On October 19, Consumer Financial Protection Bureau (CFPB) launched an anticipated notice of rulemaking, a move that has attracted the attention of the global financial ecosystem. Ostensibly, this is a bid to ‘jumpstart’ open banking in America, building on the regulatory developments in the European Union and elsewhere.
The CFPB’s proposed rulemaking emanates from Section 1033 of the Consumer Financial Protection Act of 2010 (CFPA). It introduces the Personal Financial Data Rights Rule which is aimed at depository and nondepository entities. The rule is designed to ensure these entities provide certain data relating to consumers’ accounts to both the customers themselves and any authorized third parties.
This rulemaking, if enacted, will establish obligations for third parties who gain access to a consumer’s data. It would ensure that basic safety and performance standards are adhered to, reinforcing data protection and privacy rights for consumers. Full details of the notice can be found in this
JD Supra report.
As legal professionals in the world’s largest corporations and law firms navigate this rapidly evolving landscape, understanding the precise nature and implications of this proposed rulemaking is vital. With this rule, the CFPB is making a firm statement using the regulatory tools at their disposal to ensure safe and inclusive access to financial data.
Open banking offers potentials for improved consumer choice and innovation within the financial services sector. However, these benefits must be balanced against privacy and data protection considerations. Therefore, timely clarification and implementation of such rules can help mitigate risks associated with unauthorized data access and potential misuse.