By Douglas Gillison
(Reuters) -The top U.S. consumer finance watchdog on Tuesday unveiled long-awaited rules that would make it easier for consumers to switch between financial services providers, a move the agency said was aimed at boosting competition.
The Consumer Financial Protection Bureau’s “open banking” rule governs data sharing between fintech firms and traditional banks, allowing consumers to easily transfer their personal data between providers free of charge.
Banks, which stand to lose out, were quick to criticize the rule, saying it could jeopardize consumer data security and exceeded the agency’s legal powers, while fintech groups praised it, saying it would promote the safe transfer of consumer data.
A pair of U.S. banking groups, the Bank Policy Institute and the Kentucky Bankers Association, filed a lawsuit in U.S. District Court late Tuesday challenging the rule, arguing the regulator overstepped its authority. The groups asked the court to halt the rule from taking effect.
CFPB Director Rohit Chopra compared the new rule to regulations that now allow mobile phone users to switch providers while keeping the same number, and said the change should help bring U.S. payments systems more in line with advances in other developed countries.
He also said the rule incorporates strong privacy protections and consumer choices.
“A company that ingests a consumer’s data can use the data to provide the product or service the consumer asked for, but not for unrelated purposes the consumer doesn’t want,” he said in a speech at a financial technology event held by the Federal Reserve Bank of Philadelphia.
First proposed a year ago, the new rules were 14 years in the making, having been called for in the 2010 Wall Street reforms enacted following the 2008 financial crisis.
According to the CFPB, the rules would also allow consumers to borrow on better terms, for example by allowing lenders to issue loans using data held by other financial institutions, and to make payments directly from their bank accounts rather than by card.
Consumers will also be able to revoke access to their data immediately, the CFPB said.
Ahead of the announcement, CFPB officials said the agency had made some changes to the version originally proposed in response to concerns from industry and public comment, sparing banks with less than $850 million in assets from having to provide data, for example.
Companies will also have more time than originally proposed to come into compliance. Larger financial technology companies will have until 2026, while the smallest will have until 2030.
Republican chair of the U.S. House Financial Services Committee Patrick McHenry welcomed the announcement, calling for Congress to codify the new rule’s protections into law.
“This is progress for American innovation and consumers but we can’t stop here,” he said in a statement.
Data aggregators, such as Plaid and Akoya, which provide connections among banks and financial tech services, and the Financial Technology Association, whose members include aggregators and payments companies like PayPal (NASDAQ:), praised the rule, saying it would promote the secure transfer of consumer data.
But other trade groups said they were not happy.
Lindsey Johnson, head of the Consumer Bankers Association, said in a statement the CFPB had “contorted” the congressional statute authorizing the rule to enable “thousands of third parties’ to access consumers’ data.”
The American Fintech Council (AFC), on the other hand, complained the consumer data provisions were too restrictive, including by improperly barring the “secondary use” of consumer data for cross-selling services and targeted advertising.