“It’s hard to make predictions about the future.” Although it is not clear whether Yogi Berra, the baseball Hall of Famer, said these words, it is undisputed that forecasting is a difficult business. Yogi would probably be disappointed to learn that I no longer know my batting average after years of writing blog posts detailing public policy predictions for the year. I am confident that my 2023 predictions will allow me to make a string of hits this year.
1. The CFPB’s new Open Banking Proposal will Accelerate Product Innovations
The year 2023 will mark a significant step forward for the United States’ financial regulators in dealing with the new open banking environment. The Consumer Financial Protection Bureau (CFPB), has stated that it will publish rules, not guidelines, aimed to strengthen consumers’ control over their financial accounts and provide portability. This is expected to happen sometime in 2023. Although a final rule to implement section 1033 under the Dodd-Frank Act won’t be published until 2024, it is certain that open banking initiatives will gain momentum now that there are “rules-of-the-road”. In 2018 leveraging consumer-permissioned financial data combined with account aggregation technology and distribution capability to provide lenders with new insights and consumers with enhanced access to credit. Also has several open banking analytical models that can be used by financial institutions worldwide. These models focus on personalizing the experience of consumers with real-time and summarized insights derived from financial instruments.
Just in the last few months, both Freddie Mac and Fannie Mae announced that their respective automated underwriting systems will consider consumer-permissioned cash flow data in the assessment process that will provide key benefits for first-time homebuyers and underserved communities. As open banking gains more traction in the United States, further innovations will be fueled by the CFPB’s Section1033 rulemaking.
2. Although there will be changes in the BNPL market, major regulatory action is still at least a year away
BNPL companies have experienced a decline in the economy and a rise of bad debts, rising losses, higher costs of operations, and falling share prices. The industry experienced a meteoric rise in transaction volume, with transactions increasing by fourfold between 2019 and 2022. Regulators also paid attention to the introduction of new BNPL products across multiple product lines. The CFPB collected data from five top BNPL companies, and published a comprehensive sector report. Rohit Chopra, Director of CFPB, has stated that he wants consumer protections similar to those for credit card purchases. This includes better disclosures and dispute resolution.
Some have asked whether all BNPL activities are covered by the same consumer protection laws. Many groups also advocate extensive industry regulation. However, a rule that covers BNPL companies is larger than the CFPB rulemaking agenda.
Instead, I expect regulators to be more focused on providing regulatory clarity through guidance and using their enforcement powers to encourage BNPL providers update their operations in the next year. Some BNPL companies are already providing disclosures required by the Truth-in-Lending Act. Other companies offer BNPL long-term installment loans. These are subject to a variety of consumer protection laws.
Going forward, consumers will likely experience greater transparency from industry players. BNPL is here to stay. Even if there are no specific regulatory requirements in 2023 for BNPL, consumer protections and disclosures will be a major part of the next phase in the industry’s maturation.
3. Public Companies will have Cybersecurity Compliance with the New SEC Rules as a Top Priority
As cybersecurity threats to the private sector continue to increase, the federal government remains focused on enhancing cybersecurity outside of government-controlled systems. The Securities and Exchange Commission (SEC), in March 2022, issued suggested rules on cybersecurity risk management, strategy and governance. Incident disclosure is required for public companies that are subject to the reporting requirements of Section 1934 of the Securities Exchange Act of 1934. These rules will significantly increase corporate accountability for cyber risk management, starting at the top and continuing down through the organization.
The most talked-about provision is the proposed amendment to the Form 8K. This report, which public companies must file with SEC to notify shareholders of major events, allows them to disclose information about cybersecurity incidents. The proposal would require registrants to report information on cybersecurity incidents within four days of determining that they have experienced a material cybersecurity event. This is in addition to the incident’s discovery date. This new provision will require organizations to understand the materiality of a breach in a covered system. It will also make it more difficult for public company leaders to grasp the financial implications of materiality before breaches occur. Many organizations are not meeting the new SEC standards for cyber security readiness.
The Office of Management and Budget reported the final SEC cyber rules will be published in April 2023. Although it is unclear when the new SEC requirements are going to take effect, 2023 will see public companies evaluate the effectiveness of their existing cyber reporting practices and procedures in order to prepare for them.
4. Meaningful Developments, but no Federal Privacy Law or AI Regulations
The United States still doesn’t have a comprehensive privacy law as of 2023. The American Data and Privacy Protection Act was introduced in 2022. This markedly changed the situation. The first time privacy legislation in Congress received bipartisan support from key Senate and House committee leaders was July. The bill was approved by the House Commerce Committee in July with a 53-2 vote.
There are still a few objections, including concerns about the state pre-emption provision and the private right to action language. The bill’s future is possible because privacy issues are not partisan issues. This is good news for Republicans and Democrats who have different party control in Congress. Although policy leaders will continue to make progress in shaping a federal privacy bill for Congress, I expect that no final deal will be reached by 2023. Other privacy-related proposals that focus on children’s privacy ( COPPA 2.0, KOSA) may also be pursued.
The White House has published the Blueprint to an AI Bill of Rights. This document provides a framework that will allow for more responsible AI. In the meantime, the National Institute of Standard and Technology will release its AI Risk Management Framework by 2023. This initiative will offer a set of voluntary standards that businesses and others can adopt. These measures’ success will depend on how clear and consistent the industries are in adopting defined metrics, practices, thresholds and thresholds.
While the EU is making progress in its efforts to regulate AI, 2023 will likely see the U.S. focusing on AI principles and standards. Scott Zoldi (FICO’s Chief Analytics Officer) will be busy sharing his insights online about a range of ethical and responsible AI topics. Zoldi has more than 100 patents to his credit for his work developing AI and machine-learning software technologies.
Looking forward to 2023 brings me back to the fact that every year brings new hope for both players and baseball fans that their team will be successful. Although Yogi correctly pointed out the difficulty of making predictions, my “Four for Twenty-23” will increase my batting average, whatever that may be.
