CFPB to Seek Feedback on Open Banking Rulemaking in November

Open banking continues to grow and so do regulatory frameworks that aim at fostering its use.

In countries like the U.K. or Europe, this process is regulatory driven and regulators are likely to bring new developments in the second half of 2022. In the U.S., open banking has been mostly led by the industry, but some federal regulators are considering enacting new rules that would give customers more power to share their financial data. Let´s take a look at the new laws and regulations that could be introduced after the summer recess. 

United States 

The U.S. doesn´t have a specific federal law mandating open banking solutions, but the Consumer Financial Protection Bureau (CFPB) may soon change that. CFPB Director Rohit Chopra has long advocated for new rules that facilitate consumers sharing their financial data with multiple providers.  

Since 2021, the CFPB has been working on designing new rules under section 1033 of the Dodd-Frank Wall Street Reform and Consumer Protection Act that would effectively implement open banking solutions in the U.S. Yet, the project has suffered some delays, among other things, because the agency is grappling with how to handle consumer privacy and data protection issues, according to sources with knowledge on the matter. 

Read More: CFPB Faces Fraud, Privacy Concerns in Open Banking Rules 

However, last June, the CFPB announced its Spring Regulatory Agenda and it included a draft rulemaking under section 1033, suggesting that the first rule on open banking could be ready before Spring 2023. 

The next step in the CFPB’s rulemaking process is a small business panel review. The CFPB will conduct the panel review in November according to an agency’s schedule outlined in the rulemaking agenda.  

The Small Business Regulatory Enforcement Fairness Act requires the CFPB to seek feedback from a panel of small businesses about new regulations that may affect them.  

The panel has 60 days to submit a report to the CFPB, after which the agency can issue a draft rule. Thus, the timeline may be tight for a new rule by the end of the year, pushing back any proposal to early 2023. 

Read More: CFPB Takes First Steps for Open Banking, Big Tech Scrutiny 

European Union 

Open banking in Europe is regulated by the second payment service directive (PSD2). Adopted in 2015, the law established basic data-sharing rules, but EU regulators are planning to review the text to reflect on the technological advances that have occurred in the last few years.  

With this objective in mind, the European Commission in May launched a consultation to gather information from stakeholders about the effectiveness of the PSD2 and what areas would benefit from a revision. The consultation will close on Aug. 5 and even though the results are not binding, the input would help the regulator to design the new PSD3. Some areas of interest for the commission, according to the consultation, are strong customer authentication rules and reducing fraud. Interestingly, the European Banking Authority asked the commission to explore the possibility of establishing standard application programming interfaces (API) to facilitate the adoption of open banking and open finance. 

There is no statutory timeline for a legislative proposal, but some EU commissioners have suggested that the first draft of the PSD3 could be ready before the end of 2022. 

The commission also launched a consultation about open finance, which could take the data-sharing principles beyond bank accounts and extend them to other financial products like pension, wealth management and insurance. However, a rule on this space is not likely in 2022. 

Read More: EU Regulator Launches PSD3, Open Finance Consultations 

Read More: PSD3 Set to Mandate API Standardization 

United Kingdom 

The U.K. is, arguably, the country with the most comprehensive open banking regulatory framework. The term “open banking” was coined in the U.K. when the Competition and Markets Authority mandated the largest banks in the country to share their customers’ data with other providers in 2016. 

The U.K. is in the middle of a regulatory and institutional transformation that the government expects will push open banking more than in any other country.  

The Treasury, the Financial Conduct Authority and the Payment Systems Regulator (PSR) are designing a new regulatory entity that will be in charge of promoting open banking in the country. The regulators expect this entity to be fully operational at the beginning of 2023. The PSR is also supervising the design and implementation of a new payment architecture that will also foster open banking by establishing common APIs, although this new infrastructure will still need a few years to be fully implemented. 

Read more: UK Seeks Guidance on New Open Banking Roadmap, Regulator 

 

For all PYMNTS EMEA and TechReg coverage, subscribe to our daily newsletters.


‘Unbeatable’ Fake IDs Become Booming Underground Business

While digital identity crimes are an ever-present threat, fake physical IDs have never gone away.

And as The New York Times (NYT) reported recently, these IDs — long-prized by underage folks who want to hit the bars before they’re legally allowed — are only growing more sophisticated.

That’s because continual upgrades to license designs means that the type of fake ID students once put together themselves in their dorms no longer past muster, the report said. Now, counterfeiters are putting together fake IDs that include holograms, bar codes and laser engraving that can trick bar owners’ electronic scanners.

The counterfeiters, the report added, put up websites listing replicas by state, take payments in cryptocurrency, and build fake IDs with equipment and materials they promise can fool the sharpest-eyed bouncers.

These sites, NYT said, list licenses with “scientific specificity,” including details about card thickness in micrometers, laminates, and security enhancements like embedded data chips, ultraviolet features and coded magnetic strips.

“They are unbeatable,” Martin Sheil, 62, who owns the Josie Woods Pub in Greenwich Village, told NYT.

The report noted that Chicago’s O’Hare International Airport last month confiscated 984 counterfeit licenses in less than a week. Steve Bansbach, a federal Customs and Border Protection spokesman, told the newspaper that there’s a larger threat here than just kids getting served alcohol: the idea that these cards could be used in identity theft and human trafficking.

PYMNTS discussed the problem of fake IDs last year with Intellicheck CEO Bryan Lewis, who noted that advanced technologies are vulnerable to threats, as voice prints, face prints and facial recognition can all be mimicked with artificial intelligence (AI).

At the same time, he added, treating everyone like a criminal to filter out the small number of people who actually are criminals can inject friction into the verification process and harm businesses. The key, Lewis told PYMNTS CEO Karen Webster, is to let people prove they are who they say they are in the easiest way.

“If you can tell that a government-issued ID is real, that’s the most important step,” Lewis said. “After that, you can use the face or something else, because now we’ve tied a face or voice to an identity — and you can create an immutable token.”

Lewis said his company’s data shows that 1% of activity moving through title companies involves a fake ID. The same percentage applies to the bank branch setting, where someone could open an account to move money without a credit pull. It’s the reason account takeovers are one of the fastest-growing forms of identity theft, he added.