InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
CFPB Issues Principles Concerning Security and Transparency for Financial Data Sharing and Third-Party Aggregation
On October 18, the CFPB published guidelines entitled “Consumer Protection Principles” (Principles), which are “intended to reiterate the importance of protecting consumers” when companies, including “fintech” firms, banks, and other financial institutions, get authorization from consumers to access their account data that reside in separate organizations to provide products and services. Earlier this year, industry groups responded to a CFPB request for information and weighed in on the benefits and risks associated with consumers authorizing third parties to access their financial and account information held by financial service providers. (See previous InfoBytes summary here.) Along with the Principles, the CFPB published a summary of stakeholder insights, which highlights the feedback received by the Bureau. Separately, on October 16, Senator Edward J. Markey (D-Mass.) sent a letter to Director Richard Cordray raising concerns about data security during the transfer of consumer data to third-party aggregators and highlighting the need for transparency concerning the use of the data.
The Principles address the following areas: (i) data access; (ii) data scope and usability; (iii) control of data and informed consent; (iv) payment authorizations; (v) data security; (vi) transparency on data access rights; (vii) data inaccuracies; (viii) dispute rights and unauthorized access resolution; and (ix) mechanisms for efficient and effective accountability.
Notably, the Bureau recognized that there already exist statutes and regulations that apply to consumer protections in this market. As such, the Principles “are not intended to alter, interpret, or otherwise provide guidance on—although they may accord with—the scope of those existing protections,” and therefore do not establish “binding requirements.”
Upcoming Events
- Jonice Gray Tucker to moderate “Pandemic relief response and lasting impacts on access, credit, banking, and equality” at the American Bar Association Business Law Section Spring Meeting
- Jeffrey P. Naimon to discuss "Post-pandemic CFPB exam preparation" at the Mortgage Bankers Association Spring Conference & Expo
- Jonice Gray Tucker to discuss "Making fair lending work for you" at the Mortgage Bankers Association Spring Conference & Expo
- Jonice Gray Tucker to discuss "Reading the tea leaves of President Biden’s initial financial appointees" at LendIt Fintech
- Moorari K. Shah to discuss “CA, NY, federal licensing and disclosure” at the Equipment Leasing & Finance Association Legal Forum
- Jonice Gray Tucker to discuss "Compliance under Biden" at the WSJ Risk & Compliance Forum
- Sherry-Maria Safchuk to discuss UDAAP at an American Bar Association webinar
- Jonice Gray Tucker to discuss “The future of fair lending” at the Mortgage Bankers Association Legal Issues and Regulatory Compliance Conference