Consumer-authorized access to financial records will be the focus of a proposed new rule by the consumer financial protection agency later this year, with an aim of helping the agency understand and address “competing perspectives,” the agency said.
The Friday announcement of an advance notice of proposed rulemaking (ANPR), the Consumer Financial Protection Bureau (CFPB) said, came about in the wake of February symposium the agency held on the subject of consumer-authorized third-party access to financial records.
In a report on that gathering (which the bureau said included representatives of consumer groups, fintechs, trade associations, financial institutions, and data aggregators), also issued Friday, the bureau said fintechs and some others recommended that the agency should “prescribe a right for consumers and permissioned third parties to access their data relying on the authority” of provisions of the Dodd-Frank Wall Street Reform and Consumer Protection Act (Dodd-Frank) of 2010.
The agency added that banks and others urged a larger participant rule for the data aggregation market under the Dodd-Frank law in order for the agency to “establish its supervisory authority over larger participants in this market.”
Other recommendations offered at the symposium, the bureau said, included imposing disclosure requirements or disclosure standards; using guidance or other avenues to clarify some of the regulatory ambiguities described above; or taking actions predominately aimed at securing consumer privacy.
The proposed rule, the CFPB said as an outgrowth of those recommendations, would allow the agency to:
- Solicit input on how it might effectively and efficiently implement the financial access rights described under the Dodd-Frank Act. “Different market participants have helped authorized data access become more secure, effective, and subject to consumer control,” the agency asserted. “The Bureau expects these trends to continue, but also sees indications that some emerging market practices may not reflect the access rights described in Section 1033” of the Dodd-Frank Act.
- Seek information regarding the possible scope of data that might be made subject to protected access as well as information that might bear on other terms of access, such as those relating to security, privacy, effective consumer control over access and accessed data, and accountability for data errors and unauthorized access.
- Inquire into whether or how issues of regulatory uncertainty under the law’s provisions for data access interacts with other statutes within the bureau’s jurisdiction, such as the Fair Credit Reporting Act (FCRA), may be affecting the third-party data access market “to the potential detriment of consumers,” and seek information that may help resolve such uncertainty.