CFPB's Chopra: 1033 will stop 'incumbents' who 'exploit' data

Rohit Chopra
Consumer Financial Protection Bureau Director Rohit Chopra
Bloomberg News

WASHINGTON — Consumer Financial Protection Bureau Director Rohit Chopra framed the vocal opposition to the bureau's newly finalized open banking rule as an attempt by financial firms to maintain their dominant position over consumers and smaller competitors.  

The bureau issued the final 1033 rule — named for the section of the Dodd-Frank Act requiring the bureau to establish rules allowing bank customers greater control over their financial data — on Monday, capping a yearslong effort to establish so-called open banking in the United States. 

Banks and banking trade organizations decried the final rule, which they said would compel banks to share sensitive consumer data with unvetted third parties. The Bank Policy Institute, which represents the largest banks, joined a handful of other plaintiffs in filing a lawsuit against the rule on Tuesday.

Chopra framed the opposition to the rule as an attempt by entrenched business interests to retain their dominant position over consumers' financial data, and, by extension, to use that data as a profit center. He added that there is considerable support in the broader business community for the open banking rule.

"I think a lot of incumbents are wanting to hold on to consumer data and exploit it for themselves," Chopra told reporters following an appearance at the DC Fintech Week conference Wednesday. "I'm not going to comment on any lawsuit, but we have very broad support from industry players who know that the long-term interest of our system is best served by robust competition and data protection for the digital age."

Chopra said during his remarks at the conference that one of the fundamental problems with the way financial data is shared now is that consumers effectively have to agree to broad and at times onerous data-sharing agreements in exchange for the services they seek, even if those agreements entail tracking consumers' activities in ways that can cost them down the road.

"We know that a lot of firms are looking to use our financial data to engage in surveillance-based pricing," Chopra said. "One of the problems is that disclosures and other click-through contracts have turned into mush, and instead of being clear about what is happening, instead we see fine print that, number one, no one reads, and two, when you read it, all it says is, 'We'll do whatever the hell we damn please, as long as it's legal.'"

Chopra said the bureau's ongoing work to develop additional rules for data aggregators under the Fair Credit Reporting Act will tie in with the open banking rule to create a more consumer-friendly and competitive online environment. 

"I think people want their data used for the purpose that they intended, and they don't want a bait and switch, and that's why we're going to continue also with some additional rulemaking under the Fair Credit Reporting Act to make sure that all these data brokers that are collecting information about us are adhering to some reasonable standards on transparency, accuracy and privacy," Chopra said.

Chopra added in his remarks after the conference that the disclosure requirements — which were established in the 1999 Gramm-Leach-Bliley Act — could benefit from a more comprehensive update from Congress, and said that the bureau is in conversation with lawmakers who are interested in pursuing a more robust data disclosure framework.

"There's broad support for enshrining more privacy protections when it comes to financial privacy. I think there's an agreement that that notice, annual privacy notice isn't enough," Chopra said. "There's broader issues when it comes to financial privacy. We do not really discuss who we're working with, but there's a lot of interest and we're always providing advice to those who want to advance this, and there's certainly a strong appetite on both sides of the aisle."

When asked for comment on the bank lawsuit against the open banking rule, Chopra said he had few details to share.

"I haven't read their complaint," Chopra said. "And I don't know if they've read our rule."

For reprint and licensing requests for this article, click here.
Data privacy Data security Regulation and compliance Litigation
MORE FROM AMERICAN BANKER