The Consumer Financial Protection Bureau requested a stay in a lawsuit challenging the 1033 rule on consumer data security and privacy and said it plans to craft a new rule soon.
The CFPB’s Stay: The CFPB filed a stay with the U.S. District Court of Eastern Kentucky and said it “has now decided to initiate a new rulemaking to reconsider the Rule with a view to substantially revising it.”
Reversal of Previous Filing: The CFPB in June asked a federal court to vacate its 1033 rule, saying the rule is unlawful because it exceeds the bureau’s statutory authority and is arbitrary and capricious.
Background: The CFPB’s rule implements Section 1033 of the Dodd-Frank Act, which requires covered financial institutions to make available to consumers certain data relating to consumers’ transactions and accounts upon request.
ICBA View: ICBA has long expressed concerns about the impact of the rule on consumer data security and privacy. While the rule included an ICBA-advocated provision exempting community banks under $850 million in assets from a provision requiring institutions to create and maintain a third-party developer interface, ICBA has repeatedly called on the CFPB to focus its implementation of Section 1033 on promoting data security at third-party entities.
Correcting the Record: ICBA and other groups this week issued a statement correcting the record on Section 1033 rulemaking following misleading claims from a group of fintech and retail organizations. In a national news release, ICBA and other groups corrected several inaccuracies from the fintechs while noting the rule would put Americans’ most sensitive financial data at risk.
Ongoing Advocacy: Addressing the 1033 rule is a key priority of ICBA’s “Repair, Reform, and Thrive” plan for the new Congress and Trump administration. ICBA’s Open Banking Guidebook details the rule as well as its advocacy efforts, including securing exemptions for community banks under $850 million in assets.