译者按:2024年3月13日,美国消费者金融保护局(CFPB)官网上发布了该局局长罗希特▪乔普拉(Rohit Chopra)在全球金融数据交换峰会上发表的演讲稿。他阐述了自己有关制定开放银行规则重要性的认识。现将这篇文章全文翻译如下,供参考。
Prepared Remarks of CFPB Director Rohit Chopra at the Financial Data Exchange Global Summit
MAR 13, 2024
Today, I want to discuss the status of where we are on accelerating America’s shift to open banking, with a focus on the role of standard setters and standard-setting. I then want to discuss some of the dangers of how the standard-setting process can be weaponized in an anticompetitive way. I’ll close with how standard-setting organizations can anticipate becoming recognized by the Consumer Financial Protection Bureau (CFPB).
All of you in this room know that the United States has a clunky system when it comes to switching financial products. Moving to a new checking account with a better interest rate involves resetting direct deposits and recurring bill-paying, printing new checks, and obtaining a new card device. Mistakes can be costly. It’s no surprise that the largest banks in the country have barely budged on their rates, but still retain their depositor base.
Open banking involves less red tape and more seamless switching. Several months ago, the CFPB proposed rules that will serve as a key foundation in the shift to open banking. The rules rely on a dormant authority under Section 1033 of the Consumer Financial Protection Act, which gives consumers rights to access their data. The rules also seek to ensure that sensitive personal financial data is safe and private.
We are in the process of finalizing these rules, by reviewing feedback to our proposal, coordinating with our sister components within the Federal Reserve System, and thinking through enforcement with other financial regulators.
As part of this process, there is growing discussion about how to set relevant industry standards – including data standards and sharing protocols. These standards are very important to make sure the system is open and interoperable. The proposal we issued last year recognizes the important role standards and standard setting will play in open banking. However, the proposal also purposely avoids micromanaging or dictating prescriptive technical details.
We all probably recognize the importance of standard-setting. Electronics sold in the U.S. have a common set of plugs that fit into outlets installed in our homes and offices. Motor vehicles sold in the U.S. are designed to drive on the right side of the road. Standards can help create a common understanding for engineers and designers to build products and offerings.
Financial services are no different when it comes to the need for standards. Debit and credit cards generally follow a standard. American Express cards typically start with a “3,” Visa cards with a “4,” and Mastercard cards with a “5.” Certain digits give us a clue on the issuing bank and the account number, while others help quickly determine if it’s a valid number.
The physical card also has other attributes that allow it to be read using different types of readers, in order to be accepted by swiping the magnetic stripe, tapping, or inserting the chip. These standards are all developed by industry participants. While government has some involvement and varying degrees of oversight, I expect open banking will need the same type of standard-setting.
Some of this standard-setting might be technical in nature. For example, open banking would be easier and less reliant on intermediaries if developer interfaces always provided data in a standardized format. Other types of standard-setting might be more along the lines of best practices, such as norms for how data providers communicate and implement scheduled downtime or other disruptions that may interfere with consumers’ data access rights.
We learned a great deal from other jurisdictions’ efforts to implement open banking around the world. Specifically, we understand how important it is to strike a balance between regulations being too prescriptive – which can slow adoption and lock the market in to old technology, and regulations not being prescriptive enough – which can lead to messy or fragmented standards, or prevent standards from sufficiently developing.
We know that in some jurisdictions, such as Australia, regulators have gone to great lengths to prescribe detailed technical standards for data sharing in their open banking regimes. However, I’m less confident a similar approach would work in the U.S.
At the same time, we also know that in other jurisdictions, such as in the EU, regulators took an approach that led to fragmented or conflicting standards. This approach created complications for implementation and undermined interoperability.
Of course, we know dangers exist when more powerful players weaponize industry standards. We have to be vigilant that standard-setting does not skew to benefit dominant firms and their prevailing market power.
Importantly, weaponizing industry standards is not a new problem. To take an example from the manufacturing industry, in Allied Tube & Conduit v. Indian Head, Inc., a 1988 Supreme Court case, the Court discussed how incumbent steel conduit producers used a standard-setting organization’s procedures to exclude an innovative, plastic-based conduit, locking the market in to old technology.
To take another Supreme Court example, in 1982 in American Society of Mechanical Engineers v. Hydrolevel Corp., the Court highlighted a situation wherein an official of a standard-setting organization conspired to release an interpretation of the organization’s code for water boiler safety devices that was unfavorable to a competitor of the official’s firm. That is, an official of a standard-setting organization used his position in that organization to lock a competitor, with a different approach, out of the market. It’s notable that in the case, the Court held the standard-setting organization could be held liable for the anticompetitive acts of the official.
In financial services, we’ve also seen how the owners of networks and financial plumbing can distort the rules in their favor.
We continue to hear reports about incumbents potentially coordinating efforts to limit consumers’ exercise of their rights to access data by forcing data sharing through a bank-owned venture.
Anti-competitive behavior by dominant firms or standard setters is not going to advance open banking. Banks can choose their own service providers to enable open banking, but we will be watching out to make sure that such service providers are not used to an anticompetitive effect.
Some of these anti-competitive tactics may also violate the law. The CFPB is in regular communication with the Department of Justice to flag potential self-dealing schemes that may run afoul of civil and criminal laws.
That’s why our proposed rule anticipated the CFPB setting rules around formal recognition of standard-setting organizations. This will prevent large incumbents from rigging standards in their favor.
Today, I want to share more detail about how we expect to recognize standard-setting organizations. Well before we finalize the Personal Financial Data Rights rule this fall, we intend to codify what attributes standard-setting organizations must demonstrate to be recognized under the rule. After we codify those attributes, we will invite standard-setting organizations to begin the process of seeking formal recognition from the CFPB. This will help us recognize standard setters as quickly as possible, which should help facilitate compliance. We plan to do this as soon as is practicable, before we finalize our Personal Financial Data Rights rule.
Based on the formal feedback we received in the proposed rule, I anticipate that the final rule we intend to issue this fall will identify the areas where standards are relevant to the requirements of the final rule.
The attributes we are considering for standard-setting organizations will not be a surprise to those who read our proposal. For example, we are considering whether standard-setting organizations should be balanced, such that no single entity or group of entities dominates decision making.
We will look closely at the makeup of the board or group that makes determinations with respect to the setting or modification of standards. We’ll be looking at your funding structure. If the composition suggests favoritism or if funding is dominated by one market participant, that will be a problem.
Additionally, if there is no meaningful way for consumer privacy interests or the interests of small firms to be considered, that might also be a problem. I urge all interested standard setters in this space to look hard at their practices and procedures to ensure your organization is not simply a puppet for a powerful player.
In terms of the process for maintaining recognition, we want to ensure that there are no bait-and-switches or any other mischief. I expect that CFPB recognition might be revocable or time-limited under certain circumstances.
While interoperability is an important component of a healthy open banking system, I would eventually like to recognize more than one standard to allow the market to develop without complete reliance on one set of protocols. I also recognize that not every standard setter might be ideally suited to create standards for every part of the open banking system, and new standard-setting organizations may need to emerge as the system evolves.
As I conclude, I want to emphasize that existing standard setters should not take their place in this market for granted. The CFPB’s strong preference remains for market-driven standards, but we will not be able to rely on such standards if they are structured to allow incumbents to maintain their market power to the detriment of open banking in the United States.
If we’re unable to identify standard-setting organizations, we will be prepared to step in with more detailed guidance. But we think the industry should be prepared to think critically about these issues now, to stand ready to engage with us, and to prepare for applying for recognition even before the main rule is finalized this fall.
Thank you.
译稿
消费者金融保护局局长罗希特▪乔普拉
(Rohit Chopra)在全球金融数据交换峰会上的演讲
2024年3月13日
今天,我想讨论一下我们在加速美国向开放银行业转变中所处的状况,重点在于标准制定者和标准制定者的作用。接着,我想探讨一下如何以反竞争的方式将标准制定过程武器化的一些危险。最后,我将介绍标准制定组织如何获得消费者金融保护局(CFPB)的认可。
在座的诸位都知道,美国在转换金融产品方面有一个笨拙过时的系统。转移到利率更高的新支票账户涉及重置直接存款和定期账单支付、打印新支票以及获得新的银行卡设备。错误可能代价高昂。毫不惊奇的是,我国最大的银行在几乎没有调整利率的情形下,仍保留了自己的储户基础。
开放银行涉及更少的繁文缛节和更多的无缝转换。几个月前,CFPB提议了一些规则,这些规则将成为向开放银行转变的关键基础。这些规则依赖于《消费者金融保护法》第1033条下的休眠权力,该法赋予消费者访问其数据的权利。这些规则还旨在确保敏感的个人财务数据是安全而私密的。
我们正在通过审查对我们提议的反馈,与联邦储备体系内的相关部门协调,并与其他金融监管机构一起考虑执行,最终确定这些规则。
作为该过程的一部分,有关如何制定相关行业标准的讨论日益增多,包括数据标准和共享协议。这些标准对于确保系统开放和可互操作非常重要。我们去年发布的建议承认标准和标准制定将在开放银行中发挥重要作用。然而,该提案也在有意避免微观管理或规定性技术细节。
我们可能都认识到制定标准的重要性。在美国销售的电子产品有一套通用的插头,可以安装在我们家里和办公室的插座中。在美国销售的机动车被设计为在道路右侧行驶。这些标准可以帮助工程师和设计师在构建产品时达成共识。
就对标准的需求而言,金融服务也不例外。借记卡和信用卡通常遵循一个标准。美国运通信用卡通常以“3”开头,Visa卡以“4”开头,万事达卡以“5”开头。某些数字为我们提供了有关发卡行和账号的线索,而其他数字则有助于快速确定它是否是有效号码。
实体卡还具有其他特性,允许使用不同类型的读卡器读取它,以便通过滑动磁条、点击或嵌入芯片来接受。这些标准都是由行业参与者制定的。虽然政府有一定的参与和不同程度的监督,但我预计开放银行将需要同样类型的标准制定。
其中一些标准制定可能是技术性的。例如,如果开发者界面始终以标准化格式提供数据,那么开放银行将更容易,对中介机构的依赖也会更少。其他类型的标准制定可能更符合最佳实践,比如数据提供者如何沟通和实施预先安排的停机时间或可能干扰消费者数据访问权的其他中断的规范。
我们从其他司法管辖区在全世界实施开放银行的努力中学到了很多东西。具体而言,我们理解在法规过于规范(这可能会缓慢采用并将市场锁定在旧技术)和法规不够规范之间取得平衡是多么重要,这可能导致标准混乱或分散,或阻止标准充分发展。
我们知道,在一些司法管辖区,例如澳大利亚,监管机构已经不遗余力地在其开放银行制度中为数据共享制定了详细的技术标准。然而,我不太相信类似的方法在美国会奏效。
与此同时,我们也知道,在其他司法管辖区,例如欧盟,监管机构采取的方法导致了标准碎片化或标准冲突。这种方法给实施带来了复杂性,并破坏了互操作性。
当然,我们知道,当更强大的参与者将行业标准武器化时,危险就会存在。我们必须保持警惕,标准制定不会偏向于有利于占主导地位的公司及其主导的市场力量。
重要的是,将行业标准武器化并不是一个新问题。以制造业为例,在1988年最高法院的联合管道和导管公司诉印第安头人公司(Allied Tube& Conduit v. Indian Head, Inc.)案中,法院讨论了现有的钢铁导管生产商如何使用标准制定组织的程序排除创新的塑料导管,从而将市场锁定在旧技术中。
以最高法院的另一个例子为例,1982年,在美国机械工程师协会诉泵控制器公司(Mechanical Engineers v. Hydrolevel Corp.)案中,最高法院强调了一种情形,即一个标准制定组织的官员密谋发布对该组织的热水壶安全装置规范的解释,而该解释不利于该官员的公司的竞争对手。也就是说,一个标准制定组织的官员利用他在该组织中的地位,以不同的方式将竞争对手拒之门外。值得注意的是,在本案中,法院认为标准制定组织可能要对官员的反竞争行为负责。
在金融服务领域,我们还看到网络和金融渠道的所有者如何扭曲规则,使其对自己有利。
我们继续听到有关现有企业可能协调努力,通过银行拥有的企业强制共享数据,限制消费者行使其访问数据的权利。
占主导地位的公司或标准制定者的反竞争行为不会推动开放银行的发展。银行可以选择其服务提供商实现开放银行业务,但我们将密切关注,以确保这些服务提供商不会被用于反竞争效果。
其中一些反竞争策略也可能违反法律。CFPB定期与司法部沟通,以标记可能违反民法和刑法的潜在自我交易计划。
这就是我们提议CFPB会围绕正式认可标准制定组织制定规则的原因。这将防止大型现有企业操纵对他们有利的标准。
今天,我想分享更多细节,有关我们期望如何识别标准制定组织。在我们今年秋天最终确定个人财务数据权利规则之前,我们打算编纂标准制定组织必须证明哪些属性才能根据该规则得到认可。在我们编纂这些属性之后,我们将邀请标准制定组织开始寻求CFPB的正式认可。这将有助于我们尽快识别标准制定者,这将有助于促进合规性。我们计划在最终确定我们的个人财务数据权利规则之前,尽快这么做。
基于我们在拟议规则中收到的正式反馈,我预计我们打算在今年秋天发布的最终规则中将确认标准与最终规则要求相关的领域。
我们正在考虑为标准制定组织考虑的特性不会让那些阅读我们提案的人感到惊讶。例如,我们正在考虑标准制定组织是否应该平衡,以便没有一个实体或一组实体主导决策。
我们将密切关注对标准的制定或修改做出决定的董事会或小组的组成。我们将研究诸位的资金结构。如果这种构成暗示着偏袒,或者资金由一个市场参与者主导,那将是一个问题。
此外,如果没有有益的方式考虑消费者的隐私利益或小公司的利益,那也可能是一个问题。我敦促这个领域所有感兴趣的标准制定者认真审视他们的做法和程序,以确保您的组织不仅仅是强大参与者的傀儡。
在保持认可的流程方面,我们希望确保没有诱饵推销法或任何其他恶作剧。我预计在某些情形下,CFPB的认可是可撤销的或有时间限制的。
虽然互操作性是稳健开放银行系统的重要组成部分之一,但我希望承认不止一个标准,允许市场在不完全依赖一套协议的情形下发展。我还认识到,并非每个标准制定者都非常适合为开放银行系统的每个部分制定标准,随着系统的发展,可能需要出现新的标准制定组织。
最后,我想强调的是,现有的标准制定者不应理所当然地在这个市场中占有一席之地。CFPB仍然强烈倾向于市场驱动的标准,但如果这些标准的结构允许现有企业保持其市场力量而损害美国的开放银行,我们将无法依赖这些标准。
如果我们无法确认标准制定组织,我们将准备介入并提供更详细的指导。但我们认为,该行业现在应该准备好批判性地思考这些问题,随时准备与我们合作,并准备在今年秋天最终确定主要规则之前申请认可。
谢谢诸位。
译者:西南科技大学讲师 景欣
原文链接:
https://www.consumerfinance.gov/about-us/newsroom/prepared-remarks-of-cfpb-director-rohit-chopra-at-the-financial-data-exchange-global-summit/