Fintech group urges court to uphold CFPB’s open banking rule

The Financial Technology Association filed a motion for summary judgment in federal court late Sunday, defending a final rule on consumer financial data rights that the Consumer Financial Protection Bureau under the Trump administration refused to uphold.

The FTA said in a court filing that consumers cannot share their data without easy access from banks. 

Fintechs and banks, through their respective trade groups, are litigating over the rule on consumer financial data rights, also known as 1033 for its section in the Dodd-Frank Act or the open banking rule. The rule was first initiated in 2016 and was finalized in October under former CFPB Director Rohit Chopra. 

In May, U.S. District Court Judge Danny Reeves, of the U.S. District Court for the Eastern District of Kentucky, allowed the FTA to intervene in the case and defend the rule after the Trump administration said it planned to amend or rescind and reissue the open banking rule.

The Bank Policy Institute, Kentucky Bankers Association and a community bank in Lexington, Kentucky, filed a lawsuit against the CFPB in May seeking to vacate the rule. The plaintiffs claim the CFPB exceeded its authority by refusing to allow banks to deny third parties access to consumers’ financial information. BPI also has claimed the rule would jeopardize the safety and soundness of the banking system.

The FTA said the plaintiffs’ challenge purports to be motivated by a concern about data security, “but in truth the CFPB addressed banks’ stated concerns by incorporating extensive security measures into the rule.”

“Plaintiffs’ true concern is that allowing consumers to unlock and leverage their banking data opens opportunities for other financial services providers to compete with banks,” The FTA said.

In the latest legal filings, the fintech and bank trade groups are arguing over definitions of what constitutes a consumer and whether the statutory definition of a consumer’s representative includes third-party providers such as financial technology firms. 

Some of the legal sparring involves the definition of a “consumer,” which the law defines as “an individual, or an agent, trustee, or representative acting on behalf of an individual.” At issue is whether fintechs were granted a right by Congress to act on behalf of the consumer and if the financial data can only be delivered directly to the consumer, not a third party — a view that fintechs oppose. 

FTA said in its motion that banks have not always provided “consistent or meaningful data access to consumers’ third-party providers,” which has led to providers relying on “screen scraping” — or third parties using consumers’ login credentials to access their accounts at other financial firms. The CFPB’s final rule created a three-step authorization process for a provider to become an “authorized” third party, and therefore a consumers’ “representative.” 

Under the Consumer Financial Protection Act, a third party must provide the consumer with an authorization disclosure, provide a statement to the consumer in the disclosure certifying that the third party agrees to numerous obligations, and obtain the consumer’s express informed consent by obtaining a signed authorization disclosure. The procedures were designed to ensure that third parties accessing a consumer’s data are acting on behalf of the consumer under the CFPA’s definition, the FTA said in its legal filing. 

FTA argued further that under the bank trade groups’ view of 1033, “consumers would be forced to manually download their own data to their devices and then upload it to third-party apps, rather than have the banks transmit the data to the authorized third parties.”

“Congress could not possibly have desired this illogical, insecure, and inefficient scheme,” FTA said. “Requiring manual downloads and uploads is not only cumbersome and complex for unsophisticated consumers, but also unsafe for consumers who may use unsecured channels and may be vulnerable to malicious data thieves. A rule requiring only that data providers make financial information available to individual consumers, as opposed to also requiring them to make the information available to third parties authorized by consumers, would significantly impair the uses to which consumers, through authorized third parties, are actually putting their financial data today.” 

Paige Pidano Paridon, BPI’s executive vice president and co-head of regulatory affairs, said fintechs should be working with banks to improve data security.

“The Financial Technology Association is attempting to defend a rule so indefensible that even the CFPB has acknowledged it exceeds the law,” Paridon said in a press release. “Instead of trying to salvage a rule that undermines banks’ ability to protect consumers’ most sensitive data, FTA’s members should continue to work with banks to further develop the secure, competitive data-sharing ecosystem that exists today because of private sector collaboration and innovation.”  

To be clear, the CFPB did not provide an explanation for refusing to uphold the rule, which was the culmination of a bipartisan process since 2016 across several administrations but that was finalized under the Biden administration. The CFPB first issued a request for information in 2016.

Penny Lee, FTA’s president and CEO, said in a press release that the rule providing financial data rights supports consumer choice.

“This rule is grounded in longstanding legal authority and reflects a bipartisan commitment to modernizing how Americans manage their financial lives,” Lee said. 

The rule was expected to radically reshape consumer finance and allow fintechs to better compete with banks. Many fintechs’ business models are premised on consumers being able to access and securely share their financial data. 

The CFPB and BPI have until July 29 to respond with their own briefs and then FTA will get another 30 days to file its response. The briefing schedule is expected to continue through the end of August. The judge is expected to hold an oral argument hearing sometime later this summer or in early fall.