It’s Monday, June 2 and at this writing the ultimate fate of Rule 1033 — the so-called “open banking” rule set in motion last year by the Consumer Financial Protection Bureau (CFPB) — remains in limbo.
Kentucky remains ground zero for what happens. But the timeline could stretch out for a few more months.
As for the most recent events:
On Friday, May 30, the plaintiffs who have sought to have the rule vacated, a group that includes the Bank Policy Institute and the Kentucky Bankers Association, filed a brief in support of their previous motion for summary judgement.
This time around, brief has been lobbed against the CFPB and the Financial Technology Association (FTA), named as Intervenor Defendant. The FTA has joined the suit, and the intervenor status is one where third parties enter the legal fray because they have a stake in the outcome of a case.
Exceeding Authority
The Friday brief argued that the CFPB had exceeded its statutory authority under 1033 (itself part of the Dodd-Frank Act) when the rule was issued. The plaintiffs contended that Section 1033 was intended to grant individual consumers access to their own financial information, not to empower the Bureau to mandate and regulate the sharing of this data with commercial third parties like FinTechs and data aggregators.
They argue that the term “consumer” in Section 1033 refers only to the individual customer, and even the broader definition in Section 1002 of Dodd-Frank, which includes “an agent, trustee, or representative,” does not encompass commercial third parties engaged in arm’s-length transactions. Furthermore, the brief argued that the rule is unlawful because it improperly delegates the setting of substantive compliance standards to private organizations.
Risky Business?
Additional arguments alleged that the mass data-sharing framework is arbitrary and capricious, placing consumer data at risk while limiting banks’ risk management abilities. They also challenge specific provisions, such as the requirement to share payment-initiation information, restrictions on banks’ risk-management functions, the refusal to allocate liability for data compromise and overly vague performance standards.
Notably, the brief highlighted that the Bureau itself has since determined the rule is unlawful and agrees it should be set aside.
“In the Rule challenged here, the Consumer Financial Protection Bureau appointed itself as the czar of open banking in the United States. Ignoring the industry-developed solutions, the Bureau dictated a complex and highly burdensome regime mandating that banks share their customers’ sensitive financial data with any third party that can obtain customer authorization,” the filing stated.
The CFPB’s Take
The same day (May 30), the CFPB filed its own brief in support of its bid for summary judgement — where it had sought to rescind the rule. In the Friday filing noted that the CFPB “agree with the plaintiffs that the Rule is unlawful” as the Bureau exceeded its statutory authority “because Section 1033 of the [2010 Consumer Financial Protection Act] does not authorize the Bureau to broadly regulate open banking by mandating that data providers share information with ‘authorized third parties’ as laid out in the Rule.”
The banks themselves are beset with burden, as the CFPB added that “Congress’s silence on fees is a particularly shaky foundation for the Rule’s absolute fee prohibition” that would have let financial institutions (FIs) charge for access. “The statute itself simply dictates that data providers ‘make available to a consumer’ their consumer’s financial data, yet the Rule regulates beyond the scope of the statute by mandating that data providers make consumer data available to other commercial actors in a costly and complicated data-sharing system,” the CFPB said.
In a statement in the wake of the end-of-month court filings, the FTA issued a statement that responded to the CFPB motion that “Americans must have a right to securely control and share their financial data to access the apps and services of their choice,” per remarks from Penny Lee, president and CEO of the Financial Technology Association. “As an intervening party in this lawsuit, FTA will continue to defend this right and work to uphold Americans’ financial freedoms. We are concerned that actions by the largest banks will result in limiting competition and making the ecosystem less safe by cutting away important protections and control for consumers. We will review the CFPB’s filings in this case and respond in kind.”
The deadline for that response is June 29, and at the end of July, the plaintiffs are required to respond to the defendants’ cross motion. By Aug. 29, the defendants must reply to the July filing by the plaintiffs.
There’s a read across from the top-down approach that’s been a hallmark of the United Kingdom, where as we noted last week, open banking powered 27 million payments in the U.K. during March. But at the same time, the U.K. Payments Systems Regulator recorded 1.92 billion card transactions in February, the most recent month for which data was available. There’s arguably been no tidal wave of open banking there though the (very) recent announcement of Visa A2A’s latest update that it is “market-ready” for bill and subscription payments may underpin momentum by building in dispute-resolution rules to reimburse customers when errors occur.
Here in the U.S., PYMNTS Intelligence’s own data assembled in tandem with Trustly indicate that 56% of American consumers are not familiar with pay by bank. But we note that if banks are not mandated to provide consumer financial data to the third parties, the reach of the aggregators into open banking might be truncated. In the meantime, the direct bank connectivity in an already regulated environment may bring pay by bank and direct account to account linkages to the forefront of consumers’ attention.
