Consumer Financial Protection Bureau Director Richard Cordray today acknowledged that there are many unanswered questions about the security and technology of allowing consumers to provide third parties access to their personal financial data. At a field hearing on the topic in Salt Lake City, he touted the value that accessing and sharing this data can have for customers but said the bureau is listening carefully to financial institutions’ point of view.
“We have heard that banks, credit unions and others that house this information have operational concerns about when and how they are supposed to share the information with third-party providers,” Cordray explained. “Does the sharing of financial records impose burdens on staff time or other resources? Are there legitimate concerns that the number and frequency of these requests could overwhelm the servers at financial institutions?”
This line of inquiry by the CFPB comes amid many bankers’ concern about a commonly used process called “screen scraping” in which consumers provide their online banking credentials to a third-party app or tool — which can introduce significant fraud, security and compliance risks. Cordray acknowledged these concerns. “Financial institutions that share information likewise should be confident that they will not be exposed to unauthorized or fraudulent transactions resulting from efforts made to access customer information,” he said. “It would be problematic for everyone involved if granting access to third parties were to compromise consumer privacy or put consumers’ funds and account relationships at risk.”
Testifying during the field hearing, American Bankers Association VP Rob Morgan emphasized that banks are actively developing ways to facilitate safe and secure data access. “Let me be clear, banks fully support and are working to ensure that their customers have the ability to safely share and control their data,” said Morgan. “This is not as easy as flipping a switch, as some have suggested. There is a lot of coordination that needs to go on between our nation’s 6,000 banks, their technology providers, data aggregators and their customers.” In order to promote innovative approaches, he recommended that the bureau avoid new regulations.
“We believe we must get to a place where consumers are able to access and share their financial records with trusted third parties, without undue restrictions,” Cordray said. “We are confident that financial institutions and other companies can develop technological solutions to maintain and transfer these records safely and securely.”