ABA urges CFPB to exclude banks from ‘data broker’ definition

Any Consumer Financial Protection Bureau activity on data brokers should target unregulated entities and not upset the existing regulatory framework for financial institutions, the American Bankers Association said today in a letter to the agency. The CFPB in March issued a request for information as part of an inquiry into the business practices of “data brokers”—an umbrella term that describes firms that collect, aggregate, sell, resell, license or otherwise share consumers’ personal information with other parties. The agency said it was particularly concerned about the privacy, security and accuracy of the data collected, as well as the alleged lack of consumer knowledge and consent regarding such activity.

In its letter, ABA noted there already is an extensive regulatory structure governing how banks and certain other financial institutions use and transfer data. Agency efforts should instead target unregulated entities, and it should refine any proposed definition of “data broker” to expressly exclude financial institutions, the association said.

“ABA also believes that the CFPB should develop its position on data brokers in a way that does not interfere with banks’ use of information from outside sources for important purposes that benefit consumers, such as identity resolution, fraud prevention and anti-money laundering activities,” the association said. ABA reiterated what it said is the pressing need for the agency to supervise large nonbank entities dealing in financial data “because their business activities present risks to consumers that are best mitigated through rigorous examination for compliance with existing federal consumer protection laws and regulations.” Finally, the association urged the CFPB to clarify the relationship between its data broker concept and the ongoing Section 1033 rulemaking on personal financial data rights.