Washington, D.C. – Today the Consumer Financial Protection Bureau initiated the rulemaking process for Section 1033 of the Dodd-Frank Act, related to how consumers access their personal financial data and how that information is protected. Paige Pidano Paridon, BPI senior vice president and senior associate general counsel, issued the following statement in response:
What BPI is saying:
BPI appreciates the CFPB’s effort to establish clear and consistent rules and expectations for all entities with access to consumers’ financial data. Banks are responsible stewards of consumers’ data and are already subject to numerous laws and regulations requiring them to safeguard this sensitive information. It is essential that consumers’ data is protected regardless of what type of entity has access to that information, and better protection means requiring Big Tech and other nonbanks to adhere to the same obligations, expectations and direct oversight applied to banks.
What is BPI looking for?
The final rule must, among other considerations:
- Advance the adoption of secure APIs and outlaw the use of screen scraping;
- Mandate any entity with access to sensitive consumer data establish and maintain strong safeguards;
- Limit the type of data shared to what is necessary to provide a service;
- Require transparency so that customers understand how their data is being used, who it is being used by and how long the data is being saved; and
- Clarify that liability for misuse or unauthorized access to the data follows the data – for example, if a data aggregator is hacked and a consumer’s data is accessed and used to engage in unauthorized transactions or fraudulent activity, the data aggregator should be liable for that breach.
What comes next: The Bureau formally launched the process for implementing Section 1033 and is soliciting input through a panel of small businesses affected by the rule — a legal requirement under the Small Business Regulatory Enforcement Act, or SBREFA. The panel will prepare a report on the input received from the small businesses, and the CFPB will consider the input as it develops a proposed rule, expected to be issued in 2023. A final rule is expected in 2024.
- BPI Responds to Consumer Financial Protection Bureau ANPR on Consumer Access to Financial Records
- A Short Prescription for Ensuring Responsible Open Banking in the United States
- BPI Statement Before House Task Force on Financial Technology on Consumer Access to Personal Financial Data
- Data Aggregators Issue Summary
- BPI Welcomes CFPB Resolve to Verify Big Tech Consumer & Data Safeguards
- Summary: BPI/TCH Symposium on The Future of Consumer Financial Data Access: Implementing Section 1033 of the Dodd-Frank Act
About Bank Policy Institute.
The Bank Policy Institute (BPI) is a nonpartisan public policy, research and advocacy group, representing the nation’s leading banks and their customers. Our members include universal banks, regional banks and the major foreign banks doing business in the United States. Collectively, they employ almost 2 million Americans, make nearly half of the nation’s small business loans, and are an engine for financial innovation and economic growth.