Court allows fintechs to defend CFPB’s open banking rule

A federal judge granted the Financial Technology Association the right to intervene in the Consumer Financial Protection Bureau’s open banking rule, allowing the fintech industry to defend a rule on consumer financial data rights that the Trump administration refused to uphold.  

On Wednesday, U.S. District Court Judge Danny Reeves said the FTA has a substantial legal interest in the rule because its members, including fintechs and data aggregators, would be adversely affected if the rule were vacated. 

Penny Lee, president and CEO of the FTA, said the court’s order “gives the fintech industry a seat at the table to defend Americans’ financial data rights, ensuring that the big banks cannot dictate the future of open banking.” 

The open banking rule, also known as 1033 for its section in the Dodd-Frank Act, was initiated during the first Trump administration and finalized in October by former CFPB Director Rohit Chopra. 

The CFPB was immediately sued by the Bank Policy Institute, the Kentucky Bankers Association and Forcht Bank, a $1.6 billion-asset bank in Lexington, Kentucky. The bankers alleged the CFPB exceeded its authority, arguing that Congress never intended for banks to be compelled to share consumers’ data with fintechs or other third parties. 

When the Trump administration took over the CFPB in February, it asked for all recently finalized rules to be stayed. Then, in an unusual move, acting CFPB Director Russell Vought sided with BPI and the banks that had sued the bureau. Throughout, the FTA repeatedly sought to intervene in the case. The court held a hearing on May 5. Neither the CFPB nor BPI objected to FTA’s motion to intervene. 

“While it is still uncertain whether the CFPB will defend the rule in issue, it seems that, at the minimum, the FTA’s interests are likely not protected by the current parties,” Reeves wrote in a three-page order of the U.S. District Court for the Eastern District of Kentucky. The judge noted that members of the FTA “operate business models premised on consumers being able to access and securely share their financial data.”

Under 1033, financial firms would have to provide their customers access to data on checking accounts, prepaid cards, credit cards, digital wallets and payment apps. Banks are concerned that the rule giving consumer bank account data to third-party financial technology firms will expose banks to greater liability and require costly oversight of fintechs, with no chance to recoup their costs.

The rule could radically reshape consumer finance and impact banks by allowing fintechs to better compete with financial institutions. 

The FTA said that the rule creates a higher bar for safety and security across the financial services ecosystem by encouraging the widespread adoption of APIs to facilitate data sharing. The rule mandates that APIs be used by all but the smallest banks, and requires companies to certify compliance with information security and data minimization standards. 

It also allows banks to deny access if they believe a third party is not maintaining adequate data security controls. The 1033 rule provides core guidelines and mandates industry standards.

Plaintiffs have until May 30 to file a brief in the case and the FTA and CFPB will have 30 days to respond.