BPI supports calls for CFPB to regulate data aggregators, ensure sensitive customer data remains private and secure
Washington, D.C. – The Bank Policy Institute expressed support today for a petition to the Consumer Financial Protection Bureau calling on the Bureau to exercise its authority to supervise and examine data aggregators.
What BPI is saying:
Paige Pidano Paridon, BPI senior vice president and senior associate general counsel, stated the following:
“The CFPB must address this massive vulnerability in the financial regulatory system that could jeopardize sensitive data from hundreds of millions of consumer accounts. Data aggregators offer tremendous benefits by allowing consumers to connect to the apps of their choosing, but they can also be a one-stop-shop for cyber criminals unless they are held to the same data security standards and expectations as banks to protect consumers and their highly sensitive data.”
What’s the background: The original petition – filed by bank and credit union organizations – calls on the CFPB to issue rules defining “larger participants” in the market for data aggregation services. The Dodd-Frank Act gave the CFPB this authority, which allows the Bureau to first go through a rulemaking process to designate and thereafter directly supervise nonbank covered persons that are “larger participant[s] of a market for … consumer financial products or services.” In doing so, the CFPB could ensure that aggregators comply with the same data privacy and security rules and expectations that apply to banks. The CFPB has previously used this statutory authority to regulate and supervise larger participants in the debt collection, student loan servicing, international money transfer and automobile financing markets.
Why it matters:
Approximately 120 data aggregators operate in the United States with access to data from millions of U.S. consumers. One large data aggregator, according to 2020 data, is reportedly connected to 200 million bank accounts across 11,000 U.S. banks. According to a recent survey conducted by The Clearing House:
- Around 80% of consumer respondents were unaware that third-party app providers gather users’ financial data;
- 73% were unaware that fintech apps have access to username and password information; and
- 78% were unaware that aggregators have access to personal data even when the app is closed or deleted.
Unregulated data aggregators with large quantities of data acquired from many institutions present a real vulnerability to the financial system. Furthermore, data aggregators often collect more data than is necessary to provide a product or service or keep the data that is collected. If aggregators retain consumers’ credentials and the aggregator is hacked, there is a risk that bad actors may then use consumers’ credentials to access accounts, exposing consumers to risk of fraud or theft.
How do requirements for aggregators compare to banks?
Banks comply with the Gramm-Leach-Bliley Act’s Title V privacy and data security safeguards, the FFIEC IT Examination Handbook, the Fair Credit Reporting Act, the Right to Financial Privacy Act, and various state and international privacy and data security laws, and are subject to regular, direct supervision and examination to ensure that they are abiding by their legal and regulatory obligations.
What more is being done by banks to protect customers?
Banks are working to eliminate unsafe practices such as screen scraping in favor of secure data sharing through application program interfaces (APIs). These standards occur through contributions to the Financial Data Exchange (now serving 32 million consumers), data access agreements with third-party partners and via the creation of API integration services such as the Akoya Data Access Network.
About Bank Policy Institute.
The Bank Policy Institute (BPI) is a nonpartisan public policy, research and advocacy group, representing the nation’s leading banks and their customers. Our members include universal banks, regional banks and the major foreign banks doing business in the United States. Collectively, they employ almost 2 million Americans, make nearly half of the nation’s small business loans, and are an engine for financial innovation and economic growth.