Earlier this month, President Biden signed a sweeping executive order aimed at creating more competition in the US economy. Much of the focus since has been on pieces of the order that aim to reduce the consolidated power of tech giants like Google or Facebook. But one section buried deep in the order could dilute the power of America’s largest banks, who together hold near-monopolies on most Americans’ money.
And the major American banks, to say the least, are not pleased.
The order—which Biden signed to much fanfare in a White House ceremony—encourages the Consumer Financial Protection Bureau (CFPB), the Wall Street watchdog created after the 2008 financial crisis, to issue rules that will make it easier for people to transfer their personal financial data between institutions. Practically, that would mean pieces of a person’s digital financial life—including transaction history, automatic bill pay setups, direct deposits, and more—could be moved with a few clicks to companies other than big banks, such as community banks, credit unions, or “fintech” apps that allow customers to perform banking functions from their phones or computers.
That might not sound like a big deal. Or it may sound like it’s already happening, as many consumers invest their money with robo-advisers like Betterment or link their financial accounts to budget trackers like Mint. But it’s a move that big banks have long seen as something of an existential threat. Their fear is that if customers can easily move their money and information between institutions, then fintech companies taking an innovative approach to banking and consumer finance will siphon off customers, shrinking the market share and political standing of major banks. In January, Jamie Dimon, the CEO of JPMorgan Chase, summed up the banking sector’s fears of fintech: “Absolutely, we should be scared shitless.”
The regulation Biden is encouraging builds on an obscure piece of the Dodd-Frank act, the sweeping set of financial reforms enacted in 2010 to safeguard against another Wall Street–induced financial collapse. Section 1033 of the act created a right for consumers to access their financial data and move it around, and left it to the CFPB to create formal rules to enforce that right for customers. But in the decade-plus since Dodd-Frank’s passage, the CFPB has never issued those rules—instead publishing principles around data-sharing in 2017 that are not binding on banks, or anyone else.
Since the CFPB is an independent agency, the White House can’t require it to pass formal rules. But Biden’s explicit request in this month’s executive order is seen as a strong signal of the direction the administration will take on financial regulation—especially given that Biden has the power to nominate (or fire) the CFPB’s director.
Even without formal rules, the broad data-access rights outlined in Section 1033 have helped usher in a boom in fintech companies—payment platforms, robo-advisers, and other financial apps that aren’t official banks but offer services that enable customers to spend, track, or invest their money. Many consumer advocates see fintech as a potential boon for more inclusive finance. (The New York Fed found that at the height of the pandemic, a quarter of Black-owned businesses turned to fintech lenders to secure Paycheck Protection Act loans after Black business owners encountered a well-documented host of obstacles while trying to access the relief funds through traditional banks.) This potential is not without its risks: Fintechs are less regulated than traditional banks, and the digital movement of money and sensitive financial data poses legitimate cybersecurity concerns. But consumer groups have argued that this is further proof of the need for strong rules that democratize data access while also addressing security concerns.
In the days following the 2020 presidential election, the CFPB published a notice to announce that it was considering issuing official rules under Section 1033. Consumer advocates voiced enthusiastic support for the regulation, submitting a lengthy comment letter in February outlining ways for the agency to craft rules that would give consumers more choices in their financial lives. A carefully constructed rule, they argued, would upend the Big Three credit bureaus by ushering in alternative ways of assessing creditworthiness, and it would pave the way for apps that help customers budget and pay bills more easily, or that allow them to avoid the sorts of fees—like overdraft charges—that traditional banks profit from. Such fees and other practices that hurt consumers persist in banking, they said, primarily because the current regulatory landscape makes it tough for customers to switch to other financial institutions.
“The control that financial institutions have over account data, and the difficulty of moving it elsewhere, inhibits competition and locks consumers into accounts with which they are unhappy,” wrote a group of six consumer advocacy organizations in February. “The Section 1033 rule should facilitate mechanisms to enable consumers to access their data to enable comparison shopping and switching providers.”
Comparison shopping and switching providers are precisely what banks don’t want.
“Competition issues are about market power and political power at all times,” says Graham Steele, a former top aide to Senate Banking Committee chair Sherrod Brown (D-Ohio) and Biden’s nominee for assistant treasury secretary for financial institutions. “And banks’ political power comes both from the amount of wealth that a bank controls, but also how many people it employs and how many customers it has. So [Section 1033] is a way of making banks smaller, from both a political perspective as well as a market perspective.”
Banks have long resisted the sort of democratized data access that Section 1033 encourages. Since 2015, several large banks have at times cut off access to data aggregators that serve as middlemen between banks and fintech apps. In a 2016 letter to shareholders, Dimon railed against fintech apps and data aggregators, accusing them of taking too much customer data and continuing to access it for years after customers have stopped using their services. (The New York Times noted that this assertion is inaccurate.)
So it’s no surprise that ever since the CFPB’s November announcement, banks have again pushed back against the rule. They’ve done this in part through something called the Clearing House—a conglomerate that’s part banking association and part payment company, and which counts the biggest American banks among its owners, including JPMorgan Chase, Bank of America, and Citigroup.
In a lengthy letter to the CFPB in February, the Clearing House made a number of arguments aimed at muddying up the CFPB’s rulemaking—or discouraging it altogether. It warned the CFPB that crafting the rules would be “time-consuming” and would require a “substantial commitment” of bureau resources. It argued that some consumer financial data should be considered outside the scope of Section 1033, and it asked the CFPB to give the holders of that data—major banks—the right to impose extra requirements on access to the data by customers. It also claimed that the rule would lead to such rapid industry change that the CFPB would not be able to keep up, creating an innovation bottleneck where companies would be forced to await decisions from the CFPB before they could move forward. For these reasons and more, the letter advised the CFPB that developing more nonbinding guidance—instead of formal rules—would be “preferable.”
In arguing against Section 1033, banks—including PNC Bank, Wells Fargo, and the Bank Policy Institute, a group that lobbies on behalf of major banks—have played up the security risks of data sharing. Their concern is that Silicon Valley startups trying to disrupt finance won’t treat sensitive consumer data with as many safeguards as those provided by banks. In its letter to the CFPB, the Clearing House argued that to offset security risks, banks should receive the same rights as consumers in determining which third-party providers or apps are trustworthy enough to get consumer data—a move that, in practice, would likely make it much more difficult for third-party providers to receive consumer data, gumming up the anti-competitive aims of Section 1033.
Financial data sharing does have real cybersecurity concerns, says Steele, but consumer advocacy groups argue that carefully written CFPB rules could be designed to mitigate these security risks. Softening the rule over these potential security risks primarily serves banks’ financial incentives to hoard data. “They’re self-interested in making that argument because it’s largely coming from a place of keeping the consumers in their bank rather than losing them to an upstart company,” Steele says.
“While financial institutions have legitimate security concerns about how their customers’ data is accessed, they should not block access to that data for the purpose of stifling competition,” noted the National Consumer Law Center last year.
Final say over the 1033 rule will likely fall to Rohit Chopra, Biden’s nominee to lead the CFPB and a current commissioner at the Federal Trade Commission, which oversees antitrust issues. Chopra has yet to be confirmed by the Senate to lead the consumer watchdog, and he hasn’t made his views on Section 1033 explicit. But he’s made clear in past interviews and during his March confirmation hearings that he supports regulations that encourage the creation of new businesses that will serve consumers’ financial needs.
“I don’t want to see a banking system or financial services system where new market entrants cannot get in, cannot compete and win the day,” he said in March. “Dominant players should not be able to squelch out competition.”
This post has been updated.