A New Rule Will Force Banks to Protect Your Data
The "open banking" rule will enhance data transfer, improve customer security and promote competition, says CFPB.
If a government watchdog has its way, it may be easier to fire your bank in the coming years. The Personal Financial Data Rights rule will improve consumer security and privacy, adding safeguards to financial information. The rule will also simplify the safe transfer of customer data, so if you don't like one bank's saving rate, for example, you can switch banks more easily.
The banking industry has tremendous control over consumer data under current law. Banks may crosssell or use consumer data for marketing, while consumers may be unable to revoke sharing permissions or are in the dark when it comes to knowing how their data is being used.
This initiative finalizes a rule in Section 1033 of Dodd-Frank, which enables consumers to access and share their financial data. The Consumer Financial Protection Bureau (CFPB), a government watchdog of the financial sector, spearheaded the new rule. Such regulation should encourage "open banking," in which consumer data is shared between banks and fintech companies, in a way that may enhance banking efficiencies and unlock value for the consumer.
Sign up for Kiplinger’s Free E-Newsletters
Profit and prosper with the best of expert advice on investing, taxes, retirement, personal finance and more - straight to your e-mail.
Profit and prosper with the best of expert advice - straight to your e-mail.
How will the rule change banking?
The rule requires credit card issuers, financial institutions, and other financial providers to allow customers to request a transfer their personal financial data to another provider, free of charge. This will enable consumers to switch to a provider offering better services, rates and fees more easily. As a result, competition should increase, leading to lower loan prices and improved customer service. Additionally, the rule is expected to motivate financial institutions to enhance their products, helping them attract new customers and retain existing ones.
“Too many Americans are stuck in financial products with lousy rates and service,” said CFPB Director Rohit Chopra. “Today’s action will give people more power to get better rates and service on bank accounts, credit cards, and more.”
The rule will also allow consumers to access their data or grant permission to a third party to access information like account balances, transactions and basic account verification information at no cost. It will also provide greater privacy protections against practices such as screen scraping and require personal financial data only to be used for the purposes requested by the consumer. The rule will ensure that third parties cannot use consumer data for other purposes that benefit the third party but that most consumers do not want.
You will have more control when banking
The Personal Financial Data Rights final rule will spur greater choice and increase competition by making it possible for consumers to:
- Switch to a bank or fintech that offers better service: Consumers will not have to pay fees or clear hurdles from companies that make it harder to switch providers.
- Shop for better rates: Consumers will be able to comparison shop and move to a competitor offering better rates and lower fees, as well as obtain credit on better terms.
- Make secure payments: Consumers will be able to securely share payment information, pay merchants, peers, and others, as well as move money between their own accounts. The rule will help bring greater competition to payments markets, which have long been an area of anti-competitive practices.
The rule also strengthens consumer data protections:
- Bans bait-and-switch data harvesting: Third parties can only collect, use, or retain data via consumer request. That means they cannot secretly collect, use, or retain consumers’ data for unrelated business reasons.
- Creates revocation and deletion rights: When a customer revokes access, the rule requires the immediate end to data access. Access can be maintained for up to one year, absent express reauthorization.
Implementation
The banking industry is complex, so these changes won't happen overnight. Compliance with the rule will be implemented in phases, requiring larger providers to comply by April 1, 2026, and smaller ones by April 1, 2030. Certain small banks and credit unions are not subject to this rule.
Some industry stakeholders have criticized the rule, filing a lawsuit alleging that the rule will endanger customer data and unfairly favor the fintech industry. Others have complained that the rules are too onerous to implement within the time permitted.
Read the regulatory text of the final Personal Financial Data Rights rule. Consumers can submit complaints about financial products or services by visiting the CFPB’s website or calling (855) 411-CFPB (2372).
Related Content
Get Kiplinger Today newsletter — free
Profit and prosper with the best of Kiplinger's advice on investing, taxes, retirement, personal finance and much more. Delivered daily. Enter your email in the box and click Sign Me Up.
For the past 18+ years, Kathryn has highlighted the humanity in personal finance by shaping stories that identify the opportunities and obstacles in managing a person's finances. All the same, she’ll jump on other equally important topics if needed. Kathryn graduated with a degree in Journalism and lives in Duluth, Minnesota. She joined Kiplinger in 2023 as a contributor.
-
Here's How To Get Organized And Work For Yourself
Whether you’re looking for a side gig or planning to start your own business, it has never been easier to strike out on your own. Here is our guide to navigating working for yourself.
By Laura Petrecca Published
-
How to Manage Risk With Diversification
"Don't put all your eggs in one basket" means different things to different investors. Here's how to manage your risk with portfolio diversification.
By Charles Lewis Sizemore, CFA Published