A group of eight national trade organizations, including the Consumer Bankers Association (CBA), are urging the Consumer Financial Protection Bureau (CFPB) to strengthen the privacy and security of consumer financial data held by financial technology companies and data aggregators.
Currently, the CFPB is working on a rule that would establish standards for sharing consumer financial data, typically through third parties, in a secure and transparent manner that gives consumers control. Financial institutions must meet significant data privacy requirements under federal law and are monitored for compliance with all consumer protection laws and regulations through the CFPB’s close supervision.
However, data aggregators will not be subject to CFPB supervision, leaving a significant gap in consumer protection. In the petition, the trade groups argue that the regulation will be incomplete without consistent oversight of these tech firms that serve as intermediaries for consumer financial data. They urge the CFPB to initiate a rule to define “larger participants” in the data aggregation services market that should be subject to ongoing supervision by the CFPB.
“We believe the CFPB should ensure that data aggregators and data users that are larger participants in the aggregation services market – not just banks and credit unions – are examined for compliance with applicable federal consumer financial law, especially the requirements of the forthcoming 1033 rulemaking, including the substantive prohibitions on the release of confidential commercial information,” the associations wrote in a letter to CFPB Director Rohit Chopra. “Only then will customers be protected in equal measure when their data is shared outside the secure bank and credit unions systems.”
Along with CBA, the petition was signed by the American Bankers Association, Credit Union National Association, Housing Policy Council, Independent Community Bankers of America, National Association of Federally-Insured Credit Unions, National Bankers Association, and The Clearing House Association.
The associations added that “[b]y the nature of their business, data aggregators hold a tremendous amount of consumer financial data. It is estimated that data aggregators hold the consumer log-in credentials for tens of millions of customers. While consumers may consent to the sharing of their financial data, many of these same consumers are unaware of the activities in which these intermediaries engage, how the information is being collected, and how the data may be used or shared.”