The American Bankers Association and seven national trade associations petitioned the Consumer Financial Protection Bureau today to initiate a rulemaking to ensure that businesses that collect large amounts of consumer financial data are subject to the same oversight as financial institutions.
The CFPB is currently engaged in rulemaking under Section 1033 of the Dodd-Frank Act, which will establish standards for sharing consumer financial data, typically through third parties, in a secure and transparent manner that gives consumers control. Financial institutions already must meet strict data privacy requirements under federal law and are monitored for compliance for all consumer compliance laws by the bureau, the trade groups noted in the petition. Data aggregators will be covered by the Section 1033 rule but are not subject to CFPB supervision, leaving a significant gap in protection for consumers, they added.
The groups called on the CFPB to initiate a rulemaking to define “larger participants” in the data aggregation services market that should be subject to ongoing supervision by the bureau for compliance with the rule when it is final.
“We believe the CFPB should ensure that data aggregators and data users that are larger participants in the aggregation services market—not just banks and credit unions—are examined for compliance with applicable federal consumer financial law, especially the requirements of the forthcoming 1033 rulemaking, including the substantive prohibitions on the release of confidential commercial information,” the associations said.
