... The open banking rule is referred to by the industry as "1033" for the section in the Dodd-Frank Act of 2010 that gave the CFPB authority to implement how consumers control their own financial data.
The CFPB's rule requires that banks safely share financial data on checking accounts, prepaid cards, credit cards, mobile wallets, payment apps and other financial products. Payment apps and other financial products were added in the final rule, sweeping Apple Pay, Google Pay, PayPal, Zelle and Venmo and other apps into the scope of the rule. The change is further proof that third-party apps are dominant forces in banking and payments.
Banks are concerned the rule will expose them to greater liability and also require costly oversight of third-party fintech companies, a tall task in an ecosystem awash with data and a surfeit of fintech upstarts. As the main data providers, banks do have some ability to deny third parties access to consumer data if a company presents risks to the financial system.
...
In another change from the proposal unveiled last October, the final rule would allow for some secondary uses of consumer-authorized data by third parties to improve the product or service that the consumer requested without obtaining a separate authorization. Fintech providers and some consumer advocates asked the CFPB to provide for secondary uses of the data to train underwriting models and for anti-fraud tools as well as research and product development.
"The rule is designed to ensure that open banking does not become a new data pipeline that fuels surveillance pricing or other manipulative mischief," Chopra said in prepared remarks for a speech to be delivered at a Fintech Week conference hosted by the Federal Reserve Bank of Philadelphia.
...
Consumers have been sharing their bank transaction data for years using the common but risky practice of "screen scraping" — giving usernames and passwords to third parties. The CFPB said that screen scraping brings with it inherent risks, such as overcollection of data, inaccurate data sharing, and the spread of login credentials.
The rule would encourage further the adoption of secure application programming interfaces, or APIs, by enabling the exchange of data in a standardized format. The CFPB has already received an application from the Financial Data Exchange to be recognized as an industry standard-setting body of data formatting standards.
...