would need to make available upon request. According to the proposed rule, covered data includes: ▶ transaction information, including historical data (at least 24 months); ▶ account balances; ▶ terms and conditions; ▶ upcoming bill information; and ▶ basic account verification information, such as name, address, email, etc. It excludes confidential commercial information, algorithms, information used to prevent fraud or money laundering or other crimes, and information that is required confidential under other laws, as well as other information that the provider cannot retrieve in the ordinary course of business. At the request of a consumer or authorized third party, providers must make covered data available in a machine-readable format that can be retained by the consumer or authorized by a third party and transferred for processing into separate information systems – all without imposing fees or charges. How Rule 1033 is Accelerating Open Banking Open banking uses APIs to enable developers to access an institution’s data, which includes customer data.4 The technological approach enables banks to offer new products or services without building them internally or relying on a single provider. Rule 1033 aims to place data rights in the hands of consumers, expanding the definition of open banking and giving them more control. Bradley Wallace Director of Compliance CSI Bradley.Wallace@CSIweb.com After serving in the banking industry, including as a senior commercial credit officer, Bradley now uses his extensive knowledge of the regulatory landscape to advise financial institutions on regulatory issues. While that control could make customers less “sticky,” it could be welcome news for institutions that prioritize a relationship-based approach to customer service, like community banks. As consumers exercise more control over their data, they’re more able to switch to banks that provide personalized service and their desired products, instead of remaining with those that hoard all their financial data but provide poor service and lacking products. Data Rights Considerations in Open Banking As with any technology partnership, concerns may arise regarding data sharing and third-party data breaches. However, there are ways to mitigate risk for your institution. And the opportunities that open banking provides, from improving customer experience to expanding revenue lines, can better position your institution against the competition. As a data steward, your bank should consider several factors to protect your customers and remain compliant. Safeguard your digital services, core platform and any other sectors placed into your open banking ecosystem. Your bank should also ensure you have secure processes in place, including handling file transfers without opening yourself up to any vulnerabilities. To maximize your security and incident preparedness, develop and maintain policies and procedures for preventing and managing a security breach. Additionally, make sure you understand data retention and data deletion obligations. Sharing Data in the Digital Era When it comes to Rule 1033, your bank has a choice to make. Will you simply implement measures to ensure compliance once required and deliver data upon request? Or will you embrace open banking to better serve current and prospective customers? Developing the right open banking strategy for your institution can provide long-term benefits for your bank. FOOTNOTES 1 CFPB Proposes New Regulation on Consumer Data Rights (December 2023): https://bit.ly/4cukzg7 2 Required Rulemaking on Personal Finance Data Rights (October 2023): https://bit.ly/4dIviVk 3 CFPB Proposes Rule to Jumpstart Competition and Accelerate Shift to Open Banking (October 2023): https://bit.ly/3SV0Qzn 4 Why Open Banking is Driving the Future of Financial Services (January 2023): https://bit.ly/3yQC9x6 Computer Services Inc. (CSI) is an associate member of the Indiana Bankers Association. SEPTEMBER/OCTOBER 2024 49
RkJQdWJsaXNoZXIy MTg3NDExNQ==