On April 26 and 27, during his Senate and House testimony, Rohit Chopra, Director of the Consumer Financial Protection Bureau (CFPB) offered important insights into the regulator’s next steps. One of them was open banking.
Mr. Chopra said he would like to push for new regulations under Section 1033 of the Financial Consumer Protection Act to promote competition in financial markets through open banking. This is a priority for the bureau – but at the moment the CFPB has only published a “Notice of Proposed Rulemaking” in October 2020 seeking comment on a potential rule.
A new rule would allow consumers to easily share their financial data with third parties, ultimately making it easier to switch service providers. However, the CFPB is wrestling with how to handle consumer privacy and data protection concerns, according to sources with knowledge of the matter, Reuters reported on May 4. Additionally, the bureau will also need to address the issue of Authorized Push Payments (APP) fraud and determine who may be liable for potential compensation.
Privacy, data issues
Chopra’s privacy concerns focus in part on how Big Tech companies may use data, a concern he also flagged during his Senate and House testimony. During his time at the Federal Trade Commission as commissioner from 2018 to 2021, Chopra took a strong stance on the data privacy practices of Big Tech companies — and he may be wary that these companies could exploit personal data. consumers to strengthen their services.
The law will need to strike the right balance between how to protect consumers’ security, privacy and effective control over their data and how best to advance competition. A source at the agency said the CFPB “felt the pinch” to come up with the rule but struggled to “find the right balance”, Reuters reported.
The new rule may also need to address the issue of liability for APP fraud, when victims are willfully but unknowingly tricked into sending money to fraudsters under false pretenses. A new rule that allows consumers to share data with many providers will bring many benefits, but it may also increase the risk of fraud, as banks will have to provide data to payment service providers (PSPs) and process payments when the user provides his information. consent. Even though banks and PSPs have good AML and KYC programs in place, this type of fraud is difficult to detect before it happens. It is not yet clear whether banks and financial institutions (FIs) should be held liable and compensate victims for APP fraud.
In the UK, banks and financial institutions have a duty to exercise due diligence with their customers to prevent APP fraud. However, there is no legal mandate for PSPs, banks and FIs to compensate victims of APP fraud if they have exercised due diligence – typically, if they have AML and KYC programs. who did not detect anything unusual.
However, the UK Payments Systems Regulator (PSR) has worked with the industry to introduce new tools and code to reduce APP fraud and compensate victims in certain circumstances. For example, the PSR created in 2019 a Model Contingent Reimbursement Code that PSPs can voluntarily adopt – in fact, the biggest UK banks are signatories to the code – to compensate victims if they have done nothing wrong.
In January 2022, the PSR proposed several measures to combat APP fraud. Under the proposal, some of the biggest banks will have to publish data on their performance with regard to APP scams, levels of reimbursement for victims, and the bank and building society accounts that are used to receive the fraudulent funds.
The regulator is also seeking to make refunds mandatory for victims of APP scams, although it needs government help to change some laws first, as the current legal framework would not allow for mandatory refunds.
The next step in the CFPB rulemaking process is a review by a small business panel. The CFPB will review the commission “by the end of the year‚” according to an agency spokesperson.
The Small Business Regulatory Enforcement Fairness Act requires the CFPB to seek input from a panel of small businesses on new regulations that may affect them.
The panel has 60 days to submit a report to the CFPB, after which the agency can issue a draft rule.