ABA, along with the American Fintech Council and the Community Development Bankers Association, sent a letter today to the CFPB urging the bureau to consider the unique position of small banks and fintech firms in complying with the requirements outlined in its proposed rule on personal financial data rights. The CFPB last year issued a proposed rule to implement Section 1033 of the Dodd-Frank Act, which requires businesses to make a consumer’s financial information available to them or a third party at the consumer’s direction.
“The technical complexity of Section 1033 operationalization, the need to understand the context of the ecosystem’s historical development, and the tangled spiderweb of overlapping laws and existing entity-specific solutions renders the [compliance] challenge especially arduous,” the associations wrote, adding that several sections of the proposed rule are “unclear and inconsistent” and would benefit from “practical implementation advice.” The groups also asked that the CFPB be sure to incorporate stakeholder feedback as it finalizes the rule to “reduce ambiguity” and to ensure “an effective rollout that limits disruptions to consumers.”
The trade groups referenced the Small Business Regulatory Enforcement Act, which requires that agencies “explain the actions a small entity is required to take to comply” including a “description of actions needed to meet the requirements of a rule, to enable a small entity to know when such requirements are met.” They also provided a list of issues that should be included in a guide specifically catering to the needs of smaller firms.
“It is imperative that the CFPB have consistent expectations for the ecosystem and not establish a bifurcated compliance regime for substantive provisions of the rule that are applicable to both small and large entities,” the groups wrote.
