3rd Party Risk Management , Governance & Risk Management , Video

FIs Face New Liabilities From CFPB's Rule on Open Banking

Datos Insights' John Horn on How Open Banking Enhances Consumer Control Over Data
John Horn, director, cybersecurity practice, Datos Insights

The Consumer Financial Protection Bureau's open banking ruling shifts liability burdens onto banks, amplifying their responsibilities for securing data shared with third-party fintechs. John Horn, director of cybersecurity practice at Datos Insights, explained how this leaves banks accountable for breaches that originate from third parties.

See Also: What to Do Based on 2022: Expert Analysis of TPSRM Survey

"CFPB seems to have hamstrung the banks in terms of what they can do in demanding accountability from third-party fintechs, while the documentation requirements on banks are far more extensive," Horn said.

Critics argue the ruling falls short by not mandating the transition from outdated screen-scraping methods to secure APIs, which leaves gaps in fraud prevention and consumer data protection, he said.

"When financial institutions get their API security solutions in order, the API security channel is much stronger. If you put API security, passkeys and phishing-resistant multifactor authentication together, these are significant defense mechanisms against risks of screen scraping," he said.

He added that Europe's open banking model sets a stronger precedent with prescriptive, date-driven regulations, whereas North America lags behind in adopting robust security frameworks.

In this video interview with Information Security Media Group, Horn also discussed:

  • How open banking enhances consumer control over financial data;
  • Where banks are likely to invest in 2025;
  • The re-emergence of customer identity and access management and why that is important.

Horn leads the cybersecurity practice at Datos Insights, which provides valuable cybersecurity and identity research, insights and advisory services to financial services firms. He functions as a distinguished industry expert and critical thinker within the rapidly evolving domains of identity, cybersecurity and risk.


About the Author

Suparna Goswami

Suparna Goswami

Associate Editor, ISMG

Goswami has more than 10 years of experience in the field of journalism. She has covered a variety of beats including global macro economy, fintech, startups and other business trends. Before joining ISMG, she contributed for Forbes Asia, where she wrote about the Indian startup ecosystem. She has also worked with UK-based International Finance Magazine and leading Indian newspapers, such as DNA and Times of India.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing paymentsecurity.io, you agree to our use of cookies.