As she enters her fourth year as chief executive of the Financial Technology Association, Penny Lee is engaged in one of the group’s larger legal battles: Fighting to usher the U.S. into an open banking era amid a dramatic regulatory shift.
Under Lee, the FTA has become the only litigant seeking to preserve the Consumer Financial Protection Bureau’s 2024 landmark open banking rule under Section 1033 of the Dodd-Frank Act.
Open banking allows consumers to share their financial information with a variety of financial institutions and fintechs, possibly swapping information from account to account, increasing competition in the industry. The Trump administration has said the rule is unlawful.
Lee spoke with Payments Dive on May 28, two days before the CFPB formally asked a federal judge to side with plaintiffs in their request for summary judgment against the agency’s 2024 open banking rule. The judge has yet to rule on that request.
However, the Kentucky federal judge in the case ruled last month that the FTA may intervene in the lawsuit on behalf of its members, which include Brex, eBay, PayPal and Stripe.
For Lee, a Washington veteran and former adviser to the late Senate Majority Leader Harry Reid, D-NV, the conflict with Trump regulators over open banking belie major areas of agreement about more limited fintech regulation than FTA members experienced under the Biden administration.
Editor’s note: This interview has been edited for clarity and brevity.
PAYMENTS DIVE: How central is this Section 1033 open banking issue for your members? Are most concerned about its fate or is it not a primary topic for many of them?
PENNY LEE: It is a core foundation for a lot of the work … which our members do, and that is having consumers being able to permission their information, to be able to use third-party apps. And so that ability for them to permission that their bank data be shared with this third party is a core operation for so many of our members.
It sounds like the lawsuit is front and center for you?
Section 1033 allows for consumers to permission their data. And it is currently what is law. And having that ability removed, or without that guarantee, which this rule does codify into law, that this is a right. What we have seen in the past, and would expect, is that the banks would engage in some anti-competitive behavior, meaning throttling back the information they’re providing, slowing down the connectivity, or only allowing consumers to be able to permission through one of their apps or one of their controlled capabilities. What we have seen is an incredible amount of growth and innovation and consumers being able to use a lot of different apps and platforms over the last several years. Largely because this rule was coming to guarantee that right.
What do you say to the notion that open banking carries on with or without a formal CFPB rule, that the commercial potential is too high to ignore?
What we want to make sure is that that (data-sharing) premise is guaranteed. And so that’s the question before the courts, or that will be put before the courts, as to what that definition of the consumer's right to permission their data, what that actually means. And so I do think there will be a continual amount of activity. But yet we need that certainty. Industry on both sides need that certainty and that clarity, which is what the final 1033 rule did: Yes, consumers have the right to permission their bank data into third parties. And so that’s kind of what we would hope that the court upholds.
If you consider the CFPB’s budget request and the court fight over staff cuts, would there be a capacity for the agency to write a substantially new open banking rule?
I have to take the administration at its word, which says that they can do it.
How do you think about the Trump administration in terms of promoting fintech innovation, such as cryptocurrency development, and the effort to cut regulatory staff and rulemaking? Are those compatible goals?
Just because there’s been a change of administration doesn’t mean existing laws go away. So there are a lot of regulations already that we’re adherent to and will continue to be adherent to: KYC (know your customer), AML (anti-money laundering), fraud prevention. How we treat financial data, what the privacy of that data needs to look like, ways in which payment companies engage. So there’s a whole host of state and federal laws that continue to be in effect, and irrespective of the decreasing of one regulatory body doesn't mean that the rule and the law goes away. There is a lot already to make sure that these products are safe, that they're sound, that consumers and small businesses can engage with them in responsible ways. You have state [attorneys general] and others that can enforce certain aspects of laws, as well.
What the approach from this administration has been is to think through what was onerous, because we did have a lot of rulemaking in the past in the Biden administration that I would say was either duplicative or didn’t understand the products. Trying to form regulations for regulation’s sake, and didn't really have a purpose or address anything other than being onerous. What we’ve seen in the Trump administration is removal of many of those things to allow innovation to continue and flourish and do so in a way that is responsible.
Your annual CEO Summit is June 25, with regulators, executives and legislators. Is Russ Vought, the CFPB’s acting director, among those you’ve invited?
No, he’s not. I don’t think that he does speaking engagements.
