Several organisations representing the US banking sector have requested more time to comply with the Consumer Financial Protection Bureau’s (CFPB’s) Personal Financial Data Rights rule, citing the “complex and time-intensive changes” banks will need to make.
In a letter addressed to CFPB director Rohit Chopra, The Bank Policy Institute, The Clearing House Association, the Consumer Bankers Association, and the American Bankers Association have asked for a compliance date of “at least” two years from the issuance of a final rule.
“As the associations and their members have continued to review and analyze the proposal to plan and prepare for implementation, it has become even more clear than we had previously articulated in our comment letters that, once a final rule is issued, banks likely will have to make complex and time-intensive changes to their systems and processes to implement, and create associated controls to ensure ongoing compliance with, the requirements of a final rule,” the organisations wrote.
Among the changes to systems and processes the groups state that its members face are updating public-facing websites to meet the final rule’s public disclosure requirements, and generating and publishing performance metrics to align with the CFPB’s new definitions.
Banks will also need to upgrade underlying technology infrastructure to meet API performance standards, ensure data is provided in a standardized format that is yet to be decided, and enable support for required data elements not currently shared, such as bill payment data, the letter outlined.
The banking groups said that by allowing this additional timeframe in which to comply with the Open Banking rulemaking, customers of institutions which have already built APIs that enable data sharing with third parties for over 50 million customers, will be able to “reliably continue enjoying the benefits of data sharing”.
“A shorter compliance period will require data providers to redeploy operating resources to meet the deadline as firms scramble to fit existing data sharing systems to the new rules, which likely would disrupt services to tens of millions of consumers,” the organisations stated.
The groups also said more time is needed for a standard-setting body to be recognised by the CFPB.
Last month, the CFPB outlined the attributes required to become a recognised Open Banking standard-setting body in the US, with companies required to seek formal recognition from the regulator.
The ‘Joint Trades Letter to CFPB on 1033 Compliance Dates’ ends with a request to meet with Chopra and his staff “to discuss in greater detail the scope of work that implementation will require even for the largest, most sophisticated data providers to help ensure a mutual understanding of the work and time that will be required to comply with a final rule”.
