CFPB most likely to punt data-sharing guideline into 2023

The Consumer Financial Protection Bureau is more than a year far from launching a long-awaited proposition on customers’ right to manage their own monetary information, far behind numerous had actually anticipated, according to individuals knowledgeable about the bureau’s thinking.

The guideline has actually been fiercely prepared for due to the fact that it would attend to the capability of aggregators and other fintechs to get customers’ checking account information through screen scraping and application programs user interfaces. These companies look for broad access to assist customers handle their cash, however banks and customer supporters usually desire the CFPB to narrow the scope of information gathered and offer increased security, personal privacy and other defenses.

The CFPB in the fall had actually noted April in the federal government’s combined program as the next date for some action to occur on its data-access guideline, raising expectations about the timing of a proposition, according to a number of professionals.

“I think people got excited when they saw the unified agenda published last November with an April 2022 date — that set some expectations for the market,” stated Dan Quan, co-founder and basic partner at Nevcaut Ventures, an Irvine, Calif., equity capital company, and a previous CFPB senior consultant who headed its development workplace, Project Catalyst.

But the CFPB has actually continued to list information gain access to as remaining in the initial phases with a proposition not amongst the bureau’s top priorities this year, according to the sources knowledgeable about the bureau’s thinking, who asked not to be called in this short article. The primary factors for the hold-up are that the CFPB has other guidelines and top priorities that should be handled initially, some professionals stated. The result is that a proposition and last guideline are not anticipated up until next year.

Since taking the reins of the CFPB in October, Director Rohit Chopra has actually been concentrated on a multitude of other problems consisting of big innovation business’ entry into monetary services and the increase of buy now/pay later on installment companies. A spokesperson stated he will offer an upgrade on his top priorities this spring.

In the lack of data-access policies, customers utilizing digital apps deal with numerous unpredictabilities, market professionals stated. Any hold-up to the guideline would be a considerable obstacle for customers and fintechs offered the mass adoption of mobile apps — numerous used in collaborations with banks — to assist customers handle their financial resources, some professionals stated.

A CFPB spokesperson stated Wednesday the company is still “assessing potential next steps.” Its upcoming Spring 2022 program will show Chopra’s top priorities, the spokesperson stated.

Many market professionals now believe the CFPB will assemble a small-business evaluation panel in April, though the relocation is far from specific. The bureau has actually not yet revealed whether such a panel is needed by the Regulatory Flexibility Act or the Small Business Regulatory Enforcement Fairness Act, referred to as SBREFA. A panel would consult with managed small companies consisting of rural and neighborhood banks for guidance on how to decrease the effect of a guideline on little entities.

A small-business panel would be thought about by numerous to be the start of the rulemaking procedure given that the CFPB would be needed to offer an overview of its proposition, yet the bureau would still have some freedom in the instructions it eventually takes.

“The SBREFA overview might have a fast and substantial influence on the marketplace as celebrations begin changing in anticipation of what rights the last guideline will provide customers,” said John Pitts, policy lead at Plaid, a San Francisco-based data aggregator. “SBREFA requires an outline of the potential rule, and the number of ‘open questions’ between banks and aggregators on what regulation should look like is relatively short.”

The timeline for the CFPB’s data-access rule has been fluid partly because of the CFPB’s already packed agenda and the time needed by Rohit Chopra, the CFPB’s new director and a former member of the Federal Trade Commission, to make his own determinations about the rule.

“The CFPB has actually talked internally about the [small-business review process] for a long time, it’s simply that no one has the marching orders from Chopra,” Quan said.

Since taking the reins of the CFPB in October, Chopra has been focused on a slew of other issues including large technology companies’ entry into financial services, buy now/pay later installment firms, mortgage servicers and a power struggle at the Federal Deposit Insurance Corp., where he serves on the board.

A lack of guidance from the CFPB means that consumers may miss out on providing access, depending on their bank, to all their financial data, experts said.

While fintech companies primarily use screen scraping to obtain access to consumer bank records, many aggregators have created partnerships with the top 20 banks using APIs. Some banks do not make data that they consider proprietary — such as the interest rate on a loan or the cost of certain fees — available to third parties. Those limitations make it harder, for example, for challenger banks to offer consumers cheaper rates or help them comparison-shop for financial products.

Last year, the CFPB began reviewing comments in response to a 34-page advance notice of proposed rulemaking that it issued in November 2020 related to potential risks in how consumer data is accessed by third parties. The bureau has spent the past year monitoring the market to assess its potential next steps.

The rule is expected to have a wide-reaching impact by establishing data-security and privacy standards to allow consumers to give third-party companies access to their financial data. In addition, the rule will determine the scope of what data a consumer can authorize, set limits on data use and establish a framework of consent to ensure consumers sign off on what information can be accessed or sold. The rule also is expected to bring data aggregators under CFPB supervision.

But some banks and others worry about consumers giving third parties too much control, the potential for security and privacy breaches, and a bank’s proprietary information about fees and other pricing getting released in the exchange. The CFPB also is expected to clarify legal liability for issues such as data breaches.

In Congress, lawmakers on both sides of the aisle have taken a keen interest in the rulemaking, finding common ground in opposing the industry practice of screen scraping. While important, data access is not at the top of the CFPB’s current agenda.

“I do not see anything in 2022 aside from a SBREFA” panel, stated Quan.

The data-access guideline is needed by Section 1033 of the Dodd Frank Act, which mentioned that customers deserve to access their own checking account and deal information in a functional electronic format. The guideline might wind up taking more than a lots years prior to entering into result and would be the last significant guideline needed by Dodd-Frank to be released.


A news media journalist always on the go, I've been published in major publications including VICE, The Atlantic, and TIME.

Related Articles

Back to top button