The top U.S. consumer finance watchdog on Tuesday unveiled long-awaited rules that would make it easier for consumers to switch between financial services providers, a move the agency said was aimed at boosting competition.
The Consumer Financial Protection Bureau’s “open banking” rule governs data sharing between fintech firms and traditional banks, allowing consumers to easily transfer their personal data between providers free of charge.
Banks, which stand to lose out, were quick to criticize the rule, saying it could jeopardize consumer data security and exceeded the agency’s legal powers, while fintech groups praised it, saying it would promote the safe transfer of consumer data.
A pair of U.S. banking groups, the Bank Policy Institute and the Kentucky Bankers Association, filed a lawsuit in U.S. District Court late Tuesday challenging the rule, arguing the regulator overstepped its authority. The groups asked the court to halt the rule from taking effect.
CFPB Director Rohit Chopra compared the new rule to regulations that now allow mobile phone users to switch providers while keeping the same number, and said the change should help bring U.S. payments systems more in line with advances in other developed countries.
He also said the rule incorporates strong privacy protections and consumer choices.
“A company that ingests a consumer’s data can use the data to provide the product or service the consumer asked for, but not for unrelated purposes the consumer doesn’t want,” he said in a speech at a financial technology event held by the Federal Reserve Bank of Philadelphia.
First proposed a year ago, the new rules were 14 years in the making, having been called for in the 2010 Wall Street reforms enacted following the 2008 financial crisis.
According to the CFPB, the rules would also allow consumers to borrow on better terms, for example by allowing lenders to issue loans using data held by other financial institutions, and to make payments directly from their bank accounts rather than by card.
Consumers will also be able to revoke access to their data immediately, the CFPB said.
Ahead of the announcement, CFPB officials said the agency had made some changes to the version originally proposed in response to concerns from industry and public comment, sparing banks with less than $850 million in assets from having to provide data, for example.
Companies will also have more time than originally proposed to come into compliance. Larger financial technology companies will have until 2026, while the smallest will have until 2030.