Please enable JavaScript to view the comments powered by Disqus.

We use cookies on our website to give you the best online experience. Please know that if you continue to browse on our site, you agree to this use. You can always block or disable cookies using your browser settings. To find out more, please review our privacy policy.


Take On Payments, a blog sponsored by the Retail Payments Risk Forum of the Federal Reserve Bank of Atlanta, is intended to foster dialogue on emerging risks in retail payment systems and enhance collaborative efforts to improve risk detection and mitigation. We encourage your active participation in Take on Payments and look forward to collaborating with you.

Comment Standards:
Comments are moderated and will not appear until the moderator has approved them.

Please submit appropriate comments. Inappropriate comments include content that is abusive, harassing, or threatening; obscene, vulgar, or profane; an attack of a personal nature; or overtly political.

In addition, no off-topic remarks or spam is permitted.

January 9, 2023

Open Banking's Slow March Advances

In June, I wrote about the revived and deliberate process of the Consumer Financial Protection Bureau (CFPB) in developing rules covering the implementation of open banking in the United States. I promised that the Retail Payments Risk Forum would continue to follow developments in open banking, so in this post, I'm providing a small update.

In an October 25 speechOff-site link at this year's Money20/20 conference, CFPB director Rohit Chopra delivered a detailed roadmap and timeline for the rulemaking process for open banking. Chopra noted, "While not explicitly an open banking or open finance rule, the rule will move us closer to it, by obligating financial institutions to share consumer data upon consumer request, empowering people to break up with banks that provide bad service and unleashing more market competition." Concurrent with Chopra's speech, the CFPB issued a 71-page document Adobe PDF file formatOff-site link outlining the proposals and possible alternatives to open banking.

As I noted in my earlier post, before the CFPB can formally issue proposed rules, it must convene a panel of federal agencies representing "small entities" (businesses, government agencies, and organizations) to provide recommendations on regulatory alternatives to minimize the burden on impacted small entities. The agencies on the panel are the CFPB, the Small Business Administration's Office of Advocacy, and the Office of Information and Regulatory Affairs in the Office of Management and Budget. The CFPB is also conferring with other federal regulatory agencies and stakeholders.

The feedback from the affected small entities is due by January 25, 2023, and is expected to be published by the end of the first quarter of 2023. Taking into consideration the input received, the CFPB will issue a set of proposed rules covering data sharing later in 2023. There will be a public comment period with the expectation that the final rule will be issued sometime in 2024 with an implementation date.

In the published outline of the proposed rule, the CFPB makes clear that this will be an incremental process as far as the scope of coverage is concerned. The proposed rules will initially cover only Regulation E (deposit transaction accounts) financial institutions, Regulation Z (credit cards) issuers, and non-financial institutions that "issue digital credential storage wallets." These groups are referred to as "covered data providers." The proposed rule also addresses requirements for third-party data processors—those that receive or aggregate data authorized by the consumer. In particular, the CFPB is soliciting feedback on the disclosures that the data provider must offer the consumer and on how the covered data providers will verify that the third party has the authority to obtain the consumer's data.

We will continue to follow and report on the developments relative to the implementation progress of open banking in the United States.