Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
CFPB reports on Section 1033 rulemaking
The CFPB recently released a final report issued by the Small Business Review Panel (Panel), which examines the impact of the Bureau’s proposals to address consumers’ personal financial data rights. Section 1033 of Dodd-Frank generally provides that covered entities, such as banks, must make available to consumers, upon request, transaction data and other information concerning consumer financial products or services that the consumer obtains from the covered entity. Over the past several years, the Bureau has engaged in a series of rulemaking steps to prescribe standards for this requirement, including the release of a 71-page outline of proposals and alternatives in advance of convening a panel under the Small Business Regulatory Enforcement Fairness Act. The outline presents items under consideration that “would specify rules requiring certain covered persons that are data providers to make consumer financial information available to a consumer directly and to those third parties the consumer authorizes to access such information on the consumer’s behalf, such as a data aggregator or data recipient (authorized third parties).” (Covered by InfoBytes here.)
While the Panel’s final report reflects its review of the Bureau’s proposals and the feedback received from small entity representatives that likely would be subject to the rule, it may not reflect updated findings uncovered during the process of producing a notice of proposed rulemaking because the report is drafted at the preliminary stage of the Bureau’s required rulemaking process.
The report includes an overview of proposals and alternatives under consideration for the use of two existing definitions to establish data provider coverage: “financial institution” as defined by Regulation E (i.e. “depository and nondepository financial institutions that provide consumer funds-holding accounts or that otherwise meet the Regulation E definition of financial institution”), and “card issuer” as defined by Regulation Z (i.e. “depository and nondepository institutions that provide credit cards or otherwise meet the Regulation Z definition of card issuer”). Entities that meet the definition of a “card issuer” would include both the person that issues a credit card and the person’s agents with respect to the card.
The report analyzes numerous topics, including proposals covering asset accounts and credit card accounts, potential exemptions for certain covered data providers, the process for making information available to consumers and to third parties (including third-party commitments to data security, data accuracy and limitations, and disclosure compliance), record retention obligations, and the potential impact on small entities. The report includes a thorough breakdown of panel findings and recommendations.
CFPB releases regulatory agenda
Recently, the Office of Information and Regulatory Affairs released the CFPB’s fall 2022 regulatory agenda. Key rulemaking initiatives that the agency expects to initiate or continue include:
- Overdraft and NSF fees. The Bureau is considering whether to engage in pre-rulemaking activity in November to amend Regulation Z with respect to special rules for determining whether overdraft fees are considered finance charges. According to the Bureau, the rules, which were created when Regulation Z was adopted in 1969, have remained largely unchanged despite the fact that the nature of overdraft services has significantly changed over the years. The Bureau is also considering whether to engage in pre-rulemaking activity in November regarding non-sufficient fund (NSF) fees. The Bureau commented that while NSF fees have been a significant source of fee revenue for depository institutions, recently some institutions have voluntarily stopped charging such fees.
- FCRA rulemaking. The Bureau is considering whether to engage in pre-rulemaking activity in November to amend Regulation V, which implements the FCRA. As previously covered by InfoBytes, on January 3, the Bureau issued its annual report covering information gathered by the Bureau regarding certain consumer complaints on the three largest nationwide consumer reporting agencies (CRAs). CFPB Director Rohit Chopra noted that the Bureau “will be exploring new rules to ensure that [the CRAs] are following the law, rather than cutting corners to fuel their profit model.”
- Section 1033 rulemaking. Section 1033 of Dodd-Frank provides that covered entities, such as banks, must make available to consumers, upon request, transaction data and other information concerning consumer financial products or services that the consumer obtains from the covered entity. Over the past several years, the Bureau has engaged in a series of rulemaking steps to prescribe standards for this requirement, including the release of a 71-page outline of proposals and alternatives in advance of convening a panel under the Small Business Regulatory Enforcement Fairness Act (SBREFA). The outline presents items under consideration that “would specify rules requiring certain covered persons that are data providers to make consumer financial information available to a consumer directly and to those third parties the consumer authorizes to access such information on the consumer’s behalf, such as a data aggregator or data recipient (authorized third parties).” (Covered by InfoBytes here.) The Bureau anticipates issuing a SBREFA report in February.
- Amendments to FIRREA concerning automated valuation models. The Bureau is participating in interagency rulemaking with the Fed, OCC, FDIC, NCUA, and FHFA to develop regulations to implement the amendments made by Dodd-Frank to FIRREA concerning appraisal automated valuation models (AVMs). The FIRREA amendments require implementing regulations for quality control standards for AVMs. The Bureau released a SBREFA outline and report in February and May 2022 respectively (covered by InfoBytes here), and estimates that the agencies will issue a notice of proposed rulemaking (NPRM) in March.
- Property Assessed Clean Energy (PACE) financing. The Bureau issued an advance notice of proposed rulemaking (ANPRM) in March 2019 to extend TILA’s ability-to-repay requirements to PACE transactions. (Covered by InfoBytes here.) The Bureau is working to develop a proposed rule to implement Economic Growth, Regulatory Relief, and Consumer Protection Act Section 307 in April.
- Nonbank registration. The Bureau issued an NPRM in December to enhance market monitoring and risk-based supervision efforts by including all final public written orders and judgments (including any consent and stipulated orders and judgments) obtained or issued by any federal, state, or local government agency for violation of certain consumer protection laws related to unfair, deceptive, or abusive acts or practices in a database of enforcement actions taken against certain nonbank covered entities. (Covered by InfoBytes here.) In a separate agenda item, the Bureau states that the NPRM would also require supervised nonbanks to register with the Bureau and provide information about their use of certain terms and conditions in standard-form contracts. The Bureau proposes “to collect information on standard terms used in contracts that are not subject to negotiating or that are not prominently advertised in marketing.”
- Credit card penalty fees. The Bureau issued an ANPRM last June to solicit information from credit card issuers, consumer groups, and the public regarding credit card late fees and late payments, and card issuers’ revenue and expenses. (Covered by InfoBytes here.) Under the CARD Act rules inherited by the Bureau from the Fed, credit card late fees must be “reasonable and proportional” to the costs incurred by the issuer as a result of a late payment. Calling the current credit card late fees “excessive,” the Bureau stated it intends to review the “immunity provision” to understand how banks that rely on this safe harbor set their fees and to examine whether banks are escaping enforcement scrutiny “if they set fees at a particular level, even if the fees were not necessary to deter a late payment and generated excess profits.” The Bureau is considering comments received on the ANPRM as it develops an NPRM that may be released this month.
- Small business rulemaking. Section 1071 of Dodd-Frank amended ECOA to require financial institutions to report information concerning credit applications made by women-owned, minority-owned, and small businesses, and directed the Bureau to promulgate rules for this reporting. An NPRM was issued in August 2021 (covered by InfoBytes here). The Bureau anticipates issuing a final rule later this month.
CFPB launches rulemaking on consumers’ rights to their data
On October 27, the CFPB released a 71-page outline of proposals and alternatives under consideration related to the Bureau’s Dodd-Frank Section 1033 rulemaking efforts. The outline describes proposals under consideration that “would specify rules requiring certain covered persons that are data providers to make consumer financial information available to a consumer directly and to those third parties the consumer authorizes to access such information on the consumer’s behalf, such as a data aggregator or data recipient (authorized third parties).” Emphasizing that “[c]lear data rights for consumers have the potential to give individuals more bargaining leverage,” the Bureau claimed that companies compiling vast amounts of personal data, including information about consumers’ use of financial products and services, are able to monopolize the use of this data, thereby blocking competition and stifling the development of competitors’ products and services.
Highlights from the outline include a series of discussion questions for small businesses and a list of topics, including:
- Data providers subject to the proposals under consideration. The proposals, if finalized, would impact data providers, including “depository and non-depository financial institutions that provide consumer funds-holding accounts or that otherwise meet the Regulation E definition of financial institution, as well as depository and non-depository institutions that provide credit cards or otherwise meet the Regulation Z definition of card issuer.” Notably, “a financial institution would be a covered provider if it issues an ‘access device’ (as the term is defined in Regulation E § 1005.2(a)(1)), such as a digital credential storage wallet, and provides EFT services, even if it does not hold consumer accounts.” Additionally, “a card issuer would be a covered data provider if it issues a ‘credit card’ (as the term is defined in Regulation Z § 1026.2(a)(15)(i)), such as by issuing digital credential storage wallets, even if it does not hold consumer credit accounts.” The outline also defines covered accounts and states the Bureau is considering potential exemptions for certain data providers.
- Recipients of information. To be considered an authorized third party under the proposals, a third party must: (i) provide an “authorization disclosure” informing consumers of key terms of access; (ii) obtain consumers’ informed, express consent to the key terms of access contained within the authorization disclosure; and (iii) certify to consumers that it will abide by certain obligations related to the collection, use, and retention of a consumer’s information. The Bureau is considering proposals that would address “a covered data provider’s obligation to make information available upon request directly to a consumer (direct access) and to authorized third parties (third-party access).”
- Types of information covered data providers would need to make available. The outline proposes six categories of information data providers would have to make available with respect to covered accounts, including (i) periodic statement information; (ii) information on certain types of prior transactions and deposits that have not-yet-settled; (iii) information regarding prior transactions not typically shown on periodic statements or online account portals; (iv) online banking transactions that have not yet occurred; (v) account identity information; and (vi) other information, such as consumer reports, fees, bonuses, discounts, incentives, and security breaches that exposed a consumer’s identity or financial information.
- Exceptions to the requirement to make information available. The outline provides four exceptions to the requirement for making information available: (i) confidential commercial information; (ii) information obtained to prevent fraud, money laundering, or other unlawful conduct; (iii) information that is required to be kept confidential; and (iv) information a “data provider cannot retrieve in the ordinary course of business.”
- How and when information would need to be made available. The outline states the Bureau is considering ways to define the methods and the circumstances in which a data provider would need to make information available with respect to both direct access and third-party access.
- Third party obligations. The Bureau is examining proposals to limit authorized third parties’ collection, use, and retention of consumer information to that which “is reasonably necessary to provide the product or service the consumer has requested.” This includes (i) limiting duration, frequency, and retention periods; (ii) providing consumers a simple way to revoke authorization; (iii) limiting a third party’s secondary use of consumer-authorized information; (iv) requiring third parties to implement data security standards and policies and procedures to ensure data accuracy and dispute resolution; and (v) requiring third parties to comply with certain disclosure obligations, including a mechanism for consumers to request information about the extent and purposes of a third party’s access to their data.
- Record retention obligations. Proposals under consideration would establish requirements for data providers and third parties to demonstrate compliance with their obligations under the rule.
- Implementation period. The Bureau is seeking feedback on time frames to ensure consumers are able to benefit from a final rule, while also considering implementation factors for data providers and third parties.
An appendix to the highlights provides examples of ways the proposals would apply to hypothetical transactions involving consumer-authorized data access to an authorized third party.
The Bureau’s rulemaking process will include panel convenings, as mandated under the Small Business Regulatory Enforcement Fairness Act of 1996, after which the panel will prepare a report for the Bureau to consider as it develops the proposed rule. “Dominant firms shouldn’t be able to hoard our personal data and appropriate the value to themselves,” CFPB Director Rohit Chopra said in announcing the rulemaking outline. Chopra further elaborated on the rulemaking’s purposes during an industry event earlier in the week (covered by InfoBytes here) where he said the Bureau plans to propose requiring financial institutions that offer deposit accounts, credit cards, digital wallets, prepaid cards, and other transaction accounts to set up secure methods for data sharing as a way to “facilitate new approaches to underwriting, payment services, personal financial management, income verification, account switching, and comparison shopping.”
Chopra previews Section 1033 rulemaking on consumers’ rights to data
On October 25, CFPB Director Rohit Chopra spoke before an industry event where he announced that the Bureau will soon release a discussion guide for small businesses to further the agency’s Section 1033 rulemaking efforts with respect to consumer access to financial records. As announced in the Bureau’s Spring 2022 rulemaking agenda, Section 1033 of Dodd-Frank provides that, subject to Bureau rulemaking, covered entities such as banks must make certain product or service information, including transaction data, available to consumers. The Bureau is required to prescribe standards for promoting the development and use of standardized formats for information made available to consumers under Section 1033. In 2020, the Bureau issued an advanced notice of proposed rulemaking seeking comments to assist in developing the regulations (covered by InfoBytes here).
Chopra explained that, before issuing a proposed rule, the Bureau must first convene a panel of small businesses that represent their markets to solicit input on proposals the CFPB is considering. Chopra said the Bureau plans to “hear from small banks and financial companies who will be providers of data, as well as the small banks and financial companies who will ingest the data,” and will also gather input from intermediary data brokers that facilitate data transfers (“fourth parties”). He noted that a report will be published in the first quarter of 2023 based on comments received during the process, which will be used to inform a proposed rule that is slated to be issued later in 2023. Chopra said the Bureau hopes to finalize the rule in 2024, stating “[w]hile not explicitly an open banking or open finance rule, the rule will move us closer to it, by obligating financial institutions to share consumer data upon consumer request, empowering people to break up with banks that provide bad service, and unleashing more market competition.”
Chopra also expressed plans to propose requiring financial institutions that offer deposit accounts, credit cards, digital wallets, prepaid cards, and other transaction accounts to set up secure methods for data sharing. He stressed that doing so would “facilitate new approaches to underwriting, payment services, personal financial management, income verification, account switching, and comparison shopping.” He further noted that the Bureau is planning to assess ways to prevent incumbent institutions from improperly restricting access when consumers try to control and share their data, including by developing requirements for limiting misuse and abuse of personal financial data, fraud, and scams. Chopra said staff has been directed to consider alternatives to the “notice-and-opt out” regime that has been the standard for financial data privacy and to explore safeguards to prevent excessive control or monopolization by one or a handful of firms.
Trade groups petition CFPB to supervise data aggregators
On August 2, several bank and credit union trade groups petitioned the CFPB asking the Bureau to create regulations that would allow the agency to conduct routine exams and supervise data aggregators and their customers. While the Bureau is currently considering rulemaking under Section 1033 of the Dodd-Frank Act with respect to consumer access to financial records and has “affirmed its commitment to ‘monitoring the aggregation services market and ensuring consumer protection and safety,’” the petition argued that there is a “supervisory imbalance” between banks and nonbanks in terms of data oversight. “[A]mong the participants in the market for aggregation services, typically, data holders, such as banks and credit unions, are regularly supervised and examined by the CFPB, whereas nondepository institutions such as data aggregators and data users are not examined by the CFPB,” the petition stated, adding that this “creates both an unsustainable model as the aggregation services market grows and the risk that the laws applicable to the activities of those larger participants in this market will be enforced inconsistently.” As a result, the petition warned that potential consumer harm attributed to data aggregator and data user activity may not be identified and remedied in a timely manner. The trade groups called for the Bureau to create a rule that would add a definition for “larger participants of a market” for aggregation services, as well as define the term “aggregation services” to mean a “financial product or service” under Title X of Dodd-Frank. Doing so would ensure that “all providers of comparable financial products and services” are subject to similar levels of accountability, the petition said.
CFPB publishes rulemaking agenda
Recently, the Office of Information and Regulatory Affairs released the CFPB’s spring 2022 rulemaking agenda. According to the preamble, the information in the agenda is current as of April 1, 2022 and identifies regulatory matters that the Bureau “reasonably anticipates having under consideration during the period from June 1, 2022 to May 31, 2023.”
Key rulemaking initiatives include:
- Consumer Access to Financial Records. The Bureau notes that it is considering rulemaking to implement section 1033 of the Dodd-Frank Act to address the development and use of standardized formats for information made available to consumers. The Bureau will release materials in advance of convening a panel under the Small Business Regulatory Enforcement Fairness Act (SBREFA), in conjunction with the Office of Management and Budget and the Small Business Administration’s Chief Counsel for Advocacy.
- Amendments to FIRREA Concerning Automated Valuation Models. The Bureau is participating in interagency rulemaking with the Fed, OCC, FDIC, NCUA, and FHFA to develop regulations to implement the amendments made by the Dodd-Frank Act to FIRREA concerning appraisal automated valuation models (AVMs). The FIRREA amendments require implementing regulations for quality control standards for AVMs. The Bureau released a SBREFA outline in February 2022 and estimates in the agenda that the agencies will issue an NPRM in December 2022 (covered by InfoBytes here).
- Property Assessed Clean Energy Financing. The Bureau issued an ANPR in March 2019 to extend TILA’s ability-to-repay requirements to PACE transactions (covered by InfoBytes here). The Bureau is working to develop a proposed rule to implement Economic Growth, Regulatory Relief, and Consumer Protection Act section 307 in May 2023.
- Small Business Lending Data Collection Under the Equal Credit Opportunity Act. Section 1071 of the Dodd-Frank Act amended ECOA to require financial institutions to report information concerning credit applications made by women-owned, minority-owned, and small businesses, and directed the Bureau to promulgate rules for this reporting. The Bureau issued an NPRM in August 2021, and the comment period ended January 6 (covered by InfoBytes here). The agenda indicates that the Bureau estimates issuance of a final rule in March 2023.
- Adverse Information in Cases of Human Trafficking Under the Debt Bondage Repair Act. The National Defense Authorization Act amended the FCRA to prohibit consumer reporting agencies from providing reports containing any adverse items of information resulting from human trafficking. In June 2022, the CFPB issued a final rule implementing amendments to the FCRA intended to assist victims of human trafficking (covered by InfoBytes here).
CFPB publishes fall 2021 rulemaking agenda
On December 13, the Office of Information And Regulatory Affairs released the CFPB’s fall 2021 rulemaking agenda. According to a Bureau announcement, the information released represents regulatory matters the Bureau plans to pursue during the period from November 2, 2021 to October 31, 2022. Additionally, the Bureau stated that the latest agenda reflects continued rulemakings intended to further its consumer financial protection mission and help advance the country’s economic recovery from the Covid-19 pandemic. Promoting racial and economic equity and supporting underserved and marginalized communities’ access to fair and affordable credit continue to be Bureau priorities.
Key rulemaking initiatives include:
- Small Business Rulemaking. This fall, the Bureau issued its long-awaited proposed rule (NPRM) for Section 1071 regulations, which would require a broad swath of lenders to collect data on loans they make to small businesses, including information about the loans themselves, the characteristics of the borrower, and demographic information regarding the borrower’s principal owners. (Covered by a Buckley Special Alert.) The NPRM comment period goes through January 6, 2022, after which point the Bureau will review comments as it moves to develop a final rule. Find continuing Section 1071 coverage here.
- Consumer Access to Financial Records. The Bureau noted that it is working on rulemaking to implement Section 1033 of Dodd-Frank in order to address the availability of electronic consumer financial account data. The Bureau is currently reviewing comments received in response to an Advance Notice of Proposed Rulemaking (ANPR) issued fall 2020 regarding consumer data access (covered by InfoBytes here). Additionally, the Bureau stated it is monitoring the market to consider potential next steps, “including whether a Small Business Review Panel is required pursuant to the Regulatory Flexibility Act.”
- Property Assessed Clean Energy (PACE) Financing. As previously covered by InfoBytes, the Bureau published an ANPR in March 2019 seeking feedback on the unique features of PACE financing and the general implications of regulating PACE financing under TILA (as required by Section 307 of the Economic Growth, Regulatory Relief, and Consumer Protection Act, which amended TILA to mandate that the Bureau issue certain regulations relating to PACE financing). The Bureau noted that it continues “to engage with stakeholders and collect information for the rulemaking, including by pursuing quantitative data on the effect of PACE on consumers’ financial outcomes.”
- Automated Valuation Models (AVM). Interagency rulemaking is currently being pursued by the Bureau, Federal Reserve Board, OCC, FDIC, NCUA, and FHFA to develop regulations for AVM quality control standards as required by Dodd-Frank amendments to FIRREA. The standards are designed to, among other things, “ensure a high level of confidence in the estimates produced by the valuation models, protect against the manipulation of data, seek to avoid conflicts of interest, require random sample testing and reviews,” and account for any other appropriate factors. An NPRM is anticipated for June 2022.
- Amendments to Regulation Z to Facilitate LIBOR Transition. As previously covered by InfoBytes, the Bureau issued a final rule on December 7 to facilitate the transition from LIBOR for consumer financial products, including “adjustable-rate mortgages, credit cards, student loans, reverse mortgages, [and] home equity lines of credit,” among others. The final rule amended Regulation Z, which implements TILA, to generally address LIBOR’s eventual cessation for most U.S. dollar settings in June 2023, and establish requirements for how creditors must select replacement indices for existing LIBOR-linked consumer loans. The final rule generally takes effect April 1, 2022.
- Reviewing Existing Regulations. The Bureau noted in its announcement that it decided to conduct an assessment of a rule implementing HMDA (most of which took effect January 2018), and referred to a notice and request for comments issued last month (covered by InfoBytes here), which solicited public comments on its plans to assess the effectiveness of the HMDA Rule. Additionally, the Bureau stated that it finished a review of Regulation Z rules implementing the Credit Card Accountability Responsibility and Disclosure Act of 2009, and that “[a]fter considering the statutory review factors and public comments,” it “determined that the CARD Act rules should continue without change.”
Notably, there are 14 rulemaking activities that are listed as inactive on the fall 2021 agenda, including rulemakings on overdraft services, consumer reporting, student loan servicing, Regulation E modernization, abusive acts and practices, loan originator compensation, and TILA/RESPA mortgage disclosure integration.
CFPB deputy director discusses future rulemaking research efforts
On November 5, CFPB Deputy Director Zixta Martinez spoke before the Bureau’s Academic Research Council (ARC) meeting, in which she discussed recent research efforts taken to inform future rulemaking and identify root causes of challenges facing consumers. Martinez highlighted Section 1022 orders recently sent to several big tech payment platforms seeking information on their products, plans, and practices (covered by InfoBytes here). She noted that the evaluation of these companies’ payments platform data will help inform the Bureau on the future of the payments system as well as potential emerging risks, and will provide insights that may impact future rulemaking under Section 1033 concerning the disclosure of consumer data by regulated entities. Among other things, Martinez also discussed the importance of small business lending research to better understand whether these businesses provide fair and equitable access to credit and referred to the Bureau’s Section 1071 notice of proposed rulemaking issued in September (covered by a Buckley Special Alert). Martinez also noted that one of the Bureau’s priorities is ensuring access to fair and affordable credit for low-income, minority, or traditionally underserved communities, and said the Office of Research will solicit “suggestions and advice for ways to integrate racial and economic equity analyses into the CFPB’s research agenda.”
Chopra testifies on CFPB direction
On October 27, newly sworn in CFPB Director Rohit Chopra appeared for the first time before the House Financial Services Committee to offer some of the first insights into his priorities at the Bureau. Chopra’s opening remarks focused on concerns regarding “Big Tech” and its control over the flow of money in the economy (these comments followed the issuance of information requests to six technology companies, covered by InfoBytes here). Chopra also focused on a need to ensure robust competition in financial markets and listen to local financial institutions and nascent players about obstacles they face when seeking to challenge dominant incumbents. Chopra also stressed the importance of holding “repeat offenders” accountable, highlighted an intent to coordinate efforts with federal and state regulators, and indicated a preference for scrutinizing larger market participants over smaller entities. He noted, however, potential leniency for companies that self-identify their own issues and violations. Additional highlights of the hearing include the following:
Enforcement. Chopra noted that “markets work well when rules are easy to follow and easy to enforce.” He also expressed his view that the CFPB should focus its resources on larger industry participants and “repeat offenders” rather than “strong-arming” small businesses into settlements to create law. Chopra also expressed a preference for setting regulatory guidelines through enforcement, indicating that “markets work well when rules are easy to follow, and easy to enforce.”
Section 1033 of Dodd-Frank. With respect to implementing this set of requirements, which deals with consumers’ rights to access information about their financial accounts, Chopra indicated a desire to “unlock more competition,” but warned that there also needs to be assurance that “banks and nonbanks are operating under the same set of rules” and that there is “not regulatory arbitrage.” While Chopra did not specify a timeline for promulgating the final rule implementing this section, he noted that the process is underway and that the Bureau is consulting with various experts. (Issuance of the ANPR was covered by InfoBytes here.)
Abusive acts and practices. Chopra said that he agreed with former acting Director Dave Uejio’s decision to rescind a policy statement on “abusive” conduct issued by former Director Kathy Kraninger. Chopra stated he has “huge aspirations to create durable jurisprudence” regarding the definition of “abusive” in Dodd-Frank. He noted that “it could be a mix” of judicial decisions and “how the CFPB may use rules and guidance to help articulate those standards.”
Cryptocurrency and stablecoins. Chopra expressed concerns about the potential for big payment platforms to process stablecoins—cryptocurrencies pegged to stable commodities or currencies like the dollar. However, Chopra clarified that it is not his intention to use his regulatory authority to ban or limit the use of cryptocurrency or blockchain technology. Regarding the CFPB’s role in cryptocurrency, Chopra claimed that depending on the laws implicated, there is a “fact-based determination as to any sort of law that cryptocurrencies or digital currencies have to comply with.” He further described that this is “something that the CFPB is working with the other regulators on,” and emphasized that “where digital payments [are] involved, the Electronic Fund Transfer Act is a key law with key consumer protections.”
QM Rule. When asked about the postponement of the mandatory compliance date of the General Qualified Mortgage final rule to October 2022 (covered by InfoBytes here), Chopra said he is eager “to hear of places where it needs to be changed” but emphasized that the postponement was before his time and that the rule has gone into effect. He also stated that “QM is a key part of the mortgage market and the mortgage regulatory guidelines.” Therefore, he wants to ensure that the CFPB is always looking at it to make sure the objectives that Congress laid forward in Dodd-Frank are being carried out. When asked about his support of the proposed change in the QM rule, Chopra said he did not know but wants “to make sure he understands the full basis of it.”
Chopra echoed such sentiments in his October 28 testimony before the Senate Banking Committee.
CFPB issues ANPR on consumer access to financial records
On October 22, the CFPB released an advanced notice of proposed rulemaking (ANPR), which seeks comments to assist the Bureau in developing regulations covering consumers’ access to financial records. The Bureau is required to promulgate regulations to implement Section 1033 of the Dodd-Frank Act, which provides, among other things, that consumer financial services providers must make certain product or service information available to consumers. The Bureau’s press release notes that access to this information would allow consumers’ enhanced control of their financial matters. Additionally, should consumers allow third parties to access the information, those parties may “deliver new or improved financial products and services,” such as personal financial management and making or receiving payments. However, the Bureau acknowledges certain risks associated with access to financial records, including risks related to the methods of authorization and risks related to an institution’s collection and use of the records. The ANPR seeks comments on questions grouped into nine categories: (i) costs and benefits of consumer data access; (ii) competitive incentives; (iii) standard-setting; (iv) access scope; (v) consumer control and privacy; (vi) legal requirements outside of Section 1033; (vii) data security; (viii) data accuracy; and (ix) other information. Comments are due 90 days after publication in the Federal Register.