The Consumer Financial Protection Bureau issued a discussion guide which outlined options to strengthen consumers’ access to, and control over, their financial data as a first step before issuing a proposed data rights rule that would implement section 1033 of the Dodd-Frank Act.
This first step in the process will allow community banks and small financial companies to weigh in under the Small Business Regulatory Enforcement Fairness Act. Once the SBREFA process is complete, the CFPB will issue its proposal, which will ultimately obligate financial institutions to share consumer data upon consumer request, accelerating the shift toward open banking and open finance.
The proposals under consideration include:
The ability for consumers to transfer their account history to a new company.
Limitations imposed by the CFPB on third parties reselling authorized data for other uses.
Petition on Data Aggregators: ICBA and other groups earlier this year called on the CFPB to initiate a rulemaking that defines “larger participants” in the data aggregation services market that should be subject to ongoing supervision. The groups noted in a joint petition that while the 1033 rule will apply to financial institutions and data aggregators, third-party aggregators are not subject to CFPB supervision.
Letter on Nonbanks: The petition followed last year’s ICBA letter calling on the CFPB to ensure nonbanks that access customer financial information take the same care in protecting consumer privacy and data as community banks.
Feedback on the CFPB’s outline can be emailed to [email protected] and is due by Jan. 25, 2023.