BPI submits formal statement to House Task Force on Financial Technology in advance of hearing
Washington, D.C. — Consumers should have the ability to access their personal financial data, according to a statement for the record submitted today by the Bank Policy Institute in advance of a U.S. House Committee on Financial Services Task Force on Financial Technology hearing. The statement emphasizes that while consumers should be able to use their preferred applications to manage spending and other financial matters, consumers should not have to forfeit the expectation of data security and privacy. The statement presents three key recommendations: consumer financial data should be safe and secure regardless of who holds it; informed consumer consent should be obtained; and consumers should have control over the type and amount of information shared.
“BPI supports consumers’ ability to access and share their personal financial data,” BPI wrote in the statement. “It is of paramount importance that this data is shared based on informed consumer consent and effective consumer control over the type and amount of information that is shared and that the data is maintained in a safe and secure manner regardless of where, why or with whom that data is maintained.”
Approximately 120 data aggregators operate in the United States, all in the business of collecting data through a variety of practices, some of which, such as screen scraping, pose data security risks to consumers. Screen scraping enables third parties to harvest a wide swath of consumer data, oftentimes far exceeding the information needed to offer a specific service or product. For example, aggregators do not need to obtain demographic or income details for a consumer to sign up for a Venmo account, points out a recent BPI blog post, but in some cases, aggregators may in fact access and store this information. Some estimates indicate that the largest U.S. aggregators may hold in their possession the sensitive financial information of millions of consumers. These massive stores of data create a prime target for malicious actors and a significant risk for consumer privacy.
Among its recommendations, the statement argues the industry should eliminate screen scraping practices and transfer data more securely via an Application Programming Interface (API). The use of APIs would help to empower and protect consumers by ensuring their control over who has access to their data, how much data is shared and when data sharing authorization is terminated with third parties. The statement calls for the Consumer Financial Protection Bureau to employ its authority under the Dodd-Frank Act to apply existing data security and privacy standards to data aggregators. It also highlights the FFIEC examination guidance as providing a useful framework for information security requirements for these providers. These changes would help to reduce instances of serious fraud and potential account takeovers, thereby helping to enhance consumer data security.
About Bank Policy Institute.
The Bank Policy Institute (BPI) is a nonpartisan public policy, research and advocacy group, representing the nation’s leading banks and their customers. Our members include universal banks, regional banks and the major foreign banks doing business in the United States. Collectively, they employ almost 2 million Americans, make nearly half of the nation’s small business loans, and are an engine for financial innovation and economic growth.
Bank Policy Institute