Editor’s note: This column was included in the Nov. 7 version of The Pulse, a weekly BankBeat newsletter sent to subscribers.
Is open banking the future? Certainly Rohit Chopra, director of the Consumer Financial Protection Bureau, thinks so. He shepherded through the bureau’s open banking rule, which was finalized on Oct. 22.
It exempts banks with assets of less than $850 million, but for larger institutions, the new rule, known as Section 1033 of the Dodd-Frank Act, could mean some complicated tech challenges. More importantly, the rule is going to spur discussions in senior management meetings about the best ways to use information and technology to serve customers and compete effectively.
In general terms, open banking is a system that allows third parties to access a customer’s bank information in order to provide some kind of service. Some fintechs, for example, rely on open banking in order to aggregate a comprehensive summary of a person’s financial portfolio across multiple institutions and accounts.
Specifically, Section 1033 clarifies that a customer owns his or her own banking data at banks and credit card companies. They have the right to request that information, free of charge, or to request that it be shared with a third party.
Chopra says open banking gives consumers more choices, allowing them to more easily switch financial institutions. He also says it will create more competition, which may lead to lower prices for consumers.
At a time when fraud is running at an all-time high in the financial services sector, Chopra seems strangely indifferent to potential security concerns raised by banks. While banks are held to high standards with respect to security and privacy, fintechs lag and Chopra doesn’t seem to care.
Banks worry that if they pass along a customer’s financial information to a third party that leaves itself open to data breaches, the customer is going to come back to the bank for recompense. The security questions around open banking need to be resolved before it is going to be able to do any lasting good for customers.
While 1033 only affects the largest banks, with the first implementation deadline set for April 2026, over time you can bet its mandates will reach down to more community banks, even if they enjoy an exemption for now.