ICBA called on the Consumer Financial Protection Bureau to ensure nonbanks that access customer financial information take the same care in protecting consumer privacy and data as community banks.
ICBA's comment letter responds to the first step of a rulemaking to implement Section 1033 of the Dodd-Frank Act, which gives consumers the right to access their financial records in electronic form. ICBA said this section of the law has enabled an explosion of nonbank data aggregators seeking consumers' permission to access their financial records.
ICBA noted that these companies are not typically held to the same rigorous regulatory standards as community banks, yet they manage to avoid any responsibility associated with data breaches and other consumer harms that result from their access to financial data.
Among its recommendations, ICBA called on the bureau to consider the burden third-party access imposes on community banks, directly supervise and apply data security requirements to aggregators, and exempt banks from liability associated with unauthorized transactions initiated by or through data aggregators.