice President, and Treasurer at a local Parent-Teacher Association, former community pillar chair for Bank of America’s LEAD for Women Delaware network, and served on the leadership team for the Field of Dreams Relay for Life event to raise funds for the American Cancer Society.

Chief Data and Analytics Officer

Mr. Ridgeway has over 30 years of experience within the financial services industry, including Risk Management, Finance, Project Management, Compliance, MIS, IT & Operations. He has held senior roles at several of the top 5 Banks, including MBNA, Wells Fargo & Citibank. Dee has expertise in Risk oversight and a wealth of knowledge in the regulatory footprint (CFPB / OCC / FRB) in financial services. He has hands-on knowledge in the strategy world with numerous credit products including: credit cards, auto lending, mortgage and home equity, and unsecured lending. Dee is a co-founder of Predictive Analytics Group, worked as a Senior Consultant for Hoops Consulting, LLC., and owned & operated Mayflower Analytics LLC.

From a Risk Management perspective, Dee has experience in portfolio management in credit underwriting and loss mitigation during several growth cycles and economic contraction periods. He understands the needs and partners well with operational risk, modeling, and loss forecasting risk functions.

Dee is a SME on risk data strategy (data architecture, data management, and systems integration) and often creates a "passable bridge" between Risk and IT that translates business needs into executable business plans.

From an MIS, reporting, and portfolio analytics perspective, Dee has a proven track record of designing portfolio reporting that meets executive and end user needs that often have been labeled the "gold standard."

CEO and Chief Strategy Officer

Mr. Hoops has over 25 years of experience within the financial services industry, including Credit Collections & Fraud Risk Management, Business Operations, Control &Compliance, Strategic Planning, Forecasting, and Marketing Analytics. He has served as a Chief Risk Officer for Barclaycard US Partnerships, a Global Scoring Head at Citibank, and a Site President for Wells Fargo Financial. Steve is a co-founder of Predictive Analytics Group and has owned & operated Hoops Consulting, LLC for the past 4 years.

Steve started his financial services career in 1993 as a part-time telemarketer while attending the University of Delaware for his Business Administration degree. Mr. Hoops has spent his 25-plus years within the industry building best-in-class operations with each company he has supported. His career has been highlighted by leading several large functions for several Tier 1 and Tier 2International Banks, including:

  • Credit Policy (CRO for $20B co-branded portfolio, Barclaycard US partnership)
  • Credit Policy (SVP for $28B retail Co-brand & Private Label portfolio, Citibank)
  • Loss Forecasting / Loan Loss Reserves ($30B Consumer portfolio, Citi-Financial)
  • Collections Risk Management ($70B Co-brand & Private label portfolios, Citibank)
  • Modeling ($30B Consumer Loan & sub-prime Mortgage portfolio, Citi-Financial)
  • Collection Operations (Head of 410 person operations center, $17B Auto, Personal Loan & Mortgage portfolio, Wells Fargo)
  • Credit Analytics (MBNA/Bank of America, Wells Fargo, Citibank)