CFPB Monitor News Guidance Perspectives of CFPB | Ballard Spahr Law Firm Blog

CFPB issues request for information on consumer access to financial information

Posted in CFPB General

In conjunction with its field hearing yesterday on consumer access to financial information, the CFPB has issued a request for information (RFI) about market practices related to such access.  Comments in response to the RFI must be filed no later than 90 days after it is published in the Federal Register.  The CFPB states that in addition to potentially helping industry develop best practices to deliver benefits to consumers and address potential consumer harms, the information obtained in response to the RFI could help the CFPB “in prioritizing resources,” such as “to evaluate whether any guidance or other action by the Bureau is called for, including future rulemaking.”

The RFI uses the term “consumer-permissioned access” to refer to consumer access to consumer financial account and account-related information, whether directly or through a third-party acting with the consumer’s permission.  In discussing the regulatory framework applicable to consumer-permissioned access to account information, the RFI cites to Section 1033 of the Dodd-Frank Act which requires that “[s]ubject to rules prescribed by the Bureau, a covered person shall make available to a consumer, upon request, information in the control or possession of such person concerning the consumer financial product or service that the consumer obtained from such covered person, including information related  to any transaction, or series of transactions, to the account including costs, charges, and usage data.”

The RFI discusses current market practices in connection with consumer-permissioned access to account information, including the role of account aggregators in transmitting consumer data.  It reviews consumer benefits from specific market uses of consumer-permissioned account data access as well as current market issues and risks.  With regard to risks, the CFPB discusses privacy and security concerns of providers of consumer financial accounts that arise from the role of account aggregators or other permissioned parties as well as provider concerns about their liability for unauthorized transactions.  The CFPB states that it “does not believe that consumer views have been adequately represented in this area” and is therefore concerned “that some market participants may decide to restrict consumer-permissioned access to data in ways that undermine consumer interests identified in section 1033–and that are broader than  necessary to address legitimate privacy and security concerns.”

The RFI contains a series of 17 questions about current market practice related to consumer-permissioned access to account information and three questions intended to obtain information about commenters’ views on how market practices may or should change over time.  The information sought about current practices include the types of products and services currently made available to consumers that rely on consumer-permissioned electronic access to account data; the incentives or disincentives for account providers to facilitate or discourage consumer-permissioned access to account data; the impediments, obstacles or risks faced by account providers in allowing access to permissioned parties or account aggregators and by permissioned parties or account aggregators in obtaining such data; the security and other risks consumers incur if they permit access to their account data and the steps being taken by account providers, aggregators, and permissioned parties to mitigate such risks; and the industry standards, if any, that currently exist to enable consumer-permissioned access to account data.

The questions about future market developments include whether industry standard practices “that provide consumers with data access comparable to that envisioned by section 1033 of the Dodd-Frank Act [are] likely to be broadly adopted by consumer financial account providers, permissioned parties and account aggregators in the absence of regulatory action.”

Several of these questions were posed to the panelists at the field hearing.  The panelists consisted of representatives of Public Interest Research Group, Center for American Progress, Center for Financial Services Innovation, American Bankers Association, The Clearing House, and an account aggregator company.  When asked whether industry standards that balance competing interests are likely to be adopted in the absence of regulation, consumer group representatives predictably warned of the need for regulation to avoid consumer harm while industry representatives stressed the danger that prescriptive regulation could interfere with innovation and favored the development of industry standards.