WASHINGTON—At the CFPB's symposium focused on Section 1033 of the Dodd-Frank Act, Bureau Director Kathy Kraninger and panelists outlined the benefits of consumer access to financial records while also cautioning possible consumer harm as a result of so much data collection and authorization.
During Kraninger's remarks, she noted consumers are increasingly granting access to their financial information to various companies – primarily as a result of mobile apps – which can then give other companies access. Third-party vendors are aggregating consumer data to further develop new products and technologies, Kraninger said, but consumers need control over their data, assurance it will be secure, and an understanding of how it will be shared, according to NAFCU, which initially reported Kraninger’s remarks.
Three panels then discussed different aspects of the landscape:
Current Benefits
Panelists from various fintech companies and large banks noted digital tools are making it easier for consumers to complete mundane financial tasks, such as paying bills, increasing savings, and more. However, errors still occur and there are security concerns for apps that function by screen scrapping. By developing a standard application programming interface (API), many of these concerns could be addressed.
The panel agreed consumers should have control over what data is shared and how it is accessed, a goal best achieved by obtaining the consumer’s consent, making the terms and conditions of data sharing transparent, and by encouraging financial institutions and aggregators to adopt technical standards for data exchange, NAFCU noted.
Market Developments
Panelists noted disagreement over what is considered proprietary information, whether screen scraping is a defensible data aggregation technique, and what constitutes “friction” in terms of user experiences underpin the need for a rulemaking related to Section 1033. Panelists representing fintech companies suggested technology is being held back as a result of regulatory clarity.
The panel also discussed the development of APIs, which are expensive but much more sophisticated than screen scrapping, and use-cases for aggregated data, such as cash-flow. Panelists also discussed how financial institutions’ preference for bilateral agreements has affected aggregators’ ability to access consumer data and how certain aggregators depend upon reliable access to consumer data to develop or improve underwriting models, NAFCU said.
Regulatory Environment
Panelists reviewed Congress' recent focus on protecting consumer data and the CFPB's role in enforcement. Panelists frequently drew comparisons to the Fair Credit Reporting Act, Electronic Fund Transfer Act, and even the Constitution to illustrate the complexity and ambiguity embedded with Section 1033 of the Dodd-Frank Act. The academics on the panel emphasized the Bureau had postponed acting on Section 1033 implementation long enough, whereas large bank representatives – while not necessarily disagreeing – highlighted the existing collaboration between financial institutions and fintechs to solve technical problems associated with API-driven data sharing, NAFCU said.
Panelists agreed a formal rulemaking process should be the CFPB's approach to Section 1033, and consistency with other regulators is key.
NAFCU Regulatory Affairs Counsel Kaley Schafer and Senior Counsel for Research and Policy Andrew Morris attended the event.