Why Certain Republicans Commend an Agency They Detest
Recently, the future of the CFPB was uncertain. However, its newest rule appears to be designed for durability.
TroibNews 
Rohit Chopra has not garnered much admiration from Republicans. The head of the consumer finance watchdog, confirmed three years ago on a party-line vote, has focused his tenure on tightening regulations on both banks and tech firms, actions frequently highlighted by the White House as part of their effort to advocate for the interests of average Americans. In response, GOP lawmakers argue that Chopra’s approach is excessively partisan.
However, this week he established new regulations that enhance consumer control over their financial data, earning recognition from Patrick McHenry, the Republican chair of the House Financial Services Committee, who called it “a promising step forward to protect Americans’ financial data privacy.”
Such developments may not attract significant attention just two weeks before a presidential election that dominates the political landscape in Washington. Nonetheless, this regulation could emerge as a pivotal aspect of Chopra’s legacy, particularly because it may be more challenging to overturn if control of the White House—and thus his agency, the Consumer Financial Protection Bureau—shifts from blue to red.
This regulation also marks a fresh direction for the agency, which has faced criticism from Republicans since its inception. It signifies a more durable approach to rulemaking, as Chopra seeks cooperation from certain private sector entities.
The newly implemented data safeguards could instigate long-term structural changes in the financial landscape by redistributing power from major banks to emerging competitors who aim to offer similar services such as lending and payments. These tech-based challengers have earned significant support among right-leaning lawmakers.
However, the rule still faces potential legal challenges from the banking sector.
“Certainly, very few large incumbents want to face more competition,” Chopra noted in an interview this week. “That’s true in banking. That’s true in every sector.”
“But that’s exactly what Congress wanted to see is more competition rather than less,” he added.
The legal foundation for this data regulation is as longstanding as the CFPB itself, an agency largely credited to Senator Elizabeth Warren. Nonetheless, the demand for explicit regulations that empower consumers over their financial information has surged in recent years, particularly as banks and other companies have competed for access to this data behind the scenes.
The response to this regulation reflects a shift in the political dynamics surrounding the financial industry, driven by the emergence of technology companies that figures like McHenry view as viable competitors to traditional banks.
Another crucial insight from this development is that significant gaps remain in the current data privacy regulations, which only Congress can address, and these issues cannot be postponed indefinitely.
“This is progress for American innovation and consumers, but we can’t stop here,” McHenry remarked in response to the rule. “Congress must build on the bipartisan consensus regarding financial data privacy.”
Chopra and the CFPB appear to be leveraging a widespread dissatisfaction with the current uncertainties—an issue that could bridge the divide between Warren’s allies and McHenry’s supporters. The existing framework for privacy rules is riddled with inconsistencies.
Currently, when individuals use an app that requires access to their bank account data—whether for applying for a mortgage, managing budgets, or transferring money for a shared expense—there are typically two methods involved.
In one scenario, users log into their bank account within the app, which employs a middleman to "screen scrape" the data, gaining visibility into everything the user can access via their bank login. In another, users are redirected to their bank's website, where they effectively instruct the bank to share specific data fields through Application Programming Interfaces (APIs).
Standardized APIs remain an industry-wide aspiration but currently necessitate extensive negotiations among involved parties, and banks often seek to limit the information shared, especially with competitors. Screen scraping poses risks to consumers, as it can grant firms prolonged access to data that consumers may not wish to share.
The new regulations aim to remedy the current situation by requiring banks to transfer financial data to third parties if requested by the customer while also prohibiting those firms from using that data for other purposes.
Chopra presents the regulation as a way to facilitate consumers’ ability to "vote with your feet" and switch banks, thus empowering them to make informed comparisons regarding pricing and terms.
Additionally, he suggests the rule could allow individuals to secure loans even without a prior credit history by providing lenders with insights into their cash flow.
The rule appeals to both progressive and free-market conservative perspectives.
Under the new regulations, companies accessing an individual’s data cannot utilize it for targeted advertising, consumers are required to reauthorize data access annually, and they retain the right to revoke access at any time.
Some of these provisions could provide a framework for a broader overhaul of data privacy laws, an issue that has interested Congress for years, although meaningful progress has been rare.
“It only governs consumer-permissioned data from a bank account or credit account,” stated Chi Chi Wu, a senior attorney at the National Consumer Law Center, referencing the CFPB rule. “The guardrails that have been established are very good guardrails and hopefully will serve as a model for other privacy issues.”
In contrast, banks have expressed concern. They argue that this regulation could exacerbate fraud and scams by limiting their ability to control data access when consumers direct them to share information with potentially unreliable third parties. They also fear increased liability for ensuring customers are protected in such cases.
“By mandating banks must hand over sensitive customer account data to any third party that got someone to click ‘I accept’ on their app, this rule handcuffs banks’ ability to demand high security standards from third parties,” said JPMorgan Chase spokesperson Trish Wexler in a statement.
On the same day the rule was introduced, the Bank Policy Institute and the Kentucky Bankers Association initiated a lawsuit against it.
If the rule withstands legal challenges—or if efforts succeed to enshrine aspects of it into law—a significant outcome will be a reallocation of power within the financial industry. Banks and payment platforms like Apple Pay will all have to collaborate if a customer requests it—a factor that has made data aggregators welcome the CFPB’s initiative, despite the increased scrutiny of their data management practices.
In our discussion, Chopra emphasized that the rule aligns with trends already surfacing in the industry.
“This really doesn’t create a new framework from scratch. It builds on what has already been successful in the marketplace,” he stated. “That’s part of the reason I think you’re seeing broad support.”
Olivia Brown for TROIB News
However, this week he established new regulations that enhance consumer control over their financial data, earning recognition from Patrick McHenry, the Republican chair of the House Financial Services Committee, who called it “a promising step forward to protect Americans’ financial data privacy.”
Such developments may not attract significant attention just two weeks before a presidential election that dominates the political landscape in Washington. Nonetheless, this regulation could emerge as a pivotal aspect of Chopra’s legacy, particularly because it may be more challenging to overturn if control of the White House—and thus his agency, the Consumer Financial Protection Bureau—shifts from blue to red.
This regulation also marks a fresh direction for the agency, which has faced criticism from Republicans since its inception. It signifies a more durable approach to rulemaking, as Chopra seeks cooperation from certain private sector entities.
The newly implemented data safeguards could instigate long-term structural changes in the financial landscape by redistributing power from major banks to emerging competitors who aim to offer similar services such as lending and payments. These tech-based challengers have earned significant support among right-leaning lawmakers.
However, the rule still faces potential legal challenges from the banking sector.
“Certainly, very few large incumbents want to face more competition,” Chopra noted in an interview this week. “That’s true in banking. That’s true in every sector.”
“But that’s exactly what Congress wanted to see is more competition rather than less,” he added.
The legal foundation for this data regulation is as longstanding as the CFPB itself, an agency largely credited to Senator Elizabeth Warren. Nonetheless, the demand for explicit regulations that empower consumers over their financial information has surged in recent years, particularly as banks and other companies have competed for access to this data behind the scenes.
The response to this regulation reflects a shift in the political dynamics surrounding the financial industry, driven by the emergence of technology companies that figures like McHenry view as viable competitors to traditional banks.
Another crucial insight from this development is that significant gaps remain in the current data privacy regulations, which only Congress can address, and these issues cannot be postponed indefinitely.
“This is progress for American innovation and consumers, but we can’t stop here,” McHenry remarked in response to the rule. “Congress must build on the bipartisan consensus regarding financial data privacy.”
Chopra and the CFPB appear to be leveraging a widespread dissatisfaction with the current uncertainties—an issue that could bridge the divide between Warren’s allies and McHenry’s supporters. The existing framework for privacy rules is riddled with inconsistencies.
Currently, when individuals use an app that requires access to their bank account data—whether for applying for a mortgage, managing budgets, or transferring money for a shared expense—there are typically two methods involved.
In one scenario, users log into their bank account within the app, which employs a middleman to "screen scrape" the data, gaining visibility into everything the user can access via their bank login. In another, users are redirected to their bank's website, where they effectively instruct the bank to share specific data fields through Application Programming Interfaces (APIs).
Standardized APIs remain an industry-wide aspiration but currently necessitate extensive negotiations among involved parties, and banks often seek to limit the information shared, especially with competitors. Screen scraping poses risks to consumers, as it can grant firms prolonged access to data that consumers may not wish to share.
The new regulations aim to remedy the current situation by requiring banks to transfer financial data to third parties if requested by the customer while also prohibiting those firms from using that data for other purposes.
Chopra presents the regulation as a way to facilitate consumers’ ability to "vote with your feet" and switch banks, thus empowering them to make informed comparisons regarding pricing and terms.
Additionally, he suggests the rule could allow individuals to secure loans even without a prior credit history by providing lenders with insights into their cash flow.
The rule appeals to both progressive and free-market conservative perspectives.
Under the new regulations, companies accessing an individual’s data cannot utilize it for targeted advertising, consumers are required to reauthorize data access annually, and they retain the right to revoke access at any time.
Some of these provisions could provide a framework for a broader overhaul of data privacy laws, an issue that has interested Congress for years, although meaningful progress has been rare.
“It only governs consumer-permissioned data from a bank account or credit account,” stated Chi Chi Wu, a senior attorney at the National Consumer Law Center, referencing the CFPB rule. “The guardrails that have been established are very good guardrails and hopefully will serve as a model for other privacy issues.”
In contrast, banks have expressed concern. They argue that this regulation could exacerbate fraud and scams by limiting their ability to control data access when consumers direct them to share information with potentially unreliable third parties. They also fear increased liability for ensuring customers are protected in such cases.
“By mandating banks must hand over sensitive customer account data to any third party that got someone to click ‘I accept’ on their app, this rule handcuffs banks’ ability to demand high security standards from third parties,” said JPMorgan Chase spokesperson Trish Wexler in a statement.
On the same day the rule was introduced, the Bank Policy Institute and the Kentucky Bankers Association initiated a lawsuit against it.
If the rule withstands legal challenges—or if efforts succeed to enshrine aspects of it into law—a significant outcome will be a reallocation of power within the financial industry. Banks and payment platforms like Apple Pay will all have to collaborate if a customer requests it—a factor that has made data aggregators welcome the CFPB’s initiative, despite the increased scrutiny of their data management practices.
In our discussion, Chopra emphasized that the rule aligns with trends already surfacing in the industry.
“This really doesn’t create a new framework from scratch. It builds on what has already been successful in the marketplace,” he stated. “That’s part of the reason I think you’re seeing broad support.”
Olivia Brown for TROIB News
