The Bank Policy Institute and the Kentucky Bankers Association filed a lawsuit Tuesday (Oct. 22) challenging the Consumer Financial Protection Bureau’s (CFPB) final rule on data sharing that was unveiled on the same day.
The plaintiffs assert in the lawsuit that the rule jeopardizes the security and privacy of consumer financial data, they said in a Tuesday press release.
In the lawsuit, they said that with its rule, the CFPB is “overstepping its statutory mandate and injecting itself into a developing, well-functioning ecosystem that is thriving under private initiatives.”
“The rule that Plaintiffs challenge seeks to cut off that private development and replace it with a complicated, expensive, mandatory regulatory framework that Congress never authorized,” the lawsuit said. “Worse yet, the framework the agency has adopted is fundamentally unsafe, so the primary result of its overreach will be to harm the very consumers it is charged with protecting.”
The lawsuit alleges that the CFPB’s rule is unlawful because it requires banks to provide their customers’ financial information to purportedly “authorized” third parties, increases security risks to consumers without increasing the level of security protection afforded to their deposits and data, outsources the authority to set standards for compliance to third-party organizations, imposes a timeline for data providers to come into compliance with the rule at a time when the standards are unknown, and imposes costs and risks on banks while banning them from charging any fees to recoup those costs.
“For all these reasons … this Court should bring a halt to the Bureau’s unlawful efforts to force banks to engage in unsafe dissemination of their customers’ personal financial information and set aside the Rule under the Administrative Procedure Act (APA),” the lawsuit said.
The rule unveiled Tuesday by the CFPB aims to give consumers greater control over their financial data and the ability to share it securely with third-party providers, PYMNTS reported Tuesday.
CFPB Director Rohit Chopra said Tuesday that the release of the final rule will be followed by the agency “developing a roadmap for the next set of rules to advance open banking.”
The Defense Credit Union Council expressed concerns about the rule Tuesday, saying credit unions would share data that might expose them to legal troubles tied to third-party handling of that data, which in turn would wind up “compounding operational and financial burdens.”