14,000 Open Banking Rule Comments Highlight Deep Divides Over Privacy and Access – PYMNTS.com
Report on Public Consultation for Open Banking and its Alignment with Sustainable Development Goals
A recent public consultation by the Consumer Financial Protection Bureau (CFPB) on proposed revisions to data sharing rules under Section 1033 of the Dodd-Frank Act has drawn 13,979 comments. This feedback highlights the critical role of open banking in achieving several Sustainable Development Goals (SDGs), particularly those related to economic growth, inequality, and institutional strength. The proposed rule mandates that financial institutions provide consumers and authorized third parties with secure access to their financial data, a move intended to foster innovation and competition.
Fostering Financial Inclusion and Reducing Inequality (SDG 1, SDG 10)
The core objective of the proposed rule is to enhance consumer control over financial data, which directly supports SDG 1 (No Poverty) and SDG 10 (Reduced Inequalities) by creating pathways to greater financial inclusion.
Empowering Consumers and Expanding Credit Access
- The rule aims to simplify the process for consumers to share account information, enabling the use of third-party services for payments, lending, and budgeting.
- The American FinTech Council (AFC) argued that responsible secondary use of consumer data can help develop and train algorithms that more accurately underwrite consumers than traditional models, thereby expanding credit access for populations previously excluded from the financial system.
Challenges to Equitable Implementation
- The AFC warned that allowing data providers to charge access fees would disproportionately favor large legacy institutions and create barriers for smaller innovators, potentially undermining efforts to reduce inequality.
- Smaller institutions, represented by Axos Bank, noted that the costs of compliance and security upgrades could be prohibitive without the ability to charge reasonable fees, potentially impacting their ability to serve their communities.
Building Resilient Infrastructure and Fostering Innovation (SDG 9)
The development of a standardized, secure, and interoperable open banking ecosystem is fundamental to building resilient infrastructure and fostering innovation, in line with SDG 9 (Industry, Innovation and Infrastructure).
The Call for Standardized and Secure Infrastructure
Stakeholders like Plaid and Suncoast Credit Union emphasized the need for a robust technological framework to ensure the system’s security and efficiency.
- Mandating Standardized APIs: Plaid called for the CFPB to codify Application Programming Interfaces (APIs) as the mandated access method to eliminate insecure credential-sharing practices.
- Adopting International Protocols: Recommendations were made to align U.S. standards with global protocols such as OAuth 2.0, FAPI 2.0, and ISO 20022 to ensure interoperability and security.
- Ensuring Data Portability: Plaid endorsed explicit consumer rights to port data instantly to another provider, a key component of a competitive and innovative digital infrastructure.
Ensuring Strong Institutions, Security, and Consumer Protection (SDG 16)
The debate over governance, liability, and security reflects the challenge of building effective, accountable, and transparent institutions as envisioned by SDG 16 (Peace, Justice and Strong Institutions). A secure and trustworthy framework is essential for consumer protection.
Stakeholder Perspectives on Governance and Liability
- Payments Providers (Apple): Advocated for a “liability follows the data” rule, where a firm that securely transfers information is not held liable for a subsequent data breach by the recipient. They also argued that technology providers who do not maintain consumer accounts should not be classified as data providers.
- Smaller Institutions (Axos Bank): Expressed concerns that mandated data sharing increases vulnerability to fraud and argued that data access should be restricted to entities with fiduciary responsibilities.
- Credit Unions (Suncoast): Proposed a continuous-compliance certification program, modeled after the Cybersecurity Maturity Model Certification (CMMC), to ensure third parties maintain verified security standards.
The Debate Over Access Costs
- FinTechs and Aggregators: Argued that access to consumer-permissioned data must be free, stating that fees would stifle competition and reduce consumer choice.
- Banks and Credit Unions: Contended that a prohibition on fees would place an undue cost burden on them, particularly smaller institutions, for compliance and security upgrades. Suncoast Credit Union estimated a reasonable marginal cost of $0.05 to $0.25 per request.
Fostering Partnerships for Sustainable Development (SDG 17)
The extensive and varied public comments underscore the necessity of multi-stakeholder partnerships, a cornerstone of SDG 17 (Partnerships for the Goals). The future of open banking in the United States will be shaped by the ongoing dialogue between regulators, financial institutions of all sizes, FinTech innovators, and consumer advocates. Achieving a balance between innovation, competition, security, and consumer protection requires a collaborative approach to establish a sustainable and equitable financial ecosystem.
Analysis of Sustainable Development Goals in the Article
1. Which SDGs are addressed or connected to the issues highlighted in the article?
The article on the Consumer Financial Protection Bureau’s (CFPB) proposed rule for open banking connects to several Sustainable Development Goals (SDGs) by addressing issues of economic growth, innovation, infrastructure, inequality, and institutional governance. The primary SDGs identified are:
- SDG 8: Decent Work and Economic Growth
- SDG 9: Industry, Innovation and Infrastructure
- SDG 10: Reduced Inequalities
- SDG 16: Peace, Justice and Strong Institutions
2. What specific targets under those SDGs can be identified based on the article’s content?
Based on the discussions around financial innovation, infrastructure development, inclusivity, and regulatory frameworks, the following specific targets can be identified:
SDG 8: Decent Work and Economic Growth
- Target 8.2: Achieve higher levels of economic productivity through diversification, technological upgrading and innovation. The article’s focus on open banking as a driver of “innovation and competition in financial services” directly supports this target. The push for new technologies like standardized APIs aims to upgrade the financial sector’s productivity.
- Target 8.3: Promote development-oriented policies that support productive activities, entrepreneurship, creativity and innovation, and encourage the formalization and growth of micro-, small- and medium-sized enterprises. The debate involves various stakeholders, including FinTechs, smaller community banks, and credit unions. The proposed rule directly impacts their ability to innovate and compete, with smaller institutions fearing that “undue costs” could hinder their growth while FinTechs argue for rules that foster their participation.
SDG 9: Industry, Innovation and Infrastructure
- Target 9.1: Develop quality, reliable, sustainable and resilient infrastructure… with a focus on affordable and equitable access for all. The article describes the creation of a new digital financial infrastructure through open banking. The debate over whether data access should be free, as argued by the American FinTech Council, or if institutions should be allowed to charge “reasonable fees for data access” to cover costs, as argued by Axos Bank, is central to ensuring this infrastructure is affordable and equitable.
- Target 9.c: Significantly increase access to information and communications technology. The core of the proposed rule is to “require financial institutions to give consumers and their authorized third parties access to their financial data through standardized, secure interfaces.” This mandate, particularly Plaid’s call to “codify APIs as the mandated access method,” is a direct effort to increase access to financial information technology.
SDG 10: Reduced Inequalities
- Target 10.2: By 2030, empower and promote the social, economic and political inclusion of all. The American FinTech Council argues that secondary use of consumer data allows firms to “help develop and train algorithms that more accurately underwrite consumers than traditional models.” This, they claim, can “expand credit access for individuals who have been excluded under conventional scoring methods,” directly addressing the goal of greater economic inclusion for underserved populations.
SDG 16: Peace, Justice and Strong Institutions
- Target 16.6: Develop effective, accountable and transparent institutions at all levels. The entire article describes the CFPB’s process of rule-making, which is a function of a regulatory institution. Proposals within the article, such as Suncoast Credit Union’s suggestion for a “continuous-compliance certification program” and Apple’s recommendation for a “‘liability follows the data’ rule,” are aimed at creating a more accountable and effective open banking system.
- Target 16.7: Ensure responsive, inclusive, participatory and representative decision-making at all levels. The article highlights that the CFPB “received 13,979 public comments” from a wide range of stakeholders, including technology companies (Apple), smaller banks (Axos Bank), credit unions (Suncoast), FinTechs, and data aggregators (Plaid). This demonstrates a highly participatory and inclusive decision-making process.
- Target 16.10: Ensure public access to information and protect fundamental freedoms. The proposed rule is fundamentally about giving consumers control and access to their own financial data. The extensive discussion on privacy, security standards, and consumer consent frameworks reflects the effort to balance this access with the protection of fundamental rights and freedoms.
3. Are there any indicators mentioned or implied in the article that can be used to measure progress towards the identified targets?
The article mentions or implies several qualitative and quantitative indicators that can be used to measure progress:
Indicators for SDG 8 & 9 (Innovation and Infrastructure)
- Adoption of Standardized Technical Protocols: The article explicitly names several standards proposed by stakeholders, such as “FAPI 2.0,” “Mutual Transport Layer Security,” “OAuth 2.0,” and “ISO 20022.” The rate of adoption of these standards would be a direct indicator of the development of a quality, interoperable infrastructure.
- Cost of Data Access: Suncoast Credit Union provides a specific estimate that “the marginal cost for covered financial institutions to respond to individual consumer data access requests … falls within a reasonable range of $0.05 to $0.25 per request.” This cost can be tracked as an indicator of the affordability of the new infrastructure.
- Security and Compliance Certification: The article mentions security audits like “SOC 2 Type II or ISO 27001” and a proposed “Cybersecurity Maturity Model Certification (CMMC)” for third parties. The number of firms achieving these certifications would indicate the security and resilience of the ecosystem.
Indicators for SDG 10 (Reduced Inequalities)
- Access to Credit for Underserved Groups: While not providing a number, the American FinTech Council’s argument implies an indicator: the change in the percentage or number of “individuals who have been excluded under conventional scoring methods” who are able to access credit through new FinTech models.
Indicators for SDG 16 (Strong Institutions)
- Level of Public Participation in Rule-making: The article provides a direct metric: “13,979 public comments” were received by the CFPB. This number serves as an indicator of a participatory and inclusive decision-making process.
- Establishment of Compliance and Accountability Frameworks: The creation of a “continuous-compliance certification program” as proposed would be a key indicator of the development of effective and accountable institutional oversight.
4. Create a table with three columns titled ‘SDGs, Targets and Indicators” to present the findings from analyzing the article.
| SDGs | Targets | Indicators |
|---|---|---|
| SDG 8: Decent Work and Economic Growth |
8.2: Achieve higher levels of economic productivity through technological upgrading and innovation.
8.3: Promote policies that support innovation and the growth of small- and medium-sized enterprises. |
– Level of competition and innovation in financial services. – Rate of adoption of new financial technologies (e.g., open banking APIs). – Compliance costs for small and medium-sized financial institutions. |
| SDG 9: Industry, Innovation and Infrastructure |
9.1: Develop quality, reliable, and resilient infrastructure with a focus on affordable and equitable access.
9.c: Significantly increase access to information and communications technology. |
– Adoption rate of standardized protocols (FAPI 2.0, OAuth 2.0, ISO 20022). – Marginal cost per data access request (estimated at $0.05 to $0.25). – Number of firms with security certifications (SOC 2 Type II, ISO 27001). |
| SDG 10: Reduced Inequalities | 10.2: Empower and promote the social and economic inclusion of all. | – Change in credit access for individuals previously excluded by traditional scoring models. |
| SDG 16: Peace, Justice and Strong Institutions |
16.6: Develop effective, accountable and transparent institutions.
16.7: Ensure responsive, inclusive, and participatory decision-making. 16.10: Ensure public access to information and protect fundamental freedoms. |
– Establishment of a continuous-compliance certification program (e.g., CMMC model). – Number of public comments submitted during the rule-making process (13,979). – Implementation of clear liability rules (“liability follows the data”). |
Source: pymnts.com
What is Your Reaction?
Like
0
Dislike
0
Love
0
Funny
0
Angry
0
Sad
0
Wow
0
:strip_icc()/i.s3.glbimg.com/v1/AUTH_63b422c2caee4269b8b34177e8876b93/internal_photos/bs/2025/Z/d/OPUvBaRJ6HG9aYr2rcJg/foto24bra-101-percap-a4.jpg?#)
