The American Bankers Association today urged the Consumer Financial Protection Bureau to “tread carefully” as it drafts proposed data-sharing rules for businesses, warning that the agency could stifle innovation and risk consumers’ personal financial data if it introduces impractical requirements.
The CFPB last year outlined a series of proposals under consideration to implement Section 1033 of the Dodd-Frank Act, which requires businesses to make a consumer’s financial information available to them or a third party at the consumer’s direction. In a letter to CFPB Director Rohit Chopra, ABA said the rules the agency develops could foster innovation and improve consumers’ lives, or they could prove so unwieldy that they endanger the privacy and security of consumers’ financial data. The association said the CFPB should stick to the letter and spirit of the Section 1033 text “while being mindful that future rules do not undermine the good work that has been achieved organically by a cross-industry group of financial institutions, fintechs and data aggregators.”
ABA noted that its members have expressed concern that the agency’s proposed outline fails to adequately address data security, fraud and liability, and that many small and midsize banks remain unaware of the effects the rule would have once implemented. The association also advocated for the CFPB to cultivate a level playing field among all businesses operating in the personal financial data-sharing ecosystem. Last year, ABA and other trade groups petitioned the CFPB to initiate a rulemaking to define “larger participants” in the data aggregation services market that should be subject to ongoing supervision by the agency for compliance with the rule when it is final.
“We urge the CFPB to recognize the deep complexities at the heart of personal financial data rights and the need to strike a harmonious balance between consumer interests and a feasible construct for businesses operating in this space,” ABA said.