The CFPB’s roadmap to open banking must navigate farther to reach its destination

The news: The CFPB’s period for public comment on its upcoming push to mandate open banking among banks and credit card companies ended on January 25. We dig into the three major concerns that the feedback highlighted, per Bloomberg Law.

Unfair for the little guy: Community banks and credit unions are wary of the implementation speed for open banking.

• The technology primarily uses APIs to communicate consumers’ financial information between parties. But smaller financial institutions (FIs) typically use screen scraping to grant access to consumer accounts.
• The CFPB’s plan to eliminate screen scraping means these smaller FIs will carry a huge cost burden to implement the API technology needed to remain compliant. As a result, they’re asking the CFPB to phase-in requirements to give them more time to deal with the added costs and develop the technology.
• Without a slower implementation plan, community banks and credit unions fear that bigger banks with larger tech budgets and more manpower will gain an unfair advantage because they’re able to implement open banking faster and more cost effectively.

Fintechs count, too: Banking trade groups believe fintech firms and nonbank entities should be subject to the open banking requirements as well.

• Since many consumers’ financial lives extend beyond their banks and credit card issuer, industry groups think all financial institutions need to be compliant with open banking rules to provide a full picture of a consumer’s financial health.
• The trade groups are primarily calling for the inclusion of mortgage and auto lenders. For example, Rocket Mortgage dominates the mortgage market, originating more than 1.2 million loans worth $340 billion in 2021.

Data privacy can still stall: Consumer data security and privacy was another main topic in the comments.

• Banks and other FIs that share their data with nonbank entities fear that those entities could misuse or improperly share the data, opening up the banks’ consumers to increased risk of identity theft and fraud.
• To better protect consumers, banks are calling for the CFPB to hold nonbank entities to the same strict security and privacy standards as banks. This concern isn’t new—it’s one of the main reasons the CFPB has dragged its feet on open banking implementation.

The big takeaway: As the CFPB finally takes on the open banking challenge, it appears its first attempt is incomplete. The agency’s next outlined step is to propose an open banking rule later this year, and then implement it in 2024. But with so many concerns still up in the air, the CFPB might need to re-evaluate the scope and timeline. That could spell further new regulation for the already busy CFPB, which may not be prepared for the extra responsibility and strain on resources.

This article originally appeared in Insider Intelligence’s Banking Innovation Briefing—a daily recap of top stories reshaping the banking industry. Subscribe to have more hard-hitting takeaways delivered to your inbox daily.

• Are you a client? Click here to subscribe.
• Want to learn more about how you can benefit from our expert analysis? Click here.